I see the code in github https://github.com/google/enterprise-deployments/tree/master/apps/python/reseller3.0/RapidReseller,
and I try implement for see manage my reseller domain, but I have some problems.
I have :
INFO 2014-11-14 14:36:56,663 client.py:680] Refreshing access_token
INFO 2014-11-14 14:36:57,603 client.py:699] Failed to retrieve access token: {
"error" : "access_denied",
"error_description" : "Requested client not authorized."
}
File "/home/eduduarte/Downloads/ApisGoogle/google_appengine1.915/revenda/oauth2client/client.py", line 710, in _do_refresh_request
raise AccessTokenRefreshError(error_msg)
AccessTokenRefreshError: access_denied
I created the key, the enable of Api, do download of key to the app, and too I use my account super admin: in settings.py RESELLER_ADMIN, and I have "access_denied"
Please, can someone help me.
Eduardo Duarte
Did you also added the scopes in the Admin Console for the clientID of your application?
In the Admin Console https://admin.google.com go to Security > Advanced Settings > In the Authentication section go to "Manage API client access". In the "Client Name" textbox write the clientID of your app and in the "One or More API Scopes" add the next scopes:
https://www.googleapis.com/auth/apps.order
https://www.googleapis.com/auth/siteverification
https://apps-apis.google.com/a/feeds/user/
https://www.googleapis.com/auth/admin.directory.user
this is done so the domain grant the app access to the information.
I would strongly recommend checking out the codelab that we just posted. We just posted samples in four languages that walk through the entire end-to-end process of provisioning a resold customer.
https://developers.google.com/admin-sdk/reseller/v1/codelab/intro
Related
I'm trying to use the O365 pypl python library to receive a new auth token after changing my microsoft password. The authentication flow looks like this:
from O365 import Account
credentials = ('my_client_id', 'my_client_secret')
# the default protocol will be Microsoft Graph
# the default authentication method will be "on behalf of a user"
account = Account(credentials)
if account.authenticate(scopes=['basic', 'message_all']):
print('Authenticated!')
I receive a message saying to visit the following URL to give consent. However, when I paste the URL, I am asked to login to microsoft and then nothing happens i.e. no permissions or consent page appears. My organization recently switched to Single Sign On so I'm wondering if this could potentially be causing the issue or if anyone else has experienced this? I'm new to this and very lost so any help is greatly appreciated! Thanks so much!!
To receive auth token, please check the following:
Register your application at Microsoft Application Registration Portal.
Login to the portal to get the access token.
To consent the application in order to access the resources first get the authorization URL like below:
url = account.connection.get_authorization_url()
Visit the above URL and grant consent for the application.
To perform authentication, create Account instance and authenticate using the authenticate method.
from pyo365 import Account
account = Account(credentials=('client_id', 'client_secret'))
result = account.authenticate(scopes=['basic', 'message_all'])
After requesting a token, app consent screen will appear where you have to give consent.
The user have to provide the result url after consent.
Token will be stored in the default location if all goes as expected.
For more information in detail, please refer below links:
https://github.com/janscas/pyo365#authentication
Question about get_authorization_url · Issue #13 · janscas/pyo365 · GitHub
The App is public and it has been granted the appropriate permissions:
Display of app permissions
My logged in user is an administrator to the App: Display of user permissions
The code is as follows:
import facebook
import warnings
# Hide deprecation warnings. The facebook module isn't that up-to-date (facebook.GraphAPIError).
warnings.filterwarnings('ignore', category=DeprecationWarning)
# Parameters of your app and the id of the profile you want to mess with.
FACEBOOK_APP_ID = 'SECRET'
FACEBOOK_APP_SECRET = 'SECRET'
FACEBOOK_PROFILE_ID = 'SECRET'
fb_api=facebook.GraphAPI()
api_token=fb_api.get_app_access_token(app_id=FACEBOOK_APP_ID, app_secret=FACEBOOK_APP_SECRET, offline=True)
graph = facebook.GraphAPI(api_token)
# Try to post something on the wall.
try:
fb_response = graph.put_object(parent_object=FACEBOOK_PROFILE_ID, connection_name='feed',
message='Hello, world')
print(fb_response)
except facebook.GraphAPIError as e:
print('Something went wrong:', e.type, e.message)
This code fails with the error message:
OAuthException (#200) Requires either publish_actions permission, or manage_pages and publish_pages as an admin with sufficient administrative permission
I am certain at this point I have followed all the things I've read in any other post. The docs they have for the sdk are here.
A bunch of stuff is just not working so here's what I did. I created a link and then I just click on it:
https://developers.facebook.com/docs/php/howto/example_facebook_login
This is super duper easy with something like laravel or lumen. You just make a controller and a route that points to it.
I upload the token to a local consul instance so I can access it across a variety of micro services.
I use puppeteer to login to facebook via my stub site and then I have a token and login cookies too.
we found facebook change the permission requirements for posting to pages from just manage_pages to require both manage_pages and publish_pages. by granting both permissions we solved our problem
in essence we had to pass the client to
https://www.facebook.com/dialog/oauth?client_id=client_id&redirect_uri=redirect_uri&scope=manage_pages,publish_pages&response_type=code%20token&enable_profile_selector=1&profile_selector_ids=pageid
I have tried the bluemix service 'APP ID' for node.js project which I downloaded from APP ID service instance only. The application runs well with Google and Facebook authentication.
But I have to apply authentication to Python Flask web application. For this,I have followed the github link . Here, I have provided 'clientid', 'secret' and 'redirect_uri' which I got from the 'Service Credentials' tab of the 'APP ID' instance in bluemix.
After running the app, I am getting login page but when I click 'Login' button then I am getting the error 'tenandid is in invalid format'.
Please suggest where I am doing wrong.
Thanks in advance !
Regards,
Rahul Modi
I solved the error my self. I just provided clientId, secret, redirectUri and serverUrl in the file serviceConfig.py file of the GitHub python project.
There is need to change this file by providing the above parameters otherwise you may land into the error on the line "clientId = serviceConfig.clientId" of 'welcome.py' because clientId is not accessible from serviceConfig class. The same case for 'secret' as well. Hence, define them separately in serviceConfig.py file.
The four parameters looks like below:
serverUrl='https://appid-oauth.ng.bluemix.net/oauth/v3/1b668c6a-XXXX-XXXX-XXXX-c4633e8e0c78'
redirectUri='http://localhost:5000/afterauth'
secret='NjNiODY5NDQtOXXXXXXXXXXXXXXXXXXXXzUxNDMzNzYxYjAy'
clientId='6284418c-XXXX-XXXX-XXXX-af8bf44588ec'
All these parameters you can collect from the 'Service Credentials' tab of the 'APP ID' instance in Bluemix.
Note: No need to change anything in 'welcome.py' file.
I am trying to obtain a token from Azure AD from Python client application. I want users to seamlessly authenticate with just a username and password (client_id / secret will be embedded in the app). I registered my app and given it all permissions and hit the "grant permissions" button in the new portal according to this post:
The user or administrator has not consented to use the application - Send an interactive authorization request for this user and resource
I am sending an http post to:
https://login.microsoftonline.com/{tenant_id}/oauth2/token
with the following data:
headers = {
"Content-Type": "application/x-www-form-urlencoded"
}
body = "resource={0}&grant_type=password&username={1}&password={2}&client_id={3}&client_secret={4}&scope=openid".format(app_id_uri,user,password,client_id,client_secret)
I cannot seem to get past this error no matter what I try:
b'{"error":"invalid_grant","error_description":"AADSTS65001: The user or administrator has not consented to use the application with ID \'078c1175-e384-4ac7-9116-efbebda7ccc2\'. Send an interactive authorization request for this user and resource.
Again, my goal:
User enters user / pass and nothing else. App sends user / pass / client_id / client_secret, obtains token.
According to your comment:
The message I'm receiving says to do an interactive request but that is exactly what I'm trying to avoid because this is a python app with no web browser and I'm trying to avoid complexity.
I think you want to build a daemon app or an app only application integrating with Azure AD. You can refer to https://graph.microsoft.io/en-us/docs/authorization/app_only for the general introduction.
Furthermore, you can leverage the ADAL for Python to implement this functionality with a ease. Also, you can refer to client_credentials_sample.py for a quick start.
You should try logging in as an admin to be able to give consent to use the application on your tenant at all.
I am working on a python AppEngine application with Facebook login. I want to be able to access a logged-in user's friends' bios (their "about me" information).
Having requested/saved changes for all of the permissions I need on the Facebook developer's dashboard, I can successfully make calls like this:
friends = graph.get_connections("me", "friends", fields="name")
for friend in friends["data"]:
print friend["name"]
But trying to access the about me, as specified by the "bio" field in the docs, results in a key error:
friends = graph.get_connections("me", "friends", fields="name,bio")
for friend in friends["data"]:
print friend["bio"]
AppEngine log when running on local host:
File "/Users/nicole/aggie-harmony/main.py", line 154, in get
user = self.current_user
File "/Users/nicole/aggie-harmony/main.py", line 108, in current_user
bio = friend["bio"]
KeyError: 'bio'
INFO 2013-11-16 02:59:27,243 module.py:608] default: "GET / HTTP/1.1" 500 -
I have experimented with other fields, and it seems like anything that requires an access token will generate a key error (although the docs actually seem to have been updated mere HOURS before this question was posted...and they now suggest that "Other fields that have been explicitly set to public visibility can also be retrieved without an access token"...in my test user, the bio is indeed public!)
Unless I am just missing something syntax-wise, is this indeed a token issue? My app is based on the example here and basically obtains/uses the access token like this (auth stuff was generated previously and stored in its own file):
...
cookie = facebook.get_user_from_cookie(self.request.cookies, auth.FACEBOOK_APP_ID,
auth.FACEBOOK_APP_SECRET)
...
graph = facebook.GraphAPI(cookie["access_token"])
...
Interestingly enough, the app doesn't pop up a permission box for the user after the log-in area, which might support my hunch...
SOLVED: It was indeed an issue of permissions. In my adapted example html file, I just needed to change this:
function doLogin() {
FB.login(function(response) {} , {perms:''});
}
...to this:
function doLogin() {
FB.login(function(response) {} , {perms:'user_about_me,friends_about_me,user_likes,friends_likes,user_relationship_details,friends _relationship_details,user_relationships,friends_relationships, user_education_history, friends_education_history'});
}
Facebook takes care of the rest with the proper oauth dialog, etc.