Getting Unauthorize-401 Error.
I am working on QuickBooks Integration module .Everything working fine few days back on sandbox-US-company.
Today I created new separate account for sandbox for testing purpose.
For Older Account, Everything is going perfect .But for newly created account Unauthorize-401 issue is coming.
The steps I gone through follow, today:
1. Created account in developer.intuit.com/
2. Under My App, Created new app for Accounting.
3. Under Sandbox, Added US Company.
4. From My Project, Hosted at my localhost .Done OAuth process to collect Access Token and Access Token Secret.
5. Now when I tried to get the list of Customer or (Other intuit object), Getting Unauthorize-401 Error.
Entire system of my project is perfectly working on the sandbox company created earlier.
But for the today configured company, Unauthorize-401 Error is company.
Multiple links i Gone through ,But did't get rid of the issue facing, follows:
Getting “Unauthorized-401” Error in .NET while accessing quickBooks
data through Intuit API
How to fix Unauthorized-401 error
Unauthorized 401
In Advance, I thanks for getting me out from this issue.
CODE :
To Collect the DataService :
private DataService GetDataService()
{
try
{
string accessToken = AppSessions.QBAccessToken,
accessTokenSecret = AppSessions.QBAccessTokenSecret
, consumerKey = AppSessions.QBConsumerKey, consumerSecret = AppSessions.QBConsumerSecret
, realmId = AppSessions.QBCompanyCode;
OAuthRequestValidator oauthValidator = new OAuthRequestValidator(accessToken, accessTokenSecret, consumerKey, consumerSecret);
var serviceType = IntuitServicesType.QBO;
var validator = new OAuthRequestValidator(accessToken, accessTokenSecret, consumerKey, consumerSecret);
var context = new ServiceContext(realmId, serviceType, validator);
context.IppConfiguration.BaseUrl.Qbo = AppSessions.IppConfigBaseURL;// "https://sandbox-quickbooks.api.intuit.com/";
return new DataService(context);
}
catch (Exception ex)
{
return null;
}
}
To Get the Customer List from Sandbox US Company :
public List<Customer> GetCustomer()
{
return service.FindAll(new NSQB.Customer(), StartPosition, MaxResult).ToList<NSQB.Customer>();
}
NOTE :
I am using AppSessions static Class to Manage Session .
NSQB is alias for namespace used for QuickBook , i.e.
using NSQB =
Intuit.Ipp.Data;
I discussed with Intuit Team .Quick-book System was in the Maintenance .
One of the response I Had over email by Quick-Books Team:
We had an outage today. Please retry. Do remember to change your base
url to sandbox if you changed your prod keys to dev keys for testing
with sandbox.
Outages cause 401 errors.
Maintenance Link they share about their Status Management.
Issue Still Exists !!
Your code looks fine; when there is a 401 error from QuickBooks Online, there can be two reasons:
The access token is invalid;
The sandbox server is having a problem.
What most developers didn't know is, when there is an outrage on sandbox server, the access token will be reset. It will result a previous working access token become invalid, i.e., the 401 error.
Here below are some steps I found very helpful when you see a 401 error:
Go to Intuit's status page: http://status.developer.intuit.com/ and see if there is any issue with Sandbox server
If you believe the sandbox is not available, go to API explorer: https://developer.intuit.com/v2/apiexplorer?apiname=V3QBO#?id=Account and see if it worked
Try POSTMAN(or simple cUrl), adding the access token, access secrets, consumer secrets and consumer key and make a sample call to see if it can goes through(make sure it is pointing to the sandbox url).
If it didn't go through, and a 401 status code is returned, regenerate the access tokens. The best way to do it for sandbox is using the OAuth Playground. In the dashboard in your app, there is a link called "Test with OAuth Playground and OpenID Playground". Click on the OAuth Playground, change the access token duration from 120 to 15552000 and complete the OAuth flow. Now a new token will be available for you to test.
If neither above works, create a ticket for intuit QuickBooks Online team.
Related
So this is an issue that has been plaguing me for a bit and my deadline is coming up. I'm working on an application that sends emails and my workplace uses Office365 via Exchange. I'm using a C# webapp and using Mailkit to deliver emails.
The issue (not really an issue but good practice that's getting in my way) is that we made an email account to deliver mail yet our organization requires MFA. After talking about it with my director, creating an app password would not be a good idea for how this program is deployed so I'm trying to find ways to authenticate properly.
I eventually landed on using the Microsoft.Identity.Client library to require logging in via a registered Azure application. I could then cache this and refresh as needed, this way making sure the access is still valid.
However, I'm stuck on something. I have the app registration set to public with no client secrets or certificates with all of the necessary permissions. However right at the var oauth2 step, it fails while giving the error "Original exception: AADSTS7000218: The request body must contain the following parameter: 'client_assertion' or 'client_secret'."
The issue is that the application is public and is defined to allow public client flows. So I'm not getting how the request could still require a client secret when that's not how I'm building the request at all. I tried using private, but because of the MFA requirement, that fails too.
Below is what I have. Ignore that I'm hard coding stuff; it's temporary until I can get this sorted out. I'm also only scoping the SMTP permissions because all this application needs to do is send an email; IMAP isn't needed since it's not reading or anything else.
var options = new PublicClientApplicationOptions
{
ClientId = "[clientID]",
TenantId = "[tenandID]",
RedirectUri = "http://localhost"
};
var publicClientApplication = PublicClientApplicationBuilder
.CreateWithApplicationOptions(options)
.Build();
var scopes = new string[] {
"email",
"offline_access",
"https://outlook.office.com/SMTP.Send" // Only needed for SMTP
};
var authToken = await publicClientApplication.AcquireTokenInteractive(scopes).ExecuteAsync();
//Here is where it returns that it needs a client_secret and won't advance.
// The login window appears and states it was successfully authenticated,
// but the application crashes with that error at this step.
var oauth2 = new SaslMechanismOAuth2(Config.Env.smtpUser, authToken.AccessToken);
We had a working application, we went through the go-live process, and everything was running live for several days. Then we started getting SSL errors, and we saw that the nuget package for the DocuSign package had an update (I believe this was all for the 11/13/2019 2019 certificates auto-update), so we updated our code, but now every request returns the USER_LACKS_MEMBERSHIP error for every token-authenticated request.
Things I can confirm are not the issue:
We have authenticated the app via account.docusign.com and the oauth signature impersonation scope, and the testing and live paths are in the API approved Redirect URIs.
We have the correct base path in the configuration (https://na3.docusign.net, as shown on our Apps and Keys page)
The base path did not change after we get the token back (The BaseUri on the Account object matches what we started with)
We are using the correct user for the configuration (The value labeled "API Username" in the Apps and Keys page is entered as "IMPERSONATED_USER_GUID" in appsettings.json and successfully used in creating the token as parameter UserID, which also matches our user account's ID shown in the backend, so we are not confusing it with TARGET_ACCOUNT_ID or CLIENT_ID, and shuffling those around causes errors much earlier at the token generation step).
We only have one user: the administrator of the DocuSign account. Their ID appears in the API configuration labeled as "API Username". The DocuSign administration backend doesn't display a membership tab anywhere for us to correct any possible issues with a user lacking membership. As far as I can tell, Membership is a higher tier account option than what we're paying for, so I'm confused how we could be having problems with a feature we haven't bought.
We get this error for checking envelope status. We get this error for trying to create new envelopes. We get this error for trying to get Account information. The only thing we can do is get an authentication token, but then that token can't be used to make any further authenticated requests.
Is there anything I'm missing that could be causing this other than some database error on DocuSign that I can't correct through the tools available to me? The package update changed the order of which class constructor accepts the ApiClient object, and there's a new AccessToken field on the Configuration class (which I filled out, but doesn't seem to have any effect, since we're still adding the Authorization/Bearer header manually). I'm out of ideas on what to try next.
Are you using the production environment or the demo environment?
I suspect that what's happening is that you are getting them mixed. As the baseUrl should not be demo.docusign.net etc. if you're using production (as indicated by your na3.docusign.net address) but you must ensure that the same account/user from production is also used.
So, the 4 things to check:
userId
accountId.
baseURI
authURI (account-d.docusign.com vs. account.docusign.com)
All of these should match and be for the same account in the same env.
I'm implementing an internal procedure to generate invoices from my database. In using .NET Core. I installed the Xero.Api.SDK.Core v. 1.1.4
I find the Xero documentation quite difficult to understand and a bit up to date. I took a look to the Github repository and they refer only to OAuth 2.0. In my case I don't want any user interaction because I want a background process.
I created an account as developer and a demo company for test.
I googled a bit and I found in a site an example how to connect to the api (I couldn't find any details in the Xero documentation).
X509Certificate2 cert = new X509Certificate2(#"public_privatekey.pfx", "password");
var api = new Xero.Api.Example.Applications.Private.PrivateAuthenticator(cert);
var private_app_api = new XeroCoreApi("https://api.xero.com",
new PrivateAuthenticator(cert),
new Consumer("ClientId", "ClientSecret"),
null, null);
Now, I thought, I should use the api. I tried to read the list of contacts:
var contacts = private_app_api.Contacts;
var list = contacts.FindAsync().Result;
The result is the following error:
System.AggregateException: 'One or more errors occurred. (oauth_problem=consumer_key_unknown&oauth_problem_advice=Consumer%20key%20was%20not%20recognised)'
Inner Exception
UnauthorizedException: oauth_problem=consumer_key_unknown&oauth_problem_advice=Consumer%20key%20was%20not%20recognised
Then, I downloaded the repository from Github. I copy and paste the ClientId and ClientSecret and run the tests. No one test is passed!
My goal is to create a contact or find one in the list, create an invoice and save the invoice in PDF format in my storage.
How can I do that? Is there any example for that?
PS: In the developer forum the login doesn't work and the Postman collection is old and it doesn't either.
Update
I was desperate. I tried to connect to the apis in another way with XOauth. Worst. I created the connection as Xero explains on Github.
When I try to connect with
xoauth connect
a new tab in my browser is opened and...
Postman Update
I followed the steps with Postman. I opened the collection in my Postman. In the environment I updated client_id and client_secret from the Xero Developer site and then the following configurations:
re_directURI: https://developer.xero.com
scopes: offline_access profile email accounting.transactions
Auth URL: https://login.xero.com/identity/connect/authorize
Access Token: https://identity.xero.com/connect/token
I opened Get started api, Generate token and I gave the same result.
Honestly, it was quite a mess. I spent more than 2 weeks to understand how to call Xero. I created a post to explain step by step what I have to do.
There were a lot of issues:
understand the Xero documentation because it is not very clear
find the right values to put in the request
translate the Postman request in code
no Xero documentation for that, only a useless bunch of projects
It is quite long to explain everything but for example if you want to read an Organization the code with RestSharp is:
/// <summary>
/// Gets the organizations.
/// </summary>
/// <returns>OrganizationResponse.</returns>
public OrganizationResponse GetOrganizations()
{
var _client = new RestClient("https://api.xero.com/connections");
_client.Timeout = -1;
var request = new RestRequest(Method.GET);
request.AddHeader("Authorization", "Bearer " + _settings.AccessToken);
var response = _client.Execute<IList<Organization>>(request);
return response;
}
I'll create other posts to explain how to implement more functions.
I created a NuGet package for that. Source code on Github.
I've got credentials of an account with access to Google Analytics,
I'm looking to utilise the Analytics Core Reporting API http://code.google.com/apis/analytics/docs/gdata/home.html
I've found examples which use username/password calling setUserCredentials, but have seen comments this is less secure/has a low request limit (And doesn't exist in the lastest client).
Plus I've seem examples which use oauth, but require user interaction and grant access to the users google account.
However I'm looking to run a service which doesn't require any user interaction, and connects to a predefined google account (un-related to the user viewing it).
I can then store the results in a database, and end users can query the results from the database.
I've seen information about using AccessType = Offline when you first login, which then returns an access token and a refreshtoken.
http://code.google.com/apis/accounts/docs/OAuth2WebServer.html#offline
In my example though, the end user will never login to the application.
Could I have a seperate admin application which gets a refresh token, and stores the refresh token in the config/lookup table?
Then the main application can use the refresh token pulling from the config/lookup table, and get an access token to be able to query the Google Analytics account.
I'm looking for a C# example which uses AccessType = Offline, and seperates out the fetching of the refresh token and using the refresh token to get an access token to query the google analytics account.
Create your app https://code.google.com/apis/console/
For you App, turn on access to Google Analytics, and create an OAuth 2.0 client ID for your website.
Browse to:
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=YOUR_APP_ID.apps.googleusercontent.com&access_type=offline&scope=https://www.googleapis.com/auth/analytics.readonly&redirect_uri=HTTP://YOUR_CALL_BACK_URL
Having changed YOUR_APP_ID, YOUR_CALL_BACK_URL to the relevant values.
Important to include access_type=offline.
Press Grant Access, this will redirect to HTTP://YOUR_CALL_BACK_URL?code=THIS_IS_YOUR_CODE. Copy the code in the URL.
With the code, request the Refresh Token using CMD prompt.
curl -d "code=THIS_IS_YOUR_CODE&client_id=YOUR_APP_ID.apps.googleusercontent.com&client_secret=YOUR_APPS_SECRET_CODE&redirect_uri=HTTP://YOUR_CALL_BACK_URL&grant_type=authorization_code" https://accounts.google.com/o/oauth2/token
Having changed THIS_IS_YOUR_CODE, YOUR_APP_ID, YOUR_APPS_SECRET_CODE, YOUR_CALL_BACK_URL to the relevant values.
Record the refresh_token returned.
Download the latest version of the Core Reporting V3.0 .net libraries
http://code.google.com/p/google-api-dotnet-client/wiki/Downloads
There is a bug in the current version of Google.Apis.Analytics.v3.cs, to fix this copy the code in this file to your local solution (And don’t reference Google.Apis.Analytics.v3.bin)
http://code.google.com/p/google-api-dotnet-client/source/browse/Services/Google.Apis.Analytics.v3.cs?repo=samples&name=20111123-1.1.4344-beta
And change the property Dimensions from a List<system.string> to a string.
Or you'll get an error like me and this guy did http://www.evolutiadesign.co.uk/blog/using-the-google-analytics-api-with-c-shar/
You can then use your Refresh Token, to generate you an Access Token without user interaction, and use the Access Token to run a report against Google Analytics.
using System;
using DotNetOpenAuth.OAuth2;
using Google.Apis.Authentication.OAuth2;
using AnalyticsService = Google.Apis.Analytics.v3.AnalyticsService;
class Program
{
public static void Main()
{
var client = new WebServerClient(GoogleAuthenticationServer.Description, "YOUR_APP_ID.apps.googleusercontent.com", "YOUR_APPS_SECRET_CODE");
var auth = new OAuth2Authenticator<WebServerClient>(client, Authenticate);
var asv = new AnalyticsService(auth);
var request = asv.Report.Get("2012-02-20", "2012-01-01", "ga:visitors", "ga:YOUR_GOOGLE_ANALYTICS_ACCOUNT_ID");
request.Dimensions = "ga:pagePath";
request.Sort = "-ga:visitors";
request.MaxResults = 5;
var report = request.Fetch();
Console.ReadLine();
}
private static IAuthorizationState Authenticate(WebServerClient client)
{
IAuthorizationState state = new AuthorizationState(new string[]{}) { RefreshToken = "REFRESH_TOKEN" };
client.RefreshToken(state);
return state;
}
}
Great Answer Ian and it helped me to get going in the correct Direction more than any other answer I could find online. Something must have changed in the AnalyticsService object because the line:
var request = asv.Report.Get("2012-02-20", "2012-01-01", "ga:visitors", "ga:YOUR_GOOGLE_ANALYTICS_ACCOUNT_ID");
did not work for me and I had to use the following:
var request = asv.Data.Ga.Get("ga:YOUR_GOOGLE_ANALYTICS_ACCOUNT_ID", "2012-01-01", "2012-02-20", "ga:visitors");
Hopefully this will help others like your answer helped me. Thanks!
Ian's answer helped me a lot but I kept getting an error running the curl command. Did some research and found that the steps to get the access code and refresh token can be made easier by going to https://code.google.com/oauthplayground/ and checking your oAuth configuration settings. Top right of the page there is a settings button. selected "Use your own OAuth credentials". You can get your access code and request a refresh token all from here.
Hope this helps.
You can manually get a refresh token from the OAuth Playground.
If you are needing a refresh token for a Service Account as I was, make sure you
Click on the settings on the right.
Check Use your own OAuth credentials
Fill in your Client ID and Secret
Close the settings
Click the Refresh button on step 2
Then save the refresh token for use in your app
I'm trying to create web page that access the (business) private calendar of the company and insert events if the time slot is available. Still I'm facing an authentication problem.
The API manual states that I should use an API key and Oauth2LeggedAuthenticator, so I did all this and the request that is fired is quite okey (it has a oauth token and such) But still the response is an exception with Invalid Credentials; Easy to say is that my credentials are wrong, still clientID, clientSecret and API Key are valid; I doubt the 2 last params of the 2legged authenticater, is this correct?
var provider = new NativeApplicationClient(GoogleAuthenticationServer.Description);
provider.ClientIdentifier = ClientCredentials.ClientID;
provider.ClientSecret = ClientCredentials.ClientSecret;
var authenticator =
new OAuth2LeggedAuthenticator(ClientCredentials.ClientID, ClientCredentials.ClientSecret, "myworkusername", "workdomain.com");
Google.Apis.Calendar.v3.CalendarService service = new Google.Apis.Calendar.v3.CalendarService(authenticator);
service.Key = ClientCredentials.ApiKey;
var result = service.CalendarList.List().Fetch();
Assert.IsTrue(result.Items.Count > 0);
NB: At the time of writing you can only used 2-legged authentication with Google Apps for Business/Eduction, this won't work on personal accounts as there's no way to get an OAuth 1.0 key/secret pair, you will have to use online authentication at least once (but you can use the out-of-browser option so you don't have to create a dedicated page).
Your code is correct apart from you don't need the first three lines relating to the NativeApplicationClient. This is most likely failing because you haven't properly set the OAuth keys, this causes 401s.
The other thing that causes 401s is using "matt#example.com" instead of "matt" as the username, the username is without including your domain.
To setup OAuth follow the instructions in this article from Google.
The most important parts to note are "Allow access to all APIs" must be unchecked and you have to individually grant access to all the APIs. If this hasn't been done you will get a 401 Invalid Credentials error. You then also need to turn those services on in the api console. If the api console step hasn't been done you will get a different error of 403 Daily Limit Exceeded.
This will cause you problems if you were previously relying on the "Allow access to all APIs" to use various services, you will have to grant them all individually as far as I understand it to use the v3 APIs. This seems to have been confirmed by google (4th reply by Nicolas Garnier) and is supposedly a bug, but that is an old post so it looks as if it's here to stay.
For reference once this has been done, this code will work, which in essence is the same as yours:
var auth = new OAuth2LeggedAuthenticator(domainName, consumerSecret, usernameWithoutDomain, domainName); //domainName is presently used as the OAuth ConsumerKey for Google's 2legged OAuth
var service = new CalendarService(auth);
service.Key = serviceKey;
var results = service.CalendarList.List().Fetch();
Console.WriteLine(results.Items.Count);
So in summary:
In Google Apps "Manage this Domain" > "Advanced Tools"
Using "Manage OAuth domain key" enable key, generate secret, uncheck "Allow access to all APIs".
Using "Manage third party OAuth Client access" enable the APIs you want access to using your domain as "Client Name" and the APIs you want to access e.g. "http://www.google.com/calendar/feeds/" for the calendar.
Then finally create a project in the API console, use the APIKey as the serviceKey in the above example and turn on the APIs you need to access.
I am answering this as I kept hitting this question when I was trying to find out why my code was constantly returning 401s. Hope this helps someone as the Google instructions are awful and scattered all over the place at the moment.