spring-social-google
spring-social-google copied to clipboard
spring-social
403 Forbidden
I get a 403 forbidden error when testing out this piece of code. I have a valid, authorized, non-expired connection. Am I doing something wrong?
PeoplePage peoplePage = connection.getApi().plusOperations().searchPeople("Troutman", "0");
403 Forbidden at org.springframework.web.client.DefaultResponseErrorHandler.handleError(DefaultResponseErrorHandler.java:88) at org.springframework.web.client.RestTemplate.handleResponseError(RestTemplate.java:533) at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:489) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:461) at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:229) at org.springframework.social.google.api.query.impl.ApiQueryBuilderImpl.getPage(ApiQueryBuilderImpl.java:78) at org.springframework.social.google.api.plus.impl.PlusTemplate.searchPeople(PlusTemplate.java:109)
The second argument should either be null (for the first page) or the value you get in a response's "nextPageToken", which should be a short alphanumeric string. It's not a numeric index.
I did try leaving it null at first but I get the same error. I successfully transfer the user to Google for Authorization, the user returns and I check that the connection is authorized (it is) yet I still get a 403 error. Maybe something else is wrong. However, I was able to use the access token I received to work with the GData contacts api.
I get the same error as well. I'm trying to get the contacts in circles. The user gets successfully authorized with the scope https://www.googleapis.com/auth/plus.login . However on calling PeoplePage page = connection.getApi().personOperations().searchPeople("me", nextPageToken) I get 403 Forbidden
Any ideas?
Update:
Im using 1.0.0.M2 version
@vkonnackal To use "me" you need to authenticate with scope https://www.googleapis.com/auth/plus.me
@deanpeterson Can you please paste the HTTP request and response?
I got the same issue with 1.0.0.RELEASE. I'm using Spring Social Security to authenticate user, and the authentication process was almost finished, but in the last step of creating Connection data, it failed:
Connection<S> connection = getConnectionFactory().createConnection(accessGrant);
After debugging, the problem is at GoogleConnectionFactory.extractProviderUserId():
@Override
protected String extractProviderUserId(AccessGrant accessGrant) {
Google api = ((GoogleServiceProvider)getServiceProvider()).getApi(accessGrant.getAccessToken());
UserProfile userProfile = getApiAdapter().fetchUserProfile(api);
return userProfile.getUsername();
}
So when it calls fetchUserProfile(api), it uses
Person profile = google.plusOperations().getGoogleProfile();
The actual http request is GET https://www.googleapis.com/plus/v1/people/me
I checked the header, the OAuth2RequestInterceptor works, I can see the "Authorization" header with access token. But it still got 403 Forbidden. The origin response is like this (copied from debug output):
HTTP/1.1 403 Forbidden [Vary: Origin, Vary: X-Origin, Content-Type: application/json; charset=UTF-8, Date: Tue, 27 Jan 2015 07:38:26 GMT, Expires: Tue, 27 Jan 2015 07:38:26 GMT, Cache-Control: private, max-age=0, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-XSS-Protection: 1; mode=block, Server: GSE, Alternate-Protocol: 443:quic,p=0.02, Transfer-Encoding: chunked] org.apache.http.client.entity.GzipDecompressingEntity@64b842fe
In Google API document (https://developers.google.com/+/api/latest/people/get), if I test with profile scope, the request is like this:
GET https://www.googleapis.com/plus/v1/people/me?key={YOUR_API_KEY}
Authorization: Bearer ya29.CAGy4blJebqEqDsaw3PjGBEI5UJc0Q7idbhA4jjpxAhVVzNkH2YjnNq3cUxeavWyr0iUPnh4TAB1xw
X-JavaScript-User-Agent: Google APIs Explorer
The difference is it has "?key={YOUR_API_KEY}" in the url. Does it cause the 403 if we are missing key in the request url?
I got it figured out. I have to turn on Google+ API in Google Developer Console for my application.