401 error with message": "This developer account does not own the application."

[oferabra]

Hi,

I've implemented in my app the new subscription option,i'm trying to use the account services to get user expiration date from google servers.

i have managed to get the access token,but when i send the get request i get 

  "code": 401,

  "message": "This developer account does not own the application."

although this is my developer account.

code:

credential=

new GoogleCredential.Builder().setTransport(netHttpTransport)

.setJsonFactory(jacksonFactory)

.setServiceAccountId(xxxxxxxx...@developer.gserviceaccount.com)  //from api console

.setServiceAccountScopes("https://www.googleapis.com/auth/androidpublisher")

.setServiceAccountPrivateKeyFromP12File(file)

.build();

credential.refreshToken();

String uri ="https://www.googleapis.com/androidpublisher/v1/applications/"+packageName+"/subscriptions/"+subscriptionId+"/purchases/"+PurhcaseToken;

GenericUrl url = new GenericUrl(uri);

HttpRequestFactory requestFactory =netHttpTransport.createRequestFactory(credential);

HttpRequest request = requestFactory.buildGetRequest(url);

HttpResponse response = request.execute();

[Milan Cermak]

Although my code is in Python, I have the same problem. I would really appreciate if someone from Google would fix it as it's a blocker for our upcoming application.

On Tuesday, June 19, 2012 3:08:46 PM UTC+2, oferabra wrote:

Hi,

I've implemented in my app the new subscription option,i'm trying to use the account services to get user expiration date from google servers.

i have managed to get the access token,but when i send the get request i get 

  "code": 401,

  "message": "This developer account does not own the application."

although this is my developer account.

code:

credential=

new GoogleCredential.Builder().setTransport(netHttpTransport)

.setJsonFactory(jacksonFactory)

.setServiceAccountId(xxxxxxxxxxxxxxxxx@developer.gserviceaccount.com)  //from api console

.setServiceAccountScopes("https://www.googleapis.com/auth/androidpublisher")

.setServiceAccountPrivateKeyFromP12File(file)

.build();

credential.refreshToken();

[Asif Tasleem]

I am receiving the same issue. My code seems like this:

 GoogleCredential credential =

            new GoogleCredential.Builder().setTransport(HTTP_TRANSPORT)

                .setJsonFactory(JSON_FACTORY)

                .setServiceAccountId(SERVICE_ACCOUNT_EMAIL)

                .setServiceAccountScopes("https://www.googleapis.com/auth/androidpublisher")

                .setServiceAccountPrivateKeyFromP12File(new File("key.p12"))

                .build();

        credential.refreshToken();

        Androidpublisher pub =

            new Androidpublisher.Builder(HTTP_TRANSPORT, JSON_FACTORY, credential)

                .setApplicationName("xxxxxxxxx").build();

        SubscriptionPurchase purchse =

            pub.purchases()

                .get("xxx.xxxxxx", "xxx.xxxx.test.xxxx", "xxxxxxxxxxxxxxxxxxxxx")

                .execute();

[Emmanuel Costa]

Same problem, after a quick search a lot seems to encounter this problem.

Still no response from Google ?

[Naveen Agarwal]

Based on my quick reading of the androidpublisher api auth doc

It says "Access to the Google Play Android Developer API is authenticated using the OAuth 2.0 Web Server flow. Before you can use the API, you will need to set up an APIs Console project, create a client ID and generate a refresh token."

From the code you posted, you are trying to use a service account but the API is for a real user account.

So you need to manually get an access token using the web server flow and try the API.

It may be easier if you describe the overall flow and what you are trying to do (what is client doing, if ther eis a server involved) and we may be able to help more.

Thanks

Naveen

--
You received this message because you are subscribed to the Google Groups "oauth2-dev" group.

To view this discussion on the web visit https://groups.google.com/d/msg/oauth2-dev/-/mi6Rbevnd38J.

To post to this group, send email to oauth...@googlegroups.com.
To unsubscribe from this group, send email to oauth2-dev+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/oauth2-dev?hl=en.

[Milan Cermak]

On Saturday, June 30, 2012 12:00:42 AM UTC+2, Naveen Agarwal wrote:

Based on my quick reading of the androidpublisher api auth doc

It says "Access to the Google Play Android Developer API is authenticated using the OAuth 2.0 Web Server flow. Before you can use the API, you will need to set up an APIs Console project, create a client ID and generate a refresh token."

I have of course done this. I have the Client ID generated in the Console and the official Python library from Google handles obtaining and refreshing the token.
 

From the code you posted, you are trying to use a service account but the API is for a real user account.

So you need to manually get an access token using the web server flow and try the API.

It may be easier if you describe the overall flow and what you are trying to do (what is client doing, if ther eis a server involved) and we may be able to help more.

Here's my log. First, HTTP communication:

connect: (accounts.google.com, 443)
send: 'POST /o/oauth2/token HTTP/1.1\r\nHost: accounts.google.com\r\nContent-Length: 574\r\ncontent-type: application/x-www-form-urlencoded\r\naccept-encoding: gzip, deflate\r\nuser-agent: alert.us/1.0\r\n\r\ngrant_type=assertion&assertion_type=http%3A%2F%2Foauth.net%2Fgrant_type%2Fjwt%2F1.0%2Fbearer&assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI0MjgwNzI5NTgzMTZAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvYW5kcm9pZHB1Ymxpc2hlciIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsImV4cCI6MTM0MTA1MjYwMiwiaWF0IjoxMzQxMDQ5MDAyfQ.O1M6Dz6VcTMo8RRsK5b5lloxBO5bMCY6YtlXw8lQGvvuMnjguthkVMoF3KYOjSCwDtxnt-bKP3aqKa-pRQn13N_fbXxR1IBq7fblGwYRpLoYIGiAlaz4K0xURovAr7CeoWRJv7OUUXcqiIPYFH94GiAzijw0uOXNdTtL0UTXqA4'
reply: 'HTTP/1.1 200 OK\r\n'
header: Cache-Control: no-cache, no-store, max-age=0, must-revalidate
header: Pragma: no-cache
header: Expires: Fri, 01 Jan 1990 00:00:00 GMT
header: Date: Sat, 30 Jun 2012 09:36:43 GMT
header: Content-Type: application/json
header: X-Content-Type-Options: nosniff
header: X-Frame-Options: SAMEORIGIN
header: X-XSS-Protection: 1; mode=block
header: Server: GSE
header: Transfer-Encoding: chunked
connect: (www.googleapis.com, 443)
send: 'GET /discovery/v1/apis/androidpublisher/v1/rest HTTP/1.1\r\nHost: www.googleapis.com\r\naccept-encoding: gzip, deflate\r\nauthorization: Bearer 1/VZmk3FHwirXiFNYFq0F9yGwYcdy9PGpbRdH6ZHCfdk4\r\nuser-agent: alert.us/1.0\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Expires: Sat, 30 Jun 2012 09:41:43 GMT
header: Date: Sat, 30 Jun 2012 09:36:43 GMT
header: Cache-Control: public, max-age=300, must-revalidate, no-transform
header: ETag: "-SrYbbV8v3wJlx0CB1308kPKOHk/32NQpSaRB-jpJJPtwUKhdvwEuJM"
header: Content-Type: application/json; charset=UTF-8
header: X-Content-Type-Options: nosniff
header: X-Frame-Options: SAMEORIGIN
header: X-XSS-Protection: 1; mode=block
header: Server: GSE
header: Transfer-Encoding: chunked
send: u'GET /androidpublisher/v1/applications/us.alert/subscriptions/android_month/purchases/pmbjsblzqysaufucvefzuniy?alt=json HTTP/1.1\r\nHost: www.googleapis.com\r\ncontent-length: 0\r\naccept: application/json\r\naccept-encoding: gzip, deflate\r\nauthorization: Bearer 1/VZmk3FHwirXiFNYFq0F9yGwYcdy9PGpbRdH6ZHCfdk4\r\nuser-agent: alert.us/1.0 google-api-python-client/1.0\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: WWW-Authenticate: AuthSub realm="https://www.google.com/accounts/AuthSubRequest" allowed-scopes="https://www.googleapis.com/auth/androidpublisher"
header: Content-Type: application/json; charset=UTF-8
header: Date: Sat, 30 Jun 2012 09:36:44 GMT
header: Expires: Sat, 30 Jun 2012 09:36:44 GMT
header: Cache-Control: private, max-age=0
header: X-Content-Type-Options: nosniff
header: X-Frame-Options: SAMEORIGIN
header: X-XSS-Protection: 1; mode=block
header: Server: GSE
header: Transfer-Encoding: chunked
send: 'POST /o/oauth2/token HTTP/1.1\r\nHost: accounts.google.com\r\nContent-Length: 574\r\ncontent-type: application/x-www-form-urlencoded\r\naccept-encoding: gzip, deflate\r\nuser-agent: alert.us/1.0\r\n\r\ngrant_type=assertion&assertion_type=http%3A%2F%2Foauth.net%2Fgrant_type%2Fjwt%2F1.0%2Fbearer&assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI0MjgwNzI5NTgzMTZAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvYW5kcm9pZHB1Ymxpc2hlciIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsImV4cCI6MTM0MTA1MjYwNCwiaWF0IjoxMzQxMDQ5MDA0fQ.S6mGyqpRN_Qw4WHrMyG1WyloKn_kKZjoZn5ieH4u9YYMt-N_sgYP3UTQVEXWc3o3Eynce40967tJ9CKjUjkK65whYDqu86WKxJNHQaLqehN6FRbJNJO9rqUQafGve59yOKaiQqIkaEg6pP88qjBKIaqCbrTbjscOtNCHE2DR3oM'
reply: 'HTTP/1.1 200 OK\r\n'
header: Cache-Control: no-cache, no-store, max-age=0, must-revalidate
header: Pragma: no-cache
header: Expires: Fri, 01 Jan 1990 00:00:00 GMT
header: Date: Sat, 30 Jun 2012 09:36:44 GMT
header: Content-Type: application/json
header: X-Content-Type-Options: nosniff
header: X-Frame-Options: SAMEORIGIN
header: X-XSS-Protection: 1; mode=block
header: Server: GSE
header: Transfer-Encoding: chunked
send: u'GET /androidpublisher/v1/applications/us.alert/subscriptions/android_month/purchases/pmbjsblzqysaufucvefzuniy?alt=json HTTP/1.1\r\nHost: www.googleapis.com\r\ncontent-length: 0\r\naccept: application/json\r\naccept-encoding: gzip, deflate\r\nauthorization: Bearer 1/Kx4Zno7QeZ3uf6sE5eubkN-jQDMfR4bCE_PZB897SzE\r\nuser-agent: alert.us/1.0 google-api-python-client/1.0\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: WWW-Authenticate: AuthSub realm="https://www.google.com/accounts/AuthSubRequest" allowed-scopes="https://www.googleapis.com/auth/androidpublisher"
header: Content-Type: application/json; charset=UTF-8
header: Date: Sat, 30 Jun 2012 09:36:45 GMT
header: Expires: Sat, 30 Jun 2012 09:36:45 GMT
header: Cache-Control: private, max-age=0
header: X-Content-Type-Options: nosniff
header: X-Frame-Options: SAMEORIGIN
header: X-XSS-Protection: 1; mode=block
header: Server: GSE
header: Transfer-Encoding: chunked


And this is what I get from the apiclient library (my code is very similar to the official example for using service account with tasks API - http://code.google.com/p/google-api-python-client/source/browse/samples/service_account/tasks.py):

INFO:root:URL being requested: https://www.googleapis.com/discovery/v1/apis/androidpublisher/v1/rest
INFO:oauth2client.client:Attempting refresh to obtain initial access_token
DEBUG:root:{'iss': 'XXXXXX...@developer.gserviceaccount.com', 'scope': 'https://www.googleapis.com/auth/androidpublisher', 'aud': 'https://accounts.google.com/o/oauth2/token', 'exp': 1341052602L, 'iat': 1341049002L}
DEBUG:root:['eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9', 'eyJpc3MiOiI0MjgwNzI5NTgzMTZAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvYW5kcm9pZHB1Ymxpc2hlciIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsImV4cCI6MTM0MTA1MjYwMiwiaWF0IjoxMzQxMDQ5MDAyfQ', 'O1M6Dz6VcTMo8RRsK5b5lloxBO5bMCY6YtlXw8lQGvvuMnjguthkVMoF3KYOjSCwDtxnt-bKP3aqKa-pRQn13N_fbXxR1IBq7fblGwYRpLoYIGiAlaz4K0xURovAr7CeoWRJv7OUUXcqiIPYFH94GiAzijw0uOXNdTtL0UTXqA4']
INFO:oauth2client.client:Refresing access_token
INFO:root:URL being requested: https://www.googleapis.com/androidpublisher/v1/applications/us.alert/subscriptions/android_month/purchases/pmbjsblzqysaufucvefzuniy?alt=json
INFO:oauth2client.client:Refreshing due to a 401
DEBUG:root:{'iss': 'XXXXXX...@developer.gserviceaccount.com', 'scope': 'https://www.googleapis.com/auth/androidpublisher', 'aud': 'https://accounts.google.com/o/oauth2/token', 'exp': 1341052604L, 'iat': 1341049004L}
DEBUG:root:['eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9', 'eyJpc3MiOiI0MjgwNzI5NTgzMTZAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvYW5kcm9pZHB1Ymxpc2hlciIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsImV4cCI6MTM0MTA1MjYwNCwiaWF0IjoxMzQxMDQ5MDA0fQ', 'S6mGyqpRN_Qw4WHrMyG1WyloKn_kKZjoZn5ieH4u9YYMt-N_sgYP3UTQVEXWc3o3Eynce40967tJ9CKjUjkK65whYDqu86WKxJNHQaLqehN6FRbJNJO9rqUQafGve59yOKaiQqIkaEg6pP88qjBKIaqCbrTbjscOtNCHE2DR3oM']
INFO:oauth2client.client:Refresing access_token
Traceback (most recent call last):
  File "a.py", line 88, in <module>
    validation_request.execute()
  File "/Users/mc/.virtualenvs/alertus-api-server/lib/python2.7/site-packages/apiclient/http.py", line 389, in execute
    raise HttpError(resp, content, self.uri)
apiclient.errors.HttpError: <HttpError 401 when requesting https://www.googleapis.com/androidpublisher/v1/applications/us.alert/subscriptions/android_month/purchases/pmbjsblzqysaufucvefzuniy?alt=json returned "This developer account does not own the application.">



 

Thanks

Naveen

To unsubscribe from this group, send email to oauth2-dev+unsubscribe@googlegroups.com.

[oferabra]

Hey,

as i understand the use of the publisher api is only with server side (no client actions are involved).

as explained I opened project in Google console got private key file & email account .

since no offical sample code was publihsed I used this example of storageService .
as I understand it's the same flow, i got the access token then sends the get request and as a response i get the "This developer account does not own the application.".

if no access token is generated i get different error "401 not authorized" or something similar.

if any official example be published I think it will be best for all.

thanks

To unsubscribe from this group, send email to oauth2-dev+unsubscribe@googlegroups.com.

[oferabra]

Hi,

did you find any solution??

DEBUG:root:{'iss': 'XXXXXXXXXXXX@developer.gserviceaccount.com', 'scope': 'https://www.googleapis.com/auth/androidpublisher', 'aud': 'https://accounts.google.com/o/oauth2/token', 'exp': 1341052602L, 'iat': 1341049002L}

DEBUG:root:['eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9', 'eyJpc3MiOiI0MjgwNzI5NTgzMTZAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvYW5kcm9pZHB1Ymxpc2hlciIsImF1ZCI6Imh0dHBzOi8vYWNjb3VudHMuZ29vZ2xlLmNvbS9vL29hdXRoMi90b2tlbiIsImV4cCI6MTM0MTA1MjYwMiwiaWF0IjoxMzQxMDQ5MDAyfQ', 'O1M6Dz6VcTMo8RRsK5b5lloxBO5bMCY6YtlXw8lQGvvuMnjguthkVMoF3KYOjSCwDtxnt-bKP3aqKa-pRQn13N_fbXxR1IBq7fblGwYRpLoYIGiAlaz4K0xURovAr7CeoWRJv7OUUXcqiIPYFH94GiAzijw0uOXNdTtL0UTXqA4']
INFO:oauth2client.client:Refresing access_token
INFO:root:URL being requested: https://www.googleapis.com/androidpublisher/v1/applications/us.alert/subscriptions/android_month/purchases/pmbjsblzqysaufucvefzuniy?alt=json
INFO:oauth2client.client:Refreshing due to a 401

DEBUG:root:{'iss': 'XXXXXXXXXXXX@developer.gserviceaccount.com', 'scope': 'https://www.googleapis.com/auth/androidpublisher', 'aud': 'https://accounts.google.com/o/oauth2/token', 'exp': 1341052604L, 'iat': 1341049004L}

[Milan Cermak]

On Sunday, July 15, 2012 1:44:00 PM UTC+2, oferabra wrote:

Hi,

did you find any solution??

It seems someone at Google is working on this one. Instead of a 401 I now get 503 "Backend Error" as a response. I guess we'll have to wait until they fix it.

Milan

[Milan Cermak]

On Tuesday, June 19, 2012 3:08:46 PM UTC+2, oferabra wrote:

Hi,

I've implemented in my app the new subscription option,i'm trying to use the account services to get user expiration date from google servers.

i have managed to get the access token,but when i send the get request i get 

  "code": 401,

  "message": "This developer account does not own the application."

although this is my developer account.

code:

credential=

new GoogleCredential.Builder().setTransport(netHttpTransport)

.setJsonFactory(jacksonFactory)

.setServiceAccountId(xxxxxxxxxxxxxxxxx@developer.gserviceaccount.com)  //from api console

.setServiceAccountScopes("https://www.googleapis.com/auth/androidpublisher")

.setServiceAccountPrivateKeyFromP12File(file)

.build();

credential.refreshToken();

String uri ="https://www.googleapis.com/androidpublisher/v1/applications/"+packageName+"/subscriptions/"+subscriptionId+"/purchases/"+PurhcaseToken;

GenericUrl url = new GenericUrl(uri);

HttpRequestFactory requestFactory =netHttpTransport.createRequestFactory(credential);

HttpRequest request = requestFactory.buildGetRequest(url);

HttpResponse response = request.execute();

 I finally found a solution for this. The problem is you are using the Service accounts OAuth 2.0 flow to authorize to the android-publisher API. I was doing it the same way. However, Google requires to use the Web server applications flow, which is ridiculous, since a human interaction is needed to allow for the API access.

Fortunately there is a way around it. You just have to obtain the refresh_token, store that and keep using it for future API calls. I wrote about it in more details on my blog http://milancermak.posterous.com/server-side-verification-of-google-play-subsc

HTH,

Milan