Trying to access my Gmail inbox using the NuGet package Google.Apis.Gmail.v1. I don't want to use OAuth. I do want to use an API key.
So I went and acquired an API key: https://developers.google.com/api-client-library/dotnet/guide/aaa_apikeys
And then I went here to find out how to authorize using an API key: https://developers.google.com/api-client-library/dotnet/get_started
And then I ended up with this:
var service = new GmailService(new BaseClientService.Initializer
{
ApplicationName = "NAME OF MY APP HERE",
ApiKey = "MY API KEY HERE"
});
var inboxlistRequest = service.Users.Messages.List("mygmail#gmail.com");
inboxlistRequest.LabelIds = "INBOX";
inboxlistRequest.IncludeSpamTrash = true;
var emailListResponse = inboxlistRequest.Execute();
When the last line executes, I get this:
Google.GoogleApiException : Google.Apis.Requests.RequestError
Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
at Google.Apis.Requests.ClientServiceRequest`1.ParseResponse(HttpResponseMessage response)
at Google.Apis.Requests.ClientServiceRequest`1.Execute()
...
Why isn't it working? Is there some limit as to what API keys can access? Where does it say?
An API key is there to identify your API. It does not grant you access to anything.
You still need credentials of the owner of the post box.
Related
I am trying to integrate docusign rest api in my web application where my .net version is 4.7.2. I have used docusign dll of version 5.2.0.
I am trying to get access token using jwt auth type. So I set up app, integrator key and rsa private key for app.
var scopes = new List<string>{"impersonation","signature"}
string directorypath = Server.MapPath("~/App_Data/" + "Files/");
string fileNameOnly = "docusign_private_key.txt";
var filePath = Path.Combine(directorypath, fileNameOnly);
var privateKeyBytes = System.IO.File.ReadAllBytes(filePath);
var apiClient = new ApiClient();
var authToken = apiClient.RequestJWTUserToken
(
clientId: credential.ClientID,
userId: credential.UserID,
oauthBasePath: credential.BasePath,
privateKeyBytes: privateKeyBytes,
expiresInHours: 1,
scopes: scopes
);
I used integrator key as clientId, API Username as UserId, https://demo.docusign.net/restapi as oauthBasePath. Is there anything I forgot to mention or make mistake? I am not able to get access token. It throws ApiException with message Error while requesting server, received a non successful HTTP code Error with response Body
To generate JWT token in demo environment, change your oauthBasePath to account-d.docusign.com ( authentication server ). You can read more here. https://demo.docusign.net/restapi is the application base path you can use to make calls to all eSignature endpoints.
I'm trying to configure an application able to work with Gmail API. As you know to work with it we must have an access token. There are several way of requesting this token, but for my needs it should be a service account, because in future this program code will be inside the Windows Service... (so, there is no opportunity to receive the token manually by redirecting from Google URL, only a web-request and response is a way out)
So, what I have done already:
Created new project (in Google Cloud Platform);
Created new service account in this project (according to the steps mentioned here: https://developers.google.com/identity/protocols/oauth2/service-account#creatinganaccount );
Generated and downloaded *.P12 key;
Enabled domain-wide delegation [before step 4 as were suggested in many similar questions];
Authorized the scope "https://mail.google.com/" in G Suite admin account for correct Client Id (according to the steps mentioned here: https://developers.google.com/identity/protocols/oauth2/service-account#delegatingauthority );
Used such simple code for authorization and requesting token:
const string serviceAccountEmail = "***test#oauthtester-271011.iam.gserviceaccount.com";
const string serviceAccountCertPath = #"C:\Users\user\Documents\Visual Studio 2017\Projects\OAuthTester\OAuthTester\bin\Debug\oauthtester-271011-bd2cced31ea5.p12";
const string serviceAccountCertPassword = "notasecret";
const string userEmail = "***oauthtest#***.com";
X509Certificate2 certificate = new X509Certificate2(
serviceAccountCertPath,
serviceAccountCertPassword,
X509KeyStorageFlags.Exportable);
ServiceAccountCredential credential = new ServiceAccountCredential(
new ServiceAccountCredential.Initializer(serviceAccountEmail)
{
Scopes = new[] { GoogleScope.ImapAndSmtp.Name }, //"https://mail.google.com/"
User = userEmail
}.FromCertificate(certificate));
credential.RequestAccessTokenAsync(CancellationToken.None).Wait();
Unfortunately, I'm facing with an error:
Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested.
I have also tried:
To change serviceAccountEmail to ClientId;
To create, remove and add again the Authorized access in G Suite for the same Client Id;
To delete and create another service account and then Authorize new Client Id in G Suite.
Unfortunately, each time I'm facing with the same error. Maybe somebody guesses what I do wrong?
I am working with Microsoft Graph and have created an app that reads mail from a specific user.
However, after getting an access token and trying to read the mailfolders, I receive a 401 Unauthorized answer. The detail message is:
The token contains no permissions, or permissions cannot be understood.
This seems a pretty clear message, but unfortunately I am unable to find a solution.
This is what I have done so far:
Registering the app on https://apps.dev.microsoft.com
Giving it
application permissions Mail.Read, Mail.ReadWrite
(https://learn.microsoft.com/en-us/graph/api/user-list-mailfolders?view=graph-rest-1.0)
Have gotten administrator consent.
The permissions are:
- Written the code below to acquire an access token:
// client_secret retrieved from secure storage (e.g. Key Vault)
string tenant_id = "xxxx.onmicrosoft.com";
ConfidentialClientApplication client = new ConfidentialClientApplication(
"..",
$"https://login.microsoftonline.com/{tenant_id}/",
"https://dummy.example.com", // Not used, can be any valid URI
new ClientCredential(".."),
null, // Not used for pure client credentials
new TokenCache());
string[] scopes = new string[] { "https://graph.microsoft.com/.default" };
AuthenticationResult result = client.AcquireTokenForClientAsync(scopes).Result;
string token = result.AccessToken;
So far so good. I do get a token.
Now I want to read the mail folders:
url = "https://graph.microsoft.com/v1.0/users/{username}/mailFolders";
handler = (HttpWebRequest)WebRequest.Create(url);
handler.Method = "GET";
handler.ContentType = "application/json";
handler.Headers.Add("Authorization", "Bearer " + token);
response = (HttpWebResponse)handler.GetResponse();
using (StreamReader sr = new StreamReader(response.GetResponseStream()))
{
returnValue = sr.ReadToEnd();
}
This time I receive a 401 message, with the details:
The token contains no permissions, or permissions cannot be understood.
I have searched the internet, but can’t find an answer to why my token has no permissions.
Thanks for your time!
update 1
If I use Graph Explorer to read the mailfolders, then it works fine. Furthermore: if I grap the token id from my browser en use it in my second piece of code, then I get a result as well. So, the problem is really the token I receive from the first step.
To ensure this works like you expect, you should explicitly state for which tenant you wish to obtain the access token. (In this tenant, the application should, of course, have already obtained admin consent.)
Instead of the "common" token endpoint, use a tenant-specific endpoint:
string url = "https://login.microsoftonline.com/{tenant-id}/oauth2/v2.0/token";
(Where {tenant-id} is either the tenant ID of the tenant (a Guid), or any verified domain name.)
I would also strongly recommend against building the token request on your own, as you show in your question. This may be useful for educational purposes, but will tend to be insecure and error-prone in the long run.
There are various libraries you can use for this instead. Below, an example using the Microsoft Authentication Library (MSAL) for .NET:
// client_secret retrieved from secure storage (e.g. Key Vault)
string tenant_id = "contoso.onmicrosoft.com";
ConfidentialClientApplication client = new ConfidentialClientApplication(
client_id,
$"https://login.microsoftonline.com/{tenant_id}/",
"https://dummy.example.com", // Not used, can be any valid URI
new ClientCredential(client_secret),
null, // Not used for pure client credentials
new TokenCache());
string[] scopes = new string[] { "https://graph.microsoft.com/.default" };
AuthenticationResult result = client.AcquireTokenForClientAsync(scopes).Result
string token = result.AccessToken;
// ... use token
I have been searching throughout the internet for a solution to use OAuth2 user token with eBay's .NET SDK and could find ANY SINGLE solution. The code I have is like following:
var ctx = new ApiContext();
ctx.Version = "897";
ctx.ApiCredential.ApiAccount.Application = "//something here";
ctx.ApiCredential.ApiAccount.Developer = "//something here";
ctx.ApiCredential.ApiAccount.Certificate = "//something here";
ctx.ApiCredential.eBayToken = "v^1.1... // this is OAuth2 token";
var getUser = new GetUserCall();
getUser.OutputSelector = new string[] { "UserID","Site" };
getUser.GetUser();
What I find really irritating is the fact that there is a possibility to use the new OAuth2 token with trading API, and I know this for a fact, because if you add an HTTP header to any Trading API call like:
X-EBAY-API-IAF-TOKEN:q2eq2eq2eq2q2eq2e
It will work, but I haven't found anywhere in the documentation to pass the IAF-TOKEN (OAuth2) token via .NET SDK calls...
Has anyone else been trying this? Is there nay way to pass the OAuth2 token via .NET SDK and then fetch the results ?
Because if I try to pass the OAuth2 token like this:
ctx.ApiCredential.eBayToken = "v^1.1... // this is OAuth2 token";
In place where the traditional Auth'n'Auth token went, I'm getting the following error:
validation of the authentication token in api request failed.
Can someone help me out please ?!
I'm trying to use Yahoo's developer APIs in Xamarin Studio's Xamarin Auth component. I created my app in with Yahoo's Developer tools, set my permissions to read everything, but can't get authorization. I get the following error.
Oops. Yahoo is unable to process your request. We recommend that you contact the owner of the application or web site to resolve this issue. [95022]
Below is my code
string clientId = "<application id from developer.apps.yahoo.com>";
string scope = "";
Uri authorizeUrl = new Uri("https://api.login.yahoo.com/oauth2/request_auth");
Uri redirectUrl = new Uri("http://www.website.com");
var auth = new OAuth2Authenticator(clientId, scope, authorizeUrl, redirectUrl);
auth.Completed += (sender, eventArgs) => {
Console.WriteLine("Completed!");
Console.WriteLine("eventArgs.IsAuthenticated = " + eventArgs.IsAuthenticated);
DismissViewController (true, null);
if (eventArgs.IsAuthenticated) {
// Use eventArgs.Account to do wonderful things
}
};
PresentViewController(auth.GetUI(), true, null);
Any ideas as to what I'm doing wrong here?
-------------- Update --------------
I wasn't able to get OAuth2 in Xamarin.Auth working with Yahoo, but I did get OAuth1 functional. I ended up not even using that component and instead using another implementation of OAuth that was documented in the Yahoo Developer Documentation with OAuth and BOSS found here
Using OAuth with BOSS API