When I use this endpoint in postman https://discordapp.com/api/guilds/1068721953185206354/members/460428342781542402
I keep getting
{ "message": "Invalid OAuth2 access token", "code": 50025 }
the status code is 403
Here are my headers and body:
Response
Headers
`Body
Please help I have looked everywhere and nothing worked.
I have tried to reset the token a couple try (Revoke it then regenerate it)
I have tried to use it on https://discord.com/api/oauth2/#me and it worked so it's not the access token.
I have tried to use https://discordapp.com/api/guilds/1068721953185206354/members/460428342781542402 as PATCH and it did tell me the info of the user.
I have searched everywhere on the internet.
I have checked that the bot is on the same application as the token
Related
The request https://www.googleapis.com/youtube/v3/members fails with code 403 "Access forbidden. The request may not be properly authorized." even in the Google OAuth 2.0 Playground while all other requests succeed. Does that mean I am missing the approval from YouTube? I have completed the forms to request the approval several weeks ago, but I have yet to get any response from YouTube.
API request with parameters used
https://youtube.googleapis.com/youtube/v3/members?part=snippet
Result
{
"code" : 403,
"errors" : [ {
"domain" : "youtube.common",
"message" : "Access forbidden. The request may not be properly authorized.",
"reason" : "forbidden"
} ],
"message" : "Access forbidden. The request may not be properly authorized."
}
Expected result
Response body with Members List
Is it 100% reproducible?
Yes
Reproducible API explorer link
https://developers.google.com/oauthplayground/
approval
If you check the top of the page for
members.list you will see that this method has been replaced by sponsors.list
So calling Members.list isnt going to work. You ened to call sponsors.list and you need permission from google inorder to call that
authorization
Assuming you have summited the form and requested access to the new sponsors.list method and have been granted access you should know that calling memebers.list wont work. As its been deprecated you need to call sposors.list and it needs to be authorized. I would guess with the same scope as before.
The message is telling you that you have summited the request without being properly authorized to access the data.
Access forbidden. The request may not be properly authorized.
You need an access token sent as an authorization header before you will be able to make that call please check authorization
As this new method isn't documented I would have to guess it would be something like this.
GET https://youtube.googleapis.com/youtube/v3/sponsors?part=snippet?key=[YOUR_API_KEY] HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json
If you have been granted access to this method then you might have an email contact at google that you can ask what the actual call is if its not working.
Within my application I generate an access token via
GET https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/authorize?client_id=<CLIENT_ID>&response_type=code&response_mode=query&scope=user.read+mail.send+mail.readwrite&redirect_uri=https%3A%2F%2Fgraphresponse%2F&prompt=consent
to use the code on
POST https://login.microsoftonline.com/<TENANT_ID>/oauth2/v2.0/token
with application/x-www-form-urlencoded: grant_type=authorization_code&redirect_uri=https%3A%2F%2Fgraphresponse%2F&client_id=<CLIENT_ID>&scope=user.read+mail.send+mail.readwrite&client_secret=<CLIENT_SECRET>&code=<CODE>
So far so good, i receive a bearer token like this (formatted for readability):
{"token_type":"Bearer",
"scope":
"Mail.Read Mail.Read.All Mail.Read.Shared
Mail.ReadBasic Mail.ReadWrite Mail.ReadWrite.Shared
Mail.Send openid User.Read profile email",
"expires_in":3600,
"ext_expires_in":3600,
"access_token":"<TOKEN>"
}
and I can use the following endpoints
GET http://graph.microsoft.com/v1.0/me
POST http://graph.microsoft.com/v1.0/me/sendMail
POST http://graph.microsoft.com/v1.0/me/messages
but I get the following error
GET http://graph.microsoft.com/v1.0/me/messages
{
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"request-id": "xxxxxxx",
"date": "2019-03-12T13:38:47"
}
}
}
Did I miss any configuration that is neccessary explicitly to read the current users inbox, or is there any admin configuration required?
As you are trying with authorization code flow so you need follow the below
step to access
https://graph.microsoft.com data.
Note:
Make sure you have office 365 user account registered
All Required permission grant
As the document explain first you need token request code
response_type = code
To do that there are two ways.
From postman request and From browser with your required credentials
Here I would show postman workaround you could also try it pasting on browser.
Postman Code Access Example
Here make sure in portal you have configure this URL as expected see the below screen shot:
To get v2.0 token request access code set request endpoint to:
https://login.microsoftonline.com/common/oauth2/v2.0/token
Content type to : application/x-www-url-form-urlencoded
See the screen shot below:
Now Click on Authorization tab and select type OAuth 2.0 and click on Get New Access
Token. See the screen shot below:
You Will prompt postman popup like below:
Enter Your necessary information here and click Request Token
In postman console body segment you will get access code for token request. See the screen shot below:
Copy the code for next use.
Now add a new tab on post man for token request like below:
In response you will get you access token like below:
Now with this token request to your expected endpoint for example http://graph.microsoft.com/v1.0/me
See the screen shot below:
In response you will get your endpoint data as expected
See the screen shot below :
If you have any more question just let me know Thank You.
I have scoured the web to try and find an answer to what seems to be a simple solution but unable to come across one.
I am using Postman. On the Authorisation tab, I have entered the details as defined in the Twitter Application Management.
In the header, I have a key of Authorization and value of
OAuth oauth_consumer_key="my-consumer-key",
oauth_token="my-consumer-token",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1538075001",
oauth_nonce="zXeiLqV5GzK",
oauth_version="1.0",
oauth_signature="SYdcrIrRT6jdgo57b1qP9a9THcc%253D"
When I run a GET request for https://api.twitter.com/1.1/search/tweets.json?q=test I get the expect results.
However, trying to search for a hashtag
https://api.twitter.com/1.1/search/tweets.json?q=%23test&include_entities=true I get the following in the response body
{
"errors": [
{
"code": 32,
"message": "Could not authenticate you."
}
]
}
with a status of 401: Authorization Required
Why would this be the case, would there be a step I missed in setting up or can you not search for hashtags on the free version?
Any help would be appreciated.
Solution is to use OAuth2
Twitter OAuth1 seems to have issue with url encoding.
I ended up using OAuth2 too. Requesting Bearer's Token to https://api.twitter.com/oauth2/token and giving it App Consumer API keys as authorization credentials.
Reference can be found here
I am trying to work with the Box API and need an access token. I followed the tutorial video here: https://www.youtube.com/watch?v=ha26tN8amI0 to get an authorization code and then exchange it for an access and refresh token. Here is the post request I made into Post Man:
https://api.box.com/oauth2/token?grant_type=authorization_code&client_id=<my_client_id>&client_secret=<my_client_secret>&code=<code_given_on_redirect>&redirect_uri=http://0.0.0.0
The response I get is:
{
"error": "invalid_client",
"error_description": "The client credentials are invalid"
}
Unless I am completely losing my mind, I am positive I am entering the correct client_id and client_secret from my application page. (I tried several times.)
I sent this post request in less than 30 seconds after it was generated.
Any idea what I might be missing? Thanks.
I am having the same problem that is described in LinkedIn OAuth2: "Unable to verify access token"; however, the solution described there does not fix my problem.
I am able to successfully request an access token; however, when I make a request with it (using either the Authorization header or the oauth2_access_token query param), I get a 401 failure:
$ curl "https://api.linkedin.com/v1/people/~?format=json&oath2_access_token=############"
{
"errorCode": 0,
"message": "Unable to verify access token",
"requestId": "Z9ZJ1MOUM0",
"status": 401,
"timestamp": 1440096560396
}
$curl --header "Authorization: Bearer #############" 'https://api.linkedin.com/v1/people/~?format=json'
{
"errorCode": 0,
"message": "Unable to verify access token",
"requestId": "Y1P2PEBEC3",
"status": 401,
"timestamp": 1440096564518
The strange thing about this is:
This problem doesn't surface if the user is logged into Linkedin.
If you wait five minutes, the request will just start working.
My guess this is a bug in Linkedin about latency of authorizing access codes based the users' logged in state, but I don't know.
Also I find it strange that the Linkedin authorization form reads, "Sign in to LinkedIn and allow access:"; however, when you put in your credentials and click "Allow access", you are not actually logged into Linkedin.
My code was working fine on last week. Anyone else seeing this?
Looks like you have oath2_access_token there instead of oauth_access_token ? Not sure if this is a hand-paste failure or the actual issue.
curl "https://api.linkedin.com/v1/people/~?format=json&oath2_access_token=############"
Try this it work for me
get('https://api.linkedin.com/v1/people/~?oauth2_access_token=*******&format=json');
Hope that help some one
This seems to be caused by triggering a security watchdog, i.e. after an invalid request or after requesting several access tokens without using them linkedin seems to stop validating tokens and responds 401 instead.
in fact you need to add the two following header :
Authorization : Bearear #ACCESS TOKEN#
x-li-src : msdk
regards