3

I'm trying to explore the Google Identity Toolkit API using the Google API Explorer. The API hints that "No auth required", however when I try to execute a request there is an error message:

This method requires you to be authenticated. You may need to activate the toggle above to authorize your request using OAuth 2.0.

If I try to use the OAuth 2.0 toggle and Authorise the API I get a 400 error: 

Error: invalid_request

Missing required parameter: scope

But Google Identity Toolkit API does not declare any scopes.

Please can someone help?

UPDATE: Further errors I get when using the API Explorer: When trying to execute the getAccountInfo request, I pass a request body with the localId field populated. The response I get is:

400 OK

- Show headers -

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "invalid",
    "message": "INVALID_SERVICE_ACCOUNT"
   }
  ],
  "code": 400,
  "message": "INVALID_SERVICE_ACCOUNT"
 }
}
Dewiniaeth
  • 1,123
  • 3
  • 18
  • 30
  • Please provide more details about the exact requests you are making that result in the error. – abraham Aug 08 '15 at 17:57
  • 1
    Thanks for your reply - I'm trying to execute the identitytoolkit.relyingparty.downloadAccount request in the API Explorer. When I press Execute I get the error. – Dewiniaeth Aug 12 '15 at 12:13
  • Have you found any solutions? I am trying to get this done from hours but hadn't succeeded yet ! – kirtan403 Jan 22 '16 at 19:21

2 Answers2

1

Here is the list of Google API scopes:

https://developers.google.com/identity/protocols/googlescopes#oauth2v2

This completely omits Identity Kit.

Tying in a random string into the scopes box produces an error:

enter image description here

I have guessed up that the scope should be https://www.googleapis.com/auth/identitytoolkit by looking at the pattern.

And this scope does not cause an error. So this means it is a valid scope, even though it is undocumented.

That said, I used an API request of:

POST https://www.googleapis.com/identitytoolkit/v3/relyingparty/downloadAccount?fields=kind%2CnextPageToken%2Cusers&key={YOUR_API_KEY}

{ "maxResults": 999 }

And it produced:

200 OK

{ "kind": "identitytoolkit#DownloadAccountResponse" }

So I will say that I have successfully executed this query while using an undocumented feature. However, it appears that the result from the server is incorrect.

This should answer your question, although the result is simply shining light on a broken server implementation.

I have not reported the bugs / undocumented feature in this answer and would appreciate assistance in that effort.

William Entriken
  • 37,208
  • 23
  • 149
  • 195
-1

You may find how to use Google Identity Toolkit from the official site. If you really want to manually try Google Identity Toolkit API, you need to enable the API in your Google Developers Console project, create an ApiKey in the project, and call the API using a command tool like curl. The request syntax should follow the one shown in the Google API Explorer.

abraham
  • 46,583
  • 10
  • 100
  • 152
Jin Liu
  • 2,203
  • 15
  • 13
  • 2
    Hi Thanks for you reply. I have used the documentation extensively to create an Identity Toolkit enabled site. Therefore I have already enabled the API etc. I just want to explorer the options provided at : https://developers.google.com/apis-explorer/?hl=en_US#p/identitytoolkit/v3/ – Dewiniaeth Aug 12 '15 at 12:15