I am trying to create an onlineMeeting in CURL.
I granted all the permissions related to users and onlineMeetings for the App.(Both delegated and application). Also the user I use in the <my_user_id> is the global admin.
I first got the bearer token using client_credentails. Here was my request for it:
> curl -X POST -d
> 'grant_type=client_credentials&client_id=<my_client_id>&client_secret=<my_client_secret_value>&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default'
> https://login.microsoftonline.com/<my_tenant>/oauth2/v2.0/token
I received a bearer token for the above request.
Now I used this bearer token to create an onlineMeeting using this request:
curl -X POST 'https://graph.microsoft.com/v1.0/users/<my_user_id>/onlineMeetings' -d '{"startDateTime":"2023-07-12T14:30:00", "endDateTime":"2023-07-12T16:30:00", "subject": "testMeeting"}' -H "Content-Type: application/json" -H "Authorization: Bearer <bearer_token>"
This above request is giving me the below error:
{"error":{"code":"Forbidden","message":"","innerError":{"request-id":"<some_req_id>","date":"2023-02-02T15:37:46","client-request-id":"<some_id>"}}}
I thought this might be because of the bearer toke. But its not, as when I use the same bearer token in getting users, it is working fine. Like this below request:
curl -X GET 'https://graph.microsoft.com/v1.0/users' -H "Content-Type: application/json" -H "Authorization: Bearer <bearer_token>
According to the doc if you are using application permission for this API, tenant administrators must create an application access policy and grant it to a user to authorize the app configured in the policy to create online meetings on behalf of that user (with user ID specified in the request path).
Check details: Configure application access to online meetings
Related
I have an app which is protected by azureAD app registration. everytime user hits an URL, say, https://myapp.com/listall in browser they are presented with azure login screen. This is working as expected.
I was wondering how can I make curl requests to these endpoints from my terminal. When I try it now I get 302 NOT FOUND, as my request is getting redirected to login screen. when I try this form postman I see browser(HTML, CSS) code for azures login screen.
I am expecting something like.
make a curl request to obtain a token.
Use this token to subsequent curl requests.
I am making this curl request to get a token
-H "Content-Type: application/x-www-form-urlencoded" \
--data \
"
grant_type=client_credentials&
client_id=<client-id>&
client_secret=<client-secret>&
resource=https%3A%2F%2Fmanagement.core.windows.net%2F
"
I get a token back and then I make request something like this.
curl -X GET "https://myapp.com/listall" -H 'Content-Type: application/json' -H "Authorization: Bearer eyJ0eXAiOiJKV1....."
am I on the right path? how can I achieve this so that I can make curl requests to apps protected by azure AD app registration ?
I tried to reproduce the same in my environment and got the access token successfully.
Please note that the resource URL you are using is for classic deployed resources and https://management.core.windows.net/ corresponds to Azure Service Management API which is now changed to https://management.azure.com/
To get the access token, I made CURL request like below:
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \
https://login.microsoftonline.com/your_tenant_id/oauth2/token\
-d 'client_id=your_app_client_id' \
-d 'grant_type=client_credentials' \
-d 'resource=https://management.azure.com/' \
-d 'client_secret=*******************'
To call the above CURL request in Postman, please follow below steps:
Run Postman -> Import -> Select Raw Text -> Copy the above CURL request and paste in raw text field -> Continue -> Import -> Send.
Response:
After getting the token, I made API call like below:
curl -X GET "Your_API_Call_http_link" -H 'Content-Type: application/json' -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJS....."
Make sure to grant API permissions for your API before calling it in Postman. Ensure to select access tokens and id tokens check boxes for your Azure AD app.
I'm logging to my app using oauth2 with keycloak. How can i get the authorization code that oauth2 should return?
I need it to get the token from an authorization server using following curl:
curl -X POST \
https://url/protocol/openid-connect/token \
-H 'cache-control: no-cache' \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'grant_type=authorization_code&client_id=app_id&authorization_code=<authorization_code>'
here is sample request to take authorization code
GET http://<authorization-server>/oauth/authorize?response_type=code&client_id=app_id&redirect_uri=http:%3A%2F%2Fyourapplication.com%2F/login
these informations (client_id and redirect_uri) must be registered at authorization server, and authorization code url is generally /oauth/authorize but check your openid providers' url. (in your case, probably /openid-connect/authorize)
after hitting this request, the authorization server redirects you to login page. you enter your credentials, then it redirects you with code to your application which provided by redirect_uri. For example,
HTTP 302, http://yourapplication.com/login?code=<your-authorization-code>
I am referring https://api.slack.com/docs/oauth#flow to obtain access token in PostMan.
Also, I have downloaded repo of slack api from https://github.com/lonelyclaud/slack-api-postman
Below command returns status 200, but no authorization code.
curl -X GET \
'https://slack.com/oauth/authorize?client_id=9XX331444993.996747590037&scope=team%3Aread+users%3Aread%20' \
-H 'Postman-Token: f2dc4c20-5b7d-4ed2-b71f-08ecad81fd8c' \
-H 'cache-control: no-cache'
Can someone explain how to obtain code, which in turn will be used to obtain token?
Got my answer, here is the link to obtain the auth token using Postman Create a Slack app and authenticate with Postman
I am trying to renew the token generated through API Manager.
The curl statement for generate token is:
curl -k -d "grant_type=client_credentials" -H "Authorization: Basic TDQ0SktDZm5DcVVDSVBjdGYwVDIyRWwwUGY4YT
o2d19NQm9xYnBFXzRLNHR0Wkc0NXhxd0NMTDRh , Content-Type: application/x-www-form-urlencoded" https://10.108.106.214:8250/token
The response is
"scope":"am_application_scope default","token_type":"bearer","expires_in":1094,"access_token":"6d1d0f8afbd147d24bcd42bbc5361a1"
Based on the documentation it is supposed to generate a retoken which is not being genarated. What am I missing?
Also when I pass the grant_type as refresh_token. I get a invalid grant error.
curl -X POST -H "Authorization: Basic TDQ0SktDZm5DcVVDSVBjdGYwVDIyRWwwUGY4YTo2d19NQm9xYnBFXzRLNHR0Wkc0NXhxd0NMTDRh" -H "Content-Type: application/x-www-form-urlencoded" -d 'grant_type=refresh_token&refresh_token=6d1d0f8afbd147d24bcd42bbc5361a1' 'https://10.108.106.214:8250/token'
I am referring to the documentation in the URL
https://docs.wso2.com/display/AM191/Token+API#TokenAPI-RenewingaccesstokensRenewing
So what am I missing?
According to the OAuth 2.0 Authorization Protocol specification, grant_type client_credentials should not issue refresh token.
4.4.3. Access Token Response
If the access token request is valid and authorized, the authorization
server issues an access token as described in Section 5.1. A refresh
token SHOULD NOT be included.
You have to use Password Grant Type
Request :
curl -k -d "grant_type=password&username=admin&password=admin" -H "Authorization: Basic bkxidjNPTnYxQ25iTXBRY2E3V3hPajdaMUVZYTpuTUQzX0tKQkhGRmxFUUlXdllmSjdTUFlleThh, Content-Type: application/x-www-form-urlencoded" https://localhost:8243/token
Response :
{"scope":"default","token_type":"bearer","expires_in":3247,"refresh_token":"91729a78a96b58d80d869f3ec2ce8b8","access_token":"ec54b39dd9503c9f65df84b67ea586"}
Use the refresh_token to Renewing access tokens
If i am not mistaken, in the response you have received.
"scope":"am_application_scope default","token_type":"bearer","expires_in":1094,"access_token":"6d1d0f8afbd147d24bcd42bbc5361a1"
This is the new access token.
access_token":"6d1d0f8afbd147d24bcd42bbc5361a1"
Take note of the current token, then run the curl command again. The response should be a different token.
I am very new to WSO2 and am still evaluating it - mostly through Fiddler. It is my understanding that I should be able to obtain an OAuth token by calling WSO2's Login API. I have attempted various URLs (in Fiddler) along the lines of:
// Based off a blog post : http://lalajisureshika.blogspot.com/2012/11/generate-application-tokens-user-tokens.html
http://localhost:8280/login?grant_type=password&username=admin&password=admin&scope=PRODUCTION
Authorization: Basic cFNET0lab1RnMHRBODRCWmQ4bTRBbnp1c0RZYTpZREIzZzh3RXhQOV92ZTdZX1drYVhieWx5ZlVh
When I execute the above URL, I receive (403) No matching resource found in the API for the given request.
I can use the the "Access Token" (via the Bearer tag) and the APIs work. I just can't figure out how to obtain the OAuth token for actual runtime use.
Any pointers/ideas?
--- Thanks, Jeff
Setup Identity Server [domain:9443]
Create OAuth2 application, and get client id + consumer key
Get Base64 encoded of clientId:consumerKey - replace this for Authorization Basic xxxxx
Replace the REST endpoint for token generation - This you should get in oauth application on management console [in our case https://domain:9443/oauth2/token]
And below curl command should give you the response
curl -k -d "grant_type=password&username=sasikumar#domain.com&password=xxxx1234" -H "Authorization" -H "Authorization: Basic X2dhWllidkN6TDNQY2ZqSmVBQ1lsNlg2SFdRYTpSQVlSMmxOZzQ0enU5ZXVGSDRDVXdOUWRudlVh, Content-type=application/x-www-form-urlencoded" https://domain:9443/oauth2/token
You can directly access OAuth2 REST web service to access the token.Here is how you can access token using curl
curl --user ConsumerKey:ConsumerSecret -k -d "grant_type=password&username=admin&password=admin" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2endpoints/token
Below is an example using cURL tool available in linux by default ( you can install cURL for windows explictly)
curl -v 4 -X POST -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "grant_type=password&username=&password=&client_id=&client_secret=" https://:9443/oauth2/token
to obtain the client_secret & client_id you have to register a app in wso2is.
There are free tools available to construct the above request or directly use the above parameters and to get the token.
Setup Identity Server [domain:9443]
Create OAuth2 application, and get client id , consumer key and url.
Process post request by using 'poster' with bellow details ,
URL :- which get from oauth application
Content Type :- application/x-www-form-urlencoded
body:- grant_type=password&username=your username&password=your password&client_id=your client id&client_secret=your client secret