I am trying to get a glass access token to post to the glass timeline from within an android application. the user is able to select some information and send that to his glass device.
String token = GoogleAuthUtil.getToken(activity, mEmail, activity.getString(R.string.glass_token_scope));
where mEmail is the google glass user's Google Account email, and scope is:
oauth2:https://www.googleapis.com/auth/glass.timeline https://www.googleapis.com/auth/glass.location https://www.googleapis.com/auth/userinfo.profile
(oauth2: ...)
I am using the Google AuthUtil and it does return an access token, too. But when I use the access token, the API responds with 401 Unauthorized:
D/demo (10804): Response Code: 401
D/demo (10804): {
D/demo (10804): "error": {
D/demo (10804): "errors": [
D/demo (10804): {
D/demo (10804): "domain": "global",
D/demo (10804): "reason": "authError",
D/demo (10804): "message": "Invalid Credentials",
D/demo (10804): "locationType": "header",
D/demo (10804): "location": "Authorization"
D/demo (10804): }
D/demo (10804): ],
D/demo (10804): "code": 401,
D/demo (10804): "message": "Invalid Credentials"
D/demo (10804): }
D/demo (10804): }
I've successfully also setup the server-side Oauth2 flow and with the resulting access token I can successfully create a timeline post from a a little local script.
It really seems that the access token returned from the Android Authutil cannot be used with the Glass Mirror API. I checked back to the Google APIs console and see that you can create some Android specific client ids. So I created a client ID for an androdi application and also setup the simple API access for android. For the SHA1 fingerprint I used the debug certificate's SHA1.
Has anyone succeeded on getting a Glass token on Android and has been successfully making a request from the android phone with that token?
For the actual request I using a plain HttpURLConnection - could that be the issue?
HttpURLConnection con = (HttpURLConnection)new URL(URI_TIMELINE).openConnection();
con.setRequestMethod("POST");
con.setDoOutput(true);
con.setRequestProperty("Authorization", "Bearer " + token);
con.setRequestProperty("Content-Type", "application/json");
con.getOutputStream().write(content.toString().getBytes("UTF-8"));
Thx!
In order to get a valid OAuth 2.0 token on Android, you will need to use the Google Play Services APIs, especially the GoogleAuthUtil class.
You will also need to register your certificate on the APIs Console; I would suggest checking out the Drive SDK Quickstart for Android that describes those steps.
Related
Running an App Engine Java 8 app with Google Cloud Endpoints. I've generated the openapi.json, deployed it to my Endpoints Portal, and can see the API in my portal, with the various methods and resources listed correctly.
I'm running the dev app server locally in IntelliJ using the Cloud Code plugin. When I run it, it opens a browser tab that gives me an Error 403, with the following stack trace (abbreviated):
SEVERE: direct send of a check request service_name: "my-project-redacted.appspot.com"
operation {
operation_id: "11b8f9a6-c9cb-4895-95fb-8bb39176efb9"
operation_name: "1.my_project_dot_appspot_com.MyAPI"
consumer_id: "project:my-project"
start_time {
seconds: 1596075164
nanos: 812000000
}
end_time {
seconds: 1596075164
nanos: 812000000
}
labels {
key: "servicecontrol.googleapis.com/caller_ip"
value: "127.0.0.1"
}
labels {
key: "servicecontrol.googleapis.com/user_agent"
value: "ESP"
}
labels {
key: "servicecontrol.googleapis.com/service_agent"
value: "EF_JAVA/1.0.12"
}
}
failed
endpoints.repackaged.com.google.api.client.http.HttpResponseException: 403
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"errors": [
{
"message": "The caller does not have permission",
"domain": "global",
"reason": "forbidden"
}
],
"status": "PERMISSION_DENIED"
}
}
at endpoints.repackaged.com.google.api.client.googleapis.services.AbstractGoogleClientRequest.newExceptionOnError(AbstractGoogleClientRequest.java:456)
at endpoints.repackaged.com.google.api.client.googleapis.services.AbstractGoogleClientRequest$1.interceptResponse(AbstractGoogleClientRequest.java:321)
at endpoints.repackaged.com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1065)
at endpoints.repackaged.com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:419)
at endpoints.repackaged.com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:352)
at endpoints.repackaged.com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:469)
at com.google.api.control.Client.check(Client.java:205)
It's worth noting that the API seems to work -- I have the iOS simulator connecting to my local dev app server and making Endpoints calls. I'm just tired of seeing the 403 in my browser every time I start the dev app server, and fear it may portend some similar issue in production when I eventually push this new service.
This error indicates that there is something wrong with the permissions or that the Service Control API is disabled in your project, so in order to fix it you can:
Make sure your service has access to servicecontrol.googleapis.com enabled by running the following command on Cloud Shell:
gcloud services enable servicecontrol.googleapis.com
Double check ENDPOINTS_SERVICE_NAME parameter in your appengine-web.xml file, it should look like this:
<env-var name="ENDPOINTS_SERVICE_NAME" value="$PROJECT"/>
Check if OpenAPI specs are deployed to Cloud, you can check it by running this command on Cloud Shell:
gcloud endpoints configs list --service=$PROJECT
Double check if the Service account running your instance has the proper IAM roles.
I'm trying to deploy my GAE application via termina with the following command: gcloud --project my-project-id --version staging app deploy
It gives me no errors, the only output I get is:
Google Cloud SDK 183.0.0
bq 2.0.27
core 2017.12.08
gsutil 4.28
But the deploy doesn't actually work (I changed some text on one of the API returns just to see if it was changing in the actual URL I access).
Any idea what's going on or how to debug it?
EDIT:
I managed to get an error now:
{
"error": {
"code": 403,
"message": "Operation not allowed",
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ResourceInfo",
"resourceType": "gae.api",
"description": "The \"appengine.applications.get\" permission is required."
}
]
}
}
DEBUG: (gcloud.app.deploy) Permissions error fetching application
[apps/darwin-ms-transfer]. Please make sure you are using the correct
project ID and that you have permission to view applications on the
project.
And I did check the permissions, I do have the appengine.applications.get permission based on the service account's roles.
I am working through the Quickstart for Cloud Endpoints Frameworks on Google App Engine. After deploying the app I try to send a request to the API as outlined in the Quickstart:
curl -H "Content-Type: application/json" -X POST -d '{"content":"Hello world!"}' https://[my-app].appspot.com/_ah/api/echo/v1/echo
It returns the following error message:
{
"error": {
"code": 503,
"errors": [
{
"domain": "global",
"message": "Internal Server Error",
"reason": "backendError"
}
],
"message": "Internal Server Error"
}
}
There are 4 APIs created in the endpoints-frameworks-v2/echo sample. I get the same error message when I go to the API explorer and try to test the first 3 APIs. The last API get_user_email works as expected after after I authorise and execute it.
Any help would be great.
It turned out to be a valadation error with what I was entering:
ValidationError: Expected type <type 'unicode'> for field content, found (None, None) (type <type 'tuple'>)
After I put in the expected type there was no issues.
I am new to Keycloak. I have tried to get the user information using below code:
keycloakAuth.loadUserProfile().success(function(profile) {
debugger
console.log(profile);
}).error(function(res) {
debugger
console.log('Failed to load profile');
});
installation json is :
{
"realm": "CheckRealm",
"realm-public-key": "MIIBIjASDFJJK677132HJJAOCAQ8AMIIBCgKCAQEAgo4deAfr8BeqWOiCsddwMtH5nh8EK2cKIeInpt7LnoCyMsGj1HTP835HpslOURrR6Bgc42V7r6J/MIHqx3+KESTqpcQSe9ll6eUjzaMbIX2GPmy9OnviH6srUgOlDAKhL+/SDh/iv8RfErAPO9cxnoBWUUTyfyes1YRn34KILBdHZoaWk5mteJx9aV4bfA5tGTT6aF8o1NkCX1OUfXiaAD5sqKZV5vbI+QsOUsNshvGfE5JR2EpwZbWH/vRQVusxLURjC51v96ieQ8zUME5LwAQ0TgZcspHTb4Y+KuYRTuDQKuxRUYFeNbvqUGeT2s2sHMmWOQIDAQAB",
"auth-server-url": "https://something.com/auth",
"url": "https://something.com/auth",
"ssl-required": "external",
"resource": "sample-tracker",
"clientId": "sample-tracker",
"credentials": {
"secret": "bnmbsdk87wq"
}
}
I got the mentioned error :Failed to load resource: the server responded with a status of 403 (Forbidden)
To solve this situation you need to configure your keycloak or RedHat Single Sign-On (if you are using the supported version).
Open the keycloak admin console, for example: http://localhost:8180/auth/admin. Then click on Configure > clients and select the account client. The account client must be enabled.
Next, still in Configure > clients, select the client that you are trying to access and click on the scope tab. Add the view-profile role of account application.
The user also needs to have this permission.
There is a resolved issue about this in https://issues.jboss.org/browse/LIVEOAK-204 .
I've defined a pull queue for my app engine application and want to fill it from outside via the REST api.
Unfortunately it doesn't work, I always get an error 500: backend error.
Even if I try to fill it with the api explorer from the documentation.
It responses:
500 Internal Server Error
- Show headers -
{
"error": {
"errors": [
{
"domain": "global",
"reason": "backendError",
"message": "Backend Error"
}
],
"code": 500,
"message": "Backend Error"
}
}
Any idea how to solve it?
Can you paste your code that is doing the leasing? One common mistake is forgetting to include the s~ in your App Engine Project. For example, if your application ID is my-awesome-app, then you are calling
tq.get(project='my-awesome-app', taskqueue=PULL_QUEUE_NAME...
when you should be calling
tq.get(project='s~my-awesome-app', taskqueue=PULL_QUEUE_NAME...
(thanks to bossylobster for this original answer: pull queues authorization from compute)
Also it turns out you must supply the queueName in the JSON body, in addition to payloadBase64, as discovered by Frank Ren in this thread