I am migrating from google C2DM to GCM using Java.
I read this post GCM Push Notification without using JSON. Even on google docs I found that plain-text or UTF-8 content-type is allowed. I am using API key for browser apps and also tried curl command. Every time I am getting response code 401 which is related to authorization. Below is the URL I am forming:
Collapse_key=0&Auth_Token=
> my api key for browser apps
&data.payload=
> meesage to be send
®istration_id=
> id of registered device
May I know the reason and solution for response code 401 ?
HTTP status code 401 occurred when API key is not valid. For details check here.
You should send data as a json format. The format is shown below. It is explained in details here.
{
"registration_ids" : ["APA91bHun4MxP5egoKMwt2KZFBaFUH-1RYqx..."],
"data" : {
...
},
}
Related
I am trying to integrate the YELP API within an application in Android Studio. I am trying to acquire an access token using a post request in Postman. However, when I send the post request I get this error returned in JSON format:
{
"error": {
"code": "VALIDATION_ERROR",
"description": "'client_credentials' is not one of ['authorization_code', 'refresh_token']",
"field": "grant_type",
"instance": "client_credentials"
}
}
I have searched this site and google for what the description line means in particular:
"description": "'client_credentials' is not one of ['authorization_code', 'refresh_token']",
I have not been able to find any results as to what this error means. Here is my project setup in postman:
I simply copy and pasted my client ID and API key from yelp and stored them within the client_id and client_secret in Postman respectively. When I send this requestion I get the 400 Bad Request error and find out that its a validation error. At first I thought that I entered the wrong API key, however, I refreshed the API key and directly copy and pasted it, so I am confident that my API key and client ID are correct. The output should look like this and it should deliver an access token:
I couldn't find any examples that had this specific error message.
You no longer need a refresh token, all you need is an API key in your Authorization header:
Authorization: Bearer {{apiKey}}
Source: https://www.yelp.com/developers/documentation/v3/authentication
I am using Outlook Rest API to subscribe events. However, I get error code 401 although I include the access token. I get the access token following https://learn.microsoft.com/en-us/outlook/rest/java-tutorial this tutorial. And my payload is like the following:
{
"#odata.type":"#Microsoft.OutlookServices.PushSubscription",
"Resource":"https://outlook.office.com/api/v2.0/me/events",
"NotificationURL":URL,
"ChangeType":"Created"
}
with the header:
authorization: Bearer + access token which I get from the tutorial. (I.E EwBAA8l6BAAURSN/FHlDW5xN74t6GzbtsBBeBUYAAeybQmu+RnQcYAQ3wTW3kJUclA03jKgc4Sdx2mp5SOlLswSAr9zTmO7qk33wpTD3ULZkUrl9IpTnnhtjeoSXt+z5GRRtmL40jyvAghrTseO8yEZtR04SLjl6i1KZNXxZwUTK8s6DkXESwkwaTmQKPckKHi9XeIbx8dolnT7vEeeUo5rmzcG251dQokfZYHCar3bd1bysV7oaTt5Iis6qgkYtg4BL/32QObgI8SHQS4my7FSsqLYFchYExEFeBXgUjt4yE0G0bbmykz3T5C713DAqo8BtCkkbRIckv6N4bpq84bpzaDAgdgHhnpcYzUaViJ2zhZXMrShUdpddug+DPkEDZgAACILe9sz+3mX7EAJrVvnkVpyZzC9WvQkY4xET3KdEstT..... Something like this)
content-type: application/json
Why do I get 401?
Thank you.
A 401 means that your token isn't valid for what you're trying to do. It could be expired, invalid, etc. Typically the body of the response gives more detail on the reason of the 401.
I'd recommend going to https://oauthplay.azurewebsites.net/ and playing with the notifications API there to see how it all works.
I get a valid code on the client side login of my application using angularJS Oauth Module GAuth.checkAuth(). and then GAuth.getToken().
The code is valid only for 1 hour and any API like GoogleDocs,Gmail accessed after 1 hour fails and needs relogin.
To overcome this I am trying to send the code to the server for getting AccessCode at Server so that I can send same with requests to GoogleDocs, Gmail etc
GoogleAuthorizationCodeTokenRequest req =
new GoogleAuthorizationCodeTokenRequest(
new NetHttpTransport(),
JacksonFactory.getDefaultInstance(),
"https://www.googleapis.com/oauth2/v4/token",
// "https://accounts.google.com/o/oauth2/token",
"901142925530-21ia7dqnsdsdsndnsnnnfdc9cm2u07.apps.googleusercontent.com",
"6NSvw0efghyuuG8YGOBWPln79n",
authCode,
"http://localhost:8080");
req.setGrantType("authorization_code");
//req.put("refresh_token", authCode);
//req.put("access_type", "offline");
GoogleTokenResponse tokenResponse =
req.execute();
tokenResponse.getAccessToken()
Where authCode is the code I received in GAuth Token
But the call is failing and in response I get
400 Bad Request
{
"error" : "invalid_grant",
"error_description" : "Incorrect token type."
}
Any help is highly appreciated!
When the user first authenticates your application you are given an authorization code. You then need to take this authorization code and exchange it for an access token and a refresh token. Once the authorization code has been used it can not be used again.
grant_type=authorization_code
Denotes that you are asking Google to verifiy that your authorization code and give you a new access token and refresh token.
It sound to me like you are taking either the access token returned from that request and sending it to grant_type=authorization_code end point which is not going to work its the wrong type of code. hens the error you are getting of
400 Bad Request { "error" : "invalid_grant", "error_description" : "Incorrect token type." }
You will need to take the refresh token you are given. If there is one I am not sure that you can even get a refresh token from AngularJs. You can get one using java though.
A refresh of an access token in pure rest will look like this
https://accounts.google.com/o/oauth2/token
client_id={ClientId}.apps.googleusercontent.com&client_secret={ClientSecret}&refresh_token=1/ffYmfI0sjR54Ft9oupubLzrJhD1hZS5tWQcyAvNECCA&grant_type=refresh_token
Note the &grant_type=refresh_token. If you are using the Google api java client library it should handle all of that for you. However your tagging is a little confusing its unclear if you are trying to do this in java or angularjs which I do not believe will allow you to use refresh tokens. Again I am not an angular dev I could be wrong on that point.
Anwser:
You the code you are sending is not an authorization code. Only an authorization code can be sent to grant_type=authorization_code. Solution: Send an authorization_code
Types of Google codes and tokens:
There are three types of codes or tokens you should be aware of with Oauth2.
Authorization code.
Refresh token
Access token
When you request access of a user and they grant your application access you are given an Authorization code. The Authorization code is short lived it probably less then 10 minutes and it can only be used once.
The Authorization code is used to get the initial access token and the refresh token from googles authentication server. by using the grant_type=authorization_code
Access token are good for about an hour. They are used to make calls to google APIs
https://www.googleapis.com/plus/v1/people/me?access_token={your access token}
You can use the access token as often as you want during that hour assuming you don't blow out some quota.
Refresh tokens are used to request a new access token from the Google authentication server when the access token you have current has expired or you just want a new one. here the grant_type=refresh_token is used to request a new access token you are essentially telling google I am sending you a refresh token you know what to do.
additional reading
I have a coupe of tutorials that might help you out Google 3 Legged OAuth2 Flow and Google Developer Console Oauth2 credentials
Also helpful when learning Oauth: The OAuth 2.0 Authorization Framework
I am stucking with the following problem like one month already, I am trying to verify an inapp purchase by using the following api :https://developers.google.com/android-publisher/authorization
I followed every step from the documentation(doing everthing with Postman Rest Client from Chrome), I can retrieve an accesstoken and a refresh token, but whenever when I try to query a purchase it results in error code 403 access not configured, BUT I CONFFIGURED IT IN THE SETTINGS!
anybody with an idea maybe?
It is far from straightforward to get an accesstoken for this API. This blog post helped get me started in the right direction, but I've outlined my own process that does not depend on using any external scripts to work. The steps are:
Obtain a client ID and secret (one-time)
Obtain a Refresh Token (one-time)
Use the Refresh Token to obtain an Access Token (once per hour)
4 Use the access token to access the API
Each of these steps are detailed below:
Obtaining Client ID and Secret
Go to the the Google Developer's console
Go to your project page
Select "Consent Screen" on the left side and make sure that the email address and Product name fields are set
Select "Credentials" from the left menu, and select "create a new client id"
Leave Application type set to "Web application" and set "Authorized redirect URI" to https://localhost. You do not need to change the Authorized JavaScript Origins.
Click "Create Client ID" and record the Client ID and Client secret that result.
Obtaining a Refresh Token
In web browser, enter the following URL (substituting correct value for client_id):
https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/androidpublisher&response_type=code&access_type=offline&redirect_uri=https://localhost&client_id=XXXX
Accept any requests for authorization that appear
You will then be redirected to a URL like this:
https://localhost/?code=4/k0TenvwICIgmBoQOazJy4_EnJr6-.clLqtp_vVAIbEnp6UAPFm0GASPqQigI
Copy the code from the latter part of this URL
Use wget to convert this code into refresh token; substitute CODE, CLIENT_ID, and CLIENT_SECRET
wget --debug --post-data="grant_type=authorization_code&code=CODE&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&redirect_uri=https://localhost" https://accounts.google.com/o/oauth2/token
The resulting JSON file will contain an access_token and a refresh_token. Record the refresh_token value
Obtaining an Access Token
send a POST request to https://accounts.google.com/o/oauth2/token with the following fields set (substitute REFRESH_TOKEN, CLIENT_ID, CLIENT_SECRET)
grant_type=refresh_token
refresh_token=REFRESH_TOKEN
client_id=CLIENT_ID
client_secret=CLIENT_SECRET
You will get back a JSON string containing an access_token that will be good for one hour.
Using the Access Token to make API request
Fetch from
https://www.googleapis.com/androidpublisher/v1.1/applications/PACKAGENAME/inapp/SKU/purchases/PURCHASETOKEN
with an Authorization header containing the access token, e.g:
Authorization: Bearer ya29.1.AADtN_WoM4-4Fb1voFL-emcUWluijCzwvc9Z-FYM9SPvK03HCbGkdROJTVVPSLHK2IlVJQ
You may also be able to pass the access token as an HTTP query parameter, e.g.
https://www.googleapis.com/androidpublisher/v1.1/applications/PACKAGENAME/inapp/SKU/purchases/PURCHASETOKEN?authorization_token=AUTHTOKEN
I had a similar problem as you. Answer by mmigdol is helpful, but it didn't help me. I finally managed to solve it by looking at links generated here: https://developers.google.com/oauthplayground/
Apparently, Android publisher scope
https://www.googleapis.com/auth/androidpublisher
needs to be added into the link requesting authorisation code (before even generating refresh token) by adding:
&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fandroidpublisher
to get this:
https://accounts.google.com/o/oauth2/auth?redirect_uri=<YOUR_REDIRECT_URI>&response_type=code&client_id=<YOUR_CLIENT_ID>&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fandroidpublisher&approval_prompt=force&access_type=offline
I am using the Twilio java wrapper provided on the website and started making some tests. I am able to send text messages that are successfully received. However, I would like to make sure that the messages have been sent successfully and that no problem has been encountered by Twilio (bad phone number or whatever reason).
I understand that when you make a REST request to Twilio to send a SMS, Twilio responds with the Status. How could I get this response?
Here is the explanation page I found: http://www.twilio.com/docs/howto/sms-notifications-and-alerts
If you specify a StatusCallback URL when you make the request to send an SMS, we will make a request to the callback URL you provided after the message has finished processing, with the parameters either SmsStatus=sent or SmsStatus=failed. You can use this information to do more processing on the SMS message. There's more information here: http://www.twilio.com/docs/api/rest/sending-sms#post-parameters-optional
Alternately, if you hang on to the SMS Message Sid, you should be able to query the API for the message and get the status in the response. So if the sid is SM123, making a GET request to https://api.twilio.com/2010-04-01/Accounts/AC123/SMS/Messages/SM123.json should return a object with the status of the SMS Message.
I recall that the response comes to your url and can be matched up by an ID. In the REST post to SMSMessages you can specify a statuscallback url where Twilio will post a status message to your url.
When you receive that post to your site, you can record it or take any other action you need, such as retrying or using another mode of communication.
In 2020, with the Java SDK, you can now create a MessageFetcher with that SID and then call fetch to ask for the Message instance until its getStatus returns "delivered", "undelivered", or "failed".