I got 403 Forbidden when I try to send Mail using graph API
If I try to login with #gmail or #outlook Id then It's working fine
But recently I've try to send mail with using #hotmail.com domain Id ,In this case I'm able to call receive mail graph API , but got 403 error in case of send mail graph api.
What's the exact Issue ?
I got this response when try to send mail graph API
There Is issue when I logged with #hotmail domain Id but I'm not able to send Mail , receive Mail functionality works fine
I tried to reproduce the same in my environment.
Below error occurs if office365 license is not available for your subscription
After using licensed subscription.
This error occurs when the delegated permissions are given instead of Application permissions to access the mail.
https://graph.microsoft.com/v1.0/Users/xxx/sendMail
and Please make sure to login with account that you are a member of .
And have the privileges to send mail.
The guest user may not have access to all the properties and some organizations restrict Hotmail/live accounts .The guest must accept the invite .
Check the user assignment and change the settings accordingly to allow users to send mail.
And for them, assign proper role to have access privileges.
Currently we are trying to use webhook for getting back the signed document. But in the creation of webhook itself, we are getting an error that "webhook URL is invalid". We have tried becceptor for testing purpose. So it worked there . But when we tried with our production environment's webapi URL, we weren't able to create webhook.
We were thinking that due to change in the web hook url which contains special characters like "#" , ":" and few like that in text, for authenticating our webapi URL.
Does adobe is making validation over the webapi URL? If someone is facing similar kind of issues, assistance over this will be really helpful.
Thanks in advance.
I'm having an issue receiving the verification email from DocuSign that is needed to create an account under my master account to connect for use with API. The emails don't appear to be hitting my firewall, nor are they showing up in my email. Does anyone know if these emails are coming from docusign.com, docusign.net, or some other domain?
In Demo emails will come from dse_demo#docusign.net and in PROD it should come from dse#docusign.net. Also please check your Spam/Junk folder if it landing on these folder as per your email server policy.
Update: Having my own OAuth server:
Thanks for sharing the step-by-step instructions link. Also, I don't have firebase hosting.
Following is my understanding, please correct me wherever I am wrong:
Approach 1
I will need to activate firebase hosting and build 2 endpoints. One for authorization exchange and another for token exchange.
I will need to use an OAuth server. Let say: ory-hydra and configure it with the endpoints I created in firebase. Or AWS Lambda.
Host the OAuth (ory-hydra) server somewhere on the internet.
Use these endpoints on actions on google and make a simple webpage where users will be redirected to authenticate.
Approach 2
I will need to activate firebase hosting and build 2 endpoints. One for authorization exchange and another for token exchange.
Use the firebase functions to implement OAuth and token endpoints. (I am not sure how to do this and if its possible)
Use these endpoints on actions on google and make a simple webpage where users will be redirected to authenticate.
Please correct me if I am wrong.
Update: After making the following changes:
Changed the authorization URL to:
https://accounts.google.com/o/oauth2/v2/auth
Changed the authorization type to Implicit.
Now, I am getting the authorization URL in the debug section, and I am able to authorize by pasting that URL in another tab.
However, I am still facing issues in getting user information. I have following code in the input.welcome intent:
'input.welcome': () => {
// Use the Actions on Google lib to respond to Google requests; for other requests use JSON
if (requestSource === googleAssistantRequest) {
sendGoogleResponse('Hello, Welcome to my First Fulfillment agent!'); // Send simple response to user
app.askForSignIn();
let displayName = app.getUserName().displayName;
console.log(displayName)
}
All I am getting is Null in the debug logs.
Previous Question I am trying to get user's information in the google action intent. Following is what I did:
1.) Created an OAUTH key for my project from google developer console. https://console.developers.google.com/apis/dashboard?project=.
2.) Logged into console.actions.google.com and clicked on Account Linking.
3.) Entered the information. Please refer the screenshot to see the information I entered.
4.) In my 'input.welcome' intent added following code:
app.askForSignIn();
Now in the simulator, I am getting: "It looks like your my test app account is not linked yet." I have also checked sign-in required for my intent from the dialog flow UI.
Previous question
I am trying to send an email from my google assistant conversational bot. I am able to send emails to using nodemailer. However, I am not able to get the user email address.
Following is my code to send email:
var transporter = nodemailer.createTransport({
service: 'gmail',
auth: {
user: 'My-Email',
pass: 'My-Pass',
}
});
var mailOptions = {
from: 'Sender-Email',
to: 'Receiver-Email',
subject: 'Requested Information',
text: 'Your information is here'
};
function sendEmail(){
transporter.sendMail(mailOptions, function(error, info){
if (error) {
console.log(error);
} else {
console.log('Email sent: ' + info.response);
}
});
}
And finally, I am calling it in the action intent:
'input.sendmail': () => {
sendEmail();
},
Till this point I am able to send emails when someone says, send email to my google assistant action.
After this, I tried to get the user's email address using the following methods:
const app = new DialogflowApp({request: request, response: response});
console.log(app.getUserName())
console.log(app.getUser().userName)
console.log(app.getUser().userId)
But none of them gave me user's information. Instead, I am getting following information in the dialogflow console log:
{
userStorage: '{"data":{}}',
lastSeen: '2018-03-05T10:18:17Z',
locale: 'en-US',
userId: 'ABadfdfrffsdffNa0H4hlCy_eyZmVNa8LweMJMCyirUg-
qAx8FHwvSI49QurUhxhgLsT6IUU4nGfF1',
user_id: 'ABerysteui4hlCy_eyZmVNa8LweMJMCyirUg-
qAx8FHwvSI49QurUhxhgLsT6IUU4nGfF1',
access_token: undefined,
userName: null
}
I tried to google this issue and it seems I will need to follow [1], not sure though.
I will appreciate if someone can tell me if [1] is the correct guide to follow, or I will need to something else?
Thanks!
[1] https://developers.google.com/actions/identity/account-linking
That is correct. For security and privacy purposes, there is no way to get the email address associated with the account used to setup the Assistant account.
The correct way to go about this would be to implement account linking. With this, you would create an account on your system and, as part of that account, get the user's email address (typically via an app or webapp). The account linking would then connect your account to the Assistant's account and, when they use that account to access your Action, you'd be sent an access token which you can use to identify which of your accounts this is. You can then get the user's information from your account info.
When the user is prompted to link their account for the first time, Google Home users will get an activity card on the Google Home app on their phone which will direct them to your auth page. From a mobile device, it should open in the Assistant directly.
If you do not already have accounts or a login page, you should be able to build this with Firebase Authentication and the Google auth provider.
Update for clarity: To be clear - just linking your account to their Assistant account won't automatically give you the information about their Assistant account. You can get their email address (your original request) when they setup the account with you by requesting the profile scope as part of the OAuth. You can then use the information you've collected about them when you know they have connected to you via the Assistant.
In your updated question, you're trying to get their name after they have logged in through the Assistant. If all you wanted was their name, you could have asked for permission to get this without requiring Account Linking or login. (Or, as noted above, you could have asked for this when they created the account with you.)
Update (Based on your question about OAuth)
Two things to your update.
Being prompted "It looks like your account isn't linked yet" is normal. You'll need to use the URL provided in the response tab to continue the account linking.
More significantly, however, it doesn't sound like you've setup an OAuth server - just that you're trying to configure things. The screen shot make it look like you're just using the URL that is supposed to be to respond with auth tokens - not where the system will go to request them. Make sure you have read the documentation at https://developers.google.com/actions/identity/account-linking to see what values should be in the configuration and what other tasks you need to do.
Update based on your comment that you need an OAuth server.
Yes, you need an OAuth server. You cannot just use Google's, even if you just want your users to log into their Google account.
There are quite a few OAuth servers available, however a google search for "open source openid connect server" or "open source oauth server" shows some promising results.
Additionally, Google gives you step-by-step instructions on what it is expecting for an OAuth server it connects to. So you would need to
Implement a way for a user to create and log into an account on your service and
Implement the OAuth exchange protocols as Google has described (I suggest the Auth Code Flow method).
You do not need your own domain - you can implement both of these through Firebase Functions and Firebase Hosting which includes a SSL certificate for a hostname for your project.
Update addressing your possible approaches to implementing an OAuth2 server.
First of all - you don't need to use Firebase Hosting and/or Firebase Functions for anything. They're just an option that provide you a valid HTTPS endpoint.
Approach 1 - use an external package such as ory-hydra
I'm not sure what the point of the Firebase Hosting would be in your example. The auth exchange endpoint and token exchange endpoint are exactly what the OAuth2 server is there to do.
I don't know much about ory-hydra, but it certainly seems a reasonable solution. You would need to host it somewhere (AWS, Google Compute Engine, or other hosting provider that would work with it), but it should provide the endpoints you need. From a quick reading of ora-hydra, you will need to provide an account backend of some sort and a way for your users to login to that account.
Approach 2 - implement using Firebase
You have this completely correct. It is fairly straightforward (not necessarily easy - but straightforward) to do a simple OAuth2 implementation with Firebase Cloud Functions combined with a login page hosted on Firebase Hosting that uses Firebase Authentication for the login.
Which approach you take is up to you. Using an existing solution is certainly easier, hopefully more reliable and secure, and will let you focus on the Action more itself, but may still require a lot of integration work. Implementing an OAuth2 server will give you a better understanding of OAuth2, but runs a higher risk of problems.
I am able to make it work after a long time. We have to enable the webhook first and we can see how to enable the webhook in the dialog flow fulfillment docs If we are going to use Google Assistant, then we have to enable the Google Assistant Integration in the integrations first. Then follow the steps mentioned below for the Account Linking in actions on google:-
Go to google cloud console -> APIsand Services -> Credentials -> OAuth 2.0 client IDs -> Web client -> Note the client ID, client secret from there -> Download JSON - from json note down the project id, auth_uri, token_uri -> Authorised Redirect URIs -> White list our app's URL -> in this URL fixed part is https://oauth-redirect.googleusercontent.com/r/ and append the project id in the URL -> Save the changes
Actions on Google -> Account linking setup 1. Grant type = Authorisation code 2. Client info 1. Fill up client id,client secrtet, auth_uri, token_uri 2. Enter the auth uri as https://www.googleapis.com/auth and token_uri as https://www.googleapis.com/token 3. Save and run 4. It will show an error while running on the google assistant, but dont worry 5. Come back to the account linking section in the assistant settings and enter auth_uri as https://accounts.google.com/o/oauth2/auth and token_uri as https://accounts.google.com/o/oauth2/token 6. Put the scopes as https://www.googleapis.com/auth/userinfo.profile and https://www.googleapis.com/auth/userinfo.email and weare good to go. 7. Save the changes.
In the hosting server(heroku)logs, we can see the access token value and through access token, we can get the details regarding the email address.
Append the access token to this link "https://www.googleapis.com/oauth2/v1/userinfo?access_token=" and we can get the required details in the resulting json page.
`accessToken = req.get("originalRequest").get("data").get("user").get("accessToken")
r = requests.get(link)
print("Email Id= " + r.json()["email"])
print("Name= " + r.json()["name"])`
I want to recieve the user email using Google Actions as documented here but docs talks about EMAIL permission, but when I read the permission docs here I can't find any EMAIL permission. Any help? How can I receive the user email?
This is WORKING ,you can do this with account linking.
We have to enable the webhook first and we can see how to enable the webhook in the dialog flow fulfillment docs
If we are going to use Google Assistant, then we have to enable the Google Assistant Integration in the integrations first.
Then follow the steps mentioned below for the Account Linking in actions on google:-
Go to google cloud console
goto API's and Services -> Credentials -> OAuth 2.0 client IDs -> Web client
Note the client ID, client secret from there
Download JSON - from json note down the project id, auth_uri, token_uri
goto Authorised Redirect URIs
White list our app's URL, in this URL fixed part is https://oauth-redirect.googleusercontent.com/r/[project-Id] (replace [project-Id] with your project id)
Save the changes
Go to Actions on Google(https://console.actions.google.com) -> Account linking setup
select Grant type = Authorisation code
Client info
Fill up client id,client secrtet, auth_uri, token_uri
Enter any random url as Authorization URL and token_uri such as https://example.com/auth and https://example.com/token
Save
It will show an error while running on the google assistant, but dont worry
Come back to the account linking section in the assistant settings and this time enter correct auth_uri as https://accounts.google.com/o/oauth2/auth
and token_uri as https://accounts.google.com/o/oauth2/token
note that it is some sort of problem in from their side that not allows you to use this url in first hit and will keep saying "Generic URLs are not allowed. You must provide a valid token url specific to your Assistant app." so just give any random url in first hit and save, then comeback again it will allow you these urls :-)
Put the scopes as https://www.googleapis.com/auth/userinfo.profile and https://www.googleapis.com/auth/userinfo.email
and weare good to go.
Save the changes.
In the hosting server logs, we can see the access token value and through access token, we can get the details regarding the email address.
Append the access token to this link "https://www.googleapis.com/oauth2/v1/userinfo?access_token=" and we can get the required details in the resulting json page.
write this code
accessToken = req.get("originalRequest")
.get("data")
.get("user")
.get("accessToken")
r = requests.get(link) // make get request to link
print("Email Id: " + r.json()["email"])
print("Name: " + r.json()["name"])
Ya, unfortunately the Assistant's SDK doesn't give you the email address. But if you implement account linking (like Ahmed mentioned) and use the Streamlined Flows, then you'll be getting the email provided to you; you just need to use the jsonwebtoken library and you can decode the assertion JWT and grab the email address.
That being said, this happens during "sign in" and token exchange... not during the actual action fulfillment. You'll need to issue a refresh token / access token :S
One approach is to go with account linking. I'm wondering what use cases you might have that won't necessarily work without email or account linking?