I am getting the following exception
Google_Service_Exception: Error calling POST https://www.googleapis.com/datastore/v1beta2/datasets/smartflowviewer/lookup: (403) Access Not Configured. Google Cloud Datastore API has not been used in project 529103574478 before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/datastore/overview?project=529103574478 then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.
while trying to access the datastore
$service = new Google_Service_Datastore($client);
$service_dataset = $service->datasets;
$path = new Google_Service_Datastore_KeyPathElement();
$path->setKind('auth');
$path->setName($email);
$key = new Google_Service_Datastore_Key();
$key->setPath([$path]);
$lookup_req = new Google_Service_Datastore_LookupRequest();
$lookup_req->setKeys([$key]);
$response = $service_dataset->lookup('smartflowviewer', $lookup_req);
I am using OAuth web client to work with API
$client = new Google_Client();
$client->setClientId($cfg['CLIENT_ID']);
$client->setClientSecret($cfg['CLIENT_SECRET']);
$client->setAccessType('offline');
The project had been working completely fine until yesterday. I have not deployed any new code or changed any setting during the latest month. And suddenly it started throwing this error.
Any ideas of what might be causing this behavior? Thanks a lot.
The Cloud Datastore v1beta2 API is deprecated, but you can update your code to use the Cloud Datastore v1 API.
One option is to look at the php-gds library.
Related
I've been tryin to setup an external login with amazon to integrate prime gaming for my web app in asp net core 3.1. I've been following this Amazon Prime Gaming Integration. I have been successfully stored the amazon userId, its token, refresh token and expires in into my database. However, I'm unable to call a post API request to /api/account/link to sync up my account according to this document. I am getting an error with message: Not all permissions are authorized. I did a bit research and it mentioned in another document link (Tips-Troubleshoot) that I need to set both scopes to games::prime and profile (I only had profile set before).
However, when adding games::prime scope, I get an exception for invalid scope: invalid_scope;Description=An unknown scope was requested
I'm using AspNet.Security.OAuth.Amazon to help with the external login with amazon, and this is the code that I have in my Startup.cs file
services.AddAuthentication()
.AddAmazon(o =>
{
o.ClientId = clientId;
o.ClientSecret = clientSecret;
o.Scope.Add("profile");
o.Scope.Add("games::prime");
o.SaveTokens = true; // get access token and refresh token
o.AccessDeniedPath = new PathString("/Home/WebAppSetting");
})
If I remove games::prime from the scope, then everything works but then I will get an error message Not all permissions are authorized
Can anyone please tell me what I'm missing and not doing correct in here ? I have been searching for amazon documents on their sites, but seems like there is nothing useful there.
Thank you
It turned out that in order to use scope games::prime, you need to contact amazon team to have them unblock that for you. This is not mentioned at all in the push integration documentation.
I have multitenant Web API application with Hangfire scheduler that calls a task which trying to connect to self endpoint through external server DNS name with tenant name in it. Doing it this way, because Hangfire doesn't have HttpContext to resolve on which tenant task must shoot. On my staging server or if I send this request from Postman it works nice, but on my local machine and on production server it raises the error from title.
The code looks like nothing special:
var url = $"{tenant.Url}/notifications/client/send-appointment-sms";
var jwtToken = await _authService.GetTokenByUsername("admin");
using var requestMessage = new HttpRequestMessage(HttpMethod.Get, url);
requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", jwtToken.AccessToken);
var response = await _httpClient.SendAsync(requestMessage);
Where tenant.Url is for example https://api.tenant1.example.com/api2 which is available from browser on production server where application is running.
If I understanding clearly, my application can not connect to itself for some reason.
I have tried common solutions like firewall settings or disable proxy, still nothing on this point. What can I check next?
UPD I must add that NodeJS server on production is able to call this service too, so I think issue is not in server but maybe more about ASP.NET configuration settings.
I am using firebase admin sdk to push mobile notifications(firebase cloud messaging). I have successfully set up it and it worked about year at google cloud kubernetes engine. Then it stopped to work. Here is stacktrace what I am receiving at backend:
com.google.firebase.messaging.FirebaseMessagingException: Unexpected HTTP response with status: 401; body: null
at com.google.firebase.messaging.FirebaseMessagingClientImpl.newException(FirebaseMessagingClientImpl.java:307) ~[firebase-admin-6.12.1.jar!/:na]
at com.google.firebase.messaging.FirebaseMessagingClientImpl.createExceptionFromResponse(FirebaseMessagingClientImpl.java:212) ~[firebase-admin-6.12.1.jar!/:na]
at com.google.firebase.messaging.FirebaseMessagingClientImpl.send(FirebaseMessagingClientImpl.java:128) ~[firebase-admin-6.12.1.jar!/:na]
at com.google.firebase.messaging.FirebaseMessaging$1.execute(FirebaseMessaging.java:139) ~[firebase-admin-6.12.1.jar!/:na]
at com.google.firebase.messaging.FirebaseMessaging$1.execute(FirebaseMessaging.java:136) ~[firebase-admin-6.12.1.jar!/:na]
at com.google.firebase.internal.CallableOperation.call(CallableOperation.java:36) ~[firebase-admin-6.12.1.jar!/:na]
at com.google.firebase.messaging.FirebaseMessaging.send(FirebaseMessaging.java:106) ~[firebase-admin-6.12.1.jar!/:na]
at com.google.firebase.messaging.FirebaseMessaging.send(FirebaseMessaging.java:90) ~[firebase-admin-6.12.1.jar!/:na]
Status code from FirebaseMessagingException is unknown-error. I am using gradle dependency com.google.firebase:firebase-admin:6.12.1.
My server code of FirebaseApp initialization(kotlin):
val credentials = GoogleCredentials
.fromStream(FileInputStream(firebaseAppCredentials))
.createScoped(Arrays.asList("https://www.googleapis.com/auth/firebase.messaging"))
val options = FirebaseOptions.builder()
.setCredentials(credentials)
.build()
val firebaseApp = FirebaseApp.initializeApp(options)
I have verified firebaseAppCredentials contains path to file with firebase service account.
Here is sending code(kotlin):
val message = Message.builder()
.setNotification(notification)
.setToken(registrationToken)
.build()
FirebaseMessaging.getInstance(firebaseApp).send(message)
Can you help to find out how it can be fixed?
I have implemented raw protocol(raw http requests) and it started to work. For some reasons Firebase Admin SDK java library haven't used auth token in http request. I suspect it is related to the fact that I have configured GOOGLE_APPLICATION_CREDENTIALS evn var to service account from gcloud project but firebase app was initialized with service account from firebase project. It is intentional, I am using multiple gcloud projects but for FCM only one project is used.
It looks like some bug/feature in com.google.firebase:firebase-admin:6.12.1 and it is reproduced only at cloud env.
I've got a .net core application running on the server and I would like to store my app data directly on Google Drive. I use regular Google account for it with Google Drive API enabled (it seems to be enabled) and service account with credentials stored in json file. Here's code to create Google Drive service in my application:
private DriveService CreateDriveServiceClient() => new DriveService(
new BaseClientService.Initializer()
{
HttpClientInitializer = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(this.config.ClientEmail)
{
Scopes = new string[]
{
DriveService.Scope.DriveAppdata,
},
}.FromPrivateKey(this.config.PrivateKey))
});
It uses scope https://www.googleapis.com/auth/drive.appdata, which leads to string drive.appdata
However I get the following error:
Insufficient Permission: Request had insufficient authentication scopes.] Location[ - ] Reason[insufficientPermissions] Domain[global]
when trying to acces at least client.Drives.List().Execute();
It seems to me that I need to add a role to access drive.appdata scope. But I can't find an appropriate role in Google console, neither I can't find this scope when creating a new role for service account
How can I add permissions to service account to use Google Drive?
According to the Google Drive API v3 documentation:
This request requires authorization with at least one of the following scopes:
https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/drive.readonly
Therefore, if you want to be able to use the Drive API properly, you should change the scope to one of those provided above.
You can also test the API on the Google Drive API v3 here.
Furthermore, I suggest you check these links for more information:
Google Drive API v3;
OAuth2.0 Playground.
I'm working on an ASP.NET Core project that will be deployed to AWS. Recently the client came back and requested to pull a few values from AWS SecretsManager. I'm using the permissions inherited from the IAM Role associated to the EC2 instance that the service is deployed to.
In production use this service will be hosted by the client themselves on their own AWS account.
When I deploy to my own test AWS account the process works just fine but when the client deploys to their own AWS account they are getting a 403 Forbidden response on the call to get the secret value. They have the secret and permissions policy set up like I do but still the 403 error.
AmazonSecretsManagerClient client = new AmazonSecretsManagerClient();
var secretRequest = new GetSecretValueRequest
{
SecretId = "MySecretName"
};
// FAILS HERE
GetSecretValueResponse secretResponse = await client.GetSecretValueAsync(secretRequest);
It is a HttpRequestException with a message of "Response status code does not indicate success: 403 (Forbidden)."
My question isn't really a coding issue since this does work on my test AWS account. This seems like it must be an environment issue with the client's AWS account.
My experience with AWS is very limited so I have no idea what would be causing this.
Is the customer trying to fetch the exact same secret you are using in your account? This would require using a custom CMK and adding a resource policy granting access as described in the AWS docs.