I'm trying to figure out how to initiate a push notification using DialogFlow/Google Actions. I've cobbled together some test code, but when I test it, I get a '403 Forbidden' response. Can somebody provide me a good example of how to do this using Python 3.
`
import urllib.request
import json
notification = {
'userNotification': {
'title': 'Test Notification',
},
'target': {
'userId': 'user-id here',
'intent': 'Notification Intent',
'locale': 'en-US',
}
}
my_url = 'https://actions.googleapis.com/v2/conversations:send'
access_token = 'access token here'
request = urllib.request.Request(my_url)
request.add_header('Content-Type', 'application/json; charset=utf-8')
payload = { 'auth': { 'bearer': access_token },
'json': 'true',
'body': { 'customPushMessage': notification, 'isInSandbox':
'true' } };
jsondata = json.dumps(payload)
jsondataasbytes = jsondata.encode('utf-8')
response = urllib.request.urlopen(request, jsondataasbytes)
`
Can anybody provide any suggestions about how to get this to work?
=============================================================
Update: I revised the auth header as suggested and now I'm getting '401:Unauthorized'. I'm not sure if I'm creating the access token properly. Here's how I'm doing it:
I created an RSA256 private key on the Google Console website. I use that key to encode a JWT containing these fields:
{
"iss": [
"My Service Name",
"\"my_service-account#service_name.iam.gserviceaccount.com\""
],
"iat": 1544018697,
"exp": 1544019898,
"aud":
"https://www.googleapis.com/auth/actions.fulfillment.conversation\"",
"sub": [
"Push Notification",
"\"my-service-account#service_name.iam.gserviceaccount.com\""
]
}
I don't know if this is correct: the documentation for all of this is hard to pull together.
UPDATE 2:
I modified the code suggested by Prisoner, and I'm now able to get what appears to be a valid access_token. This is the modified code:
from oauth2client.client import GoogleCredentials
service_account_file = 'path-to-service_account_file'
credentials = GoogleCredentials.from_stream(SERVICE_ACCOUNT_FILE)
access_token = credentials.get_access_token().access_token
When I try to use the access token, I'm still getting a '401 Unauthorized' response. Has anybody actually done this? If so, can you give me some specifics on the correct URL to use and how to format the urllib.request message?
You've placed some things into the body of the request that belong in the header. In particular, the "403 forbidden" suggests that the Authorization header is either wrong or missing, and in your case, it looks like it is missing since you're trying to put it in the body.
The body of what you're sending should just contain the JSON with the customPushMessage attribute.
I'm not very familiar with python, but I think something like this is more what you want:
request = urllib.request.Request(my_url)
request.add_header('Authorization', 'bearer '+access_token)
request.add_header('Content-Type', 'application/json; charset=utf-8')
payload = { 'customPushMessage': notification }
jsondata = json.dumps(payload)
jsondataasbytes = jsondata.encode('utf-8')
response = urllib.request.urlopen(request, jsondataasbytes)
If you continue to get the "403 Forbidden" message - make sure your access_token is current and is actually an access token. Access tokens are created from the service account key, but are not the key itself. They have a limited lifetime (usually 1 hour), while the key is long-lasting.
Update about generating an access token from the keys.
You can't just create and sign a JWT to use as an access token.
The easiest way is to use the Google APIs Client Library for Python, which includes a library to handle OAuth with service accounts.
I haven't tested, but you should be able to do something like this, setting SERVICE_ACCOUNT_FILE to the location of where the keys are stored.
from google.oauth2 import service_account
SCOPES = ['https://www.googleapis.com/auth/actions.fulfillment.conversation']
SERVICE_ACCOUNT_FILE = '/path/to/service.json'
credentials = service_account.Credentials.from_service_account_file(
SERVICE_ACCOUNT_FILE, scopes=SCOPES)
access_token = credentials.get_access_token()
Ok, I've figured out how to get the the access_token, so that part of the problem is solved. I've run into another problem getting updates permission working for my test account, but I'm going to post a new question to cover that. I adapted code from another answer and this seems to work:
# Adapted from https://stackoverflow.com/questions/51821919/how-to-send-push-notification-from-google-assistant-through-dialogflow-fulfilmen/51961677#51961677
import io
import json
import requests
from google.oauth2 import service_account
import google.auth.transport.requests
def send_notification(path_to_service_account="default", intent="default"):
if path_to_service_account == "default":
PATH_TO_SERVICE_ACCOUNT = 'path to downloaded service account json file from Google Cloud Console'
else:
PATH_TO_SERVICE_ACCOUNT = path_to_service_account
if intent == "default":
INTENT = 'Notification Intent'
else:
INTENT = intent
REQUIRED_SCOPE = 'https://www.googleapis.com/auth/actions.fulfillment.conversation'
USER_ID = 'user id here'
INTENT = 'Your intent name'
# Get access token
with io.open(PATH_TO_SERVICE_ACCOUNT, 'r', encoding='utf-8') as json_fi:
credentials_info = json.load(json_fi)
credentials = service_account.Credentials.from_service_account_info(
credentials_info, scopes=[REQUIRED_SCOPE])
request = google.auth.transport.requests.Request()
credentials.refresh(request)
headers = {
'Authorization': 'Bearer ' + credentials.token
}
payload = {
'customPushMessage': {
'userNotification': {
'title': 'App Title',
'text': 'Simple Text'
},
'target': {
'userId': USER_ID,
'intent': INTENT,
# Expects a IETF BCP-47 language code (i.e. en-US)
'locale': 'en-US'
}
}
}
r = requests.request("POST", 'https://actions.googleapis.com/v2/conversations:send', data=json.dumps(payload), headers=headers)
print(str(r.status_code) + ': ' + r.text)
Related
I'd like to call mutations from AppSync using my Python function but use a Cognito user for the authorization as "API-KEY", "IAM" and other methods are not suitable for my application.
My mutation looks like this (test purposes):
mutation XYZ {
updateTask(input: {id: "a1b2c3", name: "newTaskName"}) {
id
name
}
}
I am assuming that the user is already created and enabled by some means. If your AppSync API is secured only using Cognito, you are always going to need a username and a password to begin with. For example, you can use below code to login and get the AccessToken from the response:
import boto3
def get_user_auth(event, context):
client = boto3.client('cognito-idp')
response = client.initiate_auth(
UserPoolId='xxxxxxxxx',
ClientId='xxxxxxxxxxxxxx',
AuthFlow='USER_PASSWORD_AUTH',
AuthParameters={
'USERNAME': 'xxxxxx',
'PASSWORD': 'xxxxxx'
}
)
return response
Note: Make sure that you have "Enable username password based authentication (ALLOW_USER_PASSWORD_AUTH)" enabled.
Once you have the access token, you can use this in HTTP headers within your request as follows:
{
"authorization": "<YOUR-VERY-VERY-LONG-ACCESS-TOKEN>"
}
For example:
import requests
from requests_aws4auth import AWS4Auth
import boto3
session = requests.Session()
APPSYNC_API_ENDPOINT_URL = '<YOUR-API-URL>'
mutation = """mutation XYZ {updateTask(input: {id: "a1b2c3", name: "newTaskName"}) {id, name}}"""
response = session.request(
url=APPSYNC_API_ENDPOINT_URL,
method='POST',
headers={'authorization': '<YOUR-VERY-VERY-LONG-ACCESS-TOKEN>'},
json={'mutation': mutation}
)
print(response.json()['data'])
Since this access token has some expiration, you might also need to refresh this token by using the RefreshToken from the above response. Like so:
def refresh_token(self, username, refresh_token):
try:
return client.initiate_auth(
ClientId=self.client_id,
AuthFlow='REFRESH_TOKEN_AUTH',
AuthParameters={
'REFRESH_TOKEN': refresh_token,
# 'SECRET_HASH': self.get_secret_hash(username)
# If the User Pool has been defined with App Client secret,
# you will have to generate secret hash as well.
}
)
except botocore.exceptions.ClientError as e:
return e.response
Example of how you can generate secret hash.
I am attempting to use Yahoo's API for fantasy football. I am able to receive an access token and refresh token initially, but once that access token has expired, I am unable to get another one.
My code is as follows:
from requests import Request, get, post
import webbrowser
import base64
baseURL = 'https://api.login.yahoo.com/'
oauthENDPOINT = "https://api.login.yahoo.com/oauth2/request_auth"
## Generate a url using the endpoint and parameters above
params = {'client_id' : client_id,
'redirect_uri' : "oob",
'response_type' : 'code'}
p = Request('GET', oauthENDPOINT, params=params).prepare()
webbrowser.open(p.url)
The last line sends me to the Yahoo website where I allow myself access and receive authCode.
encoded = base64.b64encode((client_id + ':' + client_secret).encode("utf-8"))
headers = {
'Authorization': f'Basic {encoded.decode("utf-8")}',
'Content-Type': 'application/x-www-form-urlencoded'
}
data = {
'grant_type': 'authorization_code',
'redirect_uri': 'oob',
'code': authCode}
tokenResponse = post(baseURL + 'oauth2/get_token', headers=headers, data=data)
tokenResponseJSON = tokenResponse.json()
access_token = tokenResponseJSON['access_token']
refresh_token = tokenResponseJSON['refresh_token']
I now have all the information necessary to examine the settings of my league (for example).
fbURL = 'https://fantasysports.yahooapis.com/fantasy/v2'
leagueURL1 = f'{fbURL}/leagues;league_keys=nfl.l.{leagueID}/settings'
headers = {
'Authorization': f'Bearer {access_token}',
'Accept': 'application/json',
'Content-Type': 'application/json'
}
response2 = get(leagueURL1, headers=headers,params={'format': 'json'})
The above works as expected. However, the access_token lasts for 3600 seconds and once that time has expired I am unable to request a new one, using my refresh_token. My attempt:
accessTokenData = {
'grant_type': 'refresh_token',
'redirect_uri': 'oob',
'code': authCode,
'refresh_token': refresh_token
}
accessTokenResponse = post(baseURL + 'oauth2/get_token', headers=headers, data=accessTokenData)
accessTokenJSON = accessTokenResponse.json()
In the above, I am hoping to receive a new access_token, but instead accessTokenJSON is this:
{'error': {'localizedMessage': 'client request is not acceptable or not supported',
'errorId': 'INVALID_INPUT',
'message': 'client request is not acceptable or not supported'}}
Up to this point I have been following these steps, which worked well up to this point. What am I doing wrong? I understand many Python users use yahoo_oauth or rauth for authentication, but that involves saving the client_id and client_secret in a .json file separately and I'm looking to load those in dynamically. I don't think I'm very far away from succeeding, but I'm just missing something when it comes to generating a new refresh_token. All help much appreciated!
Thanks to referring back to our guide.
Managed to reproduce your error and it's really simple to solve.
You are redefining the headers variable in your request to the fantasyspot url.
The headers variable should be the same in the call for requesting a new access_token using the refresh_token as it was when initially getting both tokens using the auth_code.
So just define header before making requesting a new access_token. Should look like the the following:
headers = {
'Authorization': f'Basic {encoded.decode("utf-8")}',
'Content-Type': 'application/x-www-form-urlencoded'
}
response = post(base_url + 'oauth2/get_token', headers=headers, data=data)
Should work now.
Recommend using different variable names for the headers used for getting an access_token and the one used to the fantasy sport url.
I have been experimenting with flask and the Reddit api, but no matter what I try, I seem to be hitting the 429 'too many requests' error every time I try to receive the access token.
The initial user auth works without any issue, and I receive the code back and can validate that I've auth'd the app in my Reddit settings. I've also made sure to use a unique user-agent, as this seemed to resolve the issue for most people, and am not using any words like 'bot', 'curl', 'web' or anything else which would be a likely blocker.
As far as I'm aware, I am also well under the tolerance of getting rate limited with too many requests.
Given that this is the first time I'm using both flask, and the Reddit API, I'm sure I'm missing something obvious,but after 4 hours, copious Googling and reading all the docs, I don't understand what I'm getting wrong here.
import requests
import requests.auth
from flask import Flask, redirect, request, url_for
import string
import random
app = Flask(__name__)
client_id = "client id of my web app"
client_secret = "client secret of my web app"
base_auth_url = 'https://www.reddit.com/api/v1'
authorization_endpoint = '/authorize'
access_token_endpoint = '/access_token'
#app.route("/login")
def get_the_auth_code():
state = state_generator()
params = {
'client_id': client_id,
'response_type': 'code',
'state': state,
'redirect_uri': 'http://localhost:5000/redditor',
'scope': 'identity',
'user-agent': 'myapp v0.1 by /u/myredditusername'
}
return redirect(url_builder(authorization_endpoint, params))
#app.route("/redditor")
def get_the_access_token():
code = request.args.get('code')
client_auth = requests.auth.HTTPBasicAuth(client_id, client_secret)
post_data = {
'grant_type': 'authorization_code',
'code': code,
'redirect_uri': 'http://localhost:5000/redditor',
'user-agent': 'myapp v0.1 by /u/myredditusername'
}
response = requests.post(base_auth_url + access_token_endpoint, auth=client_auth, data=post_data)
token_json = response.json()
return token_json
def state_generator(size=25, chars=string.ascii_uppercase + string.digits):
return ''.join(random.choice(chars) for _ in range(size))
def url_builder(endpoint, parameters):
params = '&'.join(['%s=%s' % (k, v) for k, v in parameters.items()])
url = '%s%s?%s' % (base_auth_url, endpoint, params)
return url
if __name__ == "__main__":
app.run(debug=True)
With help from the Reddit community (specifically /u/nmtake), I found out where I was going wrong.
In my get_the_access_token() function, I was adding the user-agent field to my data parameters, instead of declaring it as part of the header.
Instead of:
post_data = {
'grant_type': 'authorization_code',
'code': code,
'redirect_uri': 'http://localhost:5000/redditor',
'user-agent': 'myapp v0.1 by /u/myredditusername'
}
response = requests.post(base_auth_url + access_token_endpoint, auth=client_auth, data=post_data)
I am now using the following, which works perfectly:
post_data = {
'grant_type': 'authorization_code',
'code': code,
'redirect_uri': 'http://localhost:5000/redditor',
}
post_headers = {
'user-agent': 'myapp v0.1 by /u/myredditusername'
}
response = requests.post(base_auth_url + access_token_endpoint, auth=client_auth, data=post_data, headers=post_headers)
I'm trying to retrieve data from the google business api, I've set up a service account and written code that successfully generates a bearer authorization token.
I've then passed this as a header through a get request but I receive this response:
{'error': {'code': 404, 'message': 'Requested entity was not found.', 'status': 'NOT_FOUND'}}
Using postman and sending an oauth request returns the desired information, but as this is meant to be set for automated unattended running, I wanted to explore the service account approach. Myscript is here:
'''
import jwt
import requests
import time
import json
iat = time.time()
exp = iat + 3600
payload = {'iss': 'xxxxx.iam.gserviceaccount.com',
'sub': 'xxxxx.iam.gserviceaccount.com',
'aud': 'https://mybusiness.googleapis.com/',
'iat': iat,
'exp': exp}
additional_headers = {'kid': 'xxxxxx'}
signed_jwt = jwt.encode(payload, "-----BEGIN PRIVATE KEY-----xxxxxxx-----END PRIVATE KEY-----\n", headers=additional_headers,
algorithm='RS256')
print(signed_jwt.decode())
response = requests.get('https://mybusiness.googleapis.com/v4/accounts/xxxxxx/locations', headers = {'Authorization':'Bearer '+signed_jwt.decode()})
response = response.json()
print(response)
'''
any help would be greatly appreciated
In 2020, retrieving data from GMB API using Service Accounts is still not possible (It s*cks!).
Here is the reason: https://support.google.com/business/thread/1856166?msgid=1856214
I was trying to buid an app to send push notification throguh dialogflow fullfuillment to user. I followed this link, now I've got the update permission (see screenshot 1 and 2 at the bottom of the quetion). I followed the stackoverflow thread to write this piece of python code to send a notification, I'm able to run it, and got a status code of 200, but I never receive my test notification on my GoogleHomeApp/Google speaker. Can you help?
import io
import json
import requests
from google.oauth2 import service_account
import google.auth.transport.requests
PATH_TO_SERVICE_ACCOUNT = 'account.json'
REQUIRED_SCOPE = 'https://www.googleapis.com/auth/actions.fulfillment.conversation'
# Get access token
with io.open(PATH_TO_SERVICE_ACCOUNT, 'r', encoding='utf-8') as json_fi:
credentials_info = json.load(json_fi)
credentials = service_account.Credentials.from_service_account_info(
credentials_info, scopes=[REQUIRED_SCOPE])
request = google.auth.transport.requests.Request()
credentials.refresh(request)
headers = {
'Authorization': 'Bearer ' + credentials.token
}
text = 'Hello, this is a test notification'
user_id = "ABwppHFyNFT1fqDRmEug_k2ZKu43hM7xbLmgShN_ESww0iwPLQh-BU6n4T-e3rUOiVqRBWNn5q6bOg"
payload = {
'customPushMessage': {
'userNotification': {
'title': 'Recent News',
'text': text,
},
'target': {
'userId': user_id,
'intent': 'Recent News',
# Expects a IETF BCP-47 language code (i.e. en-US)
'locale': 'en-US'
}
}
}
r = requests.request("POST", 'https://actions.googleapis.com/v2/conversations:send', data=json.dumps(payload), headers=headers)
print(f"A push notification has been sent to user {user_id} with status code {r.status_code}.")
This is the screenshot of simulator:
This is the logs I got on my localhost, shows that I got the permission to send push notification to the user.
I went to the stackdriver logging to check the logs, this is what i got:
If you go to the Official Push Notifications Documentation you'll find the note which indicates that as of now, push notifications are not supported on the voice-activated speakers.
Soon they might release the update but we never know! You might ask the support team regarding the updates.