JSON response when trying to make an API call. I keep getting "IAM Token passed is invalid."
{
"error": {
"message": "IAM Token passed is invalid.",
"transaction_id": "257a01a1-cfa2-4fbf-b6bc-5abd1fd820f7"
},
"success": false
}
Make sure to renew your IAM Token and not use any previous or someone else's token to make a call.
Following are the CLI commands to follow to log into IBM cloud and generate a new IAM token.
ibmcloud login
ibmcloud iam oauth-tokens
Doc link: https://console.bluemix.net/docs/services/cloud-monitoring/security/auth_iam.html#auth_iam
To work with the API, the user should add IBM Cloud IAM access token in the API request authentication header:
-H 'Authorization: Bearer <IAM_TOKEN>'
Related
I was trying the above api in postman. Here is the request json:
{
"input":{
"text":"Flutter is awesome!"
},
"voice":{
"languageCode":"en-gb",
"name":"en-GB-Standard-A",
"ssmlGender":"FEMALE"
},
"audioConfig":{
"audioEncoding":"MP3"
}
}
for auth, i chose Bearer in postman auth and first executed the following command in my terminal to get the token:
gcloud auth application-default print-access-token
i pasted this token in auth header, and i received the following response :
{
"error": {
"code": 403,
"message": "Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the texttospeech.googleapis.com. We recommend configuring the billing/quota_project setting in gcloud or using a service account through the auth/impersonate_service_account setting. For more information about service accounts and how to use them in your application, see https://cloud.google.com/docs/authentication/. If you are getting this error with curl or similar tools, you may need to specify 'X-Goog-User-Project' HTTP header for quota and billing purposes. For more information regarding 'X-Goog-User-Project' header, please check https://cloud.google.com/apis/docs/system-parameters.",
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "SERVICE_DISABLED",
"domain": "googleapis.com",
"metadata": {
"consumer": "projects/12345678910",
"service": "texttospeech.googleapis.com"
}
}
]
}
}
I am very new to GCP in general and don't know how to navigate this issue. For additional context, i am trying to make a REST API call where i send the text and get a base64encoded string containig audio back. Any help is appreciated.
This is confusing/complex but the error is helpful:
Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by the texttospeech.googleapis.com.
NOTE You can try this method using Google's APIs Explorer at this link
text.synthesize.
The issue is that gcloud is an OAuth2 application and tokens issued by gcloud either using gcloud auth print-[access|identity]-token and gcloud auth application-default print-access-token are issued against a Google-managed project (that Google provides for gcloud) and -- importantly -- not one of your own projects.
Google wants to provide gcloud for its users but does not want to provide arbitrary API access (for free) to its users. Hence the "not supported" part of the error.
The solution (as described) is that you should:
Use (or create) your own Google Project
Enable the Text-to-Speech service (API) in this project
Create a Service Account and key
gcloud auth activate-service-account providing the Service Account key
gcloud auth print-access-token to get an access token to invoke the API
See the following link for the steps:
https://cloud.google.com/text-to-speech/docs/libraries
I used OAuth 2.0 Client Credentials Flow (2-Legged) to get access token and I followed each step as described in https://developer.linkedin.com/docs/v2/oauth2-client-credentials-flow.
But when I send the API request to get access token I received following response
{
"error": "access_denied",
"error_description": "This application is not allowed to create application tokens"
}
https://medium.com/#ellesmuse/how-to-get-a-linkedin-access-token-a53f9b62f0ce
you may check this way to get linkedin access token
I've followed the Google Cloud AutoML API quickstart of requesting api by using
curl -X POST \
-H "Authorization: Bearer $(gcloud auth application-default print-access-token)" \
-H "Content-Type: application/json" \
https://automl.googleapis.com/v1beta1/projects/kintsugi-415310213303/locations/us-central1/models/TCN1592956918625708154:predict \
-d '{
"payload" : {
"textSnippet": {
"content": "YOUR TEXT HERE",
"mime_type": "text/plain"
},
}
}'
and following link, but I got this error
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. Se
e https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
I referred to Request had invalid authentication credentials. Expected OAuth 2 access token error in cloud speech api, and tried creating another access token with application-default login and got the below error:
{
"error": {
"code": 403,
"message": "Your application has authenticated using end user credentials from the Google Cloud SDK or Google Cloud Shell which are not supported by
the automl.googleapis.com. We recommend that most server applications use service accounts instead. For more information about service accounts and how
to use them in your application, see https://cloud.google.com/docs/authentication/.",
"status": "PERMISSION_DENIED"
}
}
I've also enabled permissions similar to this: https://github.com/googleapis/google-cloud-php/issues/1722 (AutoML Admin, AutoML Service Agent, AutoML Editor)
I'm the owner/admin of the project. It seems like the tokens are expiring and I may need to implement this server-side.
What should I do now?
Thanks in advance!
Realized I pointed to the wrong json file, re-generated the key (https://cloud.google.com/video-intelligence/docs/common/auth) and dragged/dropped the path directly into the terminal and was able to generate local results.
$ export GOOGLE_APPLICATION_CREDENTIALS=[json path]
I'm trying to get a token through my OAuth application as written in the documentation, but I always get this error
{"error_description": "Invalid OAuth client credentials", "error":
"unauthorized_client"}
My actions:
I receive the code:
https://bitbucket.org/site/oauth2/authorize?client_id={my_application_key}&response_type=code
I want to receive a token for this code:
curl -X POST -u "client_id: my_application_secret" https://bitbucket.org/site/oauth2/access_token -d grant_type=authorization_code -d code={code}
Maybe I'm missing something?
Replace all your client_id and secret with the consumer key and consumer secret respectively generated from your Bitbucket Settings' OAuth.
When you've successfully authorized your integrating app and generated the access_token via: https://bitbucket.org/site/oauth2/access_token , you should receive an access_token.
I implemented the client Side of OpenIDConnect authentication/provisioning/federation for few OAuth2-OpenIdConnect providers. But I fail to get Google OpenID People https://developers.google.com/+/api/openidconnect/getOpenIdConnect working.
I have no problem with the 1st part of OpenID Authentication/Authorization and get the Identity token from JSONWEBtoken without trouble. Nevertheless I fail to access the $identityApiUrl. The odd thing is that the old google's userinfo API works!!! Only the new one fails with an authorization error.
For PeopleAPI I used a Bearer token reusing the access_token, I got with my authorization request. Exactly like I do with the old API.
Here after a short extract from my code with the URL and scopes I used, as well as the error, I get when replaying manually with a curl the request.
Questions:
Is there a special authentication method for OpenIdConnect People API ?
Do I need to request special authorization in the application console ?
Extract from code with API's URL
// main IDP configuration URLs
protected $openidconnect = true; // Google supports OpenID-Connect
protected $authTokenUrl = 'https://accounts.google.com/o/oauth2/auth';
protected $accessTokenUrl= 'https://www.googleapis.com/oauth2/v3/token';
// I fail to get Google People OpenIdConnect API to work :(
//protected $identityApiUrl= 'https://www.googleapis.com/plus/v1/people/me/OpenIdConnect';
protected $identityApiUrl= 'https://www.googleapis.com/oauth2/v1/userinfo';
// OAuth2 action-1: getAuthUrl($state) build authorization token url
protected $scopes = ['openid','email','profile']; // request authentication & email
The error code, when replaying the request with curl
[apache#vz-bzh GeoToBe]$ curl -X GET -H "Authorization: Bearer ya29.5ABSl_75eP_zYFho_E-wVjPlZJc1XfY398HZqJjMxvRxBEWteLKZwNeh2v0BPwWuoH1iLpESeBQvFw" https://www.googleapis.com/plus/v1/people/me/openIdConnect
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "accessNotConfigured",
"message": "Access Not Configured. The API is not enabled for your project, or there is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your configuration.",
"extendedHelp": "https://console.developers.google.com"
}
],
"code": 403,
"message": "Access Not Configured. The API is not enabled for your project, or there is a per-IP or per-Referer restriction configured on your API key and the request does not match these restrictions. Please use the Google Developers Console to update your configuration."
}
}
you need to enable the "Google+ API" under APIs & auth in the Google API console.