Since last Feb 20th, while trying to access the Google Drive through Google Picker, i am getting the following error:
"Invalid credentials (missing or invalid oAuth token)"
The application feature has been working since the beggining, and now it has stopped working.
Anyone can enlight me on this matter?
Thanks,
They now require OAuth tokens for everyone requesting Views that deal with user data.
Check this announcement, it contains the details and it helped in my case.
Related
I just had a query regarding a 401 Unauthorized error I seem to have run into while developing a script to pull reports from the Google Alert Center API. I am using the quickstart with a service account and the applicable scope. I have also followed the guide and the credentials.json for the requisite service account seems to be correct as well.
This service account has already been granted Domain Wide Delegation and permission to access the SCOPES. I have also configured the service account to be trusted in the API controls dashboard.
Here is the complete error message.
Just to be extra sure, I have also added permission for a user 'admin#xxxx.com' to use the service account as a resource.
Specifications:
Windows 10, Java 16, Eclipse IDE, Maven 3.6.3
Could anyone help me figure out what is wrong ?
I'm getting this error
com.microsoft.aad.msal4j.MsalInteractionRequiredException:
AADSTS70000: The request was denied because one or more scopes requested are unauthorized or expired. The user must first sign in and grant the client application access to the requested scope.
Trace ID: add5eedb-86d5-41bc-bad3-129298e3ca00
Correlation ID: 1d2ab508-8ec6-49d7-abaa-d1b8feaedda8
I register app in Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox) azure account
API permission:
Delegated:
Calendars.Read
Calendars.ReadWrite
offline_access
openid
profile
User.Read
User.Read.All
email
Mail.Read
Application:
Calendars.Read
Calendars.ReadWrite
I give the required permission and scope (Expose an API) in azure portal still I'm getting this error. I tried to solve this error for more then a days I don't understand What am I doing wrong?
It was not asked calendar's permission when user login.
I have used msal4j version 1.6.1 dependency
How can I solve this error?
I have solved this problem by adding Calendars.ReadWrite scope in AuthorizationRequestUrlParameters
In the below string updatedScopes I had passed null so it's consider default scope of Microsoft and not asked calendar permission.
String updatedScopes = scope == null ? "Calendars.ReadWrite" : scope;
PublicClientApplication pca = PublicClientApplication.builder(clientId).authority(authority).build();
AuthorizationRequestUrlParameters parameters = AuthorizationRequestUrlParameters
.builder(redirectURL,Collections.singleton(updatedScopes))
.responseMode(ResponseMode.QUERY)
.prompt(Prompt.SELECT_ACCOUNT).state(state).nonce(nonce)
.claimsChallenge(claims).build();
I'm just trying to make a simple app, but I can't even get past authenticating the user. I am using the Google OAuth Client Library for Java.
These are the current steps I am taking:
Start local web server to listen for the loopback response after the OAuth authentication.
Generate the auth URL:
String url = new AuthorizationCodeRequestUrl(AUTH_URL, CLIENT_ID)
.setScopes(scopes) // Contains https://www.googleapis.com/auth/drive.readonly
.setRedirectUri(LOCALHOST + r.getPort()) // Port of local web server
.build();
Use URL to authenticate account.
Google returns auth code.
Exchange auth code for access token.
TokenResponse token = new AuthorizationCodeTokenRequest(...)
.setRedirectUri("http://localhost") // <--
.setClientAuthentication(getClientAuth()) // ClientParametersAuthentication object
.execute();
This is where my problem occurs. No matter what value I put in for redirect_uri, I always get {"error":"redirect_uri_mismatch","error_description":"Bad Request"} in return.
Searching Google for the error, every single result says that it's because the redirect_uri I sent is not registered in the API console.
When I download the credentials json file, the redirect_uris section contains "urn:ietf:wg:oauth:2.0:oob","http://localhost", but it's all the same error no matter what I put in.
I went to the Credentials section of the project to fix it, but since this is an installed application, creating credentials for the project gives me no option to set any redirect uris. The only way to get access to changing redirect_uris are to create the credentials for "Web application," but this isn't a web application and I don't have a domain it can redirect to.
So I'm stuck, redirect_uri options are not available to me and no value that I use works, I honestly don't know what else to try. What steps can I take to fix this?
It turns out that the same redirect_uri must be used for the auth code and access token even if it's not going to be used for retrieving the access token.
I have SiteA storing user information(name, office, department etc.).
The back end has exposed REST WS that give the information to the front end. The site uses Google OAuth2 authentication - Users log in via Google account. With OAuth2 we let google handle the login(without asking for username and password). Google generates an authorization code that is used with the client_id and client_secret to generate an token for the user.
I have SiteB. I am creating a job that is going to be executed once a day.
I need it to login programmatically to SiteA so I can get a security token that I can use in requests to the REST WS API provided by SiteA and fetch the needed information.
I was unable to find a similar question online. Everything usually ends up to the user opening a browser and navigating to an approaval URL.
Something similar is Google Drive API - OAuth2.0: How to Automate Authentication Process? Doubts and Questions, but it is about connecting to Google Drive without login.
I am starting to doubt that it is possible. Have anyone figured out how to implement this way of communication between systems?
The only option that I could thing of is connecting to SiteA DB and extracting records manually, but that would duplicate the login in SiteA and SiteB.
What I was asking is not possible in the time of writing the question.
What we did to solve the issue is to extend the life of the token for the account that is used to login to SiteA and set it it in the header of the request from SiteB:
connection.setRequestProperty("Authorization", token);
We changed the lifespan of the token from the database and since this are internal systems the long life of the token is not a problem.
Another option is to follow How to get offline token and refresh token and auto-refresh access to Google API and generate an offline token, but the idea is still the same.
Hope this helps someone.
I'm using the Dropbox API in my Java desktop application. I implemented the authorization process with the redirect to localhost to get the access token.
Everything works perfect so far but if I later try to connect to Dropbox to share some files, an exception is thrown:
com.dropbox.core.DbxException$BadRequest: {"error": "v1_retired"}
So I think the retrieved access token is only an OAuth1 token. In the API bundle I found a OAuth1Upgrader to convert the token. But that seems a bit too complex.
So my question: Is there a way to get an OAuth2 token immediately during the authorization process?
Dropbox deprecated their v1 API on Sept 28th (see this post). All API calls from that day forward to v1 endpoints return a 400 error with the message:
{“error”: “v1_retired”}
as happened here.
They published a migration guide here. Reading through it, there's a mapping between the v1 endpoint you're probably using and the v2 endpoint you should be able to use to get the OAuth2 token:
/1/oauth2/authorize:/oauth2/authorize