https://appleid.apple.com/auth/revoke This api for revoking auth from the apple account and getting 200 OK response but still not able unlink apps from apple so do we need to call token api for an access token? If yes here is the screenshot.
API for token generating AuthToken API getting invalid_request so how can we unlink apps from the apple setting account?
As per my understanding.
For https://appleid.apple.com/auth/token
Is client_id the bundle ID right?
Is client_secret the identityToken provided by Apple during the Sign In process?..
Is grant_typeauthorization_code or refresh_token
Below Both Not Understood How to Get and also with auth/token it return token which we able to pass in auth/revoke API ?
code
refresh_token
I'd really appreciate it if someone can explain what should I do with the info provided during Sign in with Apple flow (UserId, IdentityToken, and AuthorizationCode) in order to properly implement the Revoke Tokens API.
Related
https://appleid.apple.com/auth/revoke This api for revoking auth from the apple account and getting 200 OK response but still not able unlink apps from apple so do we need to call token api for an access token? If yes here is the screenshot.
API for token generating
AuthToken API getting invalid_request so how can we unlink apps from the apple setting account?
My application needs to log in to each user and generate the bearer token for each of them. By using the bearer token I can fetch the result using Twitter API v2. Anyone, please help me how can I do that.
The bearer token is specific to your application, NOT to the user. Bearer token / app only authentication is JUST for the app, not for the user. The first time you create the app on the Twitter developer portal, you get the bearer token which you should save in your password manager.
The account token - when a user is logged in to your app - is different. If you need this, you can also generate it on the developer portal FOR YOUR ACCOUNT ONLY, or you can make your app implement sign-in with Twitter via OAuth 1.0A. These tokens will enable your app to operate for a user and port new Tweets, like Tweets, create lists, etc.
I've seen these questions about using Postman in order to invoke Google's API with OAuth 2:
Using Postman to access OAuth 2.0 Google APIs
Could not obtain Google oAuth 2 token on POSTMan
and many more, but they all have client ID and client secret.
For the 'Save to Android Pay' API, all I got is a .p12 key and an issuer ID. I also have Service Account Email Address but defiantly no client id or secret. I think I also have the Auth URL but I'm not sure: https://www.googleapis.com/auth/wallet_object.issuer
Looking in the Save to Android Pay API, doesn't say anything about a client id so I'm really not sure how I'm supposed to obtain a token in POSTMAN with what I have.
So my question is: giving a .p12 key, an issuerId and a Service Account Email Address, What do I need to fill in POSTMAN OAuth 2 fields:
Token Name, Auth URL, Access Token URL, Client ID, Client Secret, Scope (Optional), Grant Type
To obtain OAuth 2.0 client credentials, you need to register an application to the Google API Console as specify in the basic steps and then you'll get a client ID and client secret.
We have a desktop app (Delphi XE2) that gets an oauth request token from Intuit and fires off the URL call to Intuit where the user authorizes our app. This half of the oauth dance seems to be working.
The problem we are running into is getting the Access Token and Access Token Secret. We never seem to get it.
Details:
This is for QuickBooks v3 API.
We have a web service setup to handle the callback whose URL we pass along when we make the call to get with request token to https://appcenter.intuit.com/Connect/Begin
That opens the Intuit web page with our test company and our app listed. When we grant access to our app from the Intuit site the web browser is redirected to our callback URL and that contains an oauth token (which I'm not really sure is our access token) but we never get the access secret. That's the missing thing for us.
Is the token we are getting in the callback our access token?
If so how do we get the access secret? Is that token another token to be used to make another call to https://oauth.intuit.com/oauth/v1/get_access_token where we would obtain our access token and secret?
I tried using the token returned to our callback URL as a token for the "get access token" url and that gave me unauthorized errors.
If the token returned to our callback URL is not the access token where/how the heck do we get it?
Any help or direction is appreciated.
UPDATE:
So, it turns out I was missing one entire step of the OAuth dance.
After the user authorizes access and that passes the original request token and a verifier key to our web service. That verifier key is used with the original token in yet another call to Intuit to get the access token and access token secret.
Cheers!
TJ
The initial callback returns to you a request token, which you then have to send back to Intuit via the get_access_token URL to get an access token and secret.
Intuit instructions:
Implement OAuth in Your App
The OAuth spec it refers to is RFC 5849.
You can refer the sample V3 APP.
https://github.com/IntuitDeveloperRelations/QuickbooksV3API-Java
To be specific, please refer
OAuthController.java and OAuthHelper.java
Thanks
What is the url or request for revoking access token in live.com OAuth?
The similar request on Google Oauth is:
POST https://accounts.google.com/o/oauth2/revoke?token=%access_or_refresh_token%
From this link: http://msdn.microsoft.com/en-us/library/ff752110.aspx, it appears that revoking consent is a manual process and even then, it does not immediately revoke a token.