So I am working with the foursquare venue-push api. I have set-up https on my dev server, the auth token seems to be correct. I am getting a 403 Forbidden error which means
403 Forbidden:
The requested information cannot be viewed by the acting user, for
example, because they are not friends with the user whose data they
are trying to read.
Also according to docs: Although authentication succeeded, the acting
user is not allowed to see this information due to privacy
restrictions.
Now the twist is that I am following everything according to Foursquare realtime API.
I am the manager of a venue and I have authenticated the app. The error says that the auth_token is correct but I am not authorized to see the contents.
Now my questions is that how is the POST response by foursquare api trying to figure my identity?
I do get a POST on my dev server.
I have also tried to follow the flow given in this question
I have also tried: venue giving authorization to the app, but it still gives me the same error.
Any help would be appreciated.
PS: I am working on the django framework and the venue endpoint api is working perfectly.
Found the answer. It was a django thing. needed to exempt csrf, since django requires csrf.
Related
We have been using OAuth 2.0 for authenticating google search console webmasters API.
we are mainly hitting two endpoints /sites and /searchAnalytics/query to fetch sites and sitemaps data.
Interestingly, the access_token which got generated using refresh_token is able to retrieve data for sites but not for sitemaps.
For sitemaps it's throwing error:
HTTP-error-code: 403, Error: User does not have sufficient permission for site https://www.example.com See also: https://support.google.com/webmasters/answer/2451999
This behaviour has started since June 4, 2022. Prior to that it's been working perfectly fine.
User does not have sufficient permission for site
This error means that the currently authenticated user does not have permission to access the site you are trying to retrieve data for.
For example the sitesmaps.list method will return a list of all sites that the currently authenticated user has access to.
While a sitesmaps.get method requires that you send a url of the site you would like to retrieve information for.
If the user who is currently authenticated does not have access to that site then you will get the error you are getting.
The solution would be to authorize your application with a user who has access. Or use a service account and configure delegation Managing owners, users, and permissions
I am currently trying to create an application in Django that fetches emails from an Inbox using the gmail API. I was able to successfully perform this in Nodejs, but I wanted to switch to using Django. I used the Python Gmail API quickstart: https://developers.google.com/gmail/api/quickstart/python. I created a view for the function found in the tutorial and the first issue I encountered was "invalid redirect uri" which is an issue I encountered in the past, which I still don't understand. I tried editing the redirect uris in the Oauth Token to fix this issue, but it didn't work (I probably was doing it wrong). Eventually, I deleted the Oauth Token and tried creating a new GCP project but it said "Oauth Token deleted". I kept trying to create new ones (I updated the credentials.json everytime). I even tried starting a new Django project with a new GCP Project+ Oauth token, but I'm still getting the same "Oauth Token Deleted" error. I'm not sure whats going wrong and was wondering if someone with experience using the API would know what to do. Thanks!
Using the official python library we get this issue at after a few requests.
The same code works on one request and then breaks in the second request.
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://api.soundcloud.com/oauth2/token
This happens on our test account. We need this to work as we have an issue with our pro account which we need to replicate on our test account so we can safely work on this.
The error happens on the creation of the client instance - it does not make it to the "print" statement that follows. All the API keys and username/password details stay the same and are correct but continue to fail on some occasions and succeed on others.
client = soundcloud.Client(client_id=SC_CLIENT_ID,
client_secret=SC_CLIENT_SECRET,
username=SC_USERNAME,
password=SC_PASSWORD)
print (client.get('/me').username)
The system we have only uploads/manages data from our own account.
I am trying to compose drafts programmatically via the GMail API, using this tutorial and the following line of code:
service.users().drafts().create(userId=user_id, body=message).execute()
but I receive the following error:
An error occurred: <HttpError 403 when requesting https://www.googleapis.com/gmail/v1/users/me/drafts?alt=json returned "Insufficient Permission">
Note that directly sending messages with gmail.send privileges does not work for me - I want to thread messages.
In the API console, I tried enabling the following scope ../auth/gmail.compose, but there is a warning message that Because you've added a sensitive scope, your consent screen requires verification by Google before it's published.
I have submitted my app for verification, but I just received an email stating that "We've extended the deadline to fully complete your verification from May 15th to June 26th, 2019".
Actually, no users will use my G Suite email accounts (so my app cannot be used to spy on their messages) and I only need access to a single email account info#example.com to send notifications to users who use my site on example.com.
Is there any way to get server-side access to my info#example.com account using my password and programmatically draft messages without having to go through the lengthy and unnecessary app verification process?
It turns out that you can have an "internal", rather than a client facing "public" app, for which all GMail scopes are automatically available.
Here is the response from the Google team that describes the steps (it worked for me):
It appears your app is only used by the people in your domain.
If this is correct, please reply to this email to confirm that is the
case. We will then reject your request so that you are able to update
your project from public to internal.
In addition, you will need to associate your project with your
organization by following the steps below:
If you have not already done so, create an Organization by following
the Quickstart Using Organizations instructions.
Migrate the project into the organization you created as shown in
Migrating Existing Projects into the Organization. Once you have
associated your project with your organization, you and the project
users in your organization can use the app to directly access OAuth
scopes. No verification will be required.
I'm getting 500 server error after oauth2 with LinkedIn
url: https://api.linkedin.com/v1/people/~:(email-address,first-name,formatted-name,id,last-name,picture-url,public-profile-url)?format=json
here I used python Django framework with below packages
*python-social-auth
*social-auth-app-django
*social-auth-core
how can I fix this issue?
In LinkedIn API Documentation it's been underlined that there are 2 types of authorization permissions: Member Authorization and Application Authorization. LinkedIn API
There is another question here that the answer suggests that it might be when OAuth client asks for more information than it's permitted to. Related Question
So IMO it might be some issue about your application's permissions.