Migration token from AuthSub to OAuth2 - google-oauth

Recently, AuthSub died...?
Is it possible to migration from session_token of Authsub to refresh_token of OAuth2 ?
Please tell me how to do it if possible.

Its still supported, but is failing for us as well (and others if search twitter for it). I'm wondering if Google is experience a technical issue with AuthSub or if they made a change (e.g. patch/release) earlier this week that is causing the issues?
We see it working for some Google accounts and fail for others - starting on Dec 10/11. So, its not impacting every Google account.
We are currently not capturing the outgoing requests to google. We are using the library gdata-calendar-1.0.jar to make google calendar api calls using AuthSub and the library is throwing an exception with the exception message "Unknown authorization header". This worked perfectly up until Dec 10/11th or so for all of our users.
What is strange is now the same calls do work for certain gmail accounts but not for others.
In our testing we are seeing that turning off the enhanced security in our web application results in the warning displayed to the user on the Google Authorization page but makes the connection work for the accounts that are failing.
Here are the api calls we are making:
AuthSubUtil.exchangeForSessionToken to connect to the google account
CalendarService.query to get events
CalendarService.insert to insert events in calendar
CalendarService.getFeed to get the calendars

AuthSub is still supported by Google as per Google's deprecation policy.
As for a migration path to OAuth2, currently there is none.

Related

Google plus API depreciation

I am using https://github.com/agoragames/nginx-google-oauth for auth on my website. I received an email from Google saying that the plus.me scope of the Google Plus API is being deprecated. I don't see that referenced in the code. I am not sure about Libraries it may be using.
Can someone confirm this is going to continue working after the shutdown?
Looking at this line in the code, it is making its call directly to Google's OAuth endpoint, and then later making a call to Google's userinfo v2 endpoint. In neither place does it use a plus scope nor a plus API (although its claim that it's asking for "ALL" scopes looks wrong).
The Google+ API and Scope shutdown does not appear to be a problem in your case.
Today (7th March, 19) Google+ API shut down completely, I had issue in rails application with authentication and I solved it by replacing OpenIdConnect endpoint, as mentioned here

Coschedule / LinkedIn API

A client is using Coschedule to push updates to LinkedIn via their employees' profiles. They noticed recently that Coschedule is giving error messages when they try to push updates to employee pages. The Coschedule technical team did some digging and determined it's an issue with LinkedIn's API, which they believe may have been updated recently (?).
Errors started occurring a couple weeks ago, the app was previously running fine.
They are hoping for more information on LinkedIn's API / how to resolve this as soon as possible as it's generating multiple error message and error emails per employee per day.
Thanks!
Tia
The outage we saw a few weeks ago was due to LinkedIn depricating the version of OAuth we used to connect LinkedIn profiles/company pages to Calendars. We've since switched to OAuth2, and if your client or your team is still having issues and seeing authentication errors when trying to send out messages, we recommend doing a hard reset of those LinkedIn profiles: https://help.coschedule.com/hc/en-us/articles/216529237-Hard-Reauthentication-for-Social-Profiles-When-Auth-Token-Keeps-Failing#LinkedIn
Best practice is to use an incognito browser window as well.
If you're still getting stuck, reach out to our support channel (support#coschedule.com)and we would be happy to take a closer look!

LinkedIN Encounter error: Your application has not been authorized for the scope "r_basicprofile"

I was able to connect to the LinkedIn API for about two months and everything was correct. Was wondering if there has been any change to the API lately to block my app like so?
The app was in development stage and mostly 5 hits a day against their API.
It's not you, it's LinkedIn. See others complaining about the same issue: https://twitter.com/search?q=linkedin%20oauth

OAuth2 Troubles with PicasaWeb API

I have spent the last couple of nights bashing my head against the wall amongst a see of conflicting out of date documentation and semi-helpful blog posts that were/are appropriate to what I am trying to do.
Essentially I want to write a wee personal app do download my images from PicasaWeb/Google+ and store them on my local hard disk.
I have managed to do the following:
Figured out the GData API for the appropriate request to get private album data (works fine in my 'google-logged-in' chrome browser)
Got the correct private data back from my GData URL with the token generated by the OAuth playground.
Managed to get an OAuth2 token back from https://www.googleapis.com/oauth2/v3/token using JWT.
However - when I try my access token I generate myself I get back a forbidden response with the message 'Not authorized to view access private'.
I am pretty stumped - my only guess is that my service account configured in google developers console doesn't actually have access to my personal google stuff like google+ photos. When I look in there I can see the OAuth playground has access. How do I give my app access - and do I need to in this scenario?
Thanks in advance,
Robert
"my only guess is that my service account configured in google developers console doesn't actually have access to my personal google stuff".
Totally correct.
I guess I see 2-3 questions per month on SO where people have made the false assumption that a Service Account is some kind of proxy to their Google Account. It isn't. It's a completely new and independent account.
The two approaches you can take are:-
Share the items to the Service Account so it has permission to access them.
Give your app direct access to your Picassa account. See How do I authorise an app (web or installed) without user intervention? (canonical ?) for the steps involved.

Google PHP API - (403) Access Not Configured

Im using the Google PHP API Client http://code.google.com/p/google-api-php-client/ to retrieve data from the google API.
Logging in thru OAuth2 and fetch user information works like a charm, but when I'm attempting to access the goole analytics api i get this 403 code error every time. Hundreds of users with the same problem forgot to activate the Google Analytics API in the service settings, or simply provided incorrect credentials (client_id & client_secret). I've tried to enable/disable the Google Analytics multiple times, and logging in/out from my google accounts, but no result.
Anyone that has any pointers for me?
(Remember, the OAuth procedure works, since I'm getting both an access_token and refresh_token)
I'm using the simple.php example in the class examples folder...
I'm working on Drive myself and understand the issue. I've been having some troubles understanding Google and their PHP api somewhat. I've finally got it to work with some clarification of examples found around the internet.
Your problem sounds like you didn't set your scope to Google analytics but, please be clear in the steps you've taken as well as the code you've tried using.
The error could be as simple as forgetting this line in your oAuth callback file:
$client->addScope(Google_Service_Analytics::ANALYTICS);
To something complex as understanding if you need a full paid account to access information from Google about your Analytics (not included as free like Google+ and Google drive).