I want to create contacts with outlook in my application.Firstly, I get into this url below
https://login.live.com/oauth20_authorize.srf?client_id='.$client_id.'&scope=wl.signin%20wl.basic%20wl.emails%20wl.contacts_emails%20wl.contacts_create&response_type=code&redirect_uri='.$redirect_uri
I hope this is an old way to get the token,so I am
https://login.microsoftonline.com/daa825ce-e4fb-40d2-b2e6-3a2f25e62b7c/oauth2/token?client_id='.$client_id.'&scope=wl.signin%20wl.basic%20wl.emails%20wl.contacts_emails%20wl.contacts_create&response_type=code&redirect_uri='.$redirect_uri
So I get this error below.
http://prntscr.com/p4mb2c
To create contacts, you should call
POST https://graph.microsoft.com/v1.0/me/contacts
Content-type: application/json
{
"givenName": "Pavel",
"surname": "Bansky",
"emailAddresses": [
{
"address": "pavelb#fabrikam.onmicrosoft.com",
"name": "Pavel Bansky"
}
],
"businessPhones": [
"+1 732 555 0102"
]
}
You can follow this document to get the access token. Remember to grant your application Contacts.ReadWrite permission.
The scope in steps2&step3 should be https://graph.microsoft.com/Contacts.ReadWrite
Update:
To use personal account, you need to set the supported account type like below
And the authorize endpoint should use common, not the specified tenant.
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id=562855f4-f3dd-40bb-b829-515ccb96ff3f
&response_type=code
&redirect_uri=http://localhost
&response_mode=fragment
&scope=https://graph.microsoft.com/Contacts.ReadWrite
&state=12345
Also the token endpoint.
https://login.microsoftonline.com/common/oauth2/v2.0/token
Related
I have a frustrating issue with the Google Cloud Translate API.
I set up correctly the restriction of the key to some domains including *.example.com/ * (without blank space at the end)
I launch the script on the URL https://www.example.com/translate and i have the following message :
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "API_KEY_HTTP_REFERRER_BLOCKED",
"domain": "googleapis.com",
When i remove the restriction, everything works, but i need the restriction to avoid misuse/abuse.
Furthemore, i use this same API Key for others Google App API (Maps, Auth, etc) and it works perfectly from this domain...
So weird.
Do you have any ideas or any ways to investigate better this issue ?
How i can know the referrer Google sees ? (or any external service)
Thanks a lot !!
Edit :
PHP code :
require_once(APPPATH . "libraries/GoogleTranslate/vendor/autoload.php");
require_once(APPPATH . "libraries/GoogleTranslate/vendor/google/cloud-translate/src/V2/TranslateClient.php");
$translate = new TranslateClient([
'key' => 'xXXXx'
]);
// Translate text from english to french.
$result = $translate->translate('Hello world!', [
'target' => 'fr'
]);
echo $result['text'];
Full error message :
Type: Google\Cloud\Core\Exception\ServiceException
Message: {
"error": { "code": 403, "message": "Requests from referer
\u003cempty\u003e are blocked.",
"errors": [ { "message": "Requests from referer \u003cempty\u003e are blocked.", "domain": "global", "reason": "forbidden" } ],
"status": "PERMISSION_DENIED",
"details": [ { "#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "API_KEY_HTTP_REFERRER_BLOCKED",
"domain": "googleapis.com",
"metadata": { "service": "translate.googleapis.com", "consumer": "projects/XXXXX" } } ] } }
Filename: htdocs/application/libraries/GoogleTranslate/vendor/google/cloud-core/src/RequestWrapper.php
Line Number: 368
I will leave here my insights discussed on the Public Issue Tracker.
The HTTP restriction is working as intended, but the referer is always empty because this is not set by default. However, it can be added manually, so instead of doing:
-$translate = new TranslateClient([
'key' => 'XXX'
]);
You need to specify the referrer:
-$translate = new TranslateClient([
'key' => '[API_KEY]',
'restOptions' => [
'headers' => [
'referer' => '*.[URL].com/*'
]
]
]);
You have to take into account that this type of requests can be sent from whatever computer (if you have the key) since you’re not restricting the domain where the request is made, only checking who is the referrer (and you can set it manually). Moreover, API clients that run on a web browser expose their API keys publicly; that’s why I recommend you to use service accounts instead. For more information: adding application restrictions.
Regarding the HTTP referer, this is basically a header field that, basically, the web browsers put to let the web page know where the user is coming from. For example, if you click the above link (HTTP referer) your referer field will be this page.
In summary, since you can put whatever referer in the header of a request, this is pretty similar to not having any type of restrictions. Indeed, it’s recommended to use service accounts. To solve this issue easily, add the referer manually in the headers as exposed in the code above.
I read the comments and you seem to be doing everything ok. I would recommend you to try:
This error message can appear because you set API restrictions in the API key, is this the case? Maybe you’re restricting this specific API.
If you aren’t setting any API restrictions, is it possible to try adding an IP instead of the domain just for testing purposes?
I had same issue with google translate but not with maps.
So maps works with referrer restriction, but translate does not.
The only solution I found, with a restriction in force, is setting up an IP restriction instead of the HTTP referrers (web sites).
I'm not sure if this is an inconsistency of YouTube's Data API or just a bad naming of a YouTube error.
There's a public channel on YouTube without any content:
https://www.youtube.com/channel/UCvAHk_1_TMmq6SW0XA9BcgA.
If I query Channels:list (query) with this channel ID UCvAHk_1_TMmq6SW0XA9BcgA, I get the following response:
{
"items": [
{
"id": "UCvAHk_1_TMmq6SW0XA9BcgA",
"snippet": {
"title": "level10store0"
},
"status": {
"privacyStatus": "public",
"isLinked": true,
"longUploadsStatus": "longUploadsUnspecified"
}
}
]
}
If I query for all playlists of this channel via Playlists:list (query) I get this response:
{
"kind": "youtube#playlistListResponse",
"etag": "iziRvpOe3rkNWHlySTxLgAk4dJI",
"pageInfo": {
"totalResults": 0,
"resultsPerPage": 5
},
"items": []
}
But using YouTube's PHP client with Playlist:list you'll get a response error with following information:
domain=youtube.playlist, reason=channelNotFound, location=channelId,
locationType=parameter
Why does YouTube's PHP client give a channelNotFound error instead of an empty response like YouTube's data explorer does?
Update 1:
YouTube's data API delivered a channel on the OAuth handshake initialized by the user itself. My application asked for an offline access token for further requests. If I use this access token I experience the above mentioned behaviour. I think the token is valid as I use the identical process for many other users. If the token would not be valid I would have got an error message like global.authError or youtube.header.youtubeSignupRequired.
My code looks like this (which works for many other users):
$youtubeClient->playlists->listPlaylists(
'snippet,contentDetails',
array(
'maxResults' => 50,
'channelId' => $channelId,
'pageToken' => $nextPlaylistPageToken,
'fields' => 'etag,items(id,etag,snippet(publishedAt,channelId,thumbnails/default,title),contentDetails(itemCount)),nextPageToken'
)
);
Remember that YouTube is channel based and not user based. When the user logs in they pick which channel to access. When the user consented access to your application on PHP they did not pick the correct channel so there for do not have access to the data on that channel.
Log the user out and consent access again this time picking the correct channel.
In a project I am provided with API endpoints from a Firebase DB.
To retrieve data I authenticate a user with email and password (https://firebase.google.com/docs/reference/rest/auth/#section-sign-in-email-password) and then sign every API call with the token. (These users are set up in Firebase DB)
Now one of the API endpoints returns Firebase Storage objects like this:
"fileReferences": [
{
"id": "",
"name": "images\/-s0m31D\/picture.jpg",
"mediaLink": "https:\/\/www.googleapis.com\/download\/storage\/v1\/b\/BUCKET.appspot.com\/o\/images%2F-s0m31D%2Fpicture.jpg?generation=1537959346600572&alt=media",
"selfLink": "https:\/\/www.googleapis.com\/storage\/v1\/b\/BUCKET.appspot.com\/o\/images%2F-s0m31D%2Fpicture.jpg",
"updated": 1537959346,
"size": 7759448
}
],
when I try to access fileReferences.0.mediaLink, I get an auth error.
If I send my token along with the request to mediaLink I have no luck either (https://cloud.google.com/storage/docs/downloading-objects#download-object-json)
I tried to use the Google API PHP client https://github.com/googleapis/google-api-php-client, but had no idea how I setup the new Google_Client() (I already have my auth token and I expected it to work somehow)
$client = new \Google_Client();
$client->setAccessToken(['access_token' => $token]);
How can I access the media files with my existing auth token? (or do I need a different one?)
To handle the files, I would like to use https://github.com/googleapis/google-api-php-client how can I make that work? Any hint is appreciated
Edit: I got some results in debugging the JavaScript SDK
"All" the SDK does is creating the following URL Schema
printf('https://firebasestorage.googleapis.com/v0/b/bucket.appspot.com/o/%s', urlencode('projects/-id/logo.png'));
//http[s]://firebasestorage.googleapis.com/<api-version>/b/<bucket>/o/<object-path>
You have to sign the call to https://firebasestorage.googleapis.com/v0/b/bucket.appspot.com/o/projects%2F-id%2Flogo.png with your Auth Bearer token header![1]
This returns meta data like this:
{
"name": "projects/-id/logo.png",
"bucket": "bucket.appspot.com",
"generation": "1537960188874518",
"metageneration": "1",
"contentType": "image/png",
"timeCreated": "2018-09-26T11:09:48.874Z",
"updated": "2018-09-26T11:09:48.874Z",
"storageClass": "STANDARD",
"size": "40437",
"md5Hash": "MxkOU+6feyYtdEAgKbDgp5A==",
"contentEncoding": "identity",
"contentDisposition": "inline; filename*=utf-8''logo.png",
"crc32c": "o89Y9dQ==",
"etag": "CJae8pXE2N0CEAE=",
"downloadTokens": "32c339ff9-7e4a-42a2-890a-428f8f45d378"
}
To publicly share your image, add ?alt=media&token=32c339ff9-7e4a-42a2-890a-428f8f45d378
https://firebasestorage.googleapis.com/v0/b/bucket.appspot.com/o/projects%2F-id%2Flogo.png?alt=media&token=32c339ff9-7e4a-42a2-890a-428f8f45d378
You don't need the token, if you send the Auth Header!
I couldn't find any mention of firebase or how to deal with my authentication in https://github.com/googleapis/google-api-php-client, so I have no idea if this would have helped me. But I got down to the basics...
Hope this helps somebody and any clearification is greatly appreciated.
QUESTION for me to better understand this all:
What are mediaLink and selfLink pointing to?
[1] if the access to storage is public you don't need to sign it.
I used Microsoft Graph API PHP SDK to add user in my Azure Active Directory B2C. I managed to create users with a userPrincipalName like name#mytenantid.onmicrosoft.com.
I wasn't able to add users with a GMail address such as john.doe#gmail.com.
I tried to add the signInNames collection but I got the following response:
Fatal error: Uncaught GuzzleHttp\Exception\ClientException: Client error:
POST https://graph.microsoft.com/v1.0/users resulted in a 400 Bad Request
response:
{ "error": {
"code": "Request_BadRequest",
"message": "Invalid property 'signInNames'.",
"innerError": (truncated...)
Here is my JSON request body :
{
"accountEnabled": true,
"displayName": "John Doe",
"userPrincipalName": "john#doe.fr",
"creationType": "LocalAccount",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "P#!ssWor?D"
},
"signInNames": [
{
"type": "emailAddress",
"value": "john#doe.fr"
}
]
}
You're confusing Microsoft Graph API with the Azure AD Graph API. These are two different APIs. While they share a lot of functionality, calls to these APIs are not interchangeable.
The User object in Microsoft Graph API doesn't support a signInNames property. This is why it is returning that error.
Local account users are not supported by Microsoft Graph API at the moment.
In case if someone will still have the same problem, in MS Graph Api you can use "identities" instead of "signInNames" and your JSON will look like
{
"accountEnabled":true,
"displayName":"John Doe",
"userPrincipalName":"john#doe.fr",
"creationType":"LocalAccount",
"passwordProfile":{
"forceChangePasswordNextSignIn":true,
"password":"P#!ssWor?D"
},
"identities":[
{
"signInType":"emailAddress",
"issuer":"<your tenant domain name>",
"issuerAssignedId":"john#doe.fr"
}
]
}
i just need some help with Twitters' API
I used the sign in with twitter flow to get the tokens needed to make calls to the API, there weren't any problems with the implementation, and so far I have got both oauth_token and oauth_token_secret so I think I have what I need to use the API.
The problem is about the last method which the documentation said about verif credentials, I am supposed to use that GET method to get a json with information about the user which has just logged into twitter by my app, however, Twitter docu doesn't mention anything about what parameters I need to pass or what headers, just the url.
I used php curl to make the calls to the API, do you know what parameters I need to pass to the API to finally get the json?
Here you have the link to the API docu:
https://dev.twitter.com/rest/reference/get/account/verify_credentials
Thanks in advance.
No params, just the 'Authorization' header.
Use the "OAuth Signature Generator" on the link you included to generate a test request and confirm yourself.
You just need to properly sign the request. This provides the context including the user, since it implicitly includes details about your request, the client secret, the user token etc.
$ oksocial https://api.twitter.com/1.1/account/verify_credentials.json
{
"id": 999999,
"id_str": "999999",
"name": "Bobby Bonson",
"screen_name": "xxxx",
"location": "CA",
"description": "...",
"url": null,
"entities": {
"description": {
"urls": []
}
},
"protected": false,
"followers_count": 699,
"friends_count": 631,
"listed_count": 34,