enter image description here
The obtained token is followed by an ellipsis
Related
I am trying to get profile picture from Microsoft Graph API using keycloak token.
But it is getting unauthorised when I use keycloak token, if i use token from Microsoft identity it is working fine and returning profile picture.
I am unable to get proper documentation on this. Please share if anybody got/have.
You need to execute a token exchange, where you exchange Keycloak token (not valid for Microsoft Graph API) for a Microsoft token (valid for Microsoft Graph API).
So far, I have found this question in official keycloak blog and is really helpful to proceed.
https://keycloak.discourse.group/t/is-it-possible-to-use-an-keycloak-accesstoken-to-get-access-to-the-microsoft-graph/6831
I already read some topics here
AWS cognito - Is it possible to get google access token and refresh using aws access token when sign in using google in from aws cognito
https://github.com/aws-amplify/amplify-js/issues/3619.
The first one said I can't get Google Refresh Token from AWS Cognito.
The second one said AWS Cognito auto refresh Google Access Token and return to me when I call refresh AWS Cognito token.
So what is true?
I try to mapping Google Access Token and Refresh Token by using this
https://medium.com/graymatrix/using-custom-attributes-in-amazon-cognito-user-pool-288cd3128bae
After that i only get Google Access Token without Google Refresh Token.
Can someone tell me how to get Google Refresh Token from AWS Cognito? Or the official AWS document on this issue.
I was facing the same problem: I use Google as federated ID provider and I only got an access token back. Tried different auth flows, read pages over pages of documentation. I finally found (by trial and error): Disable the implicit grant in the user pool. Then Cognito starts sending the refresh token. You then have to use the authorization code grant flow, of course. But that's rather simple using a library such as oauth2-pkce.
I'm using the google calendar API since 2012, but it stopped working now.
Error response returned: Invalid Credentials
So i went through my notes and looked up how i did this. (I only did this once) I got the developer key from https://code.google.com/apis/console
They key is still there and its the same key.
But apparently i got the CONSUMER_KEY and CONSUMER_SECRET
from Google Apps for Business account (Advanced Tools > Manage OAuth domain key)
I can't get there anymore. Or i dont know how to find this in google apps. Google apps is not even called google apps anymore. Does anybody know where i have to look?
As stated in this documentation, that error means that the access token you're using is either expired or invalid. Suggested action is to refresh the access token using the long-lived refresh token. If this fails, direct through the OAuth flow, as described in Authorizing Your App with Google Drive.
CONSUMER_KEY and CONSUMER_SECRET are also known as your "API key" and "API secret".
Check these related GitHub issue and SO post which might help.
I am looking for concrete information regarding the state of RFC7636 (proof key for OAuth token exchanges) in Google's OAuth2 APIs.
Google exposes an OAuth 2.0 and OIDC provider API where access tokens can be obtained. There is a proposed standard described in RFC7636 for using proof keys in token exchanges which we have started using in our integrations with major identity providers. Some accept the proof key, others ignore it; Google seems to be aware of it but fails to validate the proof key. I have not been able to find any mention of this wrt Google.
In concrete terms, when following the authorization code flow of OAuth 2.0 with Google as the provider we generate a random number, hash it using SHA256, base64 URL encode it, and then pass it to https://accounts.google.com/o/oauth2/v2/auth as parameter "code_challenge" and "code_challenge_method" as per the spec.
The endpoint accepts the parameters and issues an authorization token as usual. When obtaining the access token we call https://www.googleapis.com/oauth2/v4/token with the code_verifier; the endpoint returns the following HTTP 400 error which suggests that there is some awareness of code verifiers:
{
"error": "invalid_grant",
"error_description": "Missing code verifier."
}
Google's OAuth documentation at developers.google.com/identity/protocols/OAuth2 does not mention any of these parameters; the API playground does not extend to playing with the OAuth2 auth and token endpoints. Any insight would be greatly appreciated.
I was having this same problem using AppAuth and an Android clientId. In order to fix it I had to set a matching 'code_verifier' field on both the authorization and token requests. You can find a more in depth description in this post: invalid_grant trying to get oAuth token from google
I've been trying to implement 'Sign in with Twitter', but I'm stuck at trying to work out how to get an OAuth token secret for the user.
The Twitter API docs (here) say:
To start a sign in flow, your application must obtain a request token by sending a signed message to POST oauth/request_token
...
The body of the response will contain the oauth_token, oauth_token_secret, and oauth_callback_confirmed parameters
And the docs for creating a signature (here) say:
The value which identifies the account your application is acting on behalf of is called the oauth token secret. This value can be obtained in several ways, all of which are described at Obtaining access tokens.
And the 'obtaining access tokens' page links back to here, completing the circle.
How can I obtain a token secret if I need a token secret to sign the request to obtain the token secret? What the heck?
From the docs on creating a signature:
Note that there are some flows, such as when obtaining a request token,
where the token secret is not yet known. In this case, the signing key
should consist of the percent encoded consumer secret followed by an
ampersand character '&'.
You received a consumer secret when you registered for an API key. This is what you want to sign with to obtain a request token.
I would highly recommend looking into using a library which implements at least the oauth basics such as signing if not a Twitter API library, assuming one is available for your language of choice.