I have many vm's created inside my project, from which I want to query api's from gcloud terminal.
I am getting 401 - "Login Required" error while I am trying to query any API, even though I am authorized/logged-in to gcloud terminal.
C:\..\Google\Cloud SDK>gcloud config list
[core]
account = remis.haroon#*****.com
disable_usage_reporting = True
project = <proj-id>
[meta]
active_config = default
C:\..\Google\Cloud SDK>curl https://www.googleapis.com/compute/v1/projects/<proj-id>/aggregated/disks
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
You need to carry authorization token when using the REST API:
gcloud auth login
TOKEN=$(gcloud auth print-access-token)
curl -H "Authorization: Bearer $TOKEN" <url>
As the error mentions:
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
Since you are doing an HTTP API call to google apis, you need to put the OAuth access token in the header of your HTTP request.
GET compute/v1/projects/<proj-id>/aggregated/disks HTTP/1.1
Host: www.googleapis.com
Authorization: Bearer XXXXXXXXXXXXXXXXXXX
There are several ways to obtain the OAuth access token. One easy way is through google's oauthplayground.
Choose your required API scopes
Click on Authorize APIs button
Click on "Exchange authorization code for tokens"
You will have your access token to use it in the curl request header
Related
Everything works great with Postman and authorization_code grant. But I am trying to connect to FHIR with client_credentials flow, meaning no UI.
I am calling the url https://login.microsoftonline.com/xxxxxxxx-c9a9-4be5-a9f7-xxxxxxxxxxxx/oauth2/v2.0/token with the parameters:
grant_type: client_credentials
client_id: [my fhir application ID]
scope: https://[myCompany].azurehealthcareapis.com/.default
client_secret: [mySecret]
With that, I get back a token
{
"token_type": "Bearer",
"expires_in": 3599,
"ext_expires_in": 3599,
"access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsIng1dCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyIsImtpZCI6Im5PbzNaRHJPRFhFSzFqS1doWHNsSFJfS1hFZyJ9.eyJhdWQiOiJodHRwczovL2JvbmZoaXIuYXp1cmVoZWFsdGhjYXJlYXBpcy5jb20iLCJpc3MiOiJodHRwczovL3N0cy53aW5kb3dzLm5ldC8wZjIzNjI5Yy1jOWE5LTRiZTUtYTlmNy1iZGI1ODU1M2Q3YjUvIiwiaWF0IjoxNjIyMjMwNjExLCJuYmYiOjE2MjIyMzA2MTEsImV4cCI6MTYyMjIzNDUxMSwiYWlvIjoiRTJaZ1lERGJ3WFZqendaRGt4M25ZcmhXcnNoMEJBQT0iLCJhcHBpZCI6ImY3YTA0ZWZjLTE1YjItNDVlMi05NzU5LWI0ZGQ0ZTdjN2Q5ZiIsImFwcGlkYWNyIjoiMSIsImlkcCI6Imh0dHBzOi8vc3RzLndpbmRvd3MubmV0LzBmMjM2MjljLWM5YTktNGJlNS1hOWY3LWJkYjU4NTUzZDdiNS8iLCJvaWQiOiJlYTFiMmI4MC1kYTdiLTQ2YmEtYjgyOS01YzdlNTllZmVmYzciLCJyaCI6IjAuQVhjQW5HSWpENm5KNVV1cDk3MjFoVlBYdGZ4T29QZXlGZUpGbDFtMDNVNThmWjkzQUFBLiIsInN1YiI6ImVhMWIyYjgwLWRhN2ItNDZiYS1iODI5LTVjN2U1OWVmZWZjNyIsInRpZCI6IjBmMjM2MjljLWM5YTktNGJlNS1hOWY3LWJkYjU4NTUzZDdiNSIsInV0aSI6InYwSnhfOEM0c1VtQ1ZGQUZoY3AtQWciLCJ2ZXIiOiIxLjAifQ.QMHS5OoWYflq30owYolvwzDkRJm4sG29G11Z_Qct_pPuj_ULm6hR4vC_jydqsq7eDFGxA1wb_Y8hJXVKTHBu1ij9_SKSlKhNZ6KmkqrvOhTaADFGw36albKNgII_xzA-gmeAOKQuKX9Q9wZmPfJETx5NJuJnG1qAnexvhQkhMv8AgiznnU9VbaIoAAvObHx9E5Pb5nesSmOhVwMxZRjBrTHqz9ryFUDYq3Pciuz6HvVF7ro9IijUg9d8r2da8HuXGXvZiJXkfiEW6OuR1RLv9QDol6WjAOKTB12q07iFFgDL0UTinWLY--3dn0raVyd7ZtT_yzLNRZ9iqX_XXXXX"
}
Now when I call the url https://[myCompany].azurehealthcareapis.com/Patient I get 401 response.
{
"resourceType": "OperationOutcome",
"id": "114e91311cbd11458e3d3284db6c9826",
"issue": [
{
"severity": "error",
"code": "login",
"diagnostics": "Authentication failed."
}
]
}
This is what I have for Api Permissions
On the Fhir service, select Access control (IAM) from the left menu (if you are using Azure RBAC).
From there, click on Role Assignments
Then search for your your App Registration
This allows your app to have permissions to the Fhir service outside of that of the logged in users.
My application has scopes drive.file, drive.readonly and drive.metadata.readonly.
Using https://github.com/googleapis/google-api-php-client v2.2.2
It works fine fetching files when authenticated as a Google Drive user, but only when those files are owned by another user (or the same user).
Files stored on a Shared Drive (G Suite Business feature) and shared with the user result in a 404 error:
"error": {
"errors": [
{
"domain": "global",
"reason": "notFound",
"message": "File not found: 1gasqkgWcabla8sksT5FUtZGzlfIwGbc_aI4g2gl9bla.",
"locationType": "parameter",
"location": "fileId"
}
],
"code": 404,
"message": "File not found: 1gasqkgWcabla8sksT5FUtZGzlfIwGbc_aI4g2gl9bla."
}
I have verified that the file in question is indeed readable by that user via Drive/Docs etc.
I have been into the API Console and checked the "Shared Drives support" under Drive UI integration - this made no difference.
Neither did it help to add the wider 'drive' scope.
After testing I found the same issue.
When I tried to get a file from a Shared Drive with the following HTTP Request
GET /drive/v3/files/<ID-file> HTTP/1.1
Host: www.googleapis.com
Content-length: 0
Authorization: Bearer <access Token>
I got the same error as you did:
{
"error": {
"code": 404,
"message": "File not found: 1DIM-vS4058e0X5eutNmOqSr3z0rA1Nqh.",
"errors": [
{
"locationType": "parameter",
"domain": "global",
"message": "File not found: 1DIM-vS4058e0X5eutNmOqSr3z0rA1Nqh.",
"reason": "notFound",
"location": "fileId"
}
]
}
}
But upon reading the documentation it's clear that you need to include the supportsAllDrives paramater to the HTTP request.
So now adding supportsAllDrives=true my request is the following:
GET /drive/v3/files/<File ID>?supportsAllDrives=true HTTP/1.1
Host: www.googleapis.com
Content-length: 0
Authorization: Bearer <access Token>>
And then I got to retrieve the file in the response:
{
"mimeType": "image/jpeg",
"kind": "drive#file",
"name": "file.jpg",
"driveId": "<Drive Id>",
"teamDriveId": "<Team Drive ID>",
"id": "<File ID>"
}
I need to create simple Java application for Reports API (https://developers.google.com/admin-sdk/reports/v1/guides/manage-audit-drive)
But I can't understand is this Reports available only for business users or also for all users?
How can I develop applications for G suite without buy it?
For example, I'm sending this request via Postman - https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/drive
Response is
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Access denied. You are not authorized to read activity records.",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Access denied. You are not authorized to read activity records."
}
}
Best regards,
Aleksandr.
I have my API in loopback 3.x. First I created an empty project and right after that I ran npm install loopback-connector-rest --save and lb datasource in the console to have a link to an external API called Userlike. It this URL https://www.userlike.com/api/external/message/chat_meta/.
Then I created a model with no parameters called Messages.
I had no problems executing as I used node . and there was no error, and in localhost:3000 I could visualize my API.
But I had a problem when I clicked GET in the page a 401 error because to access the API in Userlike I needed to send my token so I could get the data, so I modified the datasources.json file and I had this:
{
"userlikeRESTdatasource": {
"name": "userlikeRESTdatasource",
"baseURL": "https://www.userlike.com/api/external/message/chat_meta/",
"crud": false,
"connector": "rest",
"operations": [
{
"functions": {
"getMessages": []
},
"template": {
"method": "GET",
"url": "https://www.userlike.com/api/external/message/chat_meta/",
"headers": {
"accepts": "application/json",
"content-type": "application/json",
"authorization": "8c149a3d-4acf-362e-880c-30ec2f5ecaf"
},
"responsePath": "$.results.*"
}
}
]
}
}
The authorization field I put in the header didn't work as I still received
{
"error": {
"statusCode": 401,
"name": "Error",
"message": "Authorization Required",
"stack": "Error: Authorization Required\n
}
}
My idea was to do something like:
headers.append('Authorization', '8c149a3d-4acf-362e-880c-30ec2f5ecaf7');
headers.append('Access-Control-Allow-Origin', '*');
headers.append('Access-Control-Allow-Methods', 'POST, GET, OPTIONS');
headers.append('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Authorization, Accept');
But with loopback. So I could receive the data from the Userlike API and next I could modify or just use the data I wanted.
But I still can't figure out how can I modify my datasources.json or if I need to create something in another file to make it possible to send the token as the authorization to that URL I'm using.
Pass access token with HTTP header by using this
headers.append('X-Access-Token', '8c149a3d-4acf-362e-880c-30ec2f5ecaf7');
or also pass this token as a parameter.
?access_token=8c149a3d-4acf-362e-880c-30ec2f5ecaf7
This will help.
I'am trying to assess my GAE Task Queue from an GCE instant in the same project.
I have started the instant with the correct scoop and billing is enabled:
"serviceAccounts": [
{
"email": "949416733789-compute#developer.gserviceaccount.com",
"scopes": [
"https://www.googleapis.com/auth/datastore",
"https://www.googleapis.com/auth/devstorage.full_control",
"https://www.googleapis.com/auth/taskqueue"
]
}
]
And i can generate an access token via this curl command:
curl "http://metadata/computeMetadata/v1/instance/service-accounts/default/token" -H "Metadata-Flavor: Google"
But when I try to curl to get the tasks using this curl I get an 403:
curl "https://www.googleapis.com/taskqueue/v1beta2/projects/propane-****/taskqueues/default/tasks" -H "Authorization":"Bearer ya29.lABIrcEaJi0ItloNb62Lg_***************"
Generates this output
"error": {
"errors":
[
{
"domain": "global",
"reason": "forbidden",
"message": "you are not allowed to make this api call"
}
],
"code": 403,
"message": "you are not allowed to make this api call"
The problem was that i was using the default taskqueue, apparently that dose not work.
Changes the taskqueue name to demo, and it all works.