I am working on an application to sync with google calendar, I got the following error:
Error refreshing the OAuth2 token,
message: '{
"error" : "unauthorized_client",
"error_description" : "Client is unauthorized to retrieve access tokens using this method."
}'
When you create a project on Google Developer console there are several types of clients you can create.
Browser clients are used for web applications, Native clients are used for installed applications, Service account clients are used for background applications mostly.
The authentication code used to use each type of client is different. You cant use the code for native applications with a web application or you will get the following error.
Client is unauthorized to retrieve access tokens using this method.
Solution figure out what type of application you are trying to make. Then make sure you created the corect client type on Google Developer console and are using the code designed for that client type.
Related
Have been struggling to connect to Google API
via PHP using Service Account. If to use examples provided by API (link) and google developers site itself (or any other source from google searches), I'm getting the error
{
"error": "invalid_grant",
"error_description": "Invalid JWT Signature."
}
And if to search how to connect using JWT as well, there are only JS or JAVA or PYTHON examples.
Any real experience out there how to correctly get the connection?
I have:
service account set up and allowed to use Search Console (and analytics)
set up the API to server
added service account address to Search Console for site we need the data from
downloaded and added the key file.
All goes well till I start making the actual request for data. Then the JWT error appears.
ANY input is appreciated!
Got solution by removing service account from google console and created new.
I am using XAMPP for Linux 5.6.30
I want to integrate 'Google Adwords API' in my project for display campaigns details.
I create new project in developer console with help of this guide
for 'Web client' and define Authorized JavaScript origins:http://localhost AND Authorized redirect URIs:https://localhost/googleads/
Also try Authorized JavaScript origins:http://report.myproject.com AND Authorized redirect URIs:http://report.myproject.com/googleads
I also refer some solutions on StackOverflow which discuss previously but I can't get a solution .
When i run `PHP GetRefreshToken.php' in the terminal, it generates one URL but when i open that URL is displayed error 'Error: redirect_uri_mismatch' with this message 'The redirect URI in the request,xxx.xxx.xxx can only be used by a Client ID for a native application. It is not allowed for the WEB client type.'
I also have developerToken and clientCustomerId of Google Adwords account.
Is am i doing right way or not?
is google adwords integration works in localhost server or i have to put it on my live server?
My project is already on live server i just integrate adwords api in local server
You can refer to below documentation.
Using OAuth 2.0 for Web Server Applications
Example for end-to-end OAuth2 using php is Given here.
Create authorization credentials
Any application that uses OAuth 2.0 to access Google APIs must have authorization credentials that identify the application to Google's OAuth 2.0 server. The following steps explain how to create credentials for your project. Your applications can then use the credentials to access APIs that you have enabled for that project.
Open the Credentials page in the API Console.
Click Create credentials > OAuth client ID.
Complete the form. Set the application type to Web application. Applications that use languages and frameworks like PHP, Java, Python, Ruby, and .NET must specify authorized redirect URIs. The redirect URIs are the endpoints to which the OAuth 2.0 server can send responses. For testing, you can specify URIs that refer to the local machine, such as http://localhost:8080.
Google recommends that you design your app's auth endpoints so that your application does not expose authorization codes to other resources on the page.
I've currently got around 100 sites in Analytics across a few different Google Accounts and one single account has full permissions for every site. If possible I'd like to avoid having to manually add permissions for the Google Service account to each analytics profile.
I'm using the Google Analytics PHP Interface
When attempting to impersonate a user using the $delegate_email argument, I get the following exception:
GAPI: Failed to authenticate user. Error: "{
"error": "unauthorized_client",
"error_description": "Unauthorized client or scope in request."
}
I have read elsewhere about needing to 'Delegate domain-wide authority to the service account' using the Google Apps admin console. However we don't have Google Apps at all. Is there any way around this?
tl;dr
Is there a way to get read only access to Google analytics using a service account and impersonating a user without Google Apps?
I would first encourage you to go through the various Scenarios listed on Google OAuth 2.0 documentation and decide which is best for your application.
Service account require that you add a user to each account you wish to access, but with a web server application the end user simply authorizes your application to read their Google analytics data.
The scope you are looking for is:
https://www.googleapis.com/auth/analytics.readonly
I'm currently trying to wrap my head around a rather complex OAuth2 use case. I have two servers, one is a client side web server, which serves a website, the other is an API server, which is used to interface with all our backend data.
Currently users use a basic UserCredentials flow which creates an access token on our API server, which is then used to sign all requests from the webserver to the API
Is there a way I can allow users to log in using Google or Facebook, and either use the access token generated to sign API requests in the same way as above, or alternatively create an access token on our API which is then used the same way as above?
In a word: NO.
Let me try and explain why. Lets start by looking at Google, to access google you need to register your application in Google Apis console. When you ask a user to give you access to there google data you do it using the client id and secret you got from apis console. Then google goes about createing your application an access token for there api this info is all stored on there servers. When you then try and use that access token they know which user gave you access to there data via the api.
Now the same holds true for Facebook, and your service as well. They are all diffrent APIs offered by diffrent companys. They create the Access tokens Google cant create you an access token to access data on Facebook any more then Facebook could to Google. Things just dont work that way.
I am implemented In App Billing for android.I wanted to implement subscription validity checking through my backend server. As Google Play Documentation, for making call for Google Play API,need authentication using oauth 2.0.
I followed instructions for registering project and creating credentials. But from there I have no idea how to use those credentials, I tried authentication via CURL request, but it asking permission as shown in follwing image
This permissions works fine I can exchange code and get access token, but all this done by manually, how should I implement this on backend.
I even try to use google api php library provided by Google, but It adds confusion. Also they didn't provide any example, how to use library.
Can anybody elaborate how exactly use library or pure php?
Thanks in advance.
To perform LVL and/or IAB validation on a server, do not access Google servers directly from the server. Even if all information were available, you would face integrity problems, because your app and your server will see different information due to synchronization latencies.
Instead, use your app as a proxy and validate the Google Play information on your server as described here.