Google Calendar Events Watch 401 Unauthorized

0
votes

I'm having troubles using the Google Calendar Events: watch API. I've setup the client ID and client secret and am able to get access and refresh tokens from a user. Also the domain is verified in the Google API console. As shown below I'm able to insert a new Event using the API. However the call to Events Watch fails with a 401 Unauthorized message. Below I've included the HTTP logs.

I'm using the java libraries provided by Google

Anybody any idea why i'm getting a 401 Unauthorized response?

Create a new event

CONFIG - Total: 382 bytes
CONFIG - {"attendees":[{"additionalGuests":0,"displayName":"SomeName","email":"[email protected]","optional":false}],"description":"some description","end":{"dateTime":"2018-05-04T20:00:00.000+02:00"},"extendedProperties":{"private":{"someextprop":"someextvalue"}},"start":{"dateTime":"2018-05-04T19:00:00.000+02:00"},"summary":"Some summary"}
(1/8) CONFIG - -------------- REQUEST  --------------
(2/8) POST https://www.googleapis.com/calendar/v3/calendars/primary/events?sendNotifications=true
(3/8) Accept-Encoding: gzip
(4/8) Authorization: Bearer [TOKEN]
(5/8) User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)
(6/8) Content-Type: application/json; charset=UTF-8
(7/8) Content-Encoding: gzip
(8/8) Content-Length: 269
CONFIG - curl -v --compressed -X POST -H 'Accept-Encoding: gzip' -H 'Authorization: Bearer [TOKEN]' -H 'User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)' -H 'Content-Type: application/json; charset=UTF-8' -H 'Content-Encoding: gzip' -d '@-' -- 'https://www.googleapis.com/calendar/v3/calendars/primary/events?sendNotifications=true' << $$$
CONFIG - Total: 382 bytes
CONFIG - {"attendees":[{"additionalGuests":0,"displayName":"SomeName","email":"[email protected]","optional":false}],"description":"some description","end":{"dateTime":"2018-05-04T20:00:00.000+02:00"},"extendedProperties":{"private":{"someextprop":"someextvalue"}},"start":{"dateTime":"2018-05-04T19:00:00.000+02:00"},"summary":"Some summary"}
(1/17) CONFIG - -------------- RESPONSE --------------
(2/17) HTTP/1.1 200 OK
(3/17) Transfer-Encoding: chunked
(4/17) Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
(5/17) Server: GSE
(6/17) X-Content-Type-Options: nosniff
(7/17) Pragma: no-cache
(8/17) Date: Fri, 04 May 2018 16:24:06 GMT
(9/17) X-Frame-Options: SAMEORIGIN
(10/17) Cache-Control: no-cache, no-store, max-age=0, must-revalidate
(11/17) ETag: "3050902092840000"
(12/17) Content-Encoding: gzip
(13/17) Vary: X-Origin
(14/17) Vary: Origin
(15/17) Expires: Mon, 01 Jan 1990 00:00:00 GMT
(16/17) X-XSS-Protection: 1; mode=block
(17/17) Content-Type: application/json; charset=UTF-8
CONFIG - Total: 1.070 bytes
(1/44) CONFIG - {[GOOGLE EVENT JSON, REMOVED FOR BREVITY]}

Creating the event works as expected, so we know that the acces token used was valid.

Now we try to watch a calendar.

CONFIG - Total: 140 bytes
CONFIG - {"address":"https://mysubdomain.mydomain.com/calendar-notification","id":"8bc11345-802b-4f18-bb3b-4e5c0abc53e2","type":"web_hook"}
(1/8) CONFIG - -------------- REQUEST  --------------
(2/8) POST https://www.googleapis.com/calendar/v3/calendars/primary/events/watch
(3/8) Accept-Encoding: gzip
(4/8) Authorization: Bearer [TOKEN]
(5/8) User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)
(6/8) Content-Type: application/json; charset=UTF-8
(7/8) Content-Encoding: gzip
(8/8) Content-Length: 137
CONFIG - curl -v --compressed -X POST -H 'Accept-Encoding: gzip' -H 'Authorization: Bearer [TOKEN]' -H 'User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)' -H 'Content-Type: application/json; charset=UTF-8' -H 'Content-Encoding: gzip' -d '@-' -- 'https://www.googleapis.com/calendar/v3/calendars/primary/events/watch' << $$$
CONFIG - Total: 140 bytes
CONFIG - {"address":"https://mysubdomain.mydomain.com/calendar-notification","id":"8bc11345-802b-4f18-bb3b-4e5c0abc53e2","type":"web_hook"}
(1/16) CONFIG - -------------- RESPONSE --------------
(2/16) HTTP/1.1 401 Unauthorized
(3/16) Transfer-Encoding: chunked
(4/16) Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
(5/16) Server: GSE
(6/16) X-Content-Type-Options: nosniff
(7/16) WWW-Authenticate: Bearer realm="https://accounts.google.com/", error=invalid_token
(8/16) Date: Fri, 04 May 2018 16:24:06 GMT
(9/16) X-Frame-Options: SAMEORIGIN
(10/16) Cache-Control: private, max-age=0
(11/16) Content-Encoding: gzip
(12/16) Vary: X-Origin
(13/16) Vary: Origin
(14/16) Expires: Fri, 04 May 2018 16:24:06 GMT
(15/16) X-XSS-Protection: 1; mode=block
(16/16) Content-Type: application/json; charset=UTF-8

because of the HTTP/1.1 401 Unauthorized response, the acces token is now refreshed.

(1/6) CONFIG - -------------- REQUEST  --------------
(2/6) POST https://accounts.google.com/o/oauth2/token
(3/6) Accept-Encoding: gzip
(4/6) User-Agent: Google-HTTP-Java-Client/1.23.0 (gzip)
(5/6) Content-Type: application/x-www-form-urlencoded; charset=UTF-8
(6/6) Content-Length: 229
CONFIG - curl -v --compressed -X POST -H 'Accept-Encoding: gzip' -H 'User-Agent: Google-HTTP-Java-Client/1.23.0 (gzip)' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -d '@-' -- 'https://accounts.google.com/o/oauth2/token' << $$$
CONFIG - Total: 229 bytes
CONFIG - grant_type=refresh_token&refresh_token=[REFRESHTOKEN]client_secret=[CLIENTSECRET]
(1/15) CONFIG - -------------- RESPONSE --------------
(2/15) HTTP/1.1 200 OK
(3/15) Transfer-Encoding: chunked
(4/15) Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
(5/15) Server: ESF
(6/15) X-Content-Type-Options: nosniff
(7/15) Pragma: no-cache
(8/15) Date: Fri, 04 May 2018 16:24:06 GMT
(9/15) X-Frame-Options: SAMEORIGIN
(10/15) Cache-Control: no-cache, no-store, max-age=0, must-revalidate
(11/15) Content-Disposition: attachment; filename="json.txt"; filename*=UTF-8''json.txt
(12/15) Content-Encoding: gzip
(13/15) Expires: Mon, 01 Jan 1990 00:00:00 GMT
(14/15) X-XSS-Protection: 1; mode=block
(15/15) Content-Type: application/json; charset=utf-8
CONFIG - Total: 206 bytes
(1/5) CONFIG - {
(2/5)   "access_token" : "[TOKEN]",
(3/5)   "expires_in" : 3600,
(4/5)   "token_type" : "Bearer"
(5/5) }

The same token as before is returned. The library automatically has another go at watching the calendar.

CONFIG - Total: 140 bytes
CONFIG - {"address":"https://mysubdomain.mydomain.com/calendar-notification","id":"8bc11345-802b-4f18-bb3b-4e5c0abc53e2","type":"web_hook"}
(1/8) CONFIG - -------------- REQUEST  --------------
(2/8) POST https://www.googleapis.com/calendar/v3/calendars/primary/events/watch
(3/8) Accept-Encoding: gzip
(4/8) Authorization: Bearer [TOKEN]
(5/8) User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)
(6/8) Content-Type: application/json; charset=UTF-8
(7/8) Content-Encoding: gzip
(8/8) Content-Length: 137
CONFIG - curl -v --compressed -X POST -H 'Accept-Encoding: gzip' -H 'Authorization: Bearer [TOKEN]' -H 'User-Agent: SomeApp Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)' -H 'Content-Type: application/json; charset=UTF-8' -H 'Content-Encoding: gzip' -d '@-' -- 'https://www.googleapis.com/calendar/v3/calendars/primary/events/watch' << $$$
CONFIG - Total: 140 bytes
CONFIG - {"address":"https://mysubdomain.mydomain.com/calendar-notification","id":"8bc11345-802b-4f18-bb3b-4e5c0abc53e2","type":"web_hook"}
(1/16) CONFIG - -------------- RESPONSE --------------
(2/16) HTTP/1.1 401 Unauthorized
(3/16) Transfer-Encoding: chunked
(4/16) Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
(5/16) Server: GSE
(6/16) X-Content-Type-Options: nosniff
(7/16) WWW-Authenticate: Bearer realm="https://accounts.google.com/", error=invalid_token
(8/16) Date: Fri, 04 May 2018 16:24:06 GMT
(9/16) X-Frame-Options: SAMEORIGIN
(10/16) Cache-Control: private, max-age=0
(11/16) Content-Encoding: gzip
(12/16) Vary: X-Origin
(13/16) Vary: Origin
(14/16) Expires: Fri, 04 May 2018 16:24:06 GMT
(15/16) X-XSS-Protection: 1; mode=block
(16/16) Content-Type: application/json; charset=UTF-8

This attempts fails for the same reason and the acces token is refreshed again and so on ans do on. After a few attempts the library finally stops trying.

I've looked at the questions below, but don't think they describe the same situation: https

1
javacalendargoogle-api-java-clientgoogle-calendar-api

1 Answers

0
votes

So we've finally figured out the solution. There was an error with the domain verification. So the party that made the configuration used https://mysubdomain.mydomain.com/somepath/ in the Domain verification instead of just https://mysubdomain.mydomain.com/.

I've seen error messages like below. Which make it clear that there is an error with the url/domain used for the callback. It would have been helpful to get a message like that, instead of the empty 401 response.

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "push.webhookUrlUnauthorized",
    "message": "Unauthorized WebHook callback channel: XXX"
   }
  ],
  "code": 401,
  "message": "Unauthorized WebHook callback channel: XXX"
 }
}