I'd like to validate my in-app purchases.
I'm using this receipt validator which by looking at the source code is calling https://www.googleapis.com/androidpublisher/v3/applications/<appId>/purchases/products/<productId>/tokens/<token>, here's my code basically copied from the readme
$googleClient = new Google_Client();
$googleClient->setScopes([Google_Service_AndroidPublisher::ANDROIDPUBLISHER]);
$googleClient->setApplicationName('my project name');
$googleClient->setAuthConfig('files/googleauthconfig.json');
$validator = new Validator(new Google_Service_AndroidPublisher($googleClient));
try {
$response = $validator->setPackageName('my.app.id')
->setProductId('my.product.id')
->setPurchaseToken('token i got from my app when purchasing')
->validatePurchase();
} catch (Exception $e) {
var_dump($e->getMessage());
exit;
}
var_dump($response);
exit;
I've hardcoded a lot of stuff because I'm just trying to get it to work at this point. googleauthconfig.json is the JSON file dev console gave me for my service account which contains a bunch of IDs for the account as well as a private key. I went in my play console and made my service account an administrator and then waited about 24 hours as suggested in other questions for the same problem. I've configured my products, which are consumable and active and I successfully purchase them through my signed release app with the test credit card.
The error I keep getting is
The current user has insufficient permissions to perform the requested operation.
The current user has insufficient permissions to perform the requested operation.
Means exactly that the user you are authenticating with does not have the permissions to do what you are trying to do. You are using a service account. A service account is not you. Service accounts are preauthorized.
Go over to google pay probably the admin section take the Service account email address and grant it permissions to access the data. You probably do this like you would any other user.
As mentioned in the comment it can take time normally under an hour for a service account to kick in. After you grant it access.
possible code error.
I think you should try the pure code rather that using your validator to ensure that its not thats the problem.
$client = new Google_Client();
$client->setScopes([Google_Service_AndroidPublisher::ANDROIDPUBLISHER]);
$client->setApplicationName('my project name');
$client->setAuthConfig('files/googleauthconfig.json');
$service = new Google_Service_AndroidPublisher($client);
try {
$response = $service->purchases_products->get(package_name, product_id, purchase_token);
} catch (Exception $e) {
var_dump($e->getMessage());
exit;
}
var_dump($response);
exit;
Well, oddly enough, as suggested in other answers as well, I just needed to wait in my case about 30 hours before the permission changes took effect.
Related
I'm using PHP UPS API (https://github.com/gabrielbull/php-ups-api) to get rates and to hopefully generate labels.
I've logged into UPS and set up credentials. I have Client Id and Client Secret and successfully generated my access_token via curl. I have endpoints set up for testing and production and things seem to be working fine, until I try to issue a Rate call
$shipFrom and $shipTo are set up properly...
try {
$shipment = new \Ups\Entity\Shipment();
$shipFrom = new \Ups\Entity\ShipFrom();
$shipFrom->setAddress($address_from);
$shipment->setShipFrom($shipFrom);
$shipTo = $shipment->getShipTo();
$shipTo = $shipTo->setAddress($address_to);
$package = new \Ups\Entity\Package();
$package->getPackagingType()->setCode(\Ups\Entity\PackagingType::PT_PACKAGE);
$package->getPackageWeight()->setWeight($weight);
// if you need this (depends of the shipper country)
$weightUnit = new \Ups\Entity\UnitOfMeasurement;
$weightUnit->setCode(\Ups\Entity\UnitOfMeasurement::UOM_LBS);
$package->getPackageWeight()->setUnitOfMeasurement($weightUnit);
$dimensions = new \Ups\Entity\Dimensions();
$dimensions->setHeight($height);
$dimensions->setWidth($width);
$dimensions->setLength($length);
$unit = new \Ups\Entity\UnitOfMeasurement;
$unit->setCode(\Ups\Entity\UnitOfMeasurement::UOM_IN);
$dimensions->setUnitOfMeasurement($unit);
$package->setDimensions($dimensions);
$shipment->addPackage($package);
var_dump($rate->getRate($shipment));
} catch (Exception $e) {
var_dump($e);
}
The exception is caught and I see this:
object(Ups\Exception\InvalidResponseException)#31 (7) {
["message":protected]=>
string(47) "Failure: Invalid Access License number (250003)"
This object is requiring $accessKey, $userId, $password.
I was assuming $accessKey would be my $accessToken. I'm believing that is incorrect. So where can I get an access key?
When I go here:
https://www.ups.com/dpui/upsdeveloperkit?loc=en_US
When I select: "I want to integrate UPS technology into my business"
It will only have the text below available:
"Note: We are excited to show you our new Developer Portal where you can get OAuth credentials to integrate with our APIs. Please click here to get started"
When I click 'get started', I'm back to my developer portal
https://developer.ups.com/en-us/
If I click on Apps -> My App Name, I see the id and secret again. Nothing mentioning access key.
I feel like I'm missing a major step somewhere.
I've been developing a feature for an extension in TYPO3 to post activities to a Google Plus domain profile.
I use the following code to instantiate the Google Client
$googleClient = new Google_Client();
$googleClient->setApplicationName("NAME");
$googleClient->setClientId("123456789");
$googleClient->setClientSecret("qwertyuiop");
$googleClient->setRedirectUri("CALLBACK_URL");
$googleClient->setScopes(array(
'https://www.googleapis.com/auth/plus.me',
'https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/plus.stream.write',
));
$googleClient->setRequestVisibleActions('http://schema.org/AddAction');
$googleClient->setApprovalPrompt('force');
$googleClient->setAccessType('offline');
All values are like token are verified.
Then store the profiles obtaining the refreshToken to make the POST many times. Now the code of POST
$googleClient->refreshToken($this->refreshToken);
$googleClient->verifyIdToken();
$plusdomains = new Google_Service_PlusDomains($googleClient);
$post = new Google_Service_PlusDomains_Activity();
$post['object']['originalContent'] = 'HELLO WORLD';
try {
$result = $plusdomains->activities->insert('me', $post);}
catch (\Exception $e){
var_dump($e);
}
The line that is inside the try generates an error that is:
Access to the Google+ Domains API is not allowed as the user has
consented to incompatible scopes. See:
https://developers.google.com/+/domains/authentication/
I have searched for additional information about the error, which indicates that are the permissions or scopes, even in other questions of this same forum a few years ago. However I checked on https://developers.google.com/+/domains/authentication/scopes and the ones I'm using are there. I would appreciate you guiding me in solving this problem.
I'm trying to call a very simple google apps script from php using a service account so that only my server can access it, not users of the website.
Here is how I do. I create the script here https://script.google.com
function get() {
return ContentService.createTextOutput('get method');
}
and a new project is automatically associated when i save it.
Then I open File > Project Properties to get the scriptId = MM8zQqofS1OIcnFiNSlm1CGEl5qMrMVBt
I access the developer console of the associated project threw Resources > Project Developers console by clicking on the project link at the top of the popup displayed.
Then I click 'Activate and manage API' and activate the 'Google Apps Script Execution API'. I click on 'Credentials' and see that the previous operation automatically created OAuth2 credentials. But what I need is service account credentials. Then I create one Add credentials > Service account and download generated p12 file. I get the clientId = 109160023321840004240 and clientMail = account-1#project-id-uokwrcpiqeewhwvpdhb.iam.gserviceaccount.com for this service account.
I go back to my script and share it with the service account email with read&write access File > Share. First of all i get an email in my personal mailbox which notifies me that
Delivery to the following recipient failed permanently:
account-1#project-id-uokwrcpiqeewhwvpdhb.iam.gserviceaccount.com
Then I publish the script as an execution API Publish > Publish as an execution API with access to everybody.
Now lets go on the PHP server side. Using the 'Google APIs Client Library for PHP' available here https://github.com/google/google-api-php-client I try to call my script function from PHP:
$client = new Google_Client();
$client->setClientId('109160023321840004240');
$client->setApplicationName('myScript');
$cred = new Google_Auth_AssertionCredentials(
'account-1#project-id-okwrcpiqeewhwvpdhb.iam.gserviceaccount.com',
[/*no scope nedeed for this simple script*/],
file_get_contents('path_to_myScript.p12')
);
$client->setAssertionCredentials($cred);
if ($client->getAuth()->isAccessTokenExpired()) {
$client->getAuth()->refreshTokenWithAssertion($cred);
}
$service = new Google_Service_Script($client);
$scriptId = 'MM8zQqofS1OIcnFiNSlm1CGEl5qMrMVBt';
// Create an execution request object.
$request = new Google_Service_Script_ExecutionRequest();
$request->setFunction('get');
$response = $service->scripts->run($scriptId, $request);
And here is the response I get all the time
Error calling POST https://script.googleapis.com/v1/scripts/MM8zQqofS1OIcnFiNSlm1CGEl5qMrMVBt:run: (403) The caller does not have permission
If, when I deploy the script, I choose to give access to 'Me only', i get the following response.
Error calling POST https://script.googleapis.com/v1/scripts/MM8zQqofS1OIcnFiNSlm1CGEl5qMrMVBt:run: (404) Requested entity was not found.
I would be so happy if one of you have an idea to help me :)
apps script does not yet support service accounts with execution api. see https://code.google.com/p/google-apps-script-issues/issues/detail?id=5461
google said they are looking into it but apparently wont happen soon (based on google replies on google+ posts about this like https://plus.google.com/+MartinHawksey/posts/Zquix9XqzkK)
THE SITUATION:
I am testing the Gmail API for my app.
I have tested some requests and they are working fine.
For example get messages, get user history, get draft list etc..
Basically all the read only requests are working fine.
I have instead some issues related with permission with other requests, for example when i have to write or delete a draft.
This is the error i get:
(403) Insufficient Permission
THE CODE:
This is the function to initialize the app:
public function gmail_init_service()
{
$client = new Google_Client();
$client->setApplicationName("Gmail API test");
$client->setDeveloperKey("MY_KEY");
$client->setClientSecret('MY_CLIENT_SECRET');
$client->SetClientId('MY_CLIENT_ID');
$client->setScopes(array('https://mail.google.com/'));
$client->setAccessToken('{"access_token":"MY_ACCESS_TOKEN","token_type":"Bearer","expires_in":3600,"refresh_token":"MY_REFRESH_TOKEN","created":1433502343}');
$service = new Google_Service_Gmail($client);
return $service;
}
This is the request to delete one draft:
public function gmail_delete_draft()
{
$service = $this->gmail_init_service();
// --------------- Get draft list --------------
$list = $service->users_drafts->listUsersDrafts('me');
$draftList = $list->getDrafts();
// --------------- Get draft IDs ---------------
$inbox_draft = [];
foreach($draftList as $mlist)
{
$draftId = $mlist->id;
$optParamsGet2['format'] = 'full';
$single_message = $service->users_drafts->get('me', $draftId , $optParamsGet2);
$inbox_draft[]['draftId'] = $draftId;
$inbox_draft[]['draft'] = $single_message;
}
// --------------- Delete draft ---------------
$draft_delete = $service->users_drafts->delete('me', 'DRAFT_ID' );
}
EDIT:
I have tried to revoke the permission and setup new credentials.
The scope declared when initializing the service is:
https://mail.google.com/
that as stated in the documentation grant full access to the account.
But i am still getting the same error.
The same exact error for the following requests:
Delete draft - Create draft - Create label - Delete message
THE QUESTION:
Why am i getting that error?
It has to do with same values store in a cache?
Or is related with permission of the API?
You need 'https://www.googleapis.com/auth/gmail.compose' to create a draft. So what happens if you
$client->setScopes(array(
'https://mail.google.com/',
'https://www.googleapis.com/auth/gmail.compose'
));
or if you want to get more formal
define('SCOPES', implode(' ', array(
Google_Service_Gmail::MAIL_GOOGLE_COM,
Google_Service_Gmail::GMAIL_COMPOSE)
));
$client->setScopes(SCOPES)
or whatever the valid php might be (I haven't done php for a while).
Note that if you have a token already you might have to do some calisthenics to revoke it so you can reissue with the added permissions. That might mean deleting a file, perhaps named gmail.storage or, if you have access to the account login and make your way to https://security.google.com/settings/security/permissions the access permissions can be manually revoked.
This link might be relevant:
https://developers.google.com/gmail/api/auth/scopes
And a meander through the source code might be enlightening.
You might be able to glean some insight from my battle with this same sort of thing under Python
You need https://mail.google.com/ as your scope to be able to delete mail.
I am trying to test synchronized Payout for my PHP application but response from server is always the same and it points me to INTERNAL_ERROR. I am using paypal/rest-api-sdk-php I believe of version v1.0.0 (composer.json says nothing) - should be the newest in my JSON I have version set to dev-master.
try {
/** #var PayoutBatch $payoutBatch */
$payoutBatch = $payout->createSynchronous($apiContext);
} catch (\Exception $ex) {
echo $ex->getMessage();
}
try {
/** #var PayoutBatch $response */
$response = Payout::get($payoutBatch->getBatchHeader()->getPayoutBatchId(), $apiContext);
$status = $response->getBatchHeader()->getBatchStatus();
if ($status === "SUCCESS") {
//do some logic
}
} catch (\Exception $ex) {
echo $ex->getMessage();
}
Have any of you experienced this issue?
Also a sub-question, don't PayPal PHP SDK has defined some constants where I can find message statuses?
Can you please make sure you have Payouts Enabled in your sandbox environment. This allows you to get the proper scope that is required to make payout calls.
However, if you have already done that and still failing, can you please try the samples out that are shipped along with SDK.
All you need to do is run one command, and you will have the samples running, as mentioned here
php -f vendor/paypal/rest-api-sdk-php/sample/index.php
This will start a sample server, and allow you to play around it.
It has a payout samples, that you could just click and run. If those works, we can now make one tiny change to get samples to use your clientId and secret. Find samples/bootstrap.php in sdk code, and change those clientId and secret, and run the samples again. If you get a failure, let me know and I could look further into that issue.