401 error found while sending a message to gcm - google-cloud-messaging

I have facing some problems while sending a push notification to gcm server when the push notification function is executed
the following error found please help me
<HTML>
<HEAD>
<TITLE>Unauthorized</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Unauthorized</H1>
<H2>Error 401</H2>
</BODY>
</HTML>

An Unauthorized error means you have given wrong key(s) at registration. Make sure you have the correct ID when you call register(sender ID).
There are also other causes. For the list of other causes, refer here.

Related

Youtube oauth2 without web service - urn:ietf:wg:oauth:2.0:oob

So i created youtube api project on google cloud. I tested getting auth code via urn:ietf:wg:oauth:2.0:oob redirect-uri, i don t want to make webservice to auth my account. Everything is good because i am getting code in the browser but i have the problem with POSTing to the api this auth code. When i am trying to post authentication code via RestMan (sth like postman) it shows me that:
<html lang=en>
<meta charset=utf-8>
<meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
<title>Error 404 (Not Found)!!1</title>
<style nonce="CIsxxpEHaaEHNiQiddzf7Q">
*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}#media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}#media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}#media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}
</style>
<main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a>
<p><b>404.</b> <ins>That’s an error.</ins>
<p>The requested URL was not found on this server. <ins>That’s all we know.</ins>
</main>
My data in RestMan:
URL: https://accounts.google.com/o/oauth2/token/
Raw body: code=MYCODE&client_id=MYCLIENTID&client_secret=MYSECRET&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code
I think it can be problem with body in redirect_uri part. Can someone advice me what should i write there? Need i create webservice authorization with localhost?
EDIT:
Okay i just used youtube client library for java.
Example codes are really helpful and connection should be safe.
Link: https://developers.google.com/api-client-library/java/
a) You're likely using the wrong URL. Use the Google discovery doc: https://accounts.google.com/.well-known/openid-configuration to find the token endpoint:
...
"token_endpoint": "https://oauth2.googleapis.com/token",
...
b) Consider setting up localhost to get the authorization code and refresh token. See https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html.
Okay i just used youtube client library for java. Example codes are really helpful and connection should be safe. Link: https://developers.google.com/api-client-library/java/

problem with Google identity sign-in with redirect (server-side)

I've been trying to update Google sign-in button on my website from old javascript method to new identity library, it works fine when I use callback function but the redirect option (for server-side verification) doesn't send credentials in POST request:
<html>
<body>
<script src="https://accounts.google.com/gsi/client" async defer></script>
<div id="g_id_onload"
data-client_id="my client id"
data-ux_mode="redirect"
data-login_uri="http://localhost:3001/api/google-auth">
</div>
<div class="g_id_signin" data-type="standard"></div>
</body>
</html>
In POST request it sends 'g_csrf_token' cookie, but doesn't contain 'credential' or 'g_csrf_token' in request body or parameters as mentioned in the document here
https://developers.google.com/identity/gsi/web/reference/html-reference#server-side
I believe I've set OAuth 2.0 Client ID and Consent Screen correctly. Any help will be appreciated

Postman Bad Request - Request Too Long

I am using Asp.Net Core 3.1 API with Identity Server and I am using Postman as an API tester from long time and it is working perfect, but, after version update to 8.+.+ the Postman return me this error:
<HEAD>
<TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii">
</HEAD>
<BODY>
<h2>Bad Request - Request Too Long</h2>
<hr>
<p>HTTP Error 400. The size of the request headers is too long.</p>
</BODY>
I putted in header key (Content-Type) and the value (application/json) and authorization is in type of bearer token with empty body.
I followed many questions to solve this issue like the bellow mentioned:
bad request - request too long
https://github.com/IdentityServer/IdentityServer3/issues/1124
https://community.postman.com/t/400-bad-request/18252
How can I solve Postman (Bad Request - Request Too Long) issue?
After many research, it is very easy and simple way to delete the cookies from the Postman application as shown below:
Then delete the cookies as shown below:
Now try to apply the request, it should work, but, this is only temporary solution, I hope there is a full solution from Postman team or someone.

GCM 401 Unauthorized - Where to get the "right" Server Key?

I already tried so many solutions there to solve it.
Have a lot of unsolved questions here (on stackoverflow) finding for same solution.
When I call:
curl --header "Authorization: key=MY_KEY" --header "Content-Type: application/json" https://android.googleapis.com/gcm/send -d "{\"registration_ids\":[\"THE_ID\"]}"
I'm got:
<HTML>
<HEAD>
<TITLE>Unauthorized</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Unauthorized</H1>
<H2>Error 401</H2>
</BODY>
</HTML>
The problem is: every solution here on stackoverflow says "Use the server key, not the browser key". On the current console, when I create a server key, it showme some options and I'm not sure if it right.
Course, I already created some of then. It creates a json file to download, with some data on it... but I really don't know WHERE ARE the SERVER KEY.
What key should I use and where to get it exactly ?
The "create credential" option, where I choose the third one:
The two options to create a server key:
TL;DR:
To create a sender-id and server-key for GCM or FCM you can use the Firebase Console.
New projects should be created directly in Firebase Console, while existing Cloud Console projects can be imported using Import Google Project from the main page: http://console.firebase.google.com
Once you have a firebase project you can find the GCM / FCM credentials in
Project Setting > Cloud Messaging
More informations:
After importing a Google Project into Firebase the same project will be accessible from both the Cloud Console and the Firebase Console. What changes is that you also have access to the Firebase API.
While we strongly recommended to update the client SDK to Firebase Cloud Messaging, the credentials listed under Project Settings > Cloud Messaging can be used in GCM too.
I get this exception while sending pushnotification to Android devices. This issue got when the serverkey for android device has mismatched. i.e not present with the package. I solved this issue by giving correct serverkey for the package

Laravel X-CSRF-Token mismatch with POSTMAN

I try to talk to my REST API built with Laravel. But the call with POSTMAN is rejected due to a token mismatch. I guess I need to include the CSRF token in the header. But do I need the encrypted one? When I insert this token I still get the error that there is a token mismatch.
I retrieve my token by using:
$encrypter = app('Illuminate\Encryption\Encrypter');
$encrypted_token = $encrypter->encrypt(csrf_token());
return $encrypted_token;
but is this supposed to change on every refresh?
If you aren't using forms - for an API for example - you can follow the steps here https://gist.github.com/ethanstenis/3cc78c1d097680ac7ef0:
Essentially, add the following to your blade or twig header
<meta name="csrf-token" content="{{ csrf_token() }}">
Install Postman Interceptor if not already installed, and turn it on
Then, in your browser log into the site (you need to be authorised), and either inspect element or view source to retrieve the token
In Postman, set GET/POST etc as needed, and in your header create a new pair
X-CSRF-TOKEN tokenvaluetobeinserted235kwgeiOIulgsk
Some people recommend turning off the CSRF token when testing the API, but then you aren't really testing it are you.
If you do find you still have errors, check the response back using preview as Laravel tends to be fairly explicit with their error messages. If nothing is coming back, check your php_error.log (what ever it is called).
ps Oct 2018 - I now user Laravel Passport for handling API registration, logins and user tokens - worth a look!
Go to app/Http/Middleware/VerifyCsrfToken.php and add this values
protected $except = [
'/api/*'
];
Yes it changes every refresh. You should be putting it in the view and when you post it needs to be sent as the value of the "_token" POST var.
If you are just using a standard POST just add this to the form:
<input type="hidden" name="_token" value="<?php echo csrf_token(); ?>">
If you are using AJAX make sure you grab the value of _token and pass it with the request.
REF: http://laravel.com/docs/5.1/routing#csrf-protection
Use Postman
Make a GET request to any page that has
<meta name="csrf-token" content="{{ csrf_token() }}">
Copy the value from the response.
Add a header field to your POST request:
"X-CSRF-TOKEN: "copied_token_in_previous_get_response"
I had this error while using a baseURL variable in my Postman environment. Turns out I was calling the site's URL without /api at the end. Sounds silly, but just to eliminate user error make sure you check that your request URL is based on:
✅ https://<your-site-url>/api
Not:
❌ https://<your-site-url>
If you are making REST API use api.php for writing routes, not web.php, according to Laravel documentation web.php is for writing routes for the website that's why you see csrf-token error while using it like API, So for API we have the api.php file which will not give you a csrf-token error.
I just had the same issue and this answer finally helped me solving it: https://stackoverflow.com/a/67435592/11854580
Apparently the CSRF token needs to be updated on every POST request. (Not on every GET request somehow.) You can solve this with a pre-request-script in Postman as explained in this tutorial: https://blog.codecourse.com/laravel-sanctum-airlock-with-postman/
Adding /api to the url should solve this for most people just testing out their APIs... Eg. https://www.yoursite.com/api/register