We've been using the same process for creating a google calendar invite for a year now, and if the the calendar invite and id already exists, it will create a new one.
This code is fairly static so I am wondering if something happened on google's API that might have changed?
Here is the error returned:
{
"ExceptionDetail": {
"HelpLink": null,
"InnerException": null,
"Message": "Google.Apis.Requests.RequestError The requested identifier already exists. [409] Errors [Message[The requested identifier already exists.] Location[ - ] Reason[duplicate] Domain[global]]",
"Type": "Google.GoogleApiException"
},
"ExceptionType": "Google.GoogleApiException",
"Message": "Google.Apis.Requests.RequestError The requested identifier already exists. [409] Errors [Message[The requested identifier already exists.] Location[ - ] Reason[duplicate] Domain[global]]",
And here is the snippet of code that is creating/updating the invite
service = Authentication.AuthenticateOauth();
//Google calendar ID for calendar request.
EventsResource.ListRequest checkIfMade = service.Events.List(newCalendar.calendarID);
Events events = checkIfMade.Execute();
var hasBeenMade = false;
foreach (var eventItem in events.Items)
{
if (eventItem.Id == convertedID)
{
hasBeenMade = true;
break;
}
}
if (hasBeenMade)
{
EventsResource.UpdateRequest singleEventRequest = new EventsResource.UpdateRequest(service, myEvent, newCalendar.calendarID, myEvent.Id);
singleEventRequest.SendNotifications = true;
singleEventRequest.Execute();
// Debug.Print(eventLink.HtmlLink);
}
else
{
EventsResource.InsertRequest singleEventRequest = new EventsResource.InsertRequest(service, myEvent, newCalendar.calendarID);
singleEventRequest.SendNotifications = true;
singleEventRequest.Execute();
//Debug.Print(eventLink.HtmlLink);
}
}
Related
We have an application that logs in as an exchange user and does simple tasks like delete / saves / sends emails etc. I'm seeing a lot of two errors in our Splunk report:
"Exchange Web Services are not currently available for this request because none of the Client Access Servers in the destination site could process the request"
and
"Problem deleting email [ item id: (item ID string) ] - The specified object was not found in the store., The process failed to get the correct properties."
I've read that it's important to include:
service.HttpHeaders.Add("X-AnchorMailbox", MailboxToAccess);
when impersonating users and that that may be the issue, but what about when you are just logging in as a user?
Here's the code where we set up the exchange service:
public ExchangeServiceClient(ILog logger, IContentTypeHelper contentTypeHelper)
{
_logger = logger;
_contentTypeHelper = contentTypeHelper;
if (EvidenceSettings.Default.AppEmailUserName.Equals("Windows Credentials", StringComparison.OrdinalIgnoreCase))
{
_exchangeService = new ExchangeService(ExchangeVersion.Exchange2010_SP2);
_exchangeService.Url = new Uri(PartnerEvidenceSettings.Default.ExchangeServiceAddress);
}
else
{
_exchangeService = new ExchangeService(ExchangeVersion.Exchange2013_SP1);
_exchangeService.Url = new Uri(EvidenceSettings.Default.ExchangeServiceAddress);
_exchangeService.Credentials = new WebCredentials(EvidenceSettings.Default.AppEmailUserName, EvidenceSettings.Default.AppEmailPassword);
_exchangeService.TraceEnabled = true;
_exchangeService.UseDefaultCredentials = false;
}
}
And here's an example of when we use the service (just a single example, but all pretty similar functions):
public void DeleteMailMessage(string identifier)
{
// If this email was an attachment in another email, then only delete the container email
if (identifier != null)
{
try
{
var ids = new[] { new ItemId(identifier) };
var responseCollection = _exchangeService.DeleteItems(ids, DeleteMode.MoveToDeletedItems, null, null);
foreach (var response in responseCollection)
{
if (response.Result == ServiceResult.Error)
{
_logger.Error($"Problem deleting email [ item id: {identifier} ] - {response.ErrorMessage}");
}
}
}
catch (Exception ex)
{
_logger.Error($"Error deleting email [ item id: {identifier} ]", ex);
}
}
}
My question is, do we need to be including the HTTPHEADERS, or is something else causing this issue? If it's not that, I'm not quite sure what could be causing this error.
Those two error are different and generally not related
"Exchange Web Services are not currently available for this request because none of the Client Access Servers in the destination site could process the request"
Generally this is a routing error so yes you should always included the X-AnchorMailbox header no matter if its impersonation or not. (Eg if you look at any Microsoft Mail client Outlook,OWA, Outlook Mobile you will always see these headers).
"Problem deleting email [ item id: (item ID string) ] - The specified object was not found in the store., The process failed to get the correct properties."
This is usually an Item error or permissions error eg no access to the Mailbox itself or your trying to access something like the Audit folder in the mailbox etc. It can also mean the Item in question has moved in the Mailbox.
I'm trying to Verify an Id Token in C#
I'm Creating the app like this:
AppOptions appOptions = new AppOptions()
{
Credential = GoogleCredential.FromFile(#"path/to/Credential.json"),
ServiceAccountId = "serviceAccId",
ProjectId = "ProjectId",
};
var MyApp = FirebaseApp.Create(appOptions);
The error message i get is: ID token has incorrect audience (aud) claim.
Any Ideas on what it could be? Thanks!
I added a few things to the code... the problem i get is in the last step, when i try to signIn with custom token.
It gives me an error stating that the reason was a MissingIdentifier.
using (var customToken = FirebaseAdmin.Auth.FirebaseAuth.DefaultInstance.CreateCustomTokenAsync(authentication.FirebaseUser.LocalId))
{
string token = customToken.Result;
using (FirebaseAuthProvider auth = new FirebaseAuthProvider(new FirebaseConfig(FireBaseAppKey)))
{
using (test = auth.SignInWithCustomTokenAsync(token))
{
test.Wait();
}
}
customToken.Wait();
}
This is the message i get:
Exception occured while authenticating.
Url: https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyCustomToken?key={0}
Request Data:
{
"token":"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJVaWQiOiIyM2E1ZGM0Ny03NDNhLTQzNDUtODc5Mi1lMDY5NjhkNDZjNGIiLCJpc3MiOiJmaXJlYmFzZS1hZG1pbnNkay0xb2ZxNEBhdXRodGVzdHByb2plY3QtYmVlMDkuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzdWIiOiJmaXJlYmFzZS1hZG1pbnNkay0xb2ZxNEBhdXRodGVzdHByb2plY3QtYmVlMDkuaWFtLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJhdWQiOiJodHRwczovL2lkZW50aXR5dG9vbGtpdC5nb29nbGVhcGlzLmNvbS9nb29nbGUuaWRlbnRpdHkuaWRlbnRpdHl0b29sa2l0LnYxLklkZW50aXR5VG9vbGtpdCIsImV4cCI6MTU4NDU1NTAzNiwiaWF0IjoxNTg0NTUxNDM2fQ.nwvRalOpMs9LYIAFoFZ53Yu72kar9MNpO8gHBGZaMQcdx0ms7OIs0cYEsXUDYy0A_rNfOK03pIWc1y_w2rtIbl_Rg7oHY2u8YublHGe
-n6w9PjQpkONU3YEWHW9qnewhYPFqiLw94j8qEM9V3Bc0FCtspyv8i7Ra9-r2Gz9p88kvUHcIV8_qF9dN_4kNVNiVVHOIhFDQgDOnwUSobmp6aMVnsB9xRwv2_oiWc19s4HNXcNif12d7HHdeRauWVRoTYYvMjrgJTRUsGcB2YFZR8QhH7_0Fmn8bfbiJWP2maTXayL4sY2sIaEyJZDIaBDHkU8l_j_1KxBR7_FTv2Q5_DA\",
"returnSecureToken":true
}
Response: {
"error": {
"code": 400,
"message": "MISSING_IDENTIFIER",
"errors": [
{"message": "MISSING_IDENTIFIER\",
"domain": "global",
"reason": "invalid"
}
]
}
}
Reason: MissingIdentifier"}
This typically means that the ID token is for a different project than what you have the credentials file for. I recommend downloading a fresh credentials file from the Firebase/Cloud console for the project, and trying again.
Context:
I am trying to add a new website tab to an existing channel in MS Teams and then get the id of newly-created tab.
Problem:
I am able to create new tab but I am getting a "BadRequest" exception from the Graph:
Message: Value cannot be null. Parameter name: entity
The interesting part is that the tab is created and visible in MS Teams in the correct team and channel but I cannot get it's id in any way.
My code:
var tab = await _graphClient.Teams[teamId].Channels[channelId].Tabs.Request().WithMaxRetry(3).AddAsync(
new TeamsTab
{
DisplayName = "New Tab",
AdditionalData = new Dictionary<string, object>
{
["teamsApp#odata.bind"] =
$"{_teamsFactory.GraphV1Endpoint}/appCatalogs/teamsApps/com.microsoft.teamspace.tab.web"
},
Configuration = new TeamsTabConfiguration
{
EntityId = null,
WebsiteUrl = $"{_appUrl}/1",
ContentUrl = $"{_appUrl}/1",
RemoveUrl = null,
}
}
);
Like I wrote above, this code works and the tab is created but GraphServiceClient throws an exception before the tab variable is assigned.
And when I tried to get the tab list in Graph Explorer
https://graph.microsoft.com/v1.0/teams/{teamid}/channels/{channelid}/tabs
I received an error response:
{
"error": {
"code": "InternalServerError",
"message": "Failed to execute request.",
"innerError": {
"request-id": "a03654e8-37a7-4fbb-8052-6a1b11721234",
"date": "2020-02-24T15:11:54"
}
}
}
I think you might need to set a value for "EntityId" - basically just a string value to uniquely "name" your tab. It's not the "DisplayName", more a string "id" for the tab.
POST https://graph.microsoft.com/v1.0/teams/{id}/channels/{id}/tabs
{
"displayName": "My Contoso Tab",
"teamsApp#odata.bind" : "https://graph.microsoft.com/v1.0/appCatalogs/teamsApps/06805b9e-77e3-4b93-ac81-525eb87513b8",
"configuration": {
"entityId": "2DCA2E6C7A10415CAF6B8AB6661B3154",
"contentUrl": "https://www.contoso.com/Orders/2DCA2E6C7A10415CAF6B8AB6661B3154/tabView",
"websiteUrl": "https://www.contoso.com/Orders/2DCA2E6C7A10415CAF6B8AB6661B3154",
"removeUrl": "https://www.contoso.com/Orders/2DCA2E6C7A10415CAF6B8AB6661B3154/uninstallTab"
}
}
Please take a look at Add Tab to a channel using Graph API
Edit 1: Could you please check you have appropriate permissions to add the Tab?
Edit2: Could you please try below piece of code?
GraphServiceClient graphClient = new GraphServiceClient( authProvider );
var teamsTab = new TeamsTab
{
DisplayName = "WebsiteTab",
AdditionalData = new Dictionary<string, object>()
{
{"teamsApp#odata.bind","https://graph.microsoft.com/v1.0/appCatalogs/teamsApps/com.microsoft.teamspace.tab.web"}
},
Configuration = new TeamsTabConfiguration
{
EntityId = null,
ContentUrl = "https://learn.microsoft.com/en-us/microsoftteams/platform/resources/bot-v3/bots-context",
RemoveUrl = null,
WebsiteUrl = "https://learn.microsoft.com/en-us/microsoftteams/platform/resources/bot-v3/bots-context"
}
};
await graphClient.Teams["TeamId"].Channels["ChannelId"].Tabs
.Request()
.AddAsync(teamsTab);
Finally I found the "solution" though a better name is a workaround for my issue. To make it work I had to set ODataType to null in TeamsTabConfiguration. That's all. The code should look like this:
var tab = await _graphClient.Teams[teamId].Channels[channelId].Tabs.Request().WithMaxRetry(3).AddAsync(
new TeamsTab
{
DisplayName = TabTitle,
ODataBind = $"{_teamsFactory.GraphV1Endpoint}/appCatalogs/teamsApps/com.microsoft.teamspace.tab.web",
Configuration = new TeamsTabConfiguration
{
ODataType = null,
EntityId = null,
WebsiteUrl = $"{_appUrl}/1",
ContentUrl = $"{_appUrl}/1",
RemoveUrl = null
}
});
Like I mentioned it is only a workaround. It is labeled as "service bug" on GitHub (issue#598)
We're using Microsoft.Graph to read /users and get notifications. This is the working example on how we subscribe:
var result = await _client.Subscriptions.Request().AddAsync(new Subscription() {
ChangeType = "updated,deleted",
NotificationUrl = /* skipped */,
ExpirationDateTime = DateTimeOffset.UtcNow.AddMinutes(10),
Resource = "/users",
}, token);
Up until 6th or 7th of December 2018 this was a valid code. Currently it returns:
Code: ExtensionError
Message: Operation: Create; Exception: [Status Code: Forbidden; Reason: Forbidden]
Inner error
Read /users works.
Read and subscribe to /users/some#email/contacts works.
Verification request on my callback url is received and properly processed.
I have an application token with Directory.Read.All and Contacts.Read application permissions.
Was there a change in permissions or API ?
UPDATE:
It is broken again approx 20th of January 2019.
Are there any updates on that?
I also encountered the same problem. The description is as follows: there is no Reston code, just code is forbidden:
{
"Error": {
"code": "ExtensionError",
"message": "Operation: Create; Exception: [Status Code: Forbidden; Reason: ]",
"innerError": {
"request-id": "81d5439d-aebb-41e4-9b8f-df8475a60f1e",
"date": "2019-12-24T09:01:32"
}
}
}
I don't know if it's Microsoft's problem. The error prompt is not comprehensive. I'm a little worried...
Short version
Logged in as a Facebook user, I use my oAuth token to assume an IAM role on AWS. It returns what looks to be valid credentials, e.g. there is an AccessKeyId, SecretAccessKey that are similar length to our master keys.
When I try to use these credentials to access a DynamoDB table, I get one of two exceptions:
"The remote server returned an error: (400) Bad Request."; or
"The security token included in the request is invalid.".
I'm using the AWS C# SDK version 1.5.25.0
Long version
As I said above, I'm trying to access a DynamoDB table on AWS using credentials supplied by AmazonSecurityTokenServiceClient authorized by Facebook Identity as described in this AWS guide.
The policy for the IAM role that I've created is:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"dynamodb:BatchGetItem",
"dynamodb:PutItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:UpdateItem"
],
"Sid": "Stmt1372350145000",
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}
How I get the credentials:
The user logs in with Facebook using oAuth.
Using the access token, I assume the IAM role using a AmazonSecurityTokenServiceClient.AssumeRoleWithWebIdentity with a request.
This returns what looks like to be valid credentials, e.g. a AccessKeyId, SecretAccessKey that are similar length to our master keys.
using (var tokenServiceClient = new AmazonSecurityTokenServiceClient(RegionEndpoint.USEast1))
{
var request = new AssumeRoleWithWebIdentityRequest
{
DurationSeconds = (int)TimeSpan.FromHours(1).TotalSeconds,
ProviderId = "graph.facebook.com",
RoleArn = "arn:aws:iam::193557284355:role/Facebook-OAuth",
RoleSessionName = result.id,
WebIdentityToken = FBClient.AccessToken
};
var response = tokenServiceClient.AssumeRoleWithWebIdentity(request);
AWSAssumedRoleUser = response.AssumeRoleWithWebIdentityResult.AssumedRoleUser;
AWSCredentials = response.AssumeRoleWithWebIdentityResult.Credentials;
}
How I use these credentials:
Using the returned credentials, I then try to access a AWS DynamoDB resource.
using (var client = new AmazonDynamoDBClient(AWSCredentials.AccessKeyId, AWSCredentials.SecretAccessKey, AWSCredentials.SessionToken, RegionEndpoint.USEast1))
{
var context = new DynamoDBContext(client);
var data = context.Scan<SomeData>();
}
This returns "The remote server returned an error: (400) Bad Request." when trying to Scan the table.
This is where the variation in the exception message is; if I omit the AWSCredentials.SessionToken from the above AmazonDynamoDBClient
using (var client = new AmazonDynamoDBClient(AWSCredentials.AccessKeyId, AWSCredentials.SecretAccessKey, RegionEndpoint.USEast1))
{
var context = new DynamoDBContext(client);
var data = context.Scan<SomeData>();
}
This returns "The security token included in the request is invalid." when trying to Scan the table.
Question
At this point I cannot tell what is wrong, are the credentials invalid or that I'm not passing everything through that is needed to AWS.
Can anyone offer any insight to what is wrong or how I could debug this further?
I cross-posted my question to the AWS forums and received an answer from an Amazon engineer.
https://forums.aws.amazon.com/message.jspa?messageID=465057
DynamoDBContext object invokes DescribeTable on the target table (and caches this data, so for optimal performance you would want to keep the context object around for as long as possible, so this call is only done once per target table). Modify your policy as follows:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"dynamodb:BatchGetItem",
"dynamodb:PutItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:UpdateItem",
"dynamodb:DescribeTable"
],
"Sid": "Stmt1372350145000",
"Resource": [
"*"
],
"Effect": "Allow"
}
]
}