I'm trying to get a bearer token to upload a file to Microsoft Teams.
When doing a post request to
https://graph.microsoft.com/{tenantId)/oauth2/v2.0/token
body:
client_id,
scope= https://graph.microsoft.com/.default,
grant_type= authorization_code,
client_secret & redirect uri (https://myenvironment.com/callback)
code: I got this by doing a request to
https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize?client_id={client_id}&response_type=code&redirect_uri={redirect_uri}&response_mode=query&scope=https://graph.microsoft.com/.default
I get a 401 Unauthorized with error code InvalidAuthenticationToken and error message Access token is empty.
I'm not sure which api you wanna call here, but I can show you an example. For instance, I want to call this api to upload a file on behalf of me.
Then I need to give api permission for calling this api, you can see api permission here.
Then open the browser to send a request like this
https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize?
client_id=client_id
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost:8080%2F
&response_mode=query
&scope=Files.ReadWrite Files.ReadWrite.All Sites.ReadWrite.All
&state=12345
Then you will get a code in the url, then cope the code.
Post: https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/token
request header
Content-Type:application/x-www-form-urlencoded
request body
client_id:
client_secret:
code: copy_from_browser_url
redirect_uri:http://localhost:8080/
grant_type:authorization_code
scope:Files.ReadWrite Files.ReadWrite.All Sites.ReadWrite.All
Related
has anyone succeeded in connecting to Linkedin API here?
I followed the instructions on the docs but failed to retrieve the Authorization Code.
Here's the result of my POST request to get the access_token
{
"error": "invalid_redirect_uri",
"error_description": "Unable to retrieve access token: appid/redirect uri/code verifier does not match authorization code. Or authorization code expired. Or external member binding exists"
}
I'm using the https//airbyte.io as a redirect_uri
My GET get request to obtain the authorization token is the following:
https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=78oy2gu644mxz2&redirect_uri=https%3A%2F%2Fairbyte.io&scope=r_ads,r_ads_reporting,r_organization_social
I followed a couple advices in the different thread in SO
double checked my client_id and client_secret
encoded the URI in GET request
added scope parameters to the redirect_url at the POST request
Tested the request with the code within 20 seconds window.
Couple of things:
Ensure your redirect URI is also defined within your app's configuration as an allowed redirect URI. See https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin%2Fmarketing%2Fcontext&view=li-lms-2022-11&tabs=HTTPS1#step-1-configure-your-application. The documentation specifies a certain URL to use when testing with Postman.
In your authorization call, your scopes are comma-delimited. They should be space-delimited and URL-encoded. See https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin%2Fmarketing%2Fcontext&view=li-lms-2022-11&tabs=HTTPS1#step-2-request-an-authorization-code.
I'm using the OAuth Authorization Code flow to authenticate the user and authorize my application against the WSO2 Identity Server. I'm using a simple node/express server, with Passport.js, to get the Access Token, and Postman to use that Access Token to make a few test requests to the SOAP APIs.
When using a Bearer Token method to authorize my application, I get the following error in the IS logs: 0 active authenticators registered in the system. The system should have at least 1 active authenticator service registered. I get the following error in Postman: 500 Internal Server Error, with the following response body, <faultstring>Authentication failure</faultstring>.
Here is what it looks like in Postman:
The same Access Token works with a REST API request, like "https://localhost:9443/scim2/Me".
Can anyone tell me what I'm missing here?
SOAP APIs in WSO2 Identity Server cannot be authenticated with Bearer tokens. They can be authenticated with Basic authentication and cookies. That's the reason for getting Authentication failure in the response.
But REST APIs in the Identity Server can be authenticated with Bearer tokens. So /scim2/Me authenticate successfully with access token.
Try to get the Access token manually from Authorize service and use it
Step 1: Get authorization code
https://<is_server_url>:9443/oauth2/authorize?client_id=<id>&redirect_uri=<callback_url>&response_type=code&scope=openid
You will get an authorization code on the callback URL
Step 2: Call token service to get access token
Post https://<is_server_url>:9443/oauth2/token
Content-Type:application/x-www-form-urlencoded
Authorization:Basic <base64encoded "<client_id>:<client_secret>">
grant_type:authorization_code
scope:openid
code:<code_from_step_1>
redirect_uri:<callback_url>
exp:
client_id=**abcdefgh12345678**
client_secret=**xyzsecretkey**
callback_url=**http://locahost/callback**
scope=openid
server: localhost
base64encode(client_id:client_secret)= base64encode(abcdefgh12345678:xyzsecretkey) => YWJjZGVmZ2gxMjM0NTY3ODp4eXpzZWNyZXRrZXk=
GET https://localhost:9443/oauth2/authorize?client_id=**abcdefgh12345678**&redirect_uri=**http://locahost/callback**&response_type=code&scope=openid
it will make a request back to the callback url with a parameter code, lets say code=this01is02your03code, please check your browser address bar
POST https://localhost:9443/oauth2/token
HEADERS
Content-Type:application/x-www-form-urlencoded
Authorization:Basic **YWJjZGVmZ2gxMjM0NTY3ODp4eXpzZWNyZXRrZXk=**
BODY
grant_type:authorization_code
scope:openid
code:this01is02your03code
redirect_uri:http://locahost/callback
this will return an access token, let say token returned by the server is 12345678ASDFGH
Now you could use this token to call any RestFull or SOAP service
Authorization: Bearer 12345678ASDFGH
I allow users to authorize their Microsoft accounts using oAuth and the Microsoft Graph API. I am using this omniauth strategy to facilitate the authorization. In the OmniAuth strategy, it includes the resource for both authorize_params and token_params "https://graph.microsoft.com". This allows me to authenticate just fine but when I go to refresh the auth, I get this error returned:
{"error"=>"unauthorized_client", "error_description"=>"AADSTS70001: Resource 'https://graph.microsoft.com/' is not supported as resource.\r\n"}
Along with a trace_id and some other things that I will post if needed.
The endpoint I am hitting to refresh is POST https://login.microsoftonline.com/common/oauth2/v2.0/token with the client_id, refresh_token and grant_type: "refresh_token" params.
Refreshing this oAuth token was working fine as recently as last week. Did something change with the Microsoft Graph API or something?
You may want to take a look at Refreshing a Token.
It sounds like you were partially there, you were just missing some additional parameters:
grant_type - Set as refresh_token
refresh_token - The refresh token value you received from the Provider
client_id - This is your Application ID from above
client_secret - This is the Password we generated before
scope - This should match the same set of scopes you first requested
redirect_uri - This is the redirect URI defined in your application registration
These are formatted application/x-www-form-urlencoded in you POST to https://login.microsoftonline.com/common/oauth2/v2.0/token
POST URL: https://login.microsoftonline.com/common/oauth2/v2.0/token
POST HEADER: Content-Type: application/x-www-form-urlencoded
POST BODY: grant_type=refresh_token&refresh_token=[REFRESH TOKEN]
&client_id=[APPLICATION ID]&client_secret=[PASSWORD]
&scope=[SCOPE]&redirect_uri=[REDIRECT URI]
Turns out it was as simple as I was authing to v1.0 but attempting to reauth to v2.0. Not sure why this worked up until now but ensuring they are hitting the same version of the API has solved the issue.
I am trying exchange authentication code to access token on OAuth2.
I sent a request to google using GET request, and I got a code. And now I'm trying to exchange the code to access token.
I sent request to https://accounts.google.com/o/oauth2/token with these arguments
using POST request
code=[Authentication code]
client_id=[Client ID]
client_secret=[Client Secret]
redirect_uri=urn:ietf:wg:oauth:2.0:oob
grant_type=authorization_code
But google responsed like this with 400 error
{
"error" : "redirect_uri_mismatch"
}
I created Client ID on google developers console. I used type 'Installed Application'.
I also tried:
request_uri=#://localhost:8081
request_uri=#://localhost:8081/
(# means http. I edited on my phone, so I couldn't insert code block for http)
But it didn't worked.
What's wrong with request?
Check these 2 steps below
The redirect uri to retrieve auth code and access token should be same
Use the same redirect uri that you configured while creating the application, screenshot below
How I can make authenticated request if I have access token?
I follow this post:
https://developer.linkedin.com/documents/authentication
and pass access token like this:
https://api.linkedin.com/v1/people/~?oauth2_access_token= some token
I always receive error:
<error>
<status>401</status>
<timestamp>1412404356540</timestamp>
<request-id>01GPXMMPI4</request-id><error-code>0</error-code>
<message>Invalid access token.</message>
</error>
Can somebody give me some advice? I am very new in OAuth.
Access token should not be sent in the query string. It should be included in the header in the authorization field.
GET /v1/people/~
...
Authorization: Bearer <access_token>