Google API for plusDomains.circles.addPeople in Rails releases 403 Forbidden
Usage: Google Ruby Client
class GooglePlus
def self.follow_contact(contact, user = current_user)
plus = GooglePlus.plus_domains
GooglePlus.
authorized(user).
execute api_method: plus.circles.add_people,
parameters: {circleId: "Following", userId: contact}
end
private
def self.plus_domains
GooglePlus.client.discovered_api('plusDomains')
end
def self.client
require 'google/api_client'
Google::APIClient.new(
application_name: "My Application",
application_version: "1.0.0",
discovery_cache: ActiveSupport::Cache::Store
)
end
def self.authorized(user = current_user)
client = GooglePlus.client
client.authorization.client_id = Rails.application.secrets.google[:client_id]
client.authorization.client_secret = Rails.application.secrets.google[:client_secret]
client.authorization.scope = %w^openid
profile
email
https://www.googleapis.com/auth/plus.circles.write
https://www.googleapis.com/auth/plus.me
https://www.googleapis.com/auth/plus.login
https://www.google.com/m8/feeds^
client.authorization.grant_type = 'refresh_token'
client.authorization.refresh_token = user.socials.
where(kind: Social.kinds[:google_plus]).
select(&:verified?).first.token_secret
client.authorization.fetch_access_token!
client
end
end
I know my OAuth key has the correct permissions as I set this line for my "omniauth-google-oauth2" gem:
google = Rails.application.secrets.google
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, google[:client_id], google[:client_secret], {
scope: %w^openid
profile
email
https://www.googleapis.com/auth/plus.circles.write
https://www.googleapis.com/auth/plus.me
https://www.googleapis.com/auth/plus.login
https://www.google.com/m8/feeds^.join(","),
access_type: "offline",
prompt: "consent"
}
end
And it works great. Everything looks like it works until I execute client.execute api_method: plus.circles.add_people, parameters: {circleId: "Following", userId: contact}
, I come back to the next one.
=> #<Google::APIClient::Result:0x000000093853e8
@data=
#<Google::APIClient::Schema::PlusDomains::V1::Circle:0x49c79f4 DATA:{"error"=>{"errors"=>[{"domain"=>"global", "reason"=>"forbidden", "message"=>"Forbidden"}], "code"=>403, "message"=>"Forbidden"}}>,
@request=
#<Google::APIClient::Request:0x0000000943f978
@api_method=#<Google::APIClient::Method:0x3441238 ID:plusDomains.circles.addPeople>,
@authenticated=nil,
@authorization=
#<Signet::OAuth2::Client:0x00000009450930
@access_token="...",
@additional_parameters={},
@authorization_uri=
#<Addressable::URI:0x4a2813c URI:https://accounts.google.com/o/oauth2/auth>,
@client_id=
"...",
@client_secret="...",
@code=nil,
@expires_in=3600,
@expiry=60,
@extension_parameters={},
@grant_type="refresh_token",
@id_token=
"...",
@issued_at=2014-09-13 00:49:08 -0400,
@refresh_token="...",
@scope=
["openid", "profile", "email",
"https://www.googleapis.com/auth/plus.circles.write",
"https://www.googleapis.com/auth/plus.me",
"https://www.googleapis.com/auth/plus.login",
"https://www.google.com/m8/feeds"],
@token_credential_uri=
#<Addressable::URI:0x4a21e68 URI:https://accounts.google.com/o/oauth2/token>>,
@body="",
@headers=
{"User-Agent"=>
"My Application/1.0.0 google-api-ruby-client/0.7.1 Linux/3.13.0-32-generic\n (gzip)",
"Accept-Encoding"=>"gzip",
"Content-Type"=>""},
@parameters={"circleId"=>"Following", "usersId"=>"+contact_name"}>,
@response=
#<Faraday::Response:0x00000009386680
@env=
#<struct Faraday::Env
method=:put,
body=
"{\n \"error\": {\n \"errors\": [\n {\n \"domain\": \"global\",\n \"reason\": \"forbidden\",\n \"message\": \"Forbidden\"\n }\n ],\n \"code\": 403,\n \"message\": \"Forbidden\"\n }\n}\n",
url=
#<URI::HTTPS:0x00000009420370 URL:https://www.googleapis.com/plusDomains/v1/circles/Following/people?usersId=%2Bcontact_name>,
request=
#<struct Faraday::RequestOptions
params_encoder=Faraday::FlatParamsEncoder,
proxy=nil,
bind=nil,
timeout=nil,
open_timeout=nil,
boundary=nil,
oauth=nil>,
request_headers=
{"User-Agent"=>
"My Application/1.0.0 google-api-ruby-client/0.7.1 Linux/3.13.0-32-generic\n (gzip)",
"Accept-Encoding"=>"gzip",
"Content-Type"=>"",
"Authorization"=>
"Bearer ...",
"Cache-Control"=>"no-store"},
ssl=
#<struct Faraday::SSLOptions
verify=true,
ca_file=
"/home/user/.rvm/gems/ruby-2.1.2/gems/google-api-client-0.7.1/lib/cacerts.pem",
ca_path=nil,
verify_mode=nil,
cert_store=nil,
client_cert=nil,
client_key=nil,
certificate=nil,
private_key=nil,
verify_depth=nil,
version=nil>,
parallel_manager=nil,
params=nil,
response=nil,
response_headers=
{"content-type"=>"application/json; charset=UTF-8",
"date"=>"Sat, 13 Sep 2014 05:01:30 GMT",
"expires"=>"Sat, 13 Sep 2014 05:01:30 GMT",
"cache-control"=>"private, max-age=0",
"x-content-type-options"=>"nosniff",
"x-frame-options"=>"SAMEORIGIN",
"x-xss-protection"=>"1; mode=block",
"server"=>"GSE",
"alternate-protocol"=>"443:quic,p=0.002",
"connection"=>"close",
"transfer-encoding"=>"chunked"},
status=403>,
@on_complete_callbacks=[]>>
I have edited the keys and personal information via ... . So it doesn't tell me that I didn't like my request. Help would be appreciated.
+3
source to share
1 answer
You may have an expired token. From the docs :
4. Update the access token, if necessary.
Access points have a limited lifespan. If your app needs Google API access beyond the validity period of one access token, it can receive a refresh token. The refresh token allows your application to receive new access tokens.
Have you tried setting refresh token from omniauth auth hash ?
client.authorization.refresh_token = request.env["omniauth.auth"]["credentials"]["refresh_token"]
NTN.
0
source to share