i have followed the google cloud speech api quickstart of requesting api by using
curl -s -H "Content-Type: application/json" \
-H "Authorization: Bearer "$(gcloud auth application-default print-access-token) \
https://speech.googleapis.com/v1/speech:recognize \
-d #sync-request.json
and following link but i got error of
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
What should i do now?
Thanx in advance
It could be that The Application Default Credentials are not available
Try to login by running
gcloud auth application-default login
And follow the instructions, reference: gcloud auth application-default login
If you want to make sure the authentication process went well, run:
gcloud auth application-default print-access-token
You should see an access token, reference gcloud auth application-default print-access-token
I fixed the problem by logging out, and logging in to agree to some new terms and conditions google have made since last time I used google clouds (firebase in my case).
Replace $(gcloud auth application-default print-access-token) with what gets printed when you call the command.
Make sure your date and time are correct and also your timezone is correct.
This was how I solved this problem
There is possibility that you have disabled auth. So
gcloud config set auth/disable_credentials false
Samir's solution worked for me.
Just a reminder that if using other software interacting with GCP, you may have to restart software before the auth takes effect.
In my case, when using RStudio, I ran gcloud auth application-default login to authenticate, then command + shift + f10 to restart the R session, and then everything was good to go.
Some packages will have a function that refreshes the token in the current R session. For example the bigrquery library has bq_auth() which adds the new token to the R session (without needing to restart the session etc)
If you have changed the scopes assigned to the credentials since the last time you signed-in your client, make sure you sign in again to update the client tokens.
I had this error when using GCP CLI, so unrelated but maybe someone stumbles on this thread same as me.
I ran this command:
gcloud auth application-default login
after that, the error was still there, but then I ran second command
gcloud auth application-default print-access-token
CLI then prompted me to provide password, I did, and after that I was able to use GCP CLI again (I didn't use access token that was returned, simply re-entering password worked for me)
Related
I have a mapbox tileset that I want to add data to. So I installed curl and aws cli version 2 and I tried to run this command on from a Linux (WSL) terminal:
curl -X POST https://api.mapbox.com/uploads/v1/username/credentials?access_token=<secret access token>
That command is taken from the mapbox docs. But I get the following response:
{"message":"Not Found"}
This isn't much feedback to work with. How can I get the needed aws credentials? Is it that I need an aws account or something? In the curl command above I inserted my username and access_token, so that's not the issue.
Did you make sure that your access token is a secret access token with
uploads:write
scope enabled?
This can be done when creating the secret token from within your Mapbox access tokens page:
https://account.mapbox.com/access-tokens/
Make sure your username and password are correct, and make sure you're not putting it in quotes.
curl -X POST https://api.mapbox.com/uploads/v1/rawstringusername/credentials?access_token=rawstringtoken
Other than that, make sure you're not behind a VPN
My script uses a sequence of gcloud commands and of course gcloud is authenticated. I need to use curl to access GCP REST APIs that are not available to gcloud. I can do this by generating a JSON credentials file in the Cloud Console, but I'd rather not do that as a separate manual step.
[Edit: The answer is to replace the gcloud auth string in that curl command with gcloud auth print-access-token. See answer below.]
This is how I do it now, using a JSON file downloaded from the Console.
GOOGLE_APPLICATION_CREDENTIALS=credentials.json
curl -X POST -H "Authorization: Bearer \"$(gcloud auth application-default print-access-token)\"" \
-H "Content-Type: application/json; charset=utf-8" \
https://cloudresourcemanager.googleapis.com/v1/projects/<MY_PROJECT>:getAncestry
Without that downloaded JSON, I get this:
ERROR: (gcloud.auth.application-default.print-access-token)
The Application Default Credentials are not available. They are available if running in Google Compute Engine.
Otherwise, the environment variable GOOGLE_APPLICATION_CREDENTIALS must be defined pointing
to a file defining the credentials. See https://developers.google.com/accounts/docs/application-default-credentials
for more information.
{ "error": {
"code": 401,
"message": "Request had invalid authentication credentials.
Expected OAuth 2 access token, login cookie or other valid authentication credential.
See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
How can I leverage my gcloud authentication to use curl? I don't mind using the JSON if I can automate its generation as part of this script. For example, is there a way to call gcloud to generate this JSON, which I would then set as GOOGLE_APPLICATION_CREDENTIALS?
Once you have the Cloud SDK authenticated, you can use the gcloud auth print-access-token command to get an access token for the current active account, without the need of specifying the path to the JSON credentials file.
You will still need the credentials.json file, if you wish to activate a service account for the Cloud SDK instance. However, I am pretty sure you will only have to do that once.
EDIT:
I noticed you are using the gcloud auth application-default print-access-token.
Keep in mind that, contrary to the gcloud auth print-access-token command, it uses the current Application Default Credential (ADC), which has to be set by specifying the credentials.json file path with the GOOGLE_APPLICATION_CREDENTIALS env variable, or by using the gcloud auth application-default login command.
I am using gcloud to realize speech2text. I had to reset my server and now have trouble getting gcloud recognize the right project.
transscript=$(curl -s -H "Content-Type: application/json" -H "Authorization: Bearer "$(gcloud auth print-access-token) https://speech.googleapis.com/v1/speech:recognize -d #$mailpath/sync_request.json)
results in
"code": 403,
"message": "Cloud Speech-to-Text API has not been used in project 32555940559 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/speech.googleapis.com/overview?project= then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.",
I have no clue where the wrong project number comes from.
I have tried gcloud config configurations list and the correct project is shown.
I have completely deinstalled the sdk.
I have assigned GOOGLE_APPLICATION_CREDENTIALS environment variable
all without success.
expected result is assigned correct project
as the documentation reads:
gcloud auth application-default print-access-token generates and prints an access token for the current Application Default Credential (ADC). The ADC can be specified either by setting the GOOGLE_APPLICATION_CREDENTIALS environment variable to the path of a service account key file (JSON) or using gcloud auth application-default login.
You are using the undocumented (and un-recommended) gcloud auth print-access-token. This will use the default SDK client ID (which I'm guessing is in project 32555940559), and the Speech API is not enabled in that project.
As Martin suggested, instead of using gcloud auth print-access-token you should use gcloud auth application-default print-access-token.
You can check if I'm right regarding the client ID by running grep -r 'CLOUDSDK_CLIENT_ID =' $(dirname $(which gcloud))/../ (I just checked and, indeed, that project ID is the project for the default client ID).
I have a jenkins server using the Github OAuth plugin and authorized in the "Authorized applications" section of github, it works fine from my browser, i can access to the jenkins server as long as i'm authenticated with github.
Is there a way to access to the jenkins server api using oauth credentials/token from CURL or a ruby client?
I've generated a token in https://github.com/settings/applications -> Personal access tokens -> Generate new token (there is no option to scope it to a third party application)
that token works fine to access github :
curl -H "Authorization: token cfbcff42e6a8a52a1076dd9fcxxxxxxxxxxxxxxx" https://api.github.com/user
however, that token is not valid for jenkins-server:
curl -H "Authorization: token cfbcff42e6a8a52a1076dd9fcxxxxxxxxxxxxxxx" https://jenkins-server/user/restebanez/api/json/\?pretty\=true
It generates this error:
<html><head><meta http-equiv='refresh' content='1;url=/securityRealm/commenceLogin?from=%2Fuser%2Frestebanez%2Fapi%2Fjson%2F%3Fpretty%3Dtrue'/><script>window.location.replace('/securityRealm/commenceLogin?from=%2Fuser%2Frestebanez%2Fapi%2Fjson%2F%3Fpretty%3Dtrue');</script></head><body style='background-color:white; color:white;'>
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->
</body></html>
```
the jenkins server has installed GitHub API Plugin 1.58 and Github Authentication plugin 0.19
I'm probably missing some fundamentals of oauth b/c i have googled this for a while and i haven't found anything
I'm not sure if you ever got to the bottom of this, but after trying several routes I finally got a scripted build using Github OAuth on Jenkins. The trick is that the API token is not one for GitHub but rather one from Jenkins.
For my setup I have a machine user on github, I logged in normally via the web with that user, then clicked on the username in the upper right corner. From there I clicked "Configure" on the left-hand menu, and finally "Show API Token" in the main content area.
Once I had that I could run:
curl --user <username>:<api_token> https://jenkins-server/user/<username>/api/json/?pretty=true
More information.
You should just use a Jenkins API token. This is configurable per user. See $JENKINS_URL/me
This will allow your scripted client to access Jenkins regardless of whatever authentication strategy is being used.
You should use "Basic" rather than "token"
For example:
curl -H "Authorization: Basic cfbcff42e6a8a52a1076dd9fcxx"
https://jenkins-server/user/restebanez/api/json
This worked for me (using getting commit statuses as an example):
url=https://api.github.com/repos/myowner/myrepo/commits/f40ddce88593482919761f74910f42f4b84c004b/statuses
curl -X GET -u :${GITHUB_TOKEN} ${url}
I'm trying to create a repo using Github API, but it always return this JSON:
{"message":"Not Found"}
But this error appears only when I try to create using OAuth access token in request header, if I use username and password, API create the repo and return a successful message.
Anyone had problems with this API endpoint?
You can create a new repository using the Python library, PyGithub.
from github import Github
g = Github("your username", "your password")
g = Github("your token") # safer alternative, if you have an access token
u = g.get_user()
repo = u.create_repo("name-of-your-repo")
This should solve your problem.
I had a different message come up with this
curl -i -d '{"name":"NAME"}' https://api.github.com/orgs/:ORG/repos?access_token=XXX
{
"message": "Must be an owner or admin of Organization."
}
But still not sure why I cannot create either
Ok
This worked for me
Create Auth Token
curl -u 'iwarner' -d '{"scopes":["repo"],"note":":NAME"}' https://api.github.com/authorizations
Create Repo - Need to contain "Authorization: token"
curl -i -H 'Authorization: token TOKENHERE' -d '{"name":":NAME"}' https://api.github.com/user/repos
This works, just tried it.
curl -F 'login=c00kiemon5ter' -F 'token=s3cr3t' https://github.com/api/v2/json/repos/create -F 'name=testapi' -F 'public=0'
Are we talking about API v2 or v3 ?
I do not know what technology you are using. But just in case of iOS, you can use this demo app which describes 3 simple ways to interact with the GitHub API.
Note: This demo app provide only few selected functionality.
GitHub-Interaction
Hope this helps!!
As of today, the GitHub v3 API documentation explicitly states:
Create
Create a new repository for the authenticated user. (Currently not enabled for Integrations)
EDIT:
The "not enabled for Integrations" means, if you get your OAuth token via one of your OAuth apps (which is an "integration") the GitHub API will refuse to create a repository with that function.
However, if you use some other access token (e.g. a personal access token you add yourself, see below) then the GitHub API will happily create a repository for you with the very same API call.
curl -u your_username -d '{"scopes":["repo"], "note":"Description of personal token"}' https://api.github.com/authorizations
That's the reason why the solution presented by Ian Warner works. The solution with PyGithub will suffer the same limitation. Only the token makes the difference!
EDIT: Not entirely true: With OAuth you can specify the scope to attach specific permissions to your OAuth token when authenticating (OAuth app flow). For creating repositories you need to have the 'repo' scope. (See also: Github v3 API - create a REPO)