I am trying to access the listLiveBroadcasts through "YouTube Live Streaming API" (YouTube Data API v3). I have Auth 2.0 access and successfully get the token every time. With same logic I am accessing the Google+ Calendar events successfully, I have enabled the YouTube API also. but when I am trying to list :
$youtube->liveBroadcasts->listLiveBroadcasts( 'id,contentDetails', array( 'mine' => 'true', ));
It gives error :
[domain] => global
[reason] => insufficientPermissions
[message] => Insufficient Permission
I have tried everything, Set the scope to $scopes to
auth/youtube;
tried also by including :
force-ssl
readonly
Same code is working at
https://developers.google.com/youtube/v3/live/docs/liveBroadcasts/list
with google's example api key.
You shouldn't be using Google's sample API key. Create a new application in the Developer Console and use that application's API key.
Related
I want to use the Microsoft Graph API on my application (which is actually on development).
I use fullcalendar js on my application (laravel 8) and when a user create an event on my application I want the same event create on his outlook calendar.
I want that the user connected on my application has only the right to access his outlook calendar (not all organization users calendar). In order to restrict this I understand that I have to use delegated autorizations and not applications autorizations.
First I would like to get an access token in order to use the API.
To do this I use oauth2 and guzzle :
$url = 'https://login.microsoftonline.com/' . env('MS_TENANT_ID'). '/oauth2/v2.0/token?api-version=1.0';
$tokenCall = Http::asForm()->post($url, [
'grant_type' => 'client_credentials',
'client_id' => env('MS_CLIENT_ID'),
'client_secret' => env('MS_CLIENT_SECRET'),
'scope' => 'https://graph.microsoft.com/.default',
'username' => 'xxx.xxx#xxx.com',
'password' => 'xxxxxxxx',
]);
$accessToken = json_decode($tokenCall->getBody()->getContents());
I obtain a token but when I inspect it with jwt.io, it appears that I haven't scopes in it (scp).
Do you know why it doesn't appears?
EDIT:
It appears that I use an application authentication and not a delegated authentication (for user).
So I change the 'grant_type' parameters for 'password' instead of 'client_credentials'.
But it throws me another error :
invalid_grant
AADSTS65001: The user or administrator has not consented to use the application with ID 'xxxxxxxxxxxxxxxxxxxxxxxx' named 'Graph PHP'. Send an interactive authorization request for this user and resource.
I read that in an delegated authentication I have to call the authorize point before the token point.
To do this I have to define a Redirect URI on my application on Azure. Unfortunately I made development on a local server (not localhost) which haven't SSL. Azure dosen't allow the Redirect URI to be on http except for localhost...
Is someone have already face this problem?
I would like to send email messages with our corporate emails provided by Gmail. In order to do that, I would like to use Gmail API with rest commands (basically launched with a php procedural code, for legacy purpose).
I have that code :
I go to this url :
// https://accounts.google.com/o/oauth2/auth?client_id=my_client_id&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/gmail.send&response_type=code
// and obtain a token like that : 4/1AX4XfWgmW0ZdxXpJn8YzkVeDs3oXZUHyJcR7abE2TuqQrcmo4c1W02ALD4I
/*
echo GoogleAuthCurl("GET", '', array(
'client_id' => $GOOGLE_CLIENT_ID,
'redirect_uri'=>'urn:ietf:wg:oauth:2.0:oob',
'scope' => 'https://www.googleapis.com/auth/gmail.send',
'response_type' => 'code'
), array());
then I can use requests in curl for getting my access token :
curl \
--request POST \
--data "code=[Authentcation code from authorization link]&client_id=[Application Client Id]&client_secret=[Application Client Secret]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code" \
https://accounts.google.com/o/oauth2/token */
$tokenJson = json_decode( GoogleTokenCurl("POST", '', array(), array(
'code' => '4/1AX4XfWiEWngRngF7qryjtkcOG1otVtisYpjHnej1E54Pujcrchef8REvdt0',
'client_id' => $GOOGLE_CLIENT_ID,
'client_secret' => $GOOGLE_CLIENT_SECRET,
'redirect_uri'=>'urn:ietf:wg:oauth:2.0:oob',
'grant_type' => 'authorization_code'
)
));
print_r($tokenJson);
This far, I've got food for my authorization header. My issue is in the first step (with the consent asked to user). I wish i can do this step without putting my url in the browser, validate two screens to grant access before getting the authorization code.
I'm also interested in advices to create gmail messages with rest requests driven by curl. I found postman collection about all actions gmail api can do, but one or two call examples wouldn't do harm ;)
thanks !
In the current state, by the method you are using, &response_type=code, you need two calls to the OAuth client to get the access token. You can find an example of how to handle it just using HTTP/REST requests here.
In any case, you could use Google API Client Library for PHP. Allows you to handle the OAuth authentication flow, only needing one interaction to get the token.
You can find a full example on how this works here, notice that this example uses the Drive API, if you want to use it within the Gmail API, you can check Gmail API PHP library.
Documentation:
PHP Gmail API
OAuth 2.0 to Access Google APIs
I'd like to create a small dashboard containing some analytics data from my mobile application. I found the new Google Analytics Data API which would be perfect for that. I want to run reports in my backend PHP application, so I'm using the PHP client library: https://github.com/GoogleCloudPlatform/php-docs-samples/tree/master/analyticsdata
Unfortunately I keep running against a 400 error on oauth2.
These are the steps I've done so far:
I've migrated my Firebase project to use a Google Analytics 4
property
Followed the steps in the guide of the client library for PHP
Registered & enabled the API for my project
Add credentials:
Using Google Analytics Data API
Using web server
Accessing application data
This results in a message saying an active service account already qualifies
For that service account I created a new key and downloaded the .json file
Added the client_email field as a user to my Google Analytics property with read access
In my PHP projects I installed the necessary dependencies and added the credentials .json file and copied the sample code:
$kernel = $this->getConfigurationPool()->getContainer()->get('kernel');
$path = $kernel->locateResource('#ApplicationBundle/Resources/config/credentials.json');
$property_id = '123456789';
$credentials_json_path = $path;
$client = new BetaAnalyticsDataClient(['credentials' =>
$credentials_json_path]);
// Make an API call.
$response = $client->runReport([
'property' => 'properties/' . $property_id,
'dateRanges' => [
new DateRange([
'start_date' => '2020-03-31',
'end_date' => 'today',
]),
],
'metrics' => [new Metric(
[
'name' => 'activeUsers',
])
]
]);
This results in a 400 bad request on https://oauth2.googleapis.com/token with the following response:
{"error":"invalid_scope","error_description":"Invalid OAuth scope or ID token audience provided."}
Which seems weird since it's supposed to use the service account no? I think I followed all the steps from the docs. Did I miss something?
Thanks in advance.
I've developed a WordPress plugin to pull videos from YouTube with the YouTube v3 API
The plugin works fine in most sites but currently I'm having an issue with one, I can't seem to pass the error:
"Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup."
The weird thing is I can copy / paste the query with a valid API key on the browser and it works, I've tested with other Api Keys with the same results. It seems the problem is with that server
I've checked than other plugins were using the Google API, but disabled all of them and still getting the same error
I don't know what to do next
Here is an example of a basic query to the YouTube API
$request = new WP_Http;
$result = $request->request(
'https://www.googleapis.com/youtube/v3/channels?part=id&forUsername=USERNAME&key=API_KEY',
array(
'method' => 'GET',
'headers' => array('Accept' => 'application/json' )
)
);
The request is handled by the native WordPress class WP_Http
I am trying to write a small webapp that pulls data from Yammer. I have to go through Yammer's OAuth bridge to access their data. I tried using the Oauth php library and do the 3 way handshake. But at the last step, I get an error stating I have an invalid OAuth Signature.
Here are the series of steps:
The first part involves getting the request Token URL and these are the query parameters that I pass.
[oauth_version] => 1.0
[oauth_nonce] => 4e495b6a5864f5a0a51fecbca9bf3c4b
[oauth_timestamp] => 1256105827
[oauth_consumer_key] => my_consumer_key
[oauth_signature_method] => HMAC-SHA1
[oauth_signature] => FML2eacPNH6HIGxJXnhwQUHPeOY=
Once this step is complete, I get the request Token as follows:
[oauth_token] => 6aMcbRK5wMqHgZQsdfsd
[oauth_token_secret] => ro8AJxZ67sUDoiOTk8sl4V3js0uyof1uPJVB14asdfs
[oauth_callback_confirmed] => true
I then try to authorize the given token and token secret by passing the parameters to the authorize url.It takes me to Yammer's authentication page where I have allow my app to talk to Yammer.
Yammer then gives me a 4 digit code that I have to put back into my application which then tries to acquire the permanent access token. I pass the following information to the access token URL:
[oauth_version] => 1.0
[oauth_nonce] => 52b22495ecd9eba277c1ce6b97b00fdc
[oauth_timestamp] => 1256106815
[oauth_consumer_key] => myconsumerkey
[callback_token] => 61A7
[oauth_token] => 6aMcbRK5wMqHgZQsdfsd
[oauth_token_secret] => ro8AJxZ67sUDoiOTk8sl4V3js0uyof1uPJVB14asdfs
[oauth_callback_confirmed] => true
[oauth_signature_method] => HMAC-SHA1
[oauth_signature] => V9YcMDq2rP7OiZTK1k5kb/otMzA=
Here I am supposed to receive the Oauth Permanent access token, but instead I get a Invalid Oauth signature. I dont know what I am doing wrong. I use the same signaures to sign the request. Should I sign the request using the new token and secret? I tried that as well but to no avail. I even tried implementing this in java using signpost library and got stuck at the exact same place. Help Help!!
The callback_token was something Yammer introduced in response to an OAuth security advisory earlier this year. When OAuth 1.0a was released, it was instead named oauth_verifier. However, it's not unlikely that Yammer still supports their workaround but rename it and try again to be sure.
Also, the below is information from the Yammer Development Network yesterday:
Tomorrow we will be releasing some
changes to the Yammer API to
facilitate user network switching on
API clients. Most of the change is in
the OAuth Access Tokens call which
allows you to generate pre-authorized
OAuth access tokens for a given user.
One token will be generated for each
network they are in and your clients
switch networks by sending an API
request signed with the appropriate
token for that network.
I'm assuming that Yammer OAuth libraries might need to be updated per this change. I haven't taken a look at it yet.
Edit: My python-yammer-oauth library still works despite Yammer having changed things on their side.
Edit2: Could you try using signature method PLAINTEXT instead of HMAC-SHA1? I've had problems with Yammer and HMAC-SHA1.
I tried by using PLAINTEXT.. but for this method its giving me the same "Invalid OAuth signature" error even for requesting the token.
So is it possible to generate the access token we use HMAC-SHA1 and for accessing the actual API method i.e. for posting the message.. we use PLAINTEXT?
just found the problem!
I had forgotten to add an ampersand ("&") at the end of CONSUMER_SECRET. Perhaps this is your issue as well?