Anybody can help or enlighten me with my issue:
I'm a Java developer and I have an existing smart printer app called GDrive App. It uses Google Drive API (oauth 2.0, gdata-version 2.0 and 3.0 for download-print file) .
This has been working for months until now. Actually, only the download-printing part is no longer working this time, I can still access the app (retrieve files, create folder, search and delete files).
Actual problem:
I keep on getting 401 error when I try to download file (to input stream) for printing. It's confusing because I already provided all the necessary information during the request. And it has been working for many months. No changes of the code. Weird.
I have this for headers:
[Authorization: Bearer ya29.CjAkA8uPBUsKWYMSEDpPxUbP_vtQJOKfCZ7O8I4GkpUkN70bGgnDTAVYiVW2m353H2Y
, GData-Version: 3.0
]
While executing this URL to download and print resource, I couldn't access this.
https://doc-0o-7o-docs.googleusercontent.com/docs/securesc/l9c2gms12ko7qqfc58putbb2v38kkvmm/dp5l9kmpu48kdi8mp2rvtmc1dm1f41tk/1468828800000/09859633411849852329/09859633411849852329/0ByU-nFK_03gtZGhBZkxCYmExeGc?e=download&gd=true
Error 401 means that you aren't authorized properly. Most likely the ya29.CjAkA8uPBUsKWYMSEDpPxUbP_vtQJOKfCZ7O8I4GkpUkN70bGgnDTAVYiVW2m353H2Y access token you are using expired and you have to request another.
You should write your code to anticipate the possibility that a granted token might no longer work. A token might stop working for one of these reasons:
The user has revoked access.
The token has not been used for six months.
The user changed passwords and the token contains Gmail, Calendar,
Contacts, or Hangouts scopes.
The user account has exceeded a certain number of token requests.
source
You can use GoogleAuthorizationCodeTokenRequest to request an access token and possibly a refresh token.
Related
We are occasionally seeing an issue with some projects where, when we try to do a GetPublishJob on a BIM360 model, we get back a 403 error, like this:
{"jsonapi":{"version":"1.0"},"errors":[{"id":"ad23cbc6-dc82-4dfd-83f9-6acd14bac6d2","status":"403","code":"C4R","detail":"Failed to get publish model job"}]}
In the docs, it says it could be whitelisting or permissions. We know our app is whitelisted, because we would not have made it this far if it wasn't. We're using 3-legged OAuth, and we believe that the user is able to manually perform the Publish. Can you tell us what specific other permissions might need to be investigated?
I am not typing answer, while I want to check some information with you:
if what you are using is this endpoint, it is public, so it does not need whitelisted. https://forge.autodesk.com/en/docs/data/v2/reference/http/GetPublishModelJob/ .
Since you are using 3 legged token, I doubt it may due to the expired token, while normally it should be 401 error.
With the same token, can your code perform Publish Model?
https://forge.autodesk.com/en/docs/data/v2/reference/http/PublishModel/
was this workflow working well in the past? or just failed recently?
To use this endpoint, the logged user (for 3 legged token) should have access with the folder.
Hey
I work for a marketing agency and I've developped a small script in Google AppScripts that pulls data from my customers' Analytics accounts and formats it into a Google Slides presentation.
How it works:
Our customers give us access to their Analytics views, and using Analytics API I get the id of each view shared with us on our main account and use these ids to make requests to the API.
The script works perfectly fine for almost every view, but recently I've had issues with some Analytics accounts.
Basically I get a 401 response code, despite having manager access to the given property.
The method I use to make requests to the API is Analytics.Data.Ga.get, and here is what the result looks like :
[18-10-23 06:57:02:128 PDT] {totalsForAllResults={ga:users=0}, totalResults=0,
columnHeaders=[{columnType=DIMENSION, dataType=STRING, name=ga:userGender},
{columnType=METRIC, dataType=INTEGER, name=ga:users}],
profileInfo={profileName=Toutes les données du site Web, accountId=xxxxxx,
profileId=xxxxxx, tableId=ga:xxxxxx,
webPropertyId=UA-xxxxxx-x, internalWebPropertyId=xxxxxx}, itemsPerPage=1000,
kind=analytics#gaData, query={end-date=2018-09-30, max-results=1000,
start-index=1, ids=ga:174758787, start-date=2018-07-01, metrics=[ga:users],
dimensions=ga:userGender}, containsSampledData=false,
id=https://www.googleapis.com/analytics/v3/data/ga?ids=ga:xxxxxx&dimensions=ga:userGender&metrics=ga:users&start-date=2018-07-01&end-date=2018-09-30, selfLink=https://www.googleapis.com/analytics/v3/data/ga?ids=ga:xxxxxx&dimensions=ga:userGender&metrics=ga:users&start-date=2018-07-01&end-date=2018-09-30}
When I go to that link "id" link, here's what I get :
{"error":
{
"errors":[
{
"domain":"global",
"reason":"required",
"message":"Login Required",
"locationType":"header",
"location":"Authorization"
}
],
"code":401,
"message":"Login Required"
}
}
I gathered this has to do with the OAuth2 protocol, which I never had to worry about since it's usually automatically handled by AppScripts.
I've looked around pretty much everywhere trying to fix the problem myself, but I can't seem to wrap my head around the OAuth 2 protocol, and the way it works in this very case.
I've already created credentials for my script, so I have access to my client id and client secret for this project.
My assumption is that the tokens for the problematic accounts have expired, and I need to refresh them somehow and give them the right scope. I just have no idea how to do that.
I would be very thankful if anyone could enlighten me on this one :)
Have a nice day!!
Fixed the problem, turns out it has nothing to do with the OAuth2 protocol. The demographics reports were simply turned off in Analytics for these accounts, which is why I wasn't getting any response from my query.
If anyone is wondering, the error 401 in the REST request is because no token or key is passed at the end (using "?key=..." or "access_token=..."), so it's like some anonymous person tried to access the data.
If you wonder how to get the acess token, you can get it token using Query Explorer. After running a query, select "Include current access_token in the Query URI (will expire in ~60 minutes)."
Anyway, this can be closed.
Hi I have a very simple Google Apps Script, i.e. one that is created when in Google Drive and click create and then script.
What I would like to be able to do is have users authenticate using the oauth 2 protocol, receive the authorisation code and exchange that for an access token and refresh token. This requirement is for an IPhone app so I would rather save the refresh token so users do not have to login repeatedly.
My issue is that I do seem be able to get the access and refresh token, I can see the client_id of the app in the url returned from the authentication step, however I believe I also need client_secret to request the access and refresh token from:
https://accounts.google.com/o/oauth2/token.
I'm asking it this even possible, if so do you know of any examples and if not could you recommend a different approach (perhaps use an application specific password).
Many thanks
You should be able to obtain this from the Oauth Playground.
Oauth Playground
I'm seeing a 403 "Access to the webpage was denied" error on one specific file being accessed via the Drive SDK. It was working earlier, the app permissions are set correctly, and we're having success with other files using different tokens against the same app.
We're getting the downloadUrl from the SDK successfully, then seeing the error message only after users are redirected to the downloadUrl. Because of that it's hard to track, but we've confirmed that it's working for some, but not for others — it hasn't fully stopped.
The full error text is:
Access to the webpage was denied
You are not authorized to access the webpage at [...] You may need to sign in.
HTTP Error 403 (Forbidden): The server refused to fulfill the request.
We're including the GET download and (valid) access_token parameters, all that.
My question is this: could this be related to the reported Google Drive outage that's currently happening, or is there some sort of throttle/limit to access of a single file over the drive API? I've never seen this behavior before, and this response isn't listed among the standard 403 responses.
I have just seen something similar. I was using a freshly acquired access token, so I don't think it's oauth related. My working theory is that the downloadUrl link was stale. When I got fresh meta data, which had a different value in downloadUrl, it worked using the same access token that had previously failed.
This is only a theory since it isn't documented anywhere, and I would actually expect 410 (or even 301) as a much more appropriate status than 403.
I went through the Quickstart on how to upload a file to Google Drive (for Android) and everything works fine. However, it isn't clear whether I am responsible for storing tokens and handling exceptions if they expire. Does the SDK code used in the Quickstart handle this for me behind the scenes?:
https://developers.google.com/drive/quickstart-android
If I regularly call this code (taken from the Quickstart):
credential = GoogleAccountCredential.usingOAuth2(this, DriveScopes.DRIVE);
credential.setSelectedAccountName(accountName);
service = getDriveService(credential);
and then call some drive method, will it eventually generate an exception when the token expires or does the SDK code catch this internally and automatically attempt to retrieve a refreshed token?
To be even more specific, am I required to implement the code shown here:
https://developers.google.com/drive/credentials
What also isn't clear to me is the difference between an access token and refresh token. Then there is "short lived" tokens and "long lived" tokens. Kind of confusing.
On Android, when you use Google Play Services, all of the work is handled for you, including getting the token and refreshing it. This is explained in the quickstart guide that you have linked, and there is nothing more that you need to do.