Authenticating to BigQuery REST API via OAuth2 from Node.js - node.js

Newbie trying to figure out how to get a Node.js application to authenticate and query Google BigQuery, trying to adapt this CodeLab tutorial from Java. What step might i be missing?
First I create this Oauth2 URL using my clientid:
https://accounts.google.com/o/oauth2/auth?
client_id=1047877053699-den6kbs4v3f2bft6clonsirkj1pc7t6j.apps.googleusercontent.com
&scope=https://www.googleapis.com/auth/bigquery
&redirect_uri=http://localhost:3000/oauth2callback
&access_type=offline
&response_type=code
This successfully reaches Google, which prompts
A third party service is requesting permission to access your Google Account.
Agreeing that generates a second prompt:
Nodejs_Test is requesting permission to:
View and manage your data in Google BigQuery
Agreeing to that, the callback URL is called, with a parameter accessToken.
I think the following url should list tables in my BigQuery project/dataset:
https://www.googleapis.com/bigquery/v2/projects/1047877053699/datasets/visits&accessToken=4%2FC196NizZwlNgWSt5oNqQwendmLNW.0vgUrlGJ6kMRshQV0ieZDApig3NfcgI
But calling with or without the accessToken returns the following message that "Login Required".
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
I know you can't repeat the code because of permissions, expired tokens, etc. But I wonder what step I might be missing conceptually.

Have you tried sending the accesstoken as an authorization header rather than as a url parameter?
as in
https://www.googleapis.com/bigquery/v2/projects/1047877053699/datasets/visits
Authorization: OAuth Your-access-token-here-not-urlencoded

FYI - looks like you originally used the parameter accessToken in the URL. It should instead by access_token, which looks like it works fine. Of course, Jordan's suggestion of using a Header is better if you're able to do it though-- it's more secure as it's unlikely to get logged in access logs, proxy server logs, etc.

Related

How to access Azure REST APIs without a Service Principal?

How do I generate a bearer token for my personal identity, like the Microsoft web page does here when you click Try it and log in with your personal credentials?
For example, I would like to generate the bearer token programmatically in a pre-request script in Postman.
UPDATE: The below error happens in Postman if you don't remove "Bearer " from the token. See #BrunoLucasAzure answer.
Also, I have tried to copy the bearer token manually from the Microsoft "Try It" page into Postman as suggested by this answer and I get a 401:
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "The access token is invalid."
}
}
Before you say it, I realize that I would want a Service Principal for productionalized usage, but I shouldn't need one to explore the APIs via my own tool (e.g. Postman).
How did you set your postman?
if you login into the "try" you should get this:
copy #1 and #2 like this. Dont copy the word bearer, only the token and under authorization select bearer token

Authenticating to Revolut API

I am trying to follow Revolut's tutorial for authenticating to their API and I'm stuck at requesting a reusable access token.
So far I've managed to:
1. Create public/private keys
2. Upload public key
3. Sign a jwt with the generated client_id
4. Get an authorisation code
But I am blocked at using the above for requesting a reusable access token.
As per this page, I'm supposed to create a POST request on https://b2b.revolut.com/api/1.0/auth/token with the following body:
{
"grant_type": "authorization_code",
"client_id": my_client_id,
"code": my_authorisation_code,
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"client_assertion": my_jwt
}
Which I've done in Insomnia but I keep getting this error:
{
"error": "invalid_client",
"error_description": "client_id is missing"
}
Looking on SO for an answer I stumbled upon this answer, but I get this error all the time, even after I change the client_id.
Turns out the body should not be a JSON, it should have been url encoded, like this:
grant_type=authorization_code&client_id=client_id&code=code&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion=jwt

User Authentication Failed on CreateEnvelope

I encountered a new issue today when I tried to send a request with my new production account and the integrator key, newly promoted to Live status.
The API login succeeded, and it returns my AccountID.
However, when I try to create an envelope with envelopesApi.CreateEnvelope API call, I received the following error.
I tested the code with my demo account and key, couple of days ago. It was working fine. I think it is related to the key, because the login request was succeed.
DocuSign.eSign.Client.ApiException: 'Error calling CreateEnvelope: {
"errorCode": "USER_AUTHENTICATION_FAILED",
"message": "One or both of Username and Password are invalid."
}
Please let me know if there is anything else I need to do.
Often when the USER_AUTHENTICATION_FAILED error is received and you are positive the correct user/pwd combo is being provided it's because of the wrong account endpoint being accessed.
You need to parse sub-domain of the baseUrl that is returned from the Login API (property is called base_uri if using OAuth2) and configure your api client with that sub-domain.
When testing in demo it's ok if you miss this step since all accounts are under the demo.docusign.net sub-domain, however in production there are multiple sub-domains (ie. www, na2, eu, etc) so you need to re-configure once right after authentication.
Example:
The response to the Authentication: login API looks like:
{
"loginAccounts": [
{
"accountId": "123456",
"baseUrl": "https://na2.docusign.net/restapi/v2/accounts/123456",
"email": "jdoe#example.com",
"isDefault": "true",
"name": "LoanCo",
"siteDescription": "",
"userId": "abcdff66-f92e-4e8e-ab81-8c46f140",
"userName": "John Doe"
}
]
}
Then instantiate a new API client using the sub-domain that was returned in the login response:
ApiClient apiClient = new ApiClient("https://na2.docusign.net");

Google calendar push notification : Unauthorized webhook call

Currently we are in the process of developing one iPhone application that deals with google calendar. There was need of syncing calendar events to the server side. Everything works fine.
But for push notification , we are following this process
Whenever we post request to :
https://www.googleapis.com/calendar/v3/calendars/email#gmail.com/events/watch
with parameters
"id":Unique string ( channel id) ,
"type": "web_hook",
"address": "https://abc-api.herokuapp.com/user/notifications"
In the header , we are sending
Authorization : **Bearer 'Access_token'**
and content type : json
We already added domain as authorized domain in the google api console
Access_token is user's account access token .
We are getting "Unauthorized webhook call" error.
{
"error": {
"errors": [
{
"domain": "global",
"reason": "push.webhookUrlUnauthorized",
"message": "Unauthorized WebHook callback channel: https://abc-api.herokuapp.com/user/notifications"
}
],
"code": 401,
"message": "Unauthorized WebHook callback channel: https://abc-api.herokuapp.com/user/notifications"
}
}
Anyone here who can help us to solve the issue ?
You might want to check this post, providing solution like verifying if your domain have a valid (not self-signed) SSL license. Also in google-api-php-client GitHub, instead of setting https://example.com/google/push (resulted in Unauthorized WebHook callback channel) or https://www.example.com/google/push (allowed me to successfully open channel, and object has been returned, however webhook has not been fired) as address they tried https://www.example.com/google/push/index.php and worked.
One potential issue is if you're testing in Google's "try it" section of the documentation. It's not stated, but this particular request does not work there.
Otherwise, there are a few things that need to happen with the domain you are supplying in the address. First, you need to make sure its verified in the google developers console for the application you are hitting the api with. Additionally, you need to add the website property to your search console (even if its just an api) and verify ownership.
Also, once you get past the unauthorized address issue, you will get another error requiring a resourceId be supplied.

Instagram API calls not working with Client ID

I'm attempting to use Instagram's location search endpoint documented here: https://www.instagram.com/developer/endpoints/locations/
I've registered my app and gotten a client ID.
When I intentionally omit a client ID or access token and submit the following:
https://api.instagram.com/v1/media/search?lat=48.858844&lng=2.294351
I get:
{
"meta": {
"error_type": "OAuthParameterException",
"code": 400,
"error_message": "Missing client_id or access_token URL parameter."
}
}
This makes sense, and tells me I should be able to use a client_id for this call (meaning users won't have to authenticate to Instagram).
However, when I append &client_id=VALID_CLIENT_ID
I get:
{
"meta": {
"error_type": "OAuthAccessTokenException",
"code": 400,
"error_message": "The access_token provided is invalid."
}
}
Am I correct that I should be able to use this call without authenticating? If so, any thoughts on what I'm doing wrong?
Thanks!
According to the instagram OAuth 2.0 docs, you need an access_token in order to make authenticated requests.
In order to get the access token, your service needs to redirect the user to instagram to have them log in. From here, instagram will redirect the user to a url of your choice once the user has granted you access with the access_token in the url string.
The Instagram OAuth 2.0 docs has more details.
Also, I guess I misread the question. Here's documentation from Instagram saying that client_id is no longer supported for endpoints:
The Instagram API requires an access_token from authenticated users
for each endpoint. We no longer support making requests using just the
client_id.
Your request is for /media/search endpoint which does require access_token (and so does /location/search, btw.).

Resources