I'm using google REST Api to retrieve list of spreadsheets.
Everything works when it is accessed by my account.
But when I try to use foreign account, I'm getting this error:
com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden {
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "The caller does not have permission",
"reason" : "forbidden"
} ],
"message" : "The caller does not have permission",
"status" : "PERMISSION_DENIED"
}
It says I have no access to my google script, but the script is set as visible and shared for anyone.
Code:
private Object getDataFromApi(ExecutionRequest request)
throws IOException
{
if (BuildConfig.DEBUG) {
request.setDevMode(true); // it will take saved version of script and not the published one
}
// Make the request.
Operation op =
mService.scripts().run(SCRIPT_ID, request).execute();
Change the SCOPE from SheetsScopes.SPREADSHEETS_READONLY to SheetsScopes.SPREADSHEETS.
private static final List SCOPES = Arrays.asList(SheetsScopes.SPREADSHEETS);
I found the problem was in code:
if (BuildConfig.DEBUG) {
request.setDevMode(true); // it will take saved version of script and not the published one
}
It looks like it alway force to access saved version and not the published. Then the foreign account had no access to saved version and returns error 403.
When I disable this dev mode or install release version, then everything is ok.
Related
I am new to YouTube APIs. I have done create and fetch live events on YouTube. But I'm trying to start live events from my app I'm getting this error:
com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
POST https://www.googleapis.com/youtube/v3/liveBroadcasts/transition?broadcastStatus=live&id=m0BCwKmG9Ws&key=AIzaSyCRiIM7Tdb_rqFcGSbQ0jXy0GeODCNSq4g&part=status
{
"code": 403,
"errors": [
{
"domain": "youtube.liveBroadcast",
"message": "Stream is inactive",
"reason": "errorStreamInactive",
"extendedHelp": "https://developers.google.com/youtube/v3/live/docs/liveBroadcasts/transition"
}
],
"message": "Stream is inactive"
}
Code for go-live
fun startEvent(youtube: YouTube, broadcastId: String?) {
val transitionRequest = youtube.liveBroadcasts().transition(
"live", broadcastId, "status"
)
transitionRequest.key = context.getString(R.string.api_key)
transitionRequest.execute()
}
I also tried this but still getting the same issue.
I don't know what's wrong with it?
As per the official specification of the LiveBroadcasts.transition API endpoint:
Before calling this method, you should confirm that the value of the status.streamStatus property for the stream bound to your broadcast is active.
The error specification reads as follows:
forbidden (403) errorStreamInactive
The requested transition is not allowed when the stream that is bound to the broadcast is inactive.
Hence, unequivocally, your live stream that's bound to your live broadcast must be active prior to invoking LiveBroadcasts.transition.
This error will be resolved by enabling autostart while creating a live event
val contentDetails = LiveBroadcastContentDetails()
contentDetails.set("enableAutoStart", true)
i am trying to add a login with google to my android app. i installed nativescript-google-login ant did everything as i should and i redirected to the login window of google. but after i insert my details instead of getting the token and the info of the user i get this:
{
"provider": "google",
"code": 1
}
my google init looks like that:
google.GoogleLogin.init({
google: {
initialize: true,
serverClientId: "<client id of a web client for oauth 2.0>",
clientId: "<cient id for android>",
isRequestAuthCode: true
},
activity: application.android.foregroundActivity
})
what am i missing?
Android Firebase Google signin through authorization error when google return token id. i have both cleint id as well as web sdk key saved on firebase. Even json file.
AuthCredential credential = GoogleAuthProvider.getCredential(acct.getIdToken(), null);
mAuth.signInWithCredential(credential)
.addOnCompleteListener(this, new OnCompleteListener<AuthResult>() {
#Override
public void onComplete(#NonNull Task<AuthResult> task) {
Log.d(TAG, "signInWithCredential:onComplete:" + task.isSuccessful());
// If sign in fails, display a message to the user. If sign in succeeds
// the auth state listener will be notified and logic to handle the
// signed in user can be handled in the listener.
if (!task.isSuccessful()) {
Log.w(TAG, "signInWithCredential", task.getException());
Toast.makeText(OnBoarding.this, "Authentication failed.",
Toast.LENGTH_SHORT).show();
}
// ...
}
});
Got this error
com.google.firebase.FirebaseException: An internal error has occured. [ Bad Request ]
at com.google.android.gms.internal.zzacq.zzbN(Unknown Source)
at com.google.android.gms.internal.zzacn$zzg.zza(Unknown Source)
at com.google.android.gms.internal.zzacy.zzbO(Unknown Source)
at com.google.android.gms.internal.zzacy$zza.onFailure(Unknown Source)
at com.google.android.gms.internal.zzact$zza.onTransact(Unknown Source)
at android.os.Binder.execTransact(Binder.java:565)
Though google signIn went well there is something missing with firebase which m not able to figure out need help
Logs
"error": {
"errors": [{
"domain": "usageLimits",
"reason": "keyExpired",
"message": "Bad Request"
}],
"code": 400,
"message": "Bad Request"
}
}
In the firebase console (Overview) Under Your mobile apps click the overflow button (three vertical dots) and goto Manage.
Once there goto your app and download the google-services.json
Add that to the root directory of your app and also to the /app folder.
This worked for me to fix this exact error. I assume I changed something at some point and needed a new one.
Hopefully this helps. Goodluck
Some reason to get [ Bad Request ].
Error Conditions:
The Firebase REST API will return error codes under these circumstances.
1) 404 Not Found : A request made over HTTP instead of HTTPS
2) 400 Bad Request : Unable to parse PUT or POST data
3) 400 Bad Request : Missing PUT or POST data
4) 400 Bad Request : Attempting to PUT or POST data which is too large
5) 417 Expectation Failed : A REST API call that doesn't specify a Firebase name
6) 400 Bad Request : A REST API call that contains invalid child names as part of the path
7) 403 Forbidden : A request that violates your Security and Firebase Rules
Check which type of parameter or other things are missing in request as per above option.
I hope its helps you.
I refered google play android api to check the purchase and consumption status of an in-app item.
For some orders, I can get right result,but some return the error as below:
error: {
errors: [
{
domain: "global",
reason: "purchaseTokenNotFound",
message: "The purchase token was not found.",
locationType: "parameter",
location: "token"
}
],
code: 404,
message: "The purchase token was not found."
}
Purchase token is provided by google, does it can be faked?
I found if I cancel the google order, then check the purchase status,it will return the purchase token was not found. if not, i will get the right purchase status.
Hope somebody can help.
If you are selling the same INAPP product to the same user muliple times within a short period, then it's very likely that all access tokens except the last purchase will return a 404 code.
For example:
john#example.com went to your app and purchased com.example.test.product a few times, you will probaly notice within your records (or Google Wallet Merchant account) that it's the same user buying the product.
When you go to check the last purchase from this user, then the following is likely to appear
{
kind: "androidpublisher#inappPurchase",
purchaseTime: "1409823171827",
purchaseState: "0",
consumptionState: "1",
developerPayload: "My Product | Ref | 1409823162466"
}
and yet if you were to check his previous tokens, then it's very likely that his purchases will return 404!
I had read somewhere (can't remember where) that the purchase token created for each purchase is basically based on the inapp product and google user. Therefore, it's very likely that each purchase will "destroy" any previous purchase token created for the same user.
Hope this explanation helps. I am constantly having this problem everyday when my server is attempting to connect to the Google API and check the transactions. Perhaps one day somebody will read this and provide a solution :)
The documents are misleading. You don't need to use this API to verify purchases.
Mobile app have INAPP_PURCHASE_DATA and INAPP_DATA_SIGNATURE from getBuyIntent method.
You can verify the purchase with the signature and your public key.
https://developer.android.com/google/play/billing/billing_reference.html#getBuyIntent
You can find the public key on Google Play Developer Console -> YOUR_APP -> service and API
package main
import (
"crypto"
"crypto/rsa"
"crypto/sha1"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"fmt"
)
//replace const below with your own.
const (
pubKeyPEM=`-----BEGIN PUBLIC KEY-----
Some thing like this
-----END PUBLIC KEY-----`
data = `purchase data from getBuyIntent API`
sign = `purchase data signature from getBuyIntent API`
)
func Panic(err error) {
if err != nil {
panic(err)
}
}
func main() {
PEMBlock, _ := pem.Decode([]byte(pubKeyPEM))
if PEMBlock == nil {
Panic(fmt.Errorf("Could not parse Public Key PEM"))
}
if PEMBlock.Type != "PUBLIC KEY" {
Panic(fmt.Errorf("Found wrong key type"))
}
pubkey, err := x509.ParsePKIXPublicKey(PEMBlock.Bytes)
if err != nil {
Panic(err)
}
// compute the sha1
h := sha1.New()
h.Write([]byte(data))
// decode b64 signature
signature, err := base64.StdEncoding.DecodeString(sign)
Panic(err)
// Verify
err = rsa.VerifyPKCS1v15(pubkey.(*rsa.PublicKey), crypto.SHA1, h.Sum(nil), signature)
Panic(err)
// It verified!
fmt.Println("OK")
}
I have use the code from this topic : Unable to get the subscription information from Google Play Android Developer API
I can get the refresh token from the uri
https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/androidpublisher&response_type=code&access_type=offline&redirect_uri=REDIRECT_URI&client_id=CLIENT_ID
I call getRefreshToken(token from URI) and the anwser is :
{
"access_token" : "ya29.1.AADtN_XSr_9GwIybDh0fT5kt487DGYEed2sTzugp_MDOLEJAiMOTY3o17HwnvA7BIgP6",
"token_type" : "Bearer",
"expires_in" : 3407
}
With this acces token I can get information about my google android developper account.
The problem is the access token expires after 1 hour and I can't regenerate it.
I try to call getAccessToken(token from uri) and the anwser is :
{
"error" : "invalid_grant"
}
I use this code on a google app engine server in JAVA.
If someone recode thus methode with com.google.api.client.auth.oauth2 can be awesome.
Default first response when you get the refresh token is:
{
"access_token" : "****",
"token_type" : "Bearer",
"expires_in" : 3600,
"refresh_token" : "****"
}
Every next response returns:
{
"access_token" : "****",
"token_type" : "Bearer",
"expires_in" : 3600,
}
You need delete oAuth from google account or use "approval_prompt=force" in request for force take refresh token.