I did download the example that appears in the auth0 (https://auth0.com/docs/quickstart/backend/php-symfony) , enter the customer id and the secret id gives api that i use as it appears in the tutorial , when I try to access the http://localhost:8000/api/ping that is protected by the Auth0 is giving me this error Signature verification failed, already did this to someone ? What am I doing wrong?
Error Image
Log Image
Your API is likely using a different client_secret than the one used to issue the token. Make sure it is properly configured her: https://auth0.com/docs/quickstart/backend/php-symfony#3-configure-your-auth0-app-data
The secret in the API must be the same configured in the API dashboard on Auth0 (Dashboard > APIs > {your API} > Settings). Look for "signing secret".
Then click on the "Test" tab on our API definition. You'll see a test token available there. Make the same Postman call with that token and it should work.
PS: looking at the tutorial, I think it needs to be updated (not architecturally, but rather in the configuration. I the SDK & docs team aware.
Related
After all the neccesary steps in Sandbox/Demo account my Integrator key was marked Live and I attached it to live account.
I am using DocuSign PHP SDK so I changed API username, API password, API account ID and Host to Live account credentials according to this guide - Post Go Live steps.
Anyway I am getting error 401 Unauthorized when attempting to create Envelope (or anything else).
Solution:
When going live while using DocuSign PHP SDK, set Host parameter to https://eu.docusign.net/restapi or any other subdomain provided by DocuSign that suits you best (eu, na1 ,na2, etc...).
Explaination:
When working with DocuSign PHP SDK, you don't need to do login request to retrieve baseUrl parameter for your actual request (ex: creating Envelope). Instead you set Host parameter right at the beginning of your code and don't care about baseUrl anymore.
And that is where the problem lies. WITHOUT SDK, you first do login request to https://www.docusign.net/restapi/v2/login_information to get back your baseUrl paramater (ex: https://eu.docusign.net/restapi/v2/account/1234/envelopes) and use that for actual request. So when working WITH SDK, set the subdomain of Host parameter to eu, na1, na2 or any other valid value provided by DocuSign right away.
I found the solution thanks to this answer: https://stackoverflow.com/a/44119359/3970975
I've been crawling the internet all morning trying to figure this out. I'm trying to get access to a Adwords test account through the API but I keep receiving "An error has occurred: { "error" : "invalid_grant" }". I've seen this is quite a common problem so perhaps if I outline what I've done step by step someone can correct me. Hopefully!
Created a Google adwords account and set up a campaign.
Created a MCC account. Added Google adwords account and applied for API access (pending). Noted API key, client id for auth.ini.
Created a test MCC account and added Google adwords account. Noted client id for auth.ini.
Using the Google account of both MCC accounts went into the API console and created a new installed application app. Noted all keys/tokens.
Downloaded the PHP code examples and libs. Ran get GetRefreshToken.php, granted accesses to app(s) and noted refresh token for auth.ini
Set up auth.ini populating developerToken, userAgent, clientCustomerId, client_id, client_secret and refresh_token.
Now I've tried using BOTH sets of tokens and ids from the test MCC account API console and the live MCC account API console. Both give me the same error. I've tried regenerating all tokens several times.
Gave up and came crawling to StackOverFlow.
Is the invalid_grant message related to Auth or my developerToken token not being activated yet (sure it said I could use my test account though) or because I haven't set up any of the billing?
In my case the problem was at step 5 in your list; I had copied the authorization code from my browser after granting access, rather than the refresh token generated by GetRefreshToken.php after I pasted the authorization code there.
I had the same situation for a long time.
But solution was very simple.
The code getting after authorizing the Google is not your refresh token.Its is only an access token(I guess.)
You have to add this code to GetAccessToken's $code variable function in getrefreshtoken.php file and it will return the actual Refresh token.
This solved my issue.
It is very important to note that the SDK is designed to be used through PHP-Cli. So please don't use it via browser. If you still run it by commenting out return line you'll get into further problems to comment that on each file :)
I have set a setup of Google Drive sample DriEdit code in my wesite. It is authenticating user file but once authentication done it take back user to the redirect url, but when i am using default FULL_AUTH_URL url it working file, but in my case it is not working here is my URl.
const FULL_AUTH_URL='https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/drive.file&client_id=MY_CLIENT_ID&response_type=code&access_type=offline&approval_prompt=force&redirect_uri=http://www.example.com';
You need to replace:
MY_CLIENT_ID by the Client ID of your application which you can find in the Google APIs Console for the project that you have created. See https://developers.google.com/drive/register
redirect_uri bu the URL where the user gets redirect to after he approves the OAuth flow. Usually the main page of your website or a different OAuth handler. This is usually all described in the Dr Edit sample documentation. Make sure you read this: https://developers.google.com/drive/examples/python
You may need to create a "Client ID for web applications" - maybe a service account works, too (web services might be easier to connect, because for service accounts one need to install a certificate file and send it on auth).
Once oAuth is setup properly, you should at least get any error message from Google.
Just don't use the Drive API credentials, they have no function yet.
Hope this get's you started.
What is desired: A chrome extension which uses google ooauth2.0 to log-in in extension, and sends data of his action safely to my servers with access token, where I get user details from the access token and save his actions, server implementation in php.
What I have done: Registered Google API Access 'Client ID for web applications' with redirect Url http://www.google.com/robots.txt, as explained by http://smus.com/oauth2-chrome-extensions/.
Based on same tutorial and their code I am getting access token of user in extension and able to send that to my server, with data..
Problems:
1) Now on my server I need to get data from that token..I need to call https://www.googleapis.com/oauth2/v1/userinfo?access_token=ya29.AHES6ZRCgM2nEI0-25KvlmIuZdSH6DbY1rhj9M4auzF86kHXobOeFA page but its not working..
2) when I click on inspect popup in chrome I can see the client id and client secret, isn't the secret supposed to be safe??
Hence I am totaly lost in the flow...is the access token supposed to be in the same format..I am not even sure..
Please if someone have done something similar suggest me a complete library, with client and server side work..
P.S. As google documentation now says oauth1.0 is deprecated and will be removed soon..(while giving all demo code only in oauth1.0..) Please don't suggest any oauth1.0 lib..
I am using Adwords API from last 3 months and all of a sudden today it is coming up with error message as follows:
Uncaught exception 'AuthTokenException' with message 'Failed to get authToken. Reason: BadAuthentication'
I am using google adwords V201101 php library with auth.ini containing all user details and settings.ini with https://adwords.google.com not sandbox environment. Can anyone help me with this please???
Thanks,
Murali.
you may requesting authToken from ClientLogin service too many times, that is way you get 'CaptchaRequired'.
Request authToken just for the first time, and then cache it for subsequent requests.
Check this out http://goo.gl/TOX6N
I recently had this problem trying to connect to Google DFP. I copied perfectly working code from my localhost after development and ran it on my remote cloud server. I then received the
Failed to get authToken
message. The reason was that google was blocking the attempted login as a security measure because it was a new location. I had to log into the google account (from the web) with those credentials in order to see the message and confirm the added login location. Everything worked fine after that authorization.
I've stumbled across this question and thought that this info may help someone else.
BadAuthentication means your username/password is incorrect. May be someone changed the account password, may be auth.ini got modified by mistake.
See detailed error codes here: http://code.google.com/apis/accounts/docs/AuthForInstalledApps.html#Errors
Cheers,
Anash
I started getting this error after somebody in my organization updated the password for the account my app was using to log in. The best way to avoid this happening again is to use OAuth2.
It's as easy as going to the Google API console and creating a Client ID for Installed Applications (under API access) for your project. You then use the Client ID and Client Secret in your Adwords API auth.ini file.
Next you run the examples/AdWords/Auth/GetRefreshToken.php script which will have you grant your app access to your Adwords account. You'll end up with a Refresh Token which you need to add to your auth.ini.
The ClientLogin (username and password) method of authentication is being deprecated in favour of the above so best to migrate ASAP.