There are a lot of forums and samples out there, but all of them either outdated or just not understandable.
I understand that to authenticate requests to AppEngine I need to log in to a google account using AccountManager, get a token using GoogleAuthUtil.getToken, get an AuthCookie, and than do whatever I want on the AppEngine using my token.
Now, the last 2 parts are the ones I don't understand:
what is the AuthCookie? I need to get a new one every launch? is it a temporary "permission" to request authenticated requests from AppEngine? is the first token I received is a permanent one or I should get a new one every launch too?
My current request is "endpoint.list().execute()". Where is the authentication comes in here? I've seen a lot of weird HTTP request samples but none of them used the AppEngine endpoints.
I'm sorry if it's too basic stuff but I really just started using the AppEngine and I couldn't find any clear explanation on how it works from beginning to end.
Thank you.
Since you are using Endpoints, have you read this?
https://developers.google.com/appengine/docs/java/endpoints/consume_android#making-authenticated-calls
It is up-to-date and I think it is reasonably clear (and it includes a sample).
I believe it is the nature of OATH that you need to get a new token for every session.
Related
I have checked the multitude of responses earlier and none of them actually address the issues. The responses, much like the documentation, assume that the user is already aware of all possible flows.
Constraint: We cannot set the app to external in GCP console and ideally don't want a service either.
This leads to any oauth playground based approaches into a 403 Exception.
I tried generating it based on the get requests mentioned on their websites.
https://accounts.google.com/o/oauth2/v2/auth?
scope=https%3A//www.googleapis.com/auth/drive&
access_type=offline&
include_granted_scopes=true&
response_type=code&
prompt=select_account&
redirect_uri=https%3A//developers.google.com/oauthplayground&
client_id=xyz
I have also tried prompt=consent here. Both also result in 403.
Generating with LocalReceiver also has issues with redirect uri mismatch even though it has been authorized on the console.
Particularly perplexed by the fact that the account for which it is throwing 403 is the account that owns the project. So it can't access its own services.
Thanks
When I try to fetch the list of tables present in a particular dataset I get this error. I was unable to find any solution online. Any ideas?
The problem is I was able to use this method last month. There are no changes to the code and to the environment. I'm not able to understand why it has suddenly stopped working.
com.google.appengine.api.appidentity.AppIdentityServiceFailureException
at com.google.appengine.api.appidentity.AppIdentityServiceImpl.getAccessToken(AppIdentityServiceImpl.java:290)
at com.google.api.client.googleapis.extensions.appengine.auth.oauth2.AppIdentityCredential.intercept(AppIdentityCredential.java:100)
at com.google.api.client.googleapis.extensions.appengine.auth.oauth2.AppIdentityCredential$AppEngineCredentialWrapper.intercept(AppIdentityCredential.java:245)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:897)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:499)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:432)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:549)```
As mentioned in the documentation AppIdentityService (Google App Engine API for Java):
getAccessToken(java.lang.Iterable scopes) OAuth2 access token to act on behalf of the application.
This clarifies that the method getAccessToken() is needed to use in the authentication, as it's using OAuth2, that requires further authentication.
In the below documentation, there is more information on how to use the method on your application and confirm that the token will be sent and received in your system.
Asserting identity to Google APIs
Let me know if the information helped you!
I'm currently building a web spider with java apache commons. I'm crawling basic google search queries like https://google.com/search?q=word&hl=en
Somehow after about 60 queries I get blocked, it seems they recognize me as a bot and I get a 503 Service Unavailable response
Now the important part:
If I visit the same site with firefox/chrome I get the desired result.
If I make a GET Request with my Application using the same http header (user-agent, cookies, cache etc.) I am still blocked.
HOW does Google know whether I'm connecting via Application or Chrome-Browser, when there is only the IP and the HTTP-Header as Information?(maybe I'm wrong?)
Are there more parameters to recognize my App? Something that Google sees and I don't?
(Maybe important: I'm using Chrome Developer Tools and httpbin.org to compare the headers of Browser and Application.)
Thanks a lot
Since you have not specified how quickly you send the 60 queries, I am assuming at a high rate. This is why google is blocking you. Several times I have rapidly done google searches from chrome and it asks for a captcha after a while and then blocks soon after.
Please see the API on Custom Search and this post about terms of Service Replacement for Google API
FAQ on blocked searches: Google FAQ
So I'm trying to write an executable JAR for a small subreddit I run.
I have a post that Jsoup connects to and reads all the URLs on that page. In another method, it then connects to all those URLs (that are just comments on the post) and gets the HTML from the comments and saves them to a HashMap.
This is great however I am getting a 429 HTTP Error. So to resolve this, I added a short 5 second wait. Now I'm getting a SocketTimeoutException "Read timed out". Once I lowered the time down to 3 seconds, I was bouncing between the two.
Now I run a few Reddit bots with Python and I'm able to make a lot more requests than what I'm doing here. I actually have a single bot that makes thousands of requests every minute. So I know it's possible to make these requests.
My question essentially is, how am I able to make multiple requests to Reddit and avoid the 429 HTTP Error? I'm using Jsoup to connect and read the HTML.
While I'm sure connecting to Reddit via. their OAuth2 API will fix the issues, I have no idea how to actually use OAuth2 in Java (I actually use a wrapper in Python so it's fair to say I don't know at all) and I don't know how to then use that with Jsoup.
My question essentially is, how am I able to make multiple requests to Reddit and avoid the 429 HTTP Error?
You answer this yourself:
While I'm sure connecting to Reddit via. their OAuth2 API will fix the issues,
As specified in the API documentation, you get twice as many requests per second if authenticated using OAuth.
Have you looked around for examples on how to handle OAuth flows in Java?
You might also find it easier to use one of the wrapper libraries for Java, instead of handling all this yourself.
Just set header and you can easily pass it
User-Agent: super happy flair bot by /u/spladug
I spent a lot of time looking for any clarifications about using oAuth with FB and Twitter.
I have to do application which will be using access_token. This token will be used also on diffrent devices to access user account via API.
When I'm looking for "how to use access_token" I only finding "how to get token".
If I something miss reading documentation please let me know, especially where is example - how to use this token on other devices to access API to send eg. post.
I have found Twiiter4j and Facebook4j these libs helped me... I've got this access_token and now what next, how connect to API... I know that it's no possible to get access to Twiiter API - ok, but what about FB and "client side"
please help.
Oauth can be complicated so let me try to explain it simply.
User visits your website
Your website checks if it has seen this visitor before (usually with a cookie)
If not, send them to FB/Twitter/Whatever's oauth url. In that redirect, we tell FB/Twitter/Whatever that we're going to need x,y,z permissions (access a users timeline, see a users friends, etc). We also tell FB/Twitter/Whatever that when the user says ok, send them back to www.myurl... Finally, we take everything in this request and "encrypt" it, to prove it's really our site asking. The key to this is only saved on our backend, so the frontend (javascript/html) never sees it.
FB/Twitter/Whatever sees the request. They also see the "encryped" form of the requests. Fb/Twitter/Whatever knows this key too (they gave it to us, it's usually called the "secret" when you're configuring your oauth) They can verify it's really your backend asking for permission.
If the user agrees, we get a token. We store that token (on our backend, php, java, ruby, etc) and remember it belongs to that user.
The main thing to stress here is that in order to do the oauth handshake, you need a secret key that you never output to the browser. That means you'll need to implement part of this on your backend. You've tagged this with java so maybe that means you're using java as your backend, maybe with Google app engine or something. You'll need to find the oauth library for that, and work it out from there.
You can't create the oauth handshake only with frontend code.