GCM 401 Unauthorized - Where to get the "right" Server Key? - google-cloud-messaging

I already tried so many solutions there to solve it.
Have a lot of unsolved questions here (on stackoverflow) finding for same solution.
When I call:
curl --header "Authorization: key=MY_KEY" --header "Content-Type: application/json" https://android.googleapis.com/gcm/send -d "{\"registration_ids\":[\"THE_ID\"]}"
I'm got:
<HTML>
<HEAD>
<TITLE>Unauthorized</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Unauthorized</H1>
<H2>Error 401</H2>
</BODY>
</HTML>
The problem is: every solution here on stackoverflow says "Use the server key, not the browser key". On the current console, when I create a server key, it showme some options and I'm not sure if it right.
Course, I already created some of then. It creates a json file to download, with some data on it... but I really don't know WHERE ARE the SERVER KEY.
What key should I use and where to get it exactly ?
The "create credential" option, where I choose the third one:
The two options to create a server key:

TL;DR:
To create a sender-id and server-key for GCM or FCM you can use the Firebase Console.
New projects should be created directly in Firebase Console, while existing Cloud Console projects can be imported using Import Google Project from the main page: http://console.firebase.google.com
Once you have a firebase project you can find the GCM / FCM credentials in
Project Setting > Cloud Messaging
More informations:
After importing a Google Project into Firebase the same project will be accessible from both the Cloud Console and the Firebase Console. What changes is that you also have access to the Firebase API.
While we strongly recommended to update the client SDK to Firebase Cloud Messaging, the credentials listed under Project Settings > Cloud Messaging can be used in GCM too.

I get this exception while sending pushnotification to Android devices. This issue got when the serverkey for android device has mismatched. i.e not present with the package. I solved this issue by giving correct serverkey for the package

Related

Anyone know how to fix the new OAuth2 error when trying to authenticate a PyDrive application?

I don't think this issue is specific to PyDrive, but rather Google OAuth. However, some of the solutions I've seen on stackoverflow don't seem to be transferable over to my PyDrive application, which is just a python script to upload files programmatically to a shared drive. It worked fine 2 months ago but I tried to rerun it today and it's not working. Here is the error I'm getting:
Authorisation Error
Error 400: invalid_request
You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure.
You can let the app developer know that this app doesn't comply with one or more Google validation rules.
Request Details
The content in this section has been provided by the app developer. This content has not been reviewed or verified by Google.
If you’re the app developer, make sure that these request details comply with Google policies.
redirect_uri: urn:ietf:wg:oauth:2.0:oob
I am using a web application OAuth 2.0 Client ID creds on GCP. All secrets are stored in a local client_secrets.json file.
I run my script, it sends a message to the console that says
Go to the following link in your browser:
https://accounts.google.com/o/oauth2/auth?client_id=blahblahblah.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive&access_type=offline&response_type=code
Enter verification code:
How it used to work: After I click the link above, it returns a code I paste into the console and then its authenticated. FYI: I plan on running this 24/7 on a remote server.
Now: I click the link above and get the error I posted above. I've tried to change the redirect uri to 127.0.0.1 and it does allow me to auth, then I get a code in my URL, but once I copy that and paste it into the console, I get more errors.
Anyone know the solution for this?

Wrong project in Google SDK

I want to build a TTS application and I am using the Google TTS engine. However, when trying the examples such as
curl -H "Authorization: Bearer "$(gcloud auth print-access-token) -H "Content-Type: application/json; charset=utf-8" --data "{
'input':{
'text':'I\'ve added the event to your calendar.'
},
'voice':{
'languageCode':'en-gb',
'name':'en-GB-Standard-A',
'ssmlGender':'FEMALE'
},
'audioConfig':{
'audioEncoding':'MP3'
}
}" "https://texttospeech.googleapis.com/v1/text:synthesize"
I get Error code 403 telling me that Cloud Text-to-Speech API has not been used in project 32555940559 before or it is disabled. Now the problem is that it mentions the project number 32555... but I want to use another project which has the TTS API switched on. Now you might suggest that I switch to the correct project, but I have done that -- when I type gcloud config list, it tells me that I am using the correct project (with project number different from the 32555...).
Where is the problem? Why is it trying to use a different project from the one that I am currently using?
You need to use "gcloud auth app-default print-access-token" (and use a dedicated service account as specified in the docs).
32555940559 is a CLOUDSDK_CLIENT_ID that comes with gcloud. And app-default has its own client_id as well. It's still now clear how Google API distinguishes between the two, unless it checks for hard-coded app-default client ID (from gcloud SDK).
It's also not clear how gcloud command line still manages to use speech API without a dedicated service account.
On a related note, since I had this same issue (API has not been used in project before or it is disabled "32555940559") in a Python virtual environment using gcloud SDKs (not curl).
Solved by running:
gcloud auth application-default login
(using gcloud auth login did not solve it).
For gcloud, the root cause might also be related to missing:
GOOGLE_CLOUD_PROJECT or GOOGLE_APPLICATION_CREDENTIALS environment variables.

Google FCM Request

I'm working on the Google FCM message service. I deploy my API with my server it's working fine. But when I do the same within Client Production Service it gives me 401 error.
I'm running Window Service and hitting Restful API. I validate each and everything within Google account also but not able to rectify the same.
I've recently the same problem. I implemented everything right with all parameters. Finally I found the solution. I used the API Key from Google developer console and not from firebase. So go to the following url: https://console.firebase.google.com/project/YOUR_PROJECT_ID/settings/cloudmessaging/
There you can see two API keys. Choose the longer top server key.
After I replaced the key in the header Authorization: key=YOUR_KEY, it finally works.

how do you access a jenkins api which uses Github OAuth using CURL

I have a jenkins server using the Github OAuth plugin and authorized in the "Authorized applications" section of github, it works fine from my browser, i can access to the jenkins server as long as i'm authenticated with github.
Is there a way to access to the jenkins server api using oauth credentials/token from CURL or a ruby client?
I've generated a token in https://github.com/settings/applications -> Personal access tokens -> Generate new token (there is no option to scope it to a third party application)
that token works fine to access github :
curl -H "Authorization: token cfbcff42e6a8a52a1076dd9fcxxxxxxxxxxxxxxx" https://api.github.com/user
however, that token is not valid for jenkins-server:
curl -H "Authorization: token cfbcff42e6a8a52a1076dd9fcxxxxxxxxxxxxxxx" https://jenkins-server/user/restebanez/api/json/\?pretty\=true
It generates this error:
<html><head><meta http-equiv='refresh' content='1;url=/securityRealm/commenceLogin?from=%2Fuser%2Frestebanez%2Fapi%2Fjson%2F%3Fpretty%3Dtrue'/><script>window.location.replace('/securityRealm/commenceLogin?from=%2Fuser%2Frestebanez%2Fapi%2Fjson%2F%3Fpretty%3Dtrue');</script></head><body style='background-color:white; color:white;'>
Authentication required
<!--
You are authenticated as: anonymous
Groups that you are in:
Permission you need to have (but didn't): hudson.model.Hudson.Read
... which is implied by: hudson.security.Permission.GenericRead
... which is implied by: hudson.model.Hudson.Administer
-->
</body></html>
```
the jenkins server has installed GitHub API Plugin 1.58 and Github Authentication plugin 0.19
I'm probably missing some fundamentals of oauth b/c i have googled this for a while and i haven't found anything
I'm not sure if you ever got to the bottom of this, but after trying several routes I finally got a scripted build using Github OAuth on Jenkins. The trick is that the API token is not one for GitHub but rather one from Jenkins.
For my setup I have a machine user on github, I logged in normally via the web with that user, then clicked on the username in the upper right corner. From there I clicked "Configure" on the left-hand menu, and finally "Show API Token" in the main content area.
Once I had that I could run:
curl --user <username>:<api_token> https://jenkins-server/user/<username>/api/json/?pretty=true
More information.
You should just use a Jenkins API token. This is configurable per user. See $JENKINS_URL/me
This will allow your scripted client to access Jenkins regardless of whatever authentication strategy is being used.
You should use "Basic" rather than "token"
For example:
curl -H "Authorization: Basic cfbcff42e6a8a52a1076dd9fcxx"
https://jenkins-server/user/restebanez/api/json
This worked for me (using getting commit statuses as an example):
url=https://api.github.com/repos/myowner/myrepo/commits/f40ddce88593482919761f74910f42f4b84c004b/statuses
curl -X GET -u :${GITHUB_TOKEN} ${url}

UpgradeableApp API keeps giving "Invalid OAuth consumer key"

Given the following ruby code:
consumer = OAuth::Consumer.new(consumer_key, consumer_secret, {
site: "https://www.googleapis.com"
})
resp = consumer.request(:put, "/appsmarket/v2/upgradableApp/#{listingId}/#{cwsId}/#{domain}")
puts resp.code+"\n"
puts resp.body
the UpgradeableApp API keeps giving "Invalid OAuth consumer key" error. The consumer key (in the format XXXXXXXXXXXX.apps.googleusercontent.com) was copied directly from the legacy marketplace listing as described in the docs.
I've:
verified the system time is correct and synchronized via ntp.
tried including xoauth_requestor_id
tried generating the request myself via curl (using this to generate the oauth signature)
tried enabling "Google Apps Marketplace API" under "Register for additional APIs" on the legacy marketplace listing
Is anybody else experiencing this? Thoughts on other things I can try?
UPDATE Sep 10 2014: I got confirmation from Google that this was an issue on their end for which a fix was applied. I've since been able to successfully use the ruby code above to do a migration.
I got confirmation from Google that this was an issue on their end for which a fix was applied. I've since been able to successfully use the ruby code above to do a migration.