I'm stumped on this one. I have an example php script, using the most recent version of the Google API PHP client. This script functions perfectly:
<?php
require_once 'Google/Client.php';
require_once 'Google/Service/Drive.php';
$apiConfig['use_objects'] = true;
$client = new Google_Client();
$client->setClientId('xxx.googleusercontent.com');
$client->setClientSecret('xxx');
$client->setRedirectUri('xxx');
$client->setScopes(array('https://www.googleapis.com/auth/drive'));
$oldToken = file_get_contents("token.json");
$client->setAccessToken($oldToken);
$service = new Google_Service_Drive($client);
$perms = $service->permissions->listPermissions("example_file_id_here");
print_r($perms);
?>
However, doing the exact same thing but for the reports API gives me the error in the subject of this post.
$client->setScopes(array('https://www.googleapis.com/auth/admin.reports.usage.readonly'));
$service = new Google_Service_Reports($client);
$rep = $service->userUsageReport->get("test#test.com", "2014-09-03");
print_r($rep);
I've looked everywhere I can think of to find what I need to grant in terms of permissions. According to the prerequisites. I don't have a 'Reports API' available in the list of APIs, but the Admin SDK if enabled.
Does anyone know what else it could be? It works fine in the API explorer and oauth 2 playground.
It is not very clear in the documentation, but reports API is actually part of the Admin SDK. So by enabling Admin SDK, you actually enable both Reports Api and Admin Apis.
If you go to the admin SDK documentation and click under "Create Reports and Audits", you can see that it directly link you to the Reports API.
Hope this helps!
Related
I've been assigned to build a set of tools for DevOps for improving our turnaround time on building several branches. These tools will need to interact with our source control, which is currently running on Team Foundation Server. When I asked if we had access to Azure DevOps, which according to the tutorials I found online was needed to create an authentication token that could be used to access TFS through it's default REST API, I was told that we did not and had no plans to, because this company was an AWS organization.
Does anyone know if there's a way to access a REST or similar API for TFS if all you have access to is TFS running on AWS?
Yeah, as mentioned in the comment, you should use PAT to authenticate
TFS through Rest API. Username should be blank. PAT is the password. There are multiple related tutorials in google, a sample for your refer:
using System.Net.Http;
using System.Net.Http.Headers;
...
//encode your personal access token
string credentials = Convert.ToBase64String(System.Text.ASCIIEncoding.ASCII.GetBytes(string.Format("{0}:{1}", "", personalAccessToken)));
ListofProjectsResponse.Projects viewModel = null;
//use the httpclient
using (var client = new HttpClient())
{
client.BaseAddress = new Uri("https://{accountname}.visualstudio.com"); //url of our account
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new System.Net.Http.Headers.MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", credentials);
//connect to the REST endpoint
HttpResponseMessage response = client.GetAsync("_apis/projects?stateFilter=All&api-version=1.0").Result;
//check to see if we have a succesfull respond
if (response.IsSuccessStatusCode)
{
//set the viewmodel from the content in the response
viewModel = response.Content.ReadAsAsync<ListofProjectsResponse.Projects>().Result;
//var value = response.Content.ReadAsStringAsync().Result;
}
}
Since you are using PAT with on-premise TFS server, make sure you already turned off Basic Authentication on server. Otherwise you will get an returned error.
We recommend you keep IIS Basic Authentication turned off at all times
when using Azure DevOps Server. Only if necessary should you enable
IIS Basic Authentication. When IIS Basic Authentication is enabled on
your windows machine, it prevents you from using personal access
tokens (PATs) as an authentication mechanism.
Source link.
Moreover, we do have a good integration with AWS. We could call AWS services from Azure DevOps/TFS side. Also be able to use AWSCLI & AWS Powershell Module. In case you need, for more details please take a look at this link-- AWS Tools for Microsoft Visual Studio Team Services/TFS
I'm building an AspNet Core 2.1 website using Azure AD B2C authentication, based on the example code I found here.
I can authenticate against the Google identity provider. But instead of showing a custom page based on the attributes I selected for the signup/signin policy in the Azure AD B2C portal, all I get is the normal Google authentication page asking me which Google account I want to authenticate against.
I was able to display a custom page listing all the attributes I'd defined in an earlier version of my project, which used the deprecated microsoftonline.com domain. But now that I'm using the recommended b2clogin.com domain the page is no longer appearing. I don't know if that change has anything to do with the missing page, but I thought I'd mention it.
My appsettings.json file is:
{
"AzureADB2C": {
"ApiScopes": "https://ridemonitor.onmicrosoft.com/api/user.read",
"ApiUrl": "https://ridemonitor.azurewebsites.net/hello",
"CallbackPath": "/signin-oidc",
"ClientId": "**redacted**",
"Domain": "ridemonitor.onmicrosoft.com",
"EditProfilePolicyId": "b2c_1_ProfileEditing",
"Instance": "https://ridemonitor.b2clogin.com/tfp",
"RedirectUri": "https://localhost:44305/signin-oidc",
"ResetPasswordPolicyId": "b2c_1_PWReset",
"SignUpSignInPolicyId": "b2c_1_SignUpIn"
},
"Logging": {
"LogLevel": {
"Default": "Warning"
}
},
"AllowedHosts": "*"
}
Update
I've configured two identity providers for my app, Google and Microsoft Account. The Microsoft Account provider does, in fact, display a customized page listing all the attributes I set in the Azure AD B2C portal when I authenticate it. It's just the Google route which has stopped displaying the custom attribute page.
The redirect uri in Google Cloud Platform -> Credentials is:
https://ridemonitor.b2clogin.com/ridemonitor.onmicrosoft.com/oauth2/authresp
which is the url I should be sent to, and used to be sent to by the Google identity provider, and is the url the Microsoft Account identity provider sends me to when I try to log in.
It looks like I need to update something in my Google configuration, but I'm not sure what.
Update #2
Using the Chrome developer's console, and Link Redirect Trace, I tried to see how I ended up on the pages I ended up on after clicking both the Google and Microsoft Account signin/signup links.
The Google button lands me on the generic Google login page. The initial redirect (there are several subsequent ones) appears to be:
https://accounts.google.com/signin/oauth?client_id=769952297467-qhqd9brt7pl4sra1hnjhnnqchce2h6f1.apps.googleusercontent.com&as=c-8m6tr-h2tUDpRHqIApkQ&destination=https://ridemonitor.b2clogin.com&approval_state=!ChR4aFltdld5TGNwWUEyUlA1R0R6TRIfczBDdExlN01TRElYa013TWpqbVNUV1h5alREUVloWQ%E2%88%99ANKMe1QAAAAAW7K6uQbexonsHodkbBOebSymUYB1yufO&oauthgdpr=1&xsrfsig=AHgIfE8msp705-PG2II5uHWqjoODqYSLPg
The initial redirect for the Microsoft Account button is:
https://login.live.com/oauth20_authorize.srf?client_id=704398a8-908a-4512-9cc0-4453014b4714&redirect_uri=https%3a%2f%2fridemonitor.b2clogin.com%2fridemonitor.onmicrosoft.com%2foauth2%2fauthresp&response_type=code&scope=openid+profile+email&response_mode=form_post&nonce=TQsICDEyv245x1E4pkQynQ%3d%3d&state=StateProperties%3deyJTSUQiOiJ4LW1zLWNwaW0tcmM6ZjBlYmQ4OTUtNmVjYS00NzBhLWE4ZDYtY2U4NTgyYzFmZmNjIiwiVElEIjoiNzIwZDg5NDEtNmM2Zi00YzIzLWI5MWEtZDMyZjJjODA5Yjk4In0
Comparing the two initial redirects, what's interesting is that the one for Google does not contain a parameter for the redirect_uri. Which I presume is the place the browser should be sent after a successful authentication.
Yet my Google credentials page would appear to be set up correctly:
Or am I maybe not configuring stuff in the right part of the Google ecosystem? I thought I was following some Microsoft directions regarding Google credentials, but...
Do you get any error messages?
Try using your browser's dev tools to check any error logs and identify the CSS styling that took effect in your html elements. It's possible that your custom classes are being those overwritten by the Google default styling.
You can edit the CSS within your browser's dev tools and then update the CSS files in Azure Blob Storage when you are happy with them.
Refer also to this thread and this one to see if these issue might be similar to yours.
I'm building a ASP.NET (4.6) WebApi project and I'm using ASP.NET Identity to authenticate with Facebook, Google and Microsoft to my API. I have managed to authenticate with Google and Microsoft, but not with Facebook.
I'm using Visual Studio 2015
The problem is that I get access denied every time I authenticate. The scenario goes like this:
I make an API call to localhost:2975/api/Account/ExternalLogins?returnUrl=%2F&generateState=true through my browser.
I receive a link to my API for every external provider my API support. In the Facebook case I got localhost:2975/api/Account/ExternalLogin?provider=Facebook&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A2975%2F&state=99...01
I go to that link with my browser, and gets redirected to the Facebook login page.
I authenticate to Facebook, and a dialog window appears and asks permission for the requested information about me.
I accept and gets redirected back to my API with the error "access_denied". localhost:2975/api/Account/ExternalLogin gets called.
I haven't figured out where the problem comes from, whether its some permission setting in my Facebook app, the Facebook user I log in with, or if the problem lies in the ASP.NET Identity template.
Regarding Facebook I have created a test app of my app, as well as pushed it as a live app. I can find the app on my Facebook profile, and I've removed it several times. My Facebook profile has the administrator role of the app. I have created test users, as well as added a friend of mine as developer/tester of the app. The problem remains. I read somewhere that there should be a pending request for the app that I should accept, but I haven't found any.
Regarding the ASP.NET Identity template the error is received very early in the process:
AccountController.cs:
public async Task<IHttpActionResult> GetExternalLogin(string provider, string error = null)
{
if (error != null)
{
// This is where the API comes in step 5 above
return Redirect(Url.Content("~/") + "#error=" + Uri.EscapeDataString(error));
}
if (!User.Identity.IsAuthenticated)
{
// This is where the API comes in step 2 above before it redirects me to Facebook login
return new ChallengeResult(provider, this);
}
ExternalLoginData externalLogin = ExternalLoginData.FromIdentity(User.Identity as ClaimsIdentity);
// Untouched logic
// ....
}
When I use Google Chromes Network tool I can see that I gets redirected to this link:
facebook.com/login.php?skip_api_login=1&api_key=XXX&signed_next=1&next=https%3A%2F%2Fwww.facebook.com%2Fv2.6%2Fdialog%2Foauth%3Fredirect_uri%3Dhttp%253A%252F%252Flocalhost%253A2975%252Fsignin-facebook%26state%3D...%26scope%3Demail%252Cpublic_profile%26response_type%3Dcode%26client_id%3D...%26ret%3Dlogin%26logger_id%3D...&cancel_url=http%3A%2F%2Flocalhost%3A2975%2Fsignin-facebook%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied%26state%3D...%23_%3D_&display=page&locale=sv_SE&logger_id=...
There is a cancel url with predefined error: "access_denied", error code: 200, reason: "user_denied", so maybe the "access_denied" error I receive isn't very accurate?
Other relevant code I can come up with is in Startup.Auth.cs (I never get to the OnAuthenticated part though):
var facebookOptions = new FacebookAuthenticationOptions()
{
AppId = "XXX",
AppSecret = "XXX",
Scope = { "email", "public_profile" }
};
facebookOptions.Provider = new FacebookAuthenticationProvider()
{
OnAuthenticated = (context) =>
{
context.Identity.AddClaim(new Claim("urn:facebook:access_token", context.AccessToken, ClaimValueTypes.String, "Facebook"));
context.Identity.AddClaim(new Claim("urn:facebook:email", context.Email, ClaimValueTypes.Email, "Facebook"));
return Task.FromResult(0);
}
};
app.UseFacebookAuthentication(facebookOptions);
It feels like I've tried everything. Any ideas on how to solve this?
Thanks in advance!
Update NuGet packages solved my issue.
From this post in the line
context.Identity.AddClaim(new Claim("urn:facebook:email", context.Email, ClaimValueTypes.Email, "Facebook"));
the context.Email is null.
try to update the nuget package which Microsoft.Owin.Security,Microsoft.Owin.Security.Facebook and so on
Those who were unable to resolve the issue by just updating nuget packages, it might help.
Our Web App was working fine with External Login, what was happening before was our app redirected the users to Facebook or Google for authentication and returned the relevant details from their account. But then this issue arises in which the redirect url contains an error with a value Access_Denied. which is not descriptive at all so you need to manually find the errors.
After a lot of debugging and nuget updates I was still unable to resolve the issue and then it turned out the solution was the IP whitelisting for the server as our IT team and few developers changed the the server settings or migrated the website to new server which obviously had a different IP. Hence, I added the IP address in Facebook dev console to whitelist the address and it worked like a charm.
Whereas, Google authentication was fixed without whitelisting anything, just updating the nuget packages did the job.
I have a web service that servers Android, IOS and Windows Phone. Each app connects to Facebook using native SDK and passes the fb_user_id and access_token when performs API's requests. The API should retrieve the user and friends details and save them on MySQL.
The system works fine, except that it can't return friend's retionship, location and birthday.
$fb = new Facebook([
'appId' => my_app_id,
'secret' => my_app_secret
]);
$r = $fb->api("$fb_user_id/?fields=friends.fields(relationship,birthday,location)&access_token=$access_token");
var_dump( $r );
My app on Facebook has friends_relationships, friends_location and friends_birthday permissions. When we test using a Facebook user setted as developer, the app returns all the information, but when a non-developer uses we can't return those informations.
Any idea?
I figured what happened!
Facebook's SDK generates a token for /me. In PHP I was calling fb_user_id?fields=friends.fields(id,name,birthday,etc). But requests with /fb_user_id can't return info with a /me generated token.
It works when used directly on browser https://graph.facebook.com/me?fields=friends.fields(id,name,birthday,etc), but fails when called by Facebook's PHP class:
An active access token must be used to query information about the current user.
My solution:
$url = "https://graph.facebook.com/me?fields=id,name&access_token=$this->access_token";
$this->me = file_get_contents ( $url );
$json = json_decode($this->me, true);
For further information, checkout this answer. New ideas are welcome.
As you can see in this picture
I have a valid long-life Access Token for my app (390068587730802) with the following permissions: ads_management, manage_pages, read_insights, user_friends
I can use it to get data on another accessible app (50813163906) using the Graph API Explorer,
$facebook->getUser(); does return my user id
HOWEVER, I get NULL from the same request via the PHP SDK.
I have tested locally on xampp and on an apache server. I have updated the PHP SDK today to include the latest changes surrounding offline_access and long life tokens. I have read dozens of posts and FB documentation. I´m glad to read more you think will help, but please note that my token is valid, long lived, and I am successfully getting "/me" from the graph API. All of this happens under http or https.
UPDATE "Facebook: Sorry, something went wrong. We're working on getting this fixed as soon as we can."
As seen in this next picture below, I´ve var_dump´d the CURL options to verify the correct access_token and URL is actually being called. Furthermore, I can copy these urls directly into the browser and get complete data return!!
If during my testing I have created "two active sessions" - as some docs warn - how can you test for that? Most importantly, why would the same FB insights query work in the Graph API Explorer, but return null with PHP SDK?
It turns out that "since=30 days ago" was giving a 400 (bad request) response. This error was not showing up in the CURL errors. Only via
curl_getinfo($this -> ch,CURLINFO_HTTP_CODE);
When i changed
$period = "{$period} days ago";
to
$period = urlencode("{$period} days ago");
//or
$period = strtotime("- {$period} days");
everything worked via CURL.