I am learning how to use Google Drive API to upload a file and I am getting this error:
"Client error: `POST https://www.googleapis.com/oauth2/v4/token` resulted in a `401 Unauthorized` response:\n{\n \"error\": \"unauthorized_client\",\n \"error_description\": \"Client is unauthorized to retrieve access tokens using this me (truncated...)\n"
I think this stem from a wrong configuration of my service account. When I created my service account, I didn't use Enable G Suite Domain-wide Delegation and just used the generated json key.
Attached here is a screenshot of my IAM & ADMIN
I also enabled API for google drive, so what am I missing?
You have to create a client id for the service account and with that id you have to enable the SCOPE in security - advanced configuration
Related
I have a Google Apps Script Project that is an "add-on" for Google Sheet.
It does a "get" through UrlFetchApp to retrieve some info through an API.
The company with the API requires a static IP (Mercury Bank), which has to be whitelisted on the Mercury website through 'settings'.
In GCP I created a Virtual Private Cloud with a subnet and a static IP.
When I run the code I get "Exception: Request failed for https://api.mercury.com returned code 401. Truncated server response: {"errors":{"message":"That token may not be used from the current IP Address, which is: 107.178.203.205"}} "
When I run it again I get the same error, but with a different IP.
How do I tell Google Cloud to run the apps script using the static IP?
THANKS!
I am using google cloud auth for signing my requests for a firebase based project. Until yesterday it worked seamlessly, after using the gcloud auth print-identity-token I have received a token for the selected project and account. Yesterday after a restart this functionality stopped working. I still receive a token and the gcloud seems to be configured well(re-initialised it, and tried to completely uninstall/install it), but the returned token has different aud field. Therefore my firebase functions consider my requests as unauthenticated. let me paste the error message below:
Failed to validate auth token. FirebaseAuthError: Firebase ID token has incorrect "aud" (audience) claim. Expected "xyzmyproject" but got "32512345659.apps.googleusercontent.com". Make sure the ID token comes from the same Firebase project as the service account used to authenticate this SDK
I have checked the identity token via jwt.io and the aud is set to the wrong 32512345659.apps.googleusercontent.com value as the error message describes it.
Furthermore while was investigating I found out that the gcloud auth login command redirects me to the url the client_id is specified as 32512345659.apps.googleusercontent.com.
Keep getting this error:
Error, failed to create instance group-database-instance: googleapi: Error 403: Request had insufficient authentication scopes.
More details:
Reason: insufficientPermissions, Message: Insufficient Permission
I have added a service account with editor permissions to use all gcp resources and added directed terraform to a credentials file generated.
Would this be an error in the code or something else?
Based on the error message you have provided and the task you would like to accomplish, it would seem that you might need to add a scope when creating your instance.
To use the Google Kubernetes Engine API for a GCE virtual machines, you will need to add the Cloud Platform Scope ("https://www.googleapis.com/auth/cloud-platform") to your VM when it is created.
Additionally, if you are using the gcloud command-line, you can follow along with something like:
gcloud compute instances create NAME --scopes=https://www.googleapis.com/auth/cloud-platform
If you are using the Cloud Console UI, when you are creating a VM instance, look for the "Identity and API access" section, and select "Allow full access to all Cloud APIs".
I'm using the Google client API library for Python. My code is running on an Ubuntu 14.04LTS server.
I have a working Google Compute project, were I created and downloaded a OAuth2.0 token to my server.
I'm trying to write a script that does the following:
Automatically (with no user interaction) authenticate to Google Compute engine.
create a new VM and then perform more actions...
My basic problem is using the OAuth2.0 authentication. It required user approval on a javascript supporting browser, and I want to do it automatically, on my server.
Using my code on my desktop works. A browser page pops up requiring my approval. On my server, I get the following message:
we have detected that your javascript is disabled in your browser
The code segment I use for authentication is:
# authenticate using the OAuth token
client_secret = os.path.join(
os.path.dirname(__file__),
self._oauth_token_path)
# set up a Flow object for the authentication
flow = client.flow_from_clientsecrets(
client_secret,
scope=scope,
message=tools.message_if_missing(client_secret))
# open credential storage path
credential_storage = file.Storage(self._credential_storage_path)
credentials = credential_storage.get()
# get credentails if necessary
if credentials is None or credentials.invalid:
credentials = tools.run_flow(flow, credential_storage, flags)
I read about service account access as a replacement of the regular OAuth2.0 authentication. Does any one know if that's the best way to go? any thoughts on how to do it better?
OAuth 2.0 requires user approval and is not the method to go for if you want to run your code/scripts automatically.
Service accounts are more suitable for this and are supported by the API (https://cloud.google.com/compute/docs/authentication#tools)
You create a service account + key in the developer console and use both to authenticate your application.
My company has an internal google earth enterprise server. I can get to it via http://local/default_map
I like to switch from the public API server, <script src="http://maps.google.com/maps/api/js?v=3&sensor=false"></script>, to the internal one.
But http://local/maps/api/js?v=3&sensor=false returns Forbidden error: You don't have permission to access /maps/api/js/ on this server.
How can I find out if the internal server supports the API feature and how to configure it?