We Keep Coding

PKCE flow Error code: 500 code challenge required

I'm trying to get the PKCE example to work, but I keep hitting
Error code: 500
Error: invalid_request : code challenge required
Here's a sample url, it does include a code_challenge param generated with the example code.
https://login.xero.com/identity/connect/authorize
?client_id=XXX
&response_type=code
&scope=openid%20profile%20email%20offline_access%20files%20accounting.transactions%20accounting.contacts&redirect_uri=https%3A%2F%2Flocalhost%3A5001%2F
&code_challenge=tj6n3SLd6FZ8g6jjSJYvfC--4r2PHGnpbSGTwIreNqQ
&code_challenge_method=S256
The registered app is a PKCE flow, kind of out of options what it could be.
Here's the code I use, the only changes are the last 2 lines where I launch the browser a I'm connecting from a desktop app. Tried pasting the generated url into the browser directly but that also didn't work.
XeroConfiguration xconfig = new XeroConfiguration();
xconfig.ClientId = "XXX";
xconfig.CallbackUri = new Uri("https://localhost:5001"); //default for standard webapi template
xconfig.Scope = "openid profile email offline_access files accounting.transactions accounting.contacts";
//xconfig.State = "YOUR_STATE"
var client = new XeroClient(xconfig);
// generate a random codeVerifier
var validChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz-._~";
Random random = new Random();
int charsLength = random.Next(43, 128);
char[] randomChars = new char[charsLength];
for (int i = 0; i < charsLength; i++) {
randomChars[i] = validChars[random.Next(0, validChars.Length)];
}
string codeVerifier = new String(randomChars);
var uri = client.BuildLoginUriPkce(codeVerifier);
Clipboard.SetText(uri);
System.Diagnostics.Process.Start("explorer.exe", $"\"{uri}\"");

How I can mark a eMail with Userlabel (not the complete Thread)

I have created this script:
function myFunctionNew() {
var threads = GmailApp.search('in:inbox subject:"xxxxxxxxxxxxxx" ');
GmailApp.markThreadsUnread(threads);
for (var i = 0; i < threads.length; i++) {
var mid = threads[i].getId();
GmailApp.getMessageById(mid).markRead();
GmailApp.getMessageById(mid).star();
// ---> so I mark the complete Thread: GmailApp.getUserLabelByName("1").addToThread(threads[i]);
// Here I want to sign only the one eMail with a User label (e.g. Customer)
//
// ---> GmailApp.moveThreadToArchive(threads[i]);
// Here I want to move only the one eMail to the archive
GmailApp.getMessageById(id).forward("xxxxxxxxxx#yyyyyy.com");
}
}
but how I can add a label and move only one eMail which ID I have?
Thanks

Your request can be accomplished with the Gmail API
The Gmail API offers you more options than GmailApp, among others labelling individual messages instead of the whole thread
The Gmail API can be used in Apps Script as Advanced Gmail Service
All you need to do for it is to enable the service by going on Resources > Advanced Google services.... in your Apps Script editor
The specific method you need to add a user label to a single message is Gmail.Users.Messages.modify(resource, userId, id) with the resource {"addLabelIds": [labelId]}
It is important to use for your requests that concern only one message instead of the whole thread the message id, which is different from the thread id.
If you do not know your message id, you need to specify how to find it (e.g. specify the snipept of interest as a search criteria).
It is also important to know that you need to specify the labelId instead of labelName, which for user labels opposed from standard labels are distinct.
If you do not know the label id, you need to loop through all labels by their name until you find the correct one
Below is a sample code showing how to add a label and perform other operations on single messages with a combination of GmailApp and Gmail API
function myFunctionNew() {
var labels = Gmail.Users.Labels.list("me").labels;
for (var a = 0; a < labels.length; a++) {
if(labels[a].name == "Customer"){
var labelId = labels[a].id;
break;
}
}
var threads = GmailApp.search('in:Inbox subject:"xxxxxxxxxxxxxx" ');
for (var i = 0; i < threads.length; i++) {
var mid = threads[i].getId();
//retrieve the thread with Gmail API to obtain the ids of the thread messages correctly
var thread = Gmail.Users.Threads.get("me", mid);
// retrieve all messages and their id for each thread
var messages = thread.messages;
for (var j = 0; j < messages.length; j++) {
var message = messages[j];
//retrieve the message id
var messageId = message.id;
//perform the desired actions with the message id
GmailApp.getMessageById(messageId).markRead();
GmailApp.getMessageById(messageId).star();
//now, you need to chose which messages you want to label, for example selectt by snippet:
var snippet = message.snippet;
if (snippet == "Paste here the snippet"){
var myId = messageId;
//only the messages with the specified snippet will be labelled and forwarded instead of the whole thread:
Gmail.Users.Messages.modify({"addLabelIds": [labelId]}, "me", myId);
GmailApp.getMessageById(myId).forward("xxxxxxxxxx#yyyyyy.com");
}
}
}
}

Crunchbase Data API v3.1 to Google Sheets

I'm trying to pull data from the Crunchbase Open Data Map to a Google Spreadsheet. I'm following Ben Collins's script but it no longer works since the upgrade from v3 to v3.1. Anyone had any luck modifying the script for success?
var USER_KEY = 'insert your API key in here';
// function to retrive organizations data
function getCrunchbaseOrgs() {
var ss = SpreadsheetApp.getActiveSpreadsheet();
var sheet = ss.getSheetByName('Organizations');
var query = sheet.getRange(3,2).getValue();
// URL and params for the Crunchbase API
var url = 'https://api.crunchbase.com/v/3/odm-organizations?query=' + encodeURI(query) + '&user_key=' + USER_KEY;
var json = getCrunchbaseData(url,query);
if (json[0] === "Error:") {
// deal with error with fetch operation
sheet.getRange(5,1,sheet.getLastRow(),2).clearContent();
sheet.getRange(6,1,1,2).setValues([json]);
}
else {
if (json[0] !== 200) {
// deal with error from api
sheet.getRange(5,1,sheet.getLastRow(),2).clearContent();
sheet.getRange(6,1,1,2).setValues([["Error, server returned code:",json[0]]]);
}
else {
// correct data comes back, filter down to match the name of the entity
var data = json[1].data.items.filter(function(item) {
return item.properties.name == query;
})[0].properties;
// parse into array for Google Sheet
var outputData = [
["Name",data.name],
["Homepage",data.homepage_url],
["Type",data.primary_role],
["Short description",data.short_description],
["Country",data.country_code],
["Region",data.region_name],
["City name",data.city_name],
["Blog url",data.blog_url],
["Facebook",data.facebook_url],
["Linkedin",data.linkedin_url],
["Twitter",data.twitter_url],
["Crunchbase URL","https://www.crunchbase.com/" + data.web_path]
];
// clear any old data
sheet.getRange(5,1,sheet.getLastRow(),2).clearContent();
// insert new data
sheet.getRange(6,1,12,2).setValues(outputData);
// add image with formula and format that row
sheet.getRange(5,2).setFormula('=image("' + data.profile_image_url + '",4,50,50)').setHorizontalAlignment("center");
sheet.setRowHeight(5,60);
}
}
}
This code no longer pulls data as expected.

I couldn't confirm about the error messages when you ran the script. So I would like to show about the clear difference point. It seems that the endpoint was changed from https://api.crunchbase.com/v/3/ to https://api.crunchbase.com/v3.1/. So how about this modification?
From :
var url = 'https://api.crunchbase.com/v/3/odm-organizations?query=' + encodeURI(query) + '&user_key=' + USER_KEY;
To :
var url = 'https://api.crunchbase.com/v3.1/odm-organizations?query=' + encodeURI(query) + '&user_key=' + USER_KEY;
Note :
From your script, I couldn't also find query. So if the script doesn't work even when you modified the endpoint, please confirm about it. You can see the detail of API v3 Compared to API v3.1 is here.
References :
API v3 Compared to API v3.1
Using the API
If this was not useful for you, I'm sorry.

Google API for getting maximum number of licenses in a Google Apps domain

I have a Google Apps Script function used for setting up accounts for new employees in our Google Apps domain.
The first thing it does is makes calls to the Google Admin Settings API and retrieves the currentNumberOfUsers and maximumNumberOfUsers, so it can see if there are available seats (otherwise a subsequent step where the user is created using the Admin SDK Directory API would fail).
It's been working fine until recently when our domain had to migrate from Postini to Google Vault for email archiving.
Before the migration, when creating a Google Apps user using the Admin SDK Directory API, it would increment the currentNumberOfUsers by 1 and the new user account user would automatically have access to all Google Apps services.
Now after the migration, when creating a Google Apps user, they aren't automatically assigned a "license," so I modified my script to use the Enterprise License Manager API and now it assigns a "Google-Apps-For-Business" license. That works fine.
However, the currentNumberOfUsers is now different from the number of assigned licenses, and "Google-Apps-For-Business" is only one of several different types of licenses available.
I can get the current number of assigned "Google-Apps-For-Business" licenses by running this:
var currentXml = AdminLicenseManager.LicenseAssignments.listForProductAndSku('Google-Apps', 'Google-Apps-For-Business', 'domain.com', {maxResults: 1000});
var current = currentXml.items.toString().match(/\/sku\/Google-Apps-For-Business\/user\//g).length;
But the number that produces is different from currentNumberOfUsers.
All I really need to do now is get the maximum number of owned "Google-Apps-For-Business" licenses so the new employee setup script can determine whether there are any available.
I checked the API Reference documentation for the following APIs but...
Enterprise License Manager API → Doesn't have a method for getting the maximum or available number of licenses.
Google Admin Settings API → Doesn't deal with licenses, only "users."
Admin SDK Directory API User resource → Doesn't deal with licenses.
Google Apps Reseller API → This API seems to have what I need, but it's only for Reseller accounts.
I know I can program my new employee setup script to just have a try/catch seeing if it would be able to create the user and assign the license, and end the script execution gracefully if it can't, but that doesn't seem efficient.
Also, part of the old script was that if there were less than X seats available, it would email me a heads-up to order more. I can program a loop that attempts to repeatedly create dummy users and assign them licenses and count the number of times it can do that before it fails, then delete all the dummy users, but, once again, that's not efficient at all.
Any ideas?
Update 3/11/2020: Since the Admin Settings API had shut down a few years ago I've been using the Enterprise License Manager API to get the current number of used licenses, like this:
function getCurrentNumberOfUsedGoogleLicenses(skuId) {
var success = false, error = null, count = 0;
var adminEmail = 'admin#domain.com';
var gSuiteDomain = adminEmail.split('#')[1];
// for more information on the domain-wide delegation:
// https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
// the getDomainWideDelegationService() function uses this:
// https://github.com/gsuitedevs/apps-script-oauth2
var service = getDomainWideDelegationService('EnterpriseLicenseManager: ', 'https://www.googleapis.com/auth/apps.licensing', adminEmail);
if (skuId == 'Google-Apps-Unlimited') var productId = 'Google-Apps';
else return { success: success, error: "Unsupported skuId", count: count };
var requestBody = {};
requestBody.headers = {'Authorization': 'Bearer ' + service.getAccessToken()};
requestBody.method = "GET";
requestBody.muteHttpExceptions = false;
var data, pageToken, pageTokenString;
var maxAttempts = 5;
var currentAttempts = 0;
var pauseBetweenAttemptsSeconds = 3;
loopThroughPages:
do {
if (typeof pageToken === 'undefined') pageTokenString = "";
else pageTokenString = "&pageToken=" + encodeURIComponent(pageToken);
var url = 'https://www.googleapis.com/apps/licensing/v1/product/' + productId + '/sku/' + skuId + '/users?maxResults=1000&customerId=' + gSuiteDomain + pageTokenString;
try {
currentAttempts++;
var response = UrlFetchApp.fetch(url, requestBody);
var result = JSON.parse(response.getContentText());
if (result.items) {
var licenseAssignments = result.items;
var licenseAssignmentsString = '';
for (var i = 0; i < licenseAssignments.length; i++) {
licenseAssignmentsString += JSON.stringify(licenseAssignments[i]);
}
if (skuId == 'Google-Apps-Unlimited') count += licenseAssignmentsString.match(/\/sku\/Google-Apps-Unlimited\/user\//g).length;
currentAttempts = 0; // reset currentAttempts before the next page
}
} catch(e) {
error = "Error: " + e.message;
if (currentAttempts >= maxAttempts) {
error = 'Exceeded ' + maxAttempts + ' attempts to get license count: ' + error;
break loopThroughPages;
}
} // end of try catch
if (result) pageToken = result.nextPageToken;
} while (pageToken);
if (!error) success = true;
return { success: success, error: error, count: count };
}
However, there still does not appear to be a way to get the maximum number available to the domain using this API.

Use CustomerUsageReports.
jay0lee is kind enough to provide the GAM source code in Python. I crudely modified the doGetCustomerInfo() function into Apps Script thusly:
function getNumberOfLicenses() {
var tryDate = new Date();
var dateString = tryDate.getFullYear().toString() + "-" + (tryDate.getMonth() + 1).toString() + "-" + tryDate.getDate().toString();
while (true) {
try {
var response = AdminReports.CustomerUsageReports.get(dateString,{parameters : "accounts:gsuite_basic_total_licenses,accounts:gsuite_basic_used_licenses"});
break;
} catch(e) {
//Logger.log(e.warnings.toString());
tryDate.setDate(tryDate.getDate()-1);
dateString = tryDate.getFullYear().toString() + "-" + (tryDate.getMonth() + 1).toString() + "-" + tryDate.getDate().toString();
continue;
}
};
var availLicenseCount = response.usageReports[0].parameters[0].intValue;
var usedLicenseCount = response.usageReports[0].parameters[1].intValue;
Logger.log("Available licenses:" + availLicenseCount.toString());
Logger.log("Used licenses:" + usedLicenseCount.toString());
return availLicenseCount;
}

I would recommend exploring GAM which is a tool that gives command line access to the administration functions of your domain.

Adding roles to users in team area in RTC

I need to add users ( users are already present in repository. I only need to add them.) and roles from a CSV file to team areas. Project area and Team Area already exists.I could successfully add users but not the roles from csv file.
The CSV file format is :
Project name,Team Area name,Members,roles
Project1,User_Role_TA,Alex,Team Member
Project2,TA2,David,Scrum Master
Below is the code for it. It successfully add the users and currently add roles to them from project area but I need to add roles to the users from CSV file. In the below code, If I can get roles from csv file in the line "IRole[] availableRoles = clientProcess.getRoles(area, null);" , I think it should resolve the issue. I am not getting any error but it doesn't add the roles.
while((row = CSVFileReader.readLine()) != null )
{
rowNumber++;
st = new StringTokenizer(row,",");
while (st.hasMoreTokens()) {
projectAreaList.add(st.nextToken());
teamAreaList.add(st.nextToken());
membersList.add(st.nextToken());
roleList.add(st.nextToken());
}
}
for (int i=1; i<rowNumber; i++)
{
projectAreaName = projectAreaList.get(i);
teamAreaName = teamAreaList.get(i);
members = membersList.get(i);
member_roles =roleList.get(i);
URI uri = URI.create(projectAreaName.replaceAll(" ", "%20"));
IProjectArea projectArea = (IProjectArea) processClient.findProcessArea(uri, null, null);
if (projectArea == null)
{
System.out.println("Project Area not found");
}
if (!teamAreaName.equals("NULL")){
List <TeamAreaHandle> teamlist = projectArea.getTeamAreas();
ITeamAreaHandle newTAHandle = findTeamAreaByName(teamlist,teamAreaName,monitor);
if(newTAHandle == null) {
System.out.println("Team Area not found");
}
else {
ITeamArea TA = (ITeamArea)teamRepository.itemManager().fetchCompleteItem(newTAHandle,ItemManager.DEFAULT,monitor);
IRole role = getRole(projectArea);
IContributor user = teamRepository.contributorManager().fetchContributorByUserId(members,monitor);
/*role1 = getRole(area).getId();
if(role1.equalsIgnoreCase(member_roles))
{
user_role = getRole(area);
}*/
IProcessAreaWorkingCopy areaWc = (IProcessAreaWorkingCopy)service.getWorkingCopyManager().createPrivateWorkingCopy(TA);
areaWc.getTeam().addContributorsSettingRoleCast(
new IContributor[] {user},
new IRole[] {role});
areaWc.save(monitor);
}
public static IRole getRole(IProcessArea area) throws TeamRepositoryException {
ITeamRepository repo = (ITeamRepository) area.getOrigin();
IProcessItemService service =(IProcessItemService) repo
.getClientLibrary(IProcessItemService.class);
IClientProcess clientProcess = service.getClientProcess(area, null);
IRole[] availableRoles = clientProcess.getRoles(area, null);
for (int i = 0; i < availableRoles.length; i++) {
return availableRoles[i];
}
throw new IllegalArgumentException("Couldn't find role");
}

Some of the API you are trying to use are private in RTC3.x
See this thread for different options (a bit similar to your code):
ProjectAreaWorkingCopy workingCopy = (ProjectAreaWorkingCopy)manager.getWorkingCopy(project);
this class extends to ProcessAreaWorkingCopy
public class ProjectAreaWorkingCopy extends ProcessAreaWorkingCopy implements IProjectAreaWorkingCopy
In ProcessAreaWorkingCopy setRoleCast retrieves the team and sets the role.
One can set the role at the team level via
team.setRoleCast(contributor, roleCast);
# or
projWc.getTeam().addContributorsSettingRoleCast(new IContributor[] {contributor}, roles);
The OP Kaushambi Suyal reports:
Created a method as mentioned in the thread with few changes and it worked.
Also we need to pass the process area here and not the project area, because I am trying to add roles to users in team area and not project area.