So I have been working on this issue for quite a while now. Earlier we thought its a re_indexing issue so kept re_indexing it which didn't helped at all.
So We started looking into roles and permission and noticed that the APIs are not Visible to admin only.
I tried creating another user account and just gave admin role to it and it worked. Every Single API is visible to this new user with admin role both in publisher and devportal.
Also checked visibility of APIs and its access is set to ALL in publisher portal and public in devportal.
This is getting annoying as admin is supposed to have all the permissions right but here its opposite. Please help someone
Related
I use google Ouath2.0 with passport.js in my Next.js/Node.js web-app. Registering and logging in works as expected. However, anyone with a google account is able to register, regardless of being in the test users list. The app is unpublished, and so only test users registered by me in the Oauth Consent screen should be able to register and login.
Does anyone know how to fix this? As far as I have understood it, login when not registered as a test user should simply fail. I have seen this asked elsewhere with no answers, and I am not able to contact google as that requires a paid support level.
I had a quick look at this and observed the same (incorrect) behavior; I too was unable to restrict authenticated users to the list of test users:
Created Apps Script Web app (for a quick win)
Associated a Cloud Platform project with it
Enabled Gmail API in the project and added one of its "restricted" scopes
Added one Google account to test users
I was able to login using the test user and any other Gmail account regardless of whether I included a Gmail restricted scope.
One thing I observed but am unable to explain is that I was not presented with the app's (project's) OAuth Consent Screen. Each time I logged in (incognito), I was prompted by the standard Google login screen only. I expected to be prompted by the OAuth Consent Screen before accessing the app. This likely explains why identities aren't being limited to the test users but I'm unsure why I'm not seeing the consent screen.
Even without Google paid support, you may file issues like this using Google's public issue tracker and these will be seen by Google Engineering.
I recommend you file under "Cloud Platform > Security & Identity" and let someone within Google triage:
https://issuetracker.google.com/issues/new?component=187167&template=1162765
As described in the marketing API, I have registered an app got my app key and and id, generated a token with ads permissions, list pages permission as well. The app is not yet submitted for approval.
When I try to get the list of ad accountsz linked to 'me' it returns the array of all ad accounts.
But when I select any of the business accounts (other than my personal Facebook account) and try to retrieve the ads insights API throws exception saying:
but when I try to get the insights, using the python SDK, I get the same error, ex: (#273) This Ads API call requires the user to be admin of the ad account. User is not admin on ad account .
What is surprising is when I use the similar sample page from Facebook-Developers to get insights, it is able to retrieve the ads data for the same account, with my own login itself.
Why would my app be unable to do so?
Is there any such limitation for apps not reviewed?
Update: I seem to have admin access to the ad account as well. Here are some screenshots. (Unless its my dumb day I think something else is going on, but its my fist time with an API like this, so I cant be sure!;) )
Screenshots: GraphAPI Explrer with API call, App Settings, AdAccount Settings
Based on the discussion on question and experience I now have:
API user needs to be an admin of the ad account and of the app if you
wish to use the API.
The ad account needs to be specifically added to the app, in app settings. In developer access an app can only have access to a maximum of 5 ad accounts.
Error messages in Facebook API are misleading more often than not. Fix anything marked in yellow or red anywhere in the portal, to be
sure.
Do read about limits of every API before you use it, all API have different limits and your application design needs to take those into account.
As for the question, yes the issue was the text in red, as pointed out by #CBroe, although the error message was off by a mile and issue occurred only when using our own app.
We're using Google Analytics API in our application and perform actions (read data) on behalf of our users (we get their tokens via OAuth2). We use a client id and client secret to authorize our Google API project (application).
The problem is that we're unable to reach this project in Google's developer console, because the user in our Google App account who created this project was deleted. Regardless, the Google API still works (we have the key and the client secret) but we're unable to reach it in the admin section in the browser, but we can't access it because the owner was deleted.
What are the options to recover access to this API project? Is it possible to transfer ownership of this project using Google API? It's running in production so we can't afford to generate a new API project.
Is it perhaps possible to generate a new API project by keeping all our users consents (they authorize their accounts using an authorization popup in our web app)?
EDIT: it's also possible the user still exists, but we don't know who's the owner. Is it possible to retrieve this info using the app's api key/secret?
How to find out who owns your credentials.
Authenticate your application the pop up window will appear. Click on the name of the application the little arrow and a drop down will apear with the email address of the developer who owns the project.
If you have lost access to this account i am not aware of any way of getting access back. However for the sake of curiosity i am going to contact someone at Google and find out if they have a procedure for account recovery or not. I will update this when i hear back.
If the account that has a credential was a gsuite user then we can transfer the project to the admin of the domain.
Have the admin of the GSuite contact me with information on the project, client id, email of the user who was deleted. We can then add the admin of the gSuite as the owner of the project.
From the question, this was likely a gsuite user because even after the account is deleted, the project was not deleted.
With respect to WSo2 API Manager Store, I have 2 tenants created in Management Console.
I am able to view those tenants in Store but expect carbon tenant, other users doesnt have an option Signup.
I tried this link too but its not working. https://docs.wso2.com/display/AM1100/Customizing+the+API+Store
Can anyone guide me please?
By default, self sign up is disabled for tenants AFAIK. You can enable this by following the below steps.
Login to management console as tenant admin
Go to the registry browser which can be found in the left menu.
Traverse to /_system/governance/apimgt/applicationdata/sign-up-config.xml file.
Change to true.
After that, go to the api store and you should see the sign up button.
I have to sync account information across 3 different platforms. I wrote a password script that will update a users account information in LDAP, our Student Information System, and in gmail (for edu). I had no issues with older migration api, but that is going away in the coming months.
I wrote a new library to use oauth2 and the adminSDK to manage my user accounts. Im using a service account and specifying a superadmin account to preform account creations and password updates. This works perfectly fine with normal accounts. However, it seems that I cannot reset my own password (Im an admin).
So far the things that my library can do are: search, create, update, and delete NON-ADMIN accounts. Things that do not work: promote an account to admin, undelete an account, change admin account information (password for example).
Changing admin account info results in: "Not Authorized to access this resource/api" error.
Is there any way to get around this issue? If not, this severely cripples my ability to use the new API to manage my users. well, the admin users anyway. I need it to work for all users, even the hand full of administrators. I simply don'y see the point of a service account impersonating an admin, and then does not have all the proper rights to change account info on all accounts, especially when the previous API allowed it.
please advise.
I can also provide my library for anyone interested in using it.
-Jerry
I figured out my issue.
When I started this project, I created a google account for this project and assigned it superadmin role.
I was revisiting my project today and I was getting the same errors when trying to update admin accounts. I signed into the project's admin gmail account.... and accepted the terms...
now my library works perfectly. yay.