My app is an approved hidden app in BigCommerce that has all of the scopes selected in the MyApp Technical page. Unfortunately, when I try to oAuth into a user, the following scope 'store_v2_transactions_read_only' returns an 'invalid scope' message. If I take that scope out, the other scopes (for read_only orders, customers, etc.) work fine and I can successfully connect an account using Oauth with my app.
The scope 'store_v2_transactions_read_only' is found in the documentation in the list of scopes here: https://developer.bigcommerce.com/api/#oauth-scopes96. But making the request to connect an account using that scope returns 'invalid_scope' and I can't access user transaction data. Again, all other scopes work, and I have them all selected in the app technical page in the developer portal.
Working in node and using axios to get the token with the oauth code. This list of scopes works:
scope: 'store_v2_customers_read_only store_v2_information_read_only store_v2_orders_read_only store_v2_products_read_only'
The moment I add store_v2_transactions_read_only it returns 'invalid scope', even thought that is the string stated in the docs. It is the same error that shows if I misspell any of the scopes.
Make sure that you're passing in the context in your query string. At the time of writing the API will send back an Invalid scope(s). error seemingly only when you request store_v2_transactions_read_only without this query param. Other scopes seem to work fine, as you've noticed, if this param is not sent.
Can't comment, because I don't have 50 karma, but adding the context to the POST call in postman from the correct answer fixed this issue for me. I had been dealing with it for some time and there isn't a lot of documentation on the BigCommerce side in other forum posts.
I am using the x-www-form-urlencoded params with:
KEY: context
VALUE: stores/abcdefg
The abcdefg is the actual store number/id in the exact format it came in from the callback.
Related
I have a server side application that requires that a user sign in using his browser and then the server continues to use that token to do stuff on its own.
I'm using the flow described here, pretty much verbatim, but with a few additional scopes: https://developers.google.com/identity/sign-in/web/server-side-flow. In this flow, Google takes over through the login process. I create an auth2 object with gapi.auth2.init(), then I call .grantOfflineAccess() on that object, and later I get a callback with a token if succcessful. I don't know if this is the latest/greatest way to do it, but it works fine.
Today, I received an email from Google warning me that I am using the plus.me scope and that is deprecated and will stop working in March 2019.
Thing is, I'm not requesting that scope anywhere in my code and my app doesn't use Google Plus. I only request:
https://www.googleapis.com/auth/calendar.readonly
https://www.googleapis.com/auth/gmail.compose
profile
email
It looks like the insertion of the request for plus.me and a few other scopes is coming from Google's code, something that comes from https://apis.google.com/js/client:platform.js, or something that Google downloads later on as part of the login process -- that's the beauty of this process: Google does fancy stuff I don't need to know about.
But ultimately, the token I get back from Google includes:
scope: "openid email profile https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/gmail.compose https://www.googleapis.com/auth/calendar.readonly https://www.googleapis.com/auth/userinfo.email"
There is definitely stuff there I didn't ask for, including the plus.me which is I guess what I'm concerned about. How do I control or stop this? Or maybe I don't need to do anything and Google will take care of it themselves before they shutdown the plus.me scope?
You are right, your scope request is fine. plus.me is implied from your profile scope request. Unfortunately, the email notification went out to a number of developers in this situation. If you've done a code search and all we notified you about was plus.me, you should be fine. Just make sure you're not using any 3P libs that may also have this dependency.
I am trying to update Google sheet values.
"Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential."
I want to do this using API key not outh 2.0
Can anyone have any suggestions.
Not possible. You need to use the OAuth login as indicated here in spreadsheets.values.batchUpdate:
You can see on the authorization part that it uses OAuth scopes, therefore it follows that it uses OAuth not API KEY:
Authorization
Requires one of the following OAuth scopes:
https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/spreadsheets
I am facing similar type of issue.
Issue Analysis:
Actual issue is missing of scope.
Solution:
Scope can be added by the following ways:
using enabling api
Adding oauth scope list. List is available here: https://developers.google.com/identity/protocols/googlescopes
Adding scope from Code level
Details are available here:
If any scope is missing, first we need to check that related api is enabled or not. If not enabled yet, go first on google console and enable api.
Procedure is available here: https://support.google.com/googleapi/answer/6158841?hl=en
After enabling api, sometimes you will not get your expected scope. If there is any sophisticated scope is required, you need to add those in your scope list. For this, you need to follow the procedure:
i) Go to google console
ii) Select your project
iii) In left sidebar, you will get "Oauth consent screen". Click on that button
iv) You will get "Add scope" button. There is actually 3 is enlisted primarily: email, profile and openID
v) You can add your expected scope here.
In code level, we can also add SCOPES. In code level, I am using singleton list. Which is always using single scope. So when I need another scopes like user profile or user email. I can't reach those. So I changed it and got my expected result.
Previous Code:
private static final List<String> SCOPES = Collections.singletonList(DriveScopes.DRIVE);
After change:
private static final List<String> SCOPES = new ArrayList<>(
Arrays.asList(DriveScopes.DRIVE,
Oauth2Scopes.USERINFO_EMAIL,
Oauth2Scopes.USERINFO_PROFILE,
Oauth2Scopes.PLUS_ME));
The new Firebase for Unity support has just been released into Beta and I am trying to implement Auth with it. I already have a Google sign-in that implements the oauth2 flow using an auth code from GooglePlayGames.PlayGamesPlatform.Instance.GetServerAuthCode and sending it to a server that exchanges it for an access token using the https://www.googleapis.com/oauth2/v4/token endpoint.
I assume this access token is the second parameter of the Firebase.Auth.GoogleAuthProvider.GetCredential method, but what is the ID Token that the first parameter is asking for? Is that the token obtained from GooglePlayGames.PlayGamesPlatform.Instance.GetIdToken (same as GoogleAuthUtil.GetToken, if my reading of the docs/code is correct)?
If this is the case, why are both required? I thought the access token was all that was needed to authenticate a user with google cloud services and that the ID Token was being phased out.
Edit: After some testing, I found that passing the ID Token obtained from GooglePlayGames.PlayGamesPlatform.Instance.GetIdToken does allow Firebase to authenticate. Problem is, it asks for the user's email address every time. I'd like to avoid this if possible.
What is the difference between GetToken, GetAccessToken and GetIdToken, aside from the fact that GetIdToken requires a callback?
I managed to "hack" this in order to get it working... But still i think the correct method should only be using GetServerAuthCode but I cannot make it work with that.
Do your normal process of getting idToken and AccessToken the first time, when you log in to firebase get the user's email and store it in playerprefs. Then the second time if you already have the email you do this:
AndroidJavaClass authUtil = new AndroidJavaClass("com.google.android.gms.auth.GoogleAuthUtil");
AndroidJavaClass unity = new AndroidJavaClass("com.unity3d.player.UnityPlayer");
AndroidJavaObject currentActivity = unity.GetStatic<AndroidJavaObject>("currentActivity");
string idToken = authUtil.CallStatic<string>("getToken", currentActivity, PlayerData.Email, "audience:server:client_id:XXXXXXXXXX-xxxxxxxxxxxxxx.apps.googleusercontent.com"); // your client id, should be a number a dash and then a bunch of numbers and letters
string accessToken = authUtil.CallStatic<string>("getToken", currentActivity, PlayerData.Email, "oauth2:https://www.googleapis.com/auth/plus.me");
Hope it helps although it would be greatif someone posts a solution with GetServerAuthCode cause that is the correct way
I'm implementing the Socrata API to be able to parse publicly-available data from the City of Chicago open data set. I am really just concerned about the data itself, so I did not initially think that I would need to implement OAuth2 through an app exposed via ngrok to be able to GET the data.
My initial attempt was to take the GET requests mentioned in their documentation and try to get responses through Postman.
Here's an example of such an attempt:
I also added my Socrata App Token as a param in the querystring, but the same message was shown.
So I tell myself, ok, maybe they deprecated GET requests without making the client go through OAuth2. If they didn't deprecate these GET requests, I would prefer not to have to deal with OAuth2, but I began implementing the authentication process and everything went successfully until I got to the following instructions found here:
I have every single value that needs to be included in that POST request except for 'authorization_type'. Where does this come from? I tried leaving 'authorization_type' in as a string, but received a response similar to the 'Invalid username or password' message in the top image in this question.
Are you only accessing public datasets from Chicago's data portal? From your screenshot it looks like you're trying to access the Building Permits dataset, which is public.
Authentication is only required for modifying datasets or accessing private data, so chances are very good you don't even need to authenticate. Just include an application token with your request for throttling purposes.
Glad to help you figure out your OAuth workflow, but it sounds like it might be unnecessary.
So I am updating an older desktop app (written in VB, .net 4.0) with facebook integration and followed the guide found here, and have been able to successfully get a token (by parsing the uri of the embedded webview if it contains "token="). Now my problem is if I try to login with a facebook account that has already approved the app in a prior session, the webview just gets redirected to https://www.facebook.com/connect/login_success.html without any token information.
Do I HAVE to log all of the tokens I generate manually (ie on successful token generation, I can call their profile info, use their FB ID as key and save the token)? Even if I do, since the email and password is input directly into the facebook login window, how do I check if the user already has a token?
Thanks in advance
The access token can change any time, you need to get it everytime. After getting the token, I immediately get the user information https://graph.facebook.com/me?access_token=??? and use that ID to find their database information.
I couldn't quickly find facebook information but on google's oauth information it says "The access token is also associated with a limited scope that define the kind of data the your client application has access to (for example "Manage your tasks"). An important goal for OAuth 2.0 is to provide secure and convenient access to the protected data, while minimizing the potential impact if an access token is stolen."
https://code.google.com/p/google-api-php-client/wiki/OAuth2
Ok so I finally figured it out myself. My mistake was apparently requesting the access_token directly (ie https://www.facebook.com/dialog/oauth?response_type=token...) to try and save time.
I fixed it by making a request for a 'code' instead (ie https://www.facebook.com/dialog/oauth?response_type=code), which I then use to make a second request to retrieve an access token as documented here: https://developers.facebook.com/docs/facebook-login/login-flow-for-web-no-jssdk/, "Exchanging code for an access token" section a bit lower on the page.
Hope this helps someone in the future, this was very frustrating on my part.
Regards,
Prince