google-analytics-api

Re: OAuth 2.0 400 - error:invalid_grant and ideas?


doucol Mar 31, 2012 5:05 PM
Posted in group: Google Analytics Reporting API
Hi Ian,

Just received a note from Nick - check his reply in my thread.

Bottom line from him is that the analytics service does not yet support OAuth "Server to Server" interactions.  He pointed towards a blog post which lists the services which support this type of interaction


Also note the suggestion in his response. 

good luck
-doug

On Saturday, March 31, 2012 10:05:50 AM UTC-7, Ian Ibbotson wrote:
Yep.. same boat here and stuck again.. only getting 403 responses :(

On Mar 31, 10:11 am, doucol <doug.coll...@gmail.com> wrote:
> Soooo funny.  I just spent the last two days on the same exact problem.
>  Yeah, very frustrating.
>
> However, now all I get back is a 403 forbidden from the actual analytics
> service request.  :(
>
>
>
>
>
>
>
> On Saturday, March 31, 2012 1:45:44 AM UTC-7, Ian Ibbotson wrote:
>
> > Typically...
>
> > After fighting with this for 14 odd hours, and finally posting here...
> > I go and fix it in 3 mins!
>
> > I thought it was just worth trying the email address from the API
> > console instead of the client-Id.. Hey presto, 200OK.
>
> > Hopefully this will help someone else. Google friends, can I make a
> > suggestion that
> >https://developers.google.com/accounts/docs/OAuth2ServiceAccount
> > could use a small edit in under the "Forming the JWT Claim Set"
> > heading, "Required Claims" section. Specifically, the table listing
> > the parameters reads "iss - the client_id of the application making
> > the access token request". I think it should really read "the Email
> > address as taken from the API Console service account setting".. I'm
> > pretty sure it says to send client_id in a few other places, but that
> > page seems to be the authoritative one, and is linked from the API
> > console. Making it a bit clearer would have saved me a bit of pain.
>
> > Thanks all!
> > Ian.
>
> > On Mar 31, 9:30 am, Ian Ibbotson <iani...@gmail.com> wrote:
> > > Hi All.
>
> > > Apologies if I'm asking a dumb question, did search around and I
> > struggled
> > > to find anything that matched. Please feel free to tell me to go search
> > > harder if I'm just being dumb....
>
> > > I have a server app that needs to collect it's own analytics data from
> > the
> > > API, and had planned to use the service-accounts scenario to collect the
> > > data... At first I tried to use the google libraries, but they seem to
> > come
> > > with a world of dependency hell that I'd like to avoid if at all
> > possible.
> > > Aside from that, I thought it would be good to try and understand the
> > > process from the ground up.
>
> > > I've had some limited success getting the JWT request together and
> > signing
> > > it.. I *think* everything is as it should be, but when I make my first
> > call
> > > the server always returns 400 : error:invalid_grant
>
> > > I've tried generating a new key, but nothing seems to help, and I'm a
> > bit
> > > stuck to know whats going wrong and why.
>
> > > I've attached a .groovy test that demonstrates the problem if anyone is
> > > sufficiently motivated to take a look. To run it, you'll need to
> > generate a
> > > new service account from the api console, download the key and then
> > update
> > > the test file with your client_id and path to the downloaded .p12 file.
>
> > > The test script should grab all the dependencies it needs. Hopefully
> > > someone out there will take a look and spot that I've just done
> > something
> > > really dumb.
>
> > > Thanks for any assistance!
>
> > > Ian.
>
> > >  test.groovy
> > > 4KViewDownload