Service to service authentication is not allowed using forge Autodesk - autodesk-forge

In 'Autodesk Construction Cloud APIs' I try to use GET method for projects/{projectId}/issues.
This is the documentation for the API: Get issues API Link
I am using Postman and for other API's it works without problems, but for some reason for this API I got the following error:
image of the error:
I know my ProjectId and Token are fine. I am wondering if it has to do with some access the admin must to give me.
best regards,

It looks like your access token is 2-legged. Instead, you will need to use a 3-legged one since its Authentication Context is user context required.
See:
https://forge.autodesk.com/en/docs/oauth/v2/developers_guide/basics/
https://forge.autodesk.com/en/docs/oauth/v2/tutorials/get-3-legged-token/
https://forge.autodesk.com/en/docs/oauth/v2/tutorials/get-3-legged-token-implicit/

Related

How to read all data using Revit API?

we are generated client id and secret id. And also we have got access token using Internal Token.
when running the project we can view Revit file which we are uploaded using forge bucket.
Then again are trying to get all elelments (Building,floor,rooms,equipments etc)in Revit model using API.
using this Link:https://forge.autodesk.com/en/docs/model-derivative/v2/reference/http/urn-metadata-GET/
we have using API in onDocumentLoadSuccess this event.
we are passing url:https://developer.api.autodesk.com/modelderivative/v2/designdata/:urn/metadata
headers :'Authorization': 'Bearer ' + access_token.
In this we are passing urn,access_token parameters also fine.
But we face "Token does not have the privilege for this request" error.(we have already have access token through API.But for the second time we face the error)
How to solve this, please help me on this.
Note that the different endpoints provided by the Forge services require a specific "scope" that the access token must be generated for. For example, according to the GET :urn/metadata docs, this endpoint requires the the access token to be generated with the "data:read" scope.
Also, note that properties of a design processed by the Model Derivative service are actually obtained by a different endpoint - not using GET :urn/metadata, but using GET :urn/metadata/:guid/properties.

Why can't I get Google API Devices to work

I am trying to get started with using Google API specifically in regards to obtaining a listing of Chrome devices in our organization. We have a current list of Chrome Devices in Google Admin. When I go to "API Explorer" here:
https://cloud.google.com/identity/docs/reference/rest/v1/devices/list
And enter the request parameters I can't get it to work.
First of all I do not know how to obtain an access token other than using the "OAUTH 2.0 Playground". That link is
https://developers.google.com/oauthplayground/
I have tried that but apparently I need to somehow enable one of the following OAuth scopes:
https://www.googleapis.com/auth/cloud-identity.devices.readonly
https://www.googleapis.com/auth/cloud-identity.devices
https://www.googleapis.com/auth/cloud-identity
Which I don't seem to be able to find in the OAuth playground.
In any case, I did obtain a token through the OAUTH 2.0 Playground to use in the "API Explorer". I am pretty sure I didn't use the correct OAuth scope either. In any case, maybe I can try using an API Device List in OAUTH 2.0 Playground but haven't figured it out yet.
Seems to be easier to find and use in "API Explorer". But when I use the Auth Token in API Explorer, devices.list in
GET https://cloudidentity.googleapis.com/v1/devices,
which I acquired through OAUTH 2.0 Playground, I get the error:
"Request had insufficient authentication scopes"
I get the same error in OAUTH 2.0 Playground if I try to use that same API request in OAUTH 2.0 Playground. But simply cannot find the following OAuth scopes, which the API explorer says is required for this particular API request of
"GET https://cloudidentity.googleapis.com/v1/devices"
I am just looking to try this out (obtaining a list of chrome devices through the Google Cloud API), which I know our organization has in our admin console.
I have not activated a Google Cloud Trial yet, so maybe that is the problem. I don't really know if the API Explorer or OAUTH 2.0 Playground requires that.
Maybe there is a different API request to accomplish what I am looking to do.
Maybe there is a different way to obtain an access token. I have gone in the google cloud console,
https://console.cloud.google.com
created a project, and created an API Key, and an OAUTH 2.0 client.
Any help would be appreciated.
Thank you.

Pass Authentication Token to Service

I have used lifeary service builder to build my services. some of my services require that the user is authenticated before he can use them.
how can i generate an auth token and send it in the header or in the URL?
I have tried username#host.com:password#http://localhost:8080/PortletName-portlet/api/jsonws/?serviceClassName=com.service.NameServiceUtil&serviceMethodName=getMyNames&serviceParameters=[userid]&userid=1
and it did not work!
I have made sure i have added the below line in my portal-ext.properties and restarted the server.
json.service.auth.token.enabled=true
What more should i do to be able to pass Auth Token? is there a better method that i can use?
You actually want to use AuthVerifier. This is the best way how to access the Liferay API and be authenticated. It similar to the autologin concept.
Have a look at https://dev.liferay.com/es/discover/deployment/-/knowledge_base/7-0/authentication-verifiers and check out the PortalSessionAuthVerifier class in the source code.
The concept is quite simple. Read the request object and determine who the user is. Perform your custom authentication and return the auth result with the user identification.

ERROR 403 (FORBIDDEN) :Your client does not have permission to get URL

I want to get the web search results in XML or JSON format, so I'm trying Custom Search Engine to do this using REST API, but when put any URL with different parameters like cx, api key, query, scope. I get always the same error:
Your client does not have permission to get URL /search?q=socer&hl=en&start=10&num=10&output=xml&client=950599431012-4mdbg8eqvb30cf6hamamq8sfihn71qku.apps.googleusercontent.com&cx=006664130785464139277:u_p0bwcuncc from this server. (Client IP address: 105.190.4.82)
If there are other solution for my prob please show it to me.
Because 'Firebase' sanctioned some country like(Iran) this error responds to users.
Seems like your IP is blocked by Google.
Using vpn or a proxy should solve the problem.
I had this error when clicking on the Trigger URL of a Google Cloud Function, this answer on Server Fault solved the Error: Forbidden Your client does not have permission to get URL /MY_CLOUD_FUNCTION_NAME from this server cloud function.
It says that you need to
manually add the Cloud Functions Invoker permission to the allUsers
user in the Cloud Functions page in the Google Cloud Console.
Perhaps you also can change roles and permissions in your case to get it run?
In my case I had a vpn extension turned on by mistake in Google Chrome.
Well it's a hit-or-miss situation. Many users have faced this type of issue.
Please try a few solutions from below:
Clearing your browser history.
Try using a tool for cleaning up malwares.

Client Secret In Chrome Web Store API

I am trying to use Chrome Web Store API and I have followed this link https://developer.chrome.com/webstore/using_webstore_api
But after creating application on developers console I am not getting client secret which is used to get the access token.
Please help me in finding the SECRET TOKEN.
Thanks in advance.
Got the solution by simply passing the client secret blank in the request.