I'm trying to build chat application on Android and I've stuck on a very first step. I can't create ChatClient. According to documentation I should call some method like this:
ChatClient.create(context.getApplicationContext(), token, props, myCallback);
Unfortunately I'm receiving error: "Invalid access token grants", you can check this link for error details.
I've verified what's inside my jwt access token and it seems that everything is OK with grants. I've used https://jwt.io/ debugger to test it and could see the following payload(I've dashed my credentials to show only structure):
{ "iss": "SK####################",
"exp": 1516198358,
"jti": "SK#####################",
"sub": "######################",
"grants": {
"identity": "test.user#mail.com",
"chat": {
"service_sid": "###################",
"endpoint_id": "###################"
}
}
}
I've checked all the values and they seem to be OK, I've also tried to copy this token and pass it to my web(JS) project and was able to sign in without any issues which proves that token itself should be OK.
Any help appreciated, thanks
So the solution was to use correct region setting, because tokens in one region are incompatible with services from another.
Error messages on the service side are being refined to better reflect this case.
please do not use "endpoint_id" in the grants, it has been deprecated and may be throwing off some service validation logic.
If you continue getting this error please contact support.twilio.com and provide adb logs and the token itself (do not paste it here publicly). Also see https://github.com/twilio/twilio-chat-demo-android/blob/master/REPORT_BUGS.md
Related
I am trying to implement SafetyNet in my app. I also, don't have a server, and I am using Firebase Firestore and Firebase Functions.
My knowledge about Firebase Functions is very limited. And I was wondering if I could somehow use the functions to help me with the SafetyNet attestation. As I see, I should be producing a nonce on the cloud, send this nonce to the app, use it to attest, and send it back to the cloud to verify the integrity correct?
But I can't seem to find anywhere on how to do this. Can anyone point me in the right direction?
YES
Sorry for the excitement there, but this is possible since a few weeks ago through a new feature called Firebase App Check.
With App Check, you always end up with a two-step process:
Use an attestation provider (such as SafetyNet) in your application, so that information about the app is attached to each request it makes to Firebase.
Then at some point in time, when enough of your app requests have this information attached, check for the app information in Cloud Functions, or enable the check in one of the other supported services.
If you check the documentation on enabling App Check enforcement for Cloud Functions, you'll see that it mostly boils down to this check in the code:
exports.yourCallableFunction = functions.https.onCall((data, context) => {
// context.app will be undefined if the request doesn't include a valid
// App Check token.
if (context.app == undefined) {
throw new functions.https.HttpsError(
'failed-precondition',
'The function must be called from an App Check verified app.')
}
// Your function logic follows.
});
I found at https://developers.google.com/instance-id/reference/server#get_information_about_app_instances the following example GET request:
https://iid.googleapis.com/iid/info/nKctODamlM4:CKrh_PC8kIb7O...clJONHoA?details=trueAuthorization:key=AIzaSyZ-1u...0GBYzPu7Udno5aA
The key in that example is: AIzaSyZ-1u...0GBYzPu7Udno5aA. Where can I find my key, the one that I should use in my GET request? I am trying to find it at https://console.developers.google.com/apis/credentials, and this is what I see:
I tried using all of the four keys that you see in the image above, and I always receive this message from the browser:
{"error":"MissingAuthorization"}
Does this error refer to the key being wrong, or to something else? Am I looking in the right place for the key? Thank you.
EDIT 1: I was looking at the question at How to check how many topics has been subscribed?, and I also tried using the keys that I found in my Firebase Console, under the "Cloud Messaing" tab. This is what I see:
I tried the GET request using those keys in the image above as well and I still see the same error: {"error":"MissingAuthorization"}.
EDIT 2: I am using this from the command line:
C:\curl>curl -k https://iid.googleapis.com/iid/info/nKctODamlM4:CKrh_PC8kIb7O...clJONHoA?details=trueAuthorization:key=AIzaSyZ-1u...0GBYzPu7Udno5aA
{"error":"MissingAuthorization"}
C:\curl>
Notice how I simply copied/pasted what I found at https://developers.google.com/instance-id/reference/server#get_information_about_app_instances under the "Example GET request" heading. I am not even attempting to use my own keys and I see the same error: {"error":"MissingAuthorization"}. Does it mean the problem is with the key I am using? Is not it the one I see in the Firebase Console?
Based on the instructions at https://developers.google.com/instance-id/reference/server, under the heading "Get information about app instances", it shows that it is necessary to provide the Authorization: key=YOUR_API_KEY, which is set in the header. See at https://android.jlelse.eu/firebase-push-notification-using-curl-command-devoid-backend-e63795d282c4 an example of how to provide a parameter in the header.
Concerning the Authorization: key=YOUR_API_KEY that has to be used, it is the key that appears in the "EDIT 1" section of this question. I used the Server key, not the Legacy server key, and it worked for me.
https://developers.google.com/instance-id/reference/server shows this end point: https://iid.googleapis.com/iid/info/IID_TOKEN. But IID_TOKEN must be replaced with the instance ID token which corresponds to the instance of the app that was installed on a device. In my case, I found it by printing the instance ID or token of the device, using the following code in the first activity of my Android app:
Log.d("The token of device: ", FirebaseInstanceId.getInstance().getToken());
In the log of the Android monitor, I found the IID_TOKEN that I needed:
D/The token of device:: f35EFw4bsef:QWE34bFm56ZuQLWYSDDgPlkf4a88Lu6Gp4DoXVDJ5dRIlsdDncq0UdNnlDi7wxbbut6YX7Z1kwgyS3bzk_Zrl-1doHCf9XFdOXTThNzo4sDFEWqQjHKfNa3uH2Js4Flbf_CnRkD2Mftr
Finally, I used cURL from the command prompt, and you can see how I obtained results correctly:
C:\curl>curl -X GET -k --header "Authorization: key=AAAAJ5XteYp:DKE32aIdFalyFXku6A-eR_wHL6ZBUFxfyPtcrm3wwF2l-nPEv_vAeYqo3NJzaIKKcSSow6gqoAwf3cBEm8QWYbF6w-asW0SX0RmHZftQglwmo_ziwrk8wFcGp1_DOQ1PLFFgP4BFWXAD" "https://iid.googleapis.com/iid/info/f35EFw4bsef:QWE34bFm56ZuQLWYSDDgPlkf4a88Lu6Gp4DoXVDJ5dRIlsdDncq0UdNnlDi7wxbbut6YX7Z1kwgyS3bzk_Zrl-1doHCf9XFdOXTThNzo4sDFEWqQjHKfNa3uH2Js4Flbf_CnRkD2Mftr
{"applicationVersion":"22","attestStatus":"NOT_ROOTED","application":"com.[myapp]","scope":"*","authorizedEntity":"232255245625","appSigner":"3d34g3fs3443292d825f21da4fdd5b34a56f2a3h","platform":"ANDROID"}
C:\curl>
Note: In the code above I have changed the values of things such as tokens and keys for privacy purposes, but you need to use your values and everything should work.
I am trying to get the access token for Baidu Push Notification. I've done everything according to their SDK documentation and I am able to send push notifications from their console. I went through their documentation and I am using this line of code to start the service.
PushManager.startWork(getApplicationContext(), PushConstants.LOGIN_TYPE_API_KEY, Utils.getMetaValue(SplashActivity.this, "api_key"));
there is another method that uses
PushManager.startWork(getApplicationContext(), PushConstants.LOGIN_TYPE_ACCESS_TOKEN, Utils.getMetaValue(SplashActivity.this, "api_key"));
but I can't seem to get it to work or get the access token, probably due to a mistake in the code I am using. Could anyone guide me? I am able to get things like userId, channelId and requestId when I use the first method though, would one of these be the access token instead?
When I use the second method I get a "30603 Illegal construction request, server-side validation failed" error.
All of the guides are in Mandarin and Google Translate could only go so far. Help would be much appreciated.
You can find your resultCode like this.
your resultCode
code error list
I try to use Google oauth to authenticate users on my android app.
Then I would like to send it to my app server so it can connect at any time with Google calendar.
I tried to use
GoogleAuthUtil.getToken(getApplicationContext(), mAccountName, mScope);
Following this article:
https://developers.google.com/accounts/docs/CrossClientAuth
When I use it with scope
mScope = "oauth2:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";
I get a token, which is valid for an hour
But when I try to get an authorization code (so I can get a refresh token that is valid for longer time, using
mScope2 ="oauth2:server:client_id:{CLIENT_ID}.apps.googleusercontent.com"+ ":api_scope:https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile";
I receive either "invalid_scope" or "Unknown" exceptions.
What am I doing wrong?
EDIT:
OK, After creating a new app on google API console and adding plus.login to the scope I get a code, but for some reason my server can't resolve this token. When tying to resolve server gets an error about the redirection URL.
BTW, When I do the web flow with same parameters it works.
OK, found the solution, I expected Google to have a lot better documentation about working with Google Oauth and Android. A few things you have to know to work with Android and offline token
When you create google Client ID Don't create a service application before you create a web application
Must include https://www.googleapis.com/auth/plus.login in your scope
The weirdest, to resolve the one time authorization code on my server, I had to use the redirection URL from the Android client ID details (which doesn't even look like a url) and not from the Web client details on Google API console.
That scope string is only documented to work when passed to GoogleAuthUtil(), see http://developer.android.com/reference/com/google/android/gms/auth/GoogleAuthUtil.html, on Android. But it would be cool if it worked on iOS too; our infrastructure there is a little behind where we’re at on Android.
I have had the same issue then i realised that my app is not published and is in debug mode, so i had to add test users to the Google project -> Consent Screen, then i was able to fetch the token for the added test user.
You just need to follow the correct steps/format for specifying the scopes. Find them here https://developers.google.com/android/guides/http-auth#SpecifyingScopes
The title pretty much sums it up, i am trying to test my Open Graph Actions in the Graph API Explorer but when i POST to /me/mynamespace:myaction, i get this error (Using the access token the Graph API Explorer generated for me, i asked for publish_actions only)
{
"error": {
"message": "(#15) This method must be called with an app access_token.",
"type": "OAuthException",
"code": 15
}
}
Ive done my homework and searched about it, to find a proper access-token to solve this problem goes by the APPID|APP_SECRET format but using that i get
{
"error": {
"message": "An active access token must be used to query information about the current user.",
"type": "OAuthException",
"code": 2500
}
}
Any ideas on how to solve this?
To give out more context the graph actions were created for an android facebook app.
You can't post to /me without a user access token from a user who's logged into your app, 'me' is a placeholder for 'current user'.
It sounds like two things have happened here:
You've configured the Open Graph action to require the App Access Token to post (which is a configuration option on the action
When you came across that error, you tried to use the App Access Token but didnt' change /me/mynamespace:myaction to /<USER ID>/mynamespace:myaction
Some notes:
Never put the app access token into your client code; it can be used to modify app settings. If you really need actions to only be postable via the app access token, you'll need to implement a server-side component to your app which makes the requests with the app access token
You probably need to change the open graph action settings for your action so it can be posted with a user access token
Your method of sending APP_ID|SECRET as an app access token is wrong. To get an app access token, you need to request it via this endpoint:
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID
&client_secret=YOUR_APP_SECRET&grant_type=client_credentials
See here for more details