I am trying to fetch User profile picture from Microsoft Graph API by using keycloak access token. But I am getting the following error from keycloak API
{
"errorMessage": "Invalid token."
}
API - http://localhost:8080/auth/realms/{Realm name}/broker/{identity provider}/token
Header - Authorization: Bearer {accessToken}
Related
We are using keycloak to handle authentication (client/secret) in our API Gateway.
The Kong api service uses konnect-managed-plugin to refer to keycloak to authenicate client credentials and return a bearer token.
Future calls to other endpoints use oauth2-introspection to verify the bearer token via keycloak introspection
I almost have this working however, when I authenticate via Kong api gateway, it returns a bearer token, but this token fails introspection.
If I auth straight to keycloak, the bearer token works for introspection.
eg
Token from:
http://kongapigateway.domain/getOAuthToken
NOTE: We have not yet set up ssl on the kong api gateway
Returns:
{"access_token":"ey..ZiUQyw","expires_in":900,"refresh_expires_in":0,"token_type":"Bearer","not-before-policy":0,"scope":"email profile"}
Calling api endpoint in kong that uses introspection fails:
http://kongapigateway.domain/bookings
{
"error_description": "The access token is invalid or has expired",
"error": "invalid_token"
}
Direct call to keycloak introspection also fails:
https://keycloak.domain/auth/realms/{Realms}/protocol/openid-connect/token/introspect
{
"active": false
}
However if I get token direct from keycloak server:
https://keycloak.domain/auth/realms/{Realms}/protocol/openid-connect/token
{"access_token":"eyJhb...4lT8w","expires_in":900,"refresh_expires_in":0,"token_type":"Bearer","not-before-policy":0,"scope":"email profile"}
The token works for both endpoints:
http://kongapigateway.domain/bookings and https://keycloak.domain/auth/realms/{Realms}/protocol/openid-connect/token/introspect
So why doesn't the introspection work for the token returned in the first scenario
You can fix this by setting Keycloak's frontend URL to your public URL. For details please refer to my answer to another but similar question.
I've a Node.js API which is authenticated using passport and passport-azure-ad's OIDC strategy.
After User's authentication I get User's profile, access_token, refresh_token, sub and ISS.
Then I use the same access_token to get User's details from Microsoft graph using this API - https://graph.microsoft.com/v1.0/me
When I request, it prompts me this error,
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure.",
"innerError": {
"request-id": "04048b3a-7636-4197-88ef-1f08d3a07c9e",
"date": "2018-12-26T09:40:58"
}
}
}
When I use OAuth 2.0 and get the access_token and use that access_token to access the same API, the details are returned successfully.
Although even I tried matching the access_tokens returned by Open ID connect and OAuth 2.0, they differ despite logging in as a same user.
I don't understand why the access_token returned by the Open ID connect didn't worked.
i'm trying to integrate the Fitbit SDK in my iOS app. I have created project on fitbit now i'm running there API in Postman to check profile, but in response it is showing me invalid access token,
{
"errors": [
{
"errorType": "invalid_token",
"message": "Access token invalid: 39ec7defa6f0e33b314bbf6217279b15. Visit https://dev.fitbit.com/docs/oauth2 for more information on the Fitbit Web API authorization process."
}
],
"success": false
}
This is my API https://api.fitbit.com/1/user/-/profile.json and this is what i'm passing in header, Authorization : Bearer Client Secret But it is showing me status code 401 having error of invalid access token . How can i get the access token for my app?
You need to get an OAuth2.0 token from the FitBit authentication service before you can call any other endpoints on the API. You will need to redirect your app to Safari and go to the fitbit authentication service so that the user can log in and authorise your apps access to their FitBit data. The callback will then return an OAuth token that you can pass in subsequent requests.
You will need to call something like this:
https://www.fitbit.com/oauth2/authorize?response_type=code&client_id=%#&scope=%#&redirect_uri=%#"
This is the official fitbit documentation for Authorisation:
https://dev.fitbit.com/build/reference/web-api/oauth2/
I authenticated the REST server and got a token in the cookies. This token allowed access to the REST server, but I want to interact with the authentication service.
Github responses with that message
{
"message": "Bad credentials",
"documentation_url": "https://developer.github.com/v3"
}
Gitlab returns only
401 (Unauthorized)
I'm using token returned from cookies as HTTP header
Authorization: `token`
Authorization: bearer `token`
Authorization: token `token`
I am trying to access token from one-time code using Google oAuth2. But I am getting an error message redirect_uri_mismatch in the response. However i've already added the redirect_uri in console.
I have my Authorized redirect uri as:
http://localhost:3020/api/users/google_oauth_store_token
My request:
Request URL = https://www.googleapis.com/oauth2/v3/token?code=xXXXxx&client_id=xxxxxx&client_secret=xxx&redirect_uri=http://localhost:3020/api/users/google_oauth_store_token&grant_type=authorization_code
My response:
response = {
"error": "redirect_uri_mismatch",
"error_description": "Bad Request"
}
That was my mistake. I had to use the redirect_uri that i had used in one-time redirect uri. Google uses one of the redirect_uri to rest the client origin.