I'm trying to make a simple activity insert to an authorized user's Google+ profile using the Google Domains API. It seems that this API is only available for Google Apps (now G Suite) accounts and ISVs, and so I created a G Suite account. This after multiple attempts made with a regular Google developer account, for which I was getting the same errors shown here.
Ideally, I'd like to achieve this via HTTP endpoints as documented here.
I have created a google app and generated the OAuth2 CLIENT_ID and CLIENT_SECRET, and I have enabled the Domains API of course. The following Java code shows the steps taken to achieve my goal.
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.HttpClientBuilder;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.util.Arrays;
import java.util.List;
public class GooglePlustShenanigans {
private static final String CLIENT_SECRET = "<client_secret>";
private static final String CLIENT_ID = "<client_id>";
private static final List<String> SCOPE = Arrays.asList(
"https://www.googleapis.com/auth/plus.me",
"https://www.googleapis.com/auth/plus.stream.write");
private static final String REDIRECT_URI = "https://www.someuri.com/oauth2callback";
public static void main(String[] args) throws IOException {
GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
new NetHttpTransport(),
new JacksonFactory(),
CLIENT_ID,
CLIENT_SECRET,
SCOPE)
.setAccessType("offline")// Set to offline so that the token can be refreshed.
.build();
String url = flow.newAuthorizationUrl().setRedirectUri(REDIRECT_URI).build();
System.out.println("Please open the following URL in your browser then " +
"type the authorization code:");
System.out.println(" " + url);
BufferedReader br = new BufferedReader(new InputStreamReader(System.in));
String code = br.readLine();
GoogleTokenResponse tokenResponse = flow.newTokenRequest(code)
.setRedirectUri(REDIRECT_URI).execute();
String token = tokenResponse.getAccessToken();
String refreshToken = tokenResponse.getRefreshToken();
System.out.println("Access token: " + token);
System.out.println("Refresh token: " + refreshToken);
post("Sample message", token);
}
public static void post(String msg, String token) throws IOException {
HttpClient client = HttpClientBuilder.create().build();
HttpPost post = new HttpPost("https://www.googleapis.com/plusDomains/v1/people/me/activities");
StringEntity body = new StringEntity("{\"object\":{\"originalContent\":\"" + msg + "\"}," +
"\"access\":{\"items\":[{\"type\":\"domain\"}],\"domainRestricted\":true}}");
post.setHeader("Content-Type", "application/json");
post.setHeader("Authorization", "OAuth" + token);
post.setEntity(body);
HttpResponse resp = client.execute(post);
System.out.println(resp.getStatusLine().getStatusCode());
System.out.println(resp.getStatusLine().getReasonPhrase());
System.out.println(resp.toString());
}
}
Here's the response I keep getting:
401
Unauthorized
HttpResponseProxy{HTTP/1.1 401 Unauthorized [Vary: Origin, Vary: X-Origin, WWW-Authenticate: Bearer realm="https://accounts.google.com/", Content-Type: application/json; charset=UTF-8, Date: Sat, 11 Feb 2017 00:38:07 GMT, Expires: Sat, 11 Feb 2017 00:38:07 GMT, Cache-Control: private, max-age=0, X-Content-Type-Options: nosniff, X-Frame-Options: SAMEORIGIN, X-XSS-Protection: 1; mode=block, Server: GSE, Alt-Svc: quic=":443"; ma=2592000; v="35,34", Transfer-Encoding: chunked] org.apache.http.client.entity.DecompressingEntity@1649b0e6}
My next attempt was to try and leverage Google Java libraries and ended up with the following:
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(new NetHttpTransport())
.setJsonFactory(new JacksonFactory())
.setClientSecrets(CLIENT_ID, CLIENT_SECRET)
.build();
credential.setFromTokenResponse(tokenResponse);
credential.refreshToken();
String msg = "Happy Monday! #caseofthemondays";
// Create a list of ACL entries
PlusDomainsAclentryResource resource = new PlusDomainsAclentryResource();
resource.setType("domain"); // Share to domain
List<PlusDomainsAclentryResource> aclEntries =
new ArrayList<>();
aclEntries.add(resource);
Acl acl = new Acl();
acl.setItems(aclEntries);
acl.setDomainRestricted(true); // Required, this does the domain restriction
PlusDomains plusDomains = new PlusDomains
.Builder(new NetHttpTransport(), new JacksonFactory(), credential)
.setApplicationName("myApp")
.build();
Activity activity = new Activity()
.setObject(new Activity.PlusDomainsObject().setOriginalContent(msg))
.setAccess(acl);
activity = plusDomains.activities().insert("me", activity).execute();
System.out.println(activity.toPrettyString());
Output:
Exception in thread "main" com.google.api.client.googleapis.json.GoogleJsonResponseException: 403 Forbidden
{
"code" : 403,
"errors" : [ {
"domain" : "global",
"message" : "Forbidden",
"reason" : "forbidden"
} ],
"message" : "Forbidden"
}
at com.google.api.client.googleapis.json.GoogleJsonResponseException.from(GoogleJsonResponseException.java:146)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:113)
at com.google.api.client.googleapis.services.json.AbstractGoogleJsonClientRequest.newExceptionOnError(AbstractGoogleJsonClientRequest.java:40)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest$1.interceptResponse(AbstractGoogleClientRequest.java:321)
at com.google.api.client.http.HttpRequest.execute(HttpRequest.java:1065)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:419)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.executeUnparsed(AbstractGoogleClientRequest.java:352)
at com.google.api.client.googleapis.services.AbstractGoogleClientRequest.execute(AbstractGoogleClientRequest.java:469)
I got the same 403 error when I tried achieving this via the API Explorer.
And then for no specific reason I tried:
curl -v -H "Content-Type: application/json" -H "Authorization: OAuth$USER_ACCESS_TOKEN" -d "{"object": {"originalContent": "Happy Monday!#caseofthemondays"},"access":{"kind":"plus#acl","items":[{"type":"domain"}],"domainRestricted":true}}" -X POST https://www.googleapis.com/plusDomains/v1/people/me/activities
Response:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
What am I missing?
UPDATE: I tried creating posts for an authenticated G Suite domain user, and got the same errors.
