I'm trying to get the oauthIdToken of the result fetched from signing with firebase using signInWithCredential. I get the following back upon a successful login:
user Object {
"additionalUserInfo": bg {
"isNewUser": false,
"profile": Object {
"at_hash": "aWhmsdfeef32388EYD8YA",
"aud": "100423452193-gvmasfasdfasdfasfda7ee0.apps.googleusercontent.com",
"azp": "100406623293-gvmt0erkkob6asdfadfi7ee0.apps.googleusercontent.com",
"email": "fake#gmail.com",
"email_verified": true,
"exp": 1579142529,
"family_name": "last name",
"given_name": "first name",
"iat": 1579138929,
"iss": "https://accounts.google.com",
"locale": "en",
"name": "first last name",
"nonce": "Ow_sVcasdf50LdbHdTaro",
"picture": "https://lsfasfa.googleusercontent.com/-iKnasfasdf34/AAAAAAAAAAI/AAAAAAAAAAA/ACHi3re9asdfas7_Erg/s96-c/photo.jpg",
"sub": "100824234342680931658",
},
"providerId": "google.com",
},
"credential": Object {
"oauthAccessToken": "ya29.Il-5B47AOKYEQ5NYikv93gYyyhWu_2FEHEaadfaasfasdfasdfBVJCDXG3HJ9MdqalyyxvZ-6jMoqRsaGzhPUg6Cg862vF25xocHR6rnbh_-HuP2MMey4s59Gx8fXLwgQ99dQ",
"oauthIdToken": "eyJhbGciOiJSUzsdfagyZDgyMDQwM2VlODUxOGM0YWFiYjJiOWZlMzEwY2FjMTIiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJodHRwczovL2FjY291joiZW4iLCJpYXQiOjE1NzkxMzg5MjksImV4cCI6MTU3OTE0MjUyOX0.i-YiWbokasfiP_-xWCHJUyT_aLWp7eb3YCE6mzRUbbuKsdfsdfHptczrMXB5vMZY_5JFp8ZD2zxoNlvhTpuMY3B_zw_5Irk6HzuHGHXyAgzNJjh5n6cYR8gOiOsfsdfcKATpHcG7H_gOCwns_fI44I820qcmrogaEXuW-i3u9X5aXbTYqW5EaZQvQzuHkYHO2VWoktOTZsfsdfsfOaYYGU-tqW-ygAB_aWD7VPjIuUY4ySPF4k6IRR1x3ZysfdsdfdGGarX3isPGxMrDMtbRtsfsdfVaKsZdRtCpbfNUbFO8NR6x-pIvKsdfA",
"stsTokenManager": Object {
"accessToken": "eyJhbGciOiJSUzI1NiIsASDAFASFVmZTJlZDQyOWI3MzY0M2Y2NTEiLCJ0eXAiOiJKV1QifQ.eyJuYW1lIjoicmVudGVyaWkgcmVudGVyaGUuY29tIn19.n7z7HlL9lU7VEOA4fGIHvE9UMLSu5uo1rpfTm6m-N5A8CaKQaDu96sAvsG8iOVx8PYnytadffsafSRHyJoS0bzZbpQS6-YItdM5bIPxLMTFYEb0-Ho-tPnhRBSfWfPqJnK0c18YBFtHTG-0TvLNppmuZFG9AJjZZr0ASIkoOWmkI0gdOUAKBkutwMb3oitxeorT-pUdtKB5Rk23ekewz05oi7R5TI4xpBX5LsPvqaCqI4S5wxHe_BilRiiMhxd_lINdWftEkpctKSApJubML7mB9A",
"apiKey": "AIzaSysdfsdfsiWO7_2buk",
"expirationTime": 1579142530341,
"refreshToken": "AEu4IL01n_G6c4_Wg6fzseXRGPJHEAJnhzw7GLZVTS4RICikJ8PUgmmtNWXjcttOSbmYVCJDzGluUvTNKPHa4aS8gG0R3ijmrvPpcyJFPWZ5dRRDIlzxuoSyt70mewdRYgK4Eao7W21550slj7qHu8ZT_1bACJb31e_y7UnL2QjJEuvKwcWII8v8mgMPpYC2RH6fKg0Xrv9XLBgTxso25KfDrlfHBfYp4t35CzcVqODl71663_xV0WHhQ5gpv1hW0N39MMU5S0UEbQ_FnMmcJUFygaRvHndj2yNVhGwv_Re0uut3hUanPO_bo6OT4VEgIEEZ6cuiq8jzpH_T7d6bwI9eLZNS6IC1Fu8EJFmUWAtsdyBErq0s39gj2uta0uqLIGP_wlP5F_eDiw",
},
"tenantId": null,
"uid": "KlGB4adfadfn9ktr1",
},
Trying to access oauthIdToken with console.log(result.credential.oauthIdToken) inevitably provides null even though the variable is clearly present. I'm assuming this is similar to getting the accessToken within stsTokenManager where you can only get it using the method getIdToken() and credential.stsTokenManager.accessToken provides null.
How do I access oauthIdToken?
It took me a day to sort this one out. I was looking at using promises and found the answer by logging the parts of the object.
The output of printing out the result object is very confusing. The issue is that the JSON object representation has keys which don't correspond to the variables on the object. If you use console.log(JSON.stringify(result.credential)) rather than
console.log(JSON.stringify(result)) you will see the different variable names.
To see the OAuth Identity Token use console.log(console.log(result.credential.idToken)) without the oauth prefix. Likewise the access token doesn't have the oauth prefix.
It is important to know that in the Google/Firebase world there are two different types of identity token. The Firebase identity token is obtained from user.getIdToken(). It is sent to the server to allow the client to be verified. Its audience in the project identifier. The other type, which is the subject of the question, is the identity token generated by the Auth provider. If the Auth Provider is Google then this is the token you have to use to authenticate against Cloud Functions and Cloud Run services. The token needs to be sent in a Authorization: Bearer idtoken header on the request.
Related
I am trying to get google calendar API data to JSON using reactjs hooks as follows
const [data, setData] = useState({ hits: [] });
useEffect(() => {
getEvents();
}, []);
const getEvents = async () => {
const result = await axios(
'https://www.googleapis.com/calendar/v3/calendars/en.usa#holiday#group.v.calendar.google.com/events?key=MYKEEEY',
);
setData(result.data);
console.log(data);
}
When I run my app I am getting the following error
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
I have followed all instructions created the app, generated needed credentials.
What am I doing wrong here?
The google docs provide several suggestions to fix this.
https://developers.google.com/calendar/v3/errors#401_invalid_credentials
401: Invalid Credentials
Invalid authorization header. The access token you're using is either expired or invalid.
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization",
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
Suggested actions:
Get a new access token using the long-lived refresh token.
If this fails, direct the user through the OAuth flow, as described in Authorizing requests with OAuth 2.0.
If you are seeing this for a service account, check that you have successfully completed all the steps in the service account page.
Your specific error message says "Login Required", so it seems like your issue might be with the OAuth flow. I see that, however, you say:
I have followed all instructions created the app, generated needed credentials.
If that's the case, it sounds like you might need a new access token.
You cannot access the Google's holidays calendars with an API key only anymore, see here and here
Instead, you need to obtain the Client ID (e.g. by clicking on the Enable the Google Calendar API button and subsequently note the Client ID) and you need to use this Client-Id for the creation of credentials / authorization flow.
The process is a bit different in every language and I have not done it in Reactjs. But there are turorials explaining you how to perform the authorization for the Calendar API in Reactjs, e.g. this one.
I'm trying to use Firehose API (JS) and I keep getting the following error:
"InvalidArgumentException: Firehose is unable to assume role
arn:aws:iam::XXXXXXXXXX:role/NAME. Please check the role provided.
I check the role and I have set my custom policy to include all resources for STS and Firehose action. I have no clue why this error exists if I'm allowing AssumeRole under STS.
Method Calling
The method I'm using is createDeliveryStream(params = {}, callback) with S3DestinationConfiguration.
Policy JSON
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"iam:*",
"kinesisvideo:*",
"s3:PutAccountPublicAccessBlock",
"s3:GetAccountPublicAccessBlock",
"s3:ListAllMyBuckets",
"s3:*",
"firehose:*",
"sts:*",
"s3:HeadBucket"
],
"Resource": "*"
}
]
}
Please check the trust relationship defined in the IAM role and verify that it is set to firehose.amazonaws.com. Policy defined in Trust relationship enables services to assume the role. For Kinesis Firehose, refer this document which contains details about IAM roles for Firehose. Refer "Grant Kinesis Data Firehose Access to an Amazon S3 Destination" section in the document which mentions about trust policy.
I need to get contacts emails with Google People API, but can't find a way to do it in docs. Currently I'm making the following request:
request.get('https://people.googleapis.com/v1/people/me/connections?access_token=tokenHere',
function (error, response, body) {
console.log(body);
});
And getting the following responce (I pin only the part of it, for example):
{
"resourceName": "people/c1705421824339784415",
"etag": "328OLZwdaiQ=",
"metadata": {
"sources": [
{
"type": "CONTACT",
"id": "17aae01d0ff8b2df",
"etag": "#328OLZwdaiQ="
}
],
"objectType": "PERSON"
},
"names": [
{
"metadata": {
"primary": true,
"source": {
"type": "CONTACT",
"id": "17aae01d0ff8b2df"
}
},
"displayName": "testGoogleContact",
"givenName": "testGoogleContact",
"displayNameLastFirst": "testGoogleContact"
}
]
}
To achieve this you need to use the Google Plus API: This is what I found on the Google Plus API Documentation page:
You can get an email address for the authenticated user by using the
email scope.
The following JavaScript code example demonstrates how to:
Use Google+ Sign-In to authenticate the user and get a valid OAuth 2.0
access token.
Use the token to make an HTTP GET request to the
https://www.googleapis.com/plus/v1/people/me
REST endpoint. Parse the response and display the user's email
address.
The JSON should like something like this:
{"kind":"plus#person","etag":"\"xw0en60W6-NurXn4VBU-CMjSPEw/mjjYoraGfq3Wi-8Nee4F3k7GYrs\"","emails":[{"value":"**EMAIL**","type":"account"}],"objectType":"person","id":"Person ID","displayName":"FULL NAME","name":{"familyName":"LAST NAME","givenName":"NAME"},"url":"https://plus.google.com/USER","image":{"url":"https://lh5.googleusercontent.com/-RTcRn6jTuoI/AAAAAAAAAAI/AAAAAAAAEpg/Y6cMxfwtbQ4/photo.jpg?sz=50","isDefault":false},"placesLived":[{"value":"CITY","primary":true}],"isPlusUser":true,"verified":false,"cover":{"layout":"banner","coverPhoto":{"url":"https://lh3.googleusercontent.com/SybH-BjYW2ft1rzayamGLg_VwW7ocgnQ5cAxH3ROEpODvyaEODpYKW55gmAxCXDUvfKggQ4=s630-fcrop64=1,00002778ffffffff","height":626,"width":940},"coverInfo":{"topImageOffset":0,"leftImageOffset":0}},"result":{"kind":"plus#person","etag":"\"xw0en60W6-NurXn4VBU-CMjSPEw/mjjYoraGfq3Wi-8Nee4F3k7GYrs\"","emails":[{"value":"**EMAIL HERE**","type":"account"}],"objectType":"person","id":"116508277095473789406","displayName":"FULL NAME","name":{"familyName":"LAST NAME","givenName":"NAME"},"url":"https://plus.google.com/USER","image":{"url":"https://lh5.googleusercontent.com/-RTcRn6jTuoI/AAAAAAAAAAI/AAAAAAAAEpg/Y6cMxfwtbQ4/photo.jpg?sz=50","isDefault":false},"placesLived":[{"value":"CITY I LIVE","primary":true}],"isPlusUser":true,"verified":false,"cover":{"layout":"banner","coverPhoto":{"url":"https://lh3.googleusercontent.com/SybH-BjYW2ft1rzayamGLg_VwW7ocgnQ5cAxH3ROEpODvyaEODpYKW55gmAxCXDUvfKggQ4=s630-fcrop64=1,00002778ffffffff","height":626,"width":940},"coverInfo":{"topImageOffset":0,"leftImageOffset":0}}}}
Source: Google Plus API documentation
In case anyone else comes across this question: the solution to retrieving the email addresses of an authorized user's contacts, what the OP seems to want (not the authorized user's own email address) is at Why can't I retrieve emails addresses and phone numbers with Google People API?.
Explanation: If you look at the section under "Query Parameters" on https://developers.google.com/people/api/rest/v1/people.connections/list, you'll see that requestMask is a parameter (documented at https://developers.google.com/people/api/rest/v1/RequestMask).
It says that you'll need to include the requestMask parameter in your query, because you're doing a people.list query (i.e. using the connections GET endpoint). The requestMask parameter basically tells the API what fields to pull: person.emailAddresses tells it to pull the peoples' email addresses, person.emailAddresses,person.names tells it to pull their email addresses and names, etc.
GET https://people.googleapis.com/v1/people/me/connections?sortOrder=FIRST_NAME_ASCENDING&fields=connections(emailAddresses%2Cnames)&key={YOUR_API_KEY}
Try this and it will give you the emails. Make sure your contacts has emails.
You can get the profile emails from the Google People API, by making a request to https://people.googleapis.com/v1/people/me.
If you want non public emails, you will need to request the email or https://www.googleapis.com/auth/user.emails.read scope as specified in https://developers.google.com/people/v1/how-tos/authorizing#profile-scopes
I'm trying to play around a little bit with the Google Calendar API but I can't create a OAuth ID ( as mentioned in this example: Google Calendar JS API.
I created a project, clicked Cerdentials and if you try to create an OAutho-client-Id you will be forwarded to the configure consent tab.
Here you have to enter your email address (is standard google account) and a project name. Then pressing save leads to an error:
{
"error": {
"code": 403,
"message": "The supplied API key is not configured for use from this referrer.",
"status": "PERMISSION_DENIED",
"details": [
{
"#type": "type.googleapis.com/google.rpc.Help",
"links": [
{
"description": "Google developer console API key",
"url": "https://console.developers.google.com/project/648364020234/apiui/credential"
}
]
}
]
}
}
The URL metioned in this JSON I can't access (no rights).
What can I do to get a simple oAuth ID?
Tried with several new projects, other naming of the consent projet name.
Also tried to create an API key which can be referred by all clients (empty field).
Any ideas anybody?
I am trying to access a calendar hosted on google via my node application however I am unable to query it via the given api due to my calendar needing authorisation.
How would I go about disabling this/making the calendar accessible to my application?
Here is my api query:
https://www.googleapis.com/calendar/v3/calendars/heathwallace.com_gpupieshkuc85dd832m9gjrh9g#group.calendar.google.com
And this is the response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
If you check the documentation Calendars: get for example: you will notice it states
Requires authorization
Now normally if you set something to public you will be able to retrieve it using a public API key. I took one of my test calendars set it to public then tried to retrieve it using a public API key. (both key and calendar name have been changed)
https://www.googleapis.com/calendar/v3/calendars/tfaf72h2ubfsftl3h4l5qd87s#group.calendar.google.com?key=AIzaSyBBH88dIQPjcl5nIG-n1mmuQ12J7HThDBL
results are
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
Conclusion: You must be authenticated to retrieve data. Either using OAuth2 or a service account. Normally I would suggest you use a service account and grant it access to the Calendar in question. I would not use a service account with JavaScript due to security issues, so I cant help you with that.
Answer to your question you must be authenticated to see a calendar. there is no way around that.
You can easily do this actually (no Oauth required).
The piece of magic is to create a developer key in the developer console console.developers.google.com (in the APIs & Auth -> Credentials -> Public Access Key -> Key for server app)
Make sure to have the calendar API enabled in the console again (APIs & Auth -> Apis)
GET https://www.googleapis.com/calendar/v3/calendars/heathwallace.com_gpupieshkuc85dd832m9gjrh9g%40group.calendar.google.com/events?key={YOUR_API_KEY}
I've just successfully retrieved your calendar that way.