I'm try to request call this route api.twitter.com/2/users/:id/following also getting the error :
Authenticating with OAuth 2.0 Application-Only is forbidden for this endpoint. Supported authentication types are [OAuth 1.0a User Context, OAuth 2.0 User Context].
I've trying to understand how I should generate an oauth token valid for this request, but i'm a bit lost! I've all the pipe line for the user authentication and for the last request I can get all user data including userToken and tokenSecret how i can use that info to generate the token for my request?
Also I've try to generate a token generate with apiKey and apiSecret withtou success
curl -u 'apiKey:apiSecret'
--data 'grant_type=client_credentials'
'https://api.twitter.com/oauth2/token'
I'm really lost using twitter api because of the multiples ways to authenticate
The curl command you're using will give an App-Only token, this won't work if you're trying the POST /2/users/:id/following endpoint. Follow this guide on generating an OAuth 2.0 User Access Token.
Related
I'm in the context of an embedded devices that uses an HTTPS client to request an access token on behalf of a user (delegated permission needed for the app).
I'm currently using OAuth 2.0 ROPC (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc) to get my token and everything works fine.
But since this authentication is deprecated I'd like to change to a more secure solution that works in hybrid identity federation scenarios.
I see that many other solutions exists, but I can't find one that doesn't need to interpret an HTML/JS response.
Here a CURL example to explain my point:
ROPC request:
curl -X POST "https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token" --data "grant_type=password&scope=EWS.AccessAsUser.All&username=<username>&password=<password>&client_id=<client_id>&client_secret=<client_secret>" -H "Content-Type: application/x-www-form-urlencoded"
Response:
{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"eyJ0eX....1234"}
Here I can extract the token directly from the response.
But using other ways to get delegated permission token such as OAuth 2.0 Implicit Grant flow (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow), responses are always an HTML that I can't interpret.
So here I am wondering if there is a solution to this situation.
Thanks in advance,
Aloïs KYROU
You cannot use the implicit flow to obtain the token in the tool, you can only run the request url in the browser. Because using the implicit flow requires you to log in. Please note that before this, you must enable id token and access token.
Request the id token and access token in the browser.
https://login.microsoftonline.com/{tenant id}/oauth2/v2.0/authorize?
client_id={client id}
&response_type=id_token token
&redirect_uri={redirect_uri}
&scope=openid EWS.AccessAsUser.All
&response_mode=fragment
&state=12345
&nonce=678910
I'm using the OAuth Authorization Code flow to authenticate the user and authorize my application against the WSO2 Identity Server. I'm using a simple node/express server, with Passport.js, to get the Access Token, and Postman to use that Access Token to make a few test requests to the SOAP APIs.
When using a Bearer Token method to authorize my application, I get the following error in the IS logs: 0 active authenticators registered in the system. The system should have at least 1 active authenticator service registered. I get the following error in Postman: 500 Internal Server Error, with the following response body, <faultstring>Authentication failure</faultstring>.
Here is what it looks like in Postman:
The same Access Token works with a REST API request, like "https://localhost:9443/scim2/Me".
Can anyone tell me what I'm missing here?
SOAP APIs in WSO2 Identity Server cannot be authenticated with Bearer tokens. They can be authenticated with Basic authentication and cookies. That's the reason for getting Authentication failure in the response.
But REST APIs in the Identity Server can be authenticated with Bearer tokens. So /scim2/Me authenticate successfully with access token.
Try to get the Access token manually from Authorize service and use it
Step 1: Get authorization code
https://<is_server_url>:9443/oauth2/authorize?client_id=<id>&redirect_uri=<callback_url>&response_type=code&scope=openid
You will get an authorization code on the callback URL
Step 2: Call token service to get access token
Post https://<is_server_url>:9443/oauth2/token
Content-Type:application/x-www-form-urlencoded
Authorization:Basic <base64encoded "<client_id>:<client_secret>">
grant_type:authorization_code
scope:openid
code:<code_from_step_1>
redirect_uri:<callback_url>
exp:
client_id=**abcdefgh12345678**
client_secret=**xyzsecretkey**
callback_url=**http://locahost/callback**
scope=openid
server: localhost
base64encode(client_id:client_secret)= base64encode(abcdefgh12345678:xyzsecretkey) => YWJjZGVmZ2gxMjM0NTY3ODp4eXpzZWNyZXRrZXk=
GET https://localhost:9443/oauth2/authorize?client_id=**abcdefgh12345678**&redirect_uri=**http://locahost/callback**&response_type=code&scope=openid
it will make a request back to the callback url with a parameter code, lets say code=this01is02your03code, please check your browser address bar
POST https://localhost:9443/oauth2/token
HEADERS
Content-Type:application/x-www-form-urlencoded
Authorization:Basic **YWJjZGVmZ2gxMjM0NTY3ODp4eXpzZWNyZXRrZXk=**
BODY
grant_type:authorization_code
scope:openid
code:this01is02your03code
redirect_uri:http://locahost/callback
this will return an access token, let say token returned by the server is 12345678ASDFGH
Now you could use this token to call any RestFull or SOAP service
Authorization: Bearer 12345678ASDFGH
I have a hobby project in mind to use battle.net login. I'm wondering how I can obtain the access token from the API after receiving the authorization code.
This is Oauth flow question rather than a battle.net question.
Currently I can successfully authorize the user for my app which is registered in dev.battle.net and then I try to use the authorization code returned from the battle.net login to obtain the access token by sending a request to https://<region>.battle.net/oauth/token.
However I keep receiving this error:
{
"error": "unauthorized",
"error_description": "An Authentication object was not found in the SecurityContext"
}
I use postman extension to send post requests to that uri. I authenticate my request with my client id and secret. I pass redirect_uri (https://localhost), granty_type (authorization_code), code(the code returned from the previous authorization step). However I keep getting the error above.
I couldn't find much about battle.net online. There are other oauth related help articles but couldn't really find my way.
Wondering if you can help me with this easy stuff. I'm just wondering what I'm skipping here.
Here is the documentation:
https://dev.battle.net/docs/read/oauth
https://localhost is added in my mashery dev account's app settings.
Me again, I resolved this problem after trying almost every combination in the universe:)
Steps to apply:
Don't use the same authorization token for different access token trials, they are not valid
Always use https on every domain you test including localhost, you
redirect_uri must be https as well.
You must use the "basic authentication" in the header of your POST request while requesting the token from the authorization code you obtained from the previous step.
This is one of the most important ones: For requesting token, Pass redirect_uri, client key and secret as POST form parameters to the authenticated request. This is interesting because it's already an authenticated request; why would i need to pass my secret again? Anyways, that's how it works.
Here are the full text:
http://hakanu.net/oauth/2017/01/26/complete-guide-of-battle-net-oauth-api-and-login-button/
This is working prototype:
https://owmatch.me
Thanks.
I am trying exchange authentication code to access token on OAuth2.
I sent a request to google using GET request, and I got a code. And now I'm trying to exchange the code to access token.
I sent request to https://accounts.google.com/o/oauth2/token with these arguments
using POST request
code=[Authentication code]
client_id=[Client ID]
client_secret=[Client Secret]
redirect_uri=urn:ietf:wg:oauth:2.0:oob
grant_type=authorization_code
But google responsed like this with 400 error
{
"error" : "redirect_uri_mismatch"
}
I created Client ID on google developers console. I used type 'Installed Application'.
I also tried:
request_uri=#://localhost:8081
request_uri=#://localhost:8081/
(# means http. I edited on my phone, so I couldn't insert code block for http)
But it didn't worked.
What's wrong with request?
Check these 2 steps below
The redirect uri to retrieve auth code and access token should be same
Use the same redirect uri that you configured while creating the application, screenshot below
I am using OAuth 2.0 for Authorization process.
I have requested for Authorization Code with this url:
https://www.box.com/api/oauth2/authorize?response_type=code&client_id={MY_CLIENT_ID}
Then I was redirected to box.net login page for authorization.
I have entered credentials for my Box.net account.
Granted access for account.Then I got Authorization code which I encoded in URL and sent a request with this:
https://www.box.com/api/oauth2/token?grant_type=authorization_code&code={AUTHORIZATION_CODE}&client_id={MY_CLIENT_ID}&client_secret={MY_CLIENT_SECRET_ID}
I got this response:
{"error":"invalid_client","error_description":"The client credentials are invalid"}
I have checked my Client Id and Client Secret Id many times. Those are correct. What can be reason for such an error message?
As the official documentation states:
To get the access_token, you’ll need to make a POST request to https://www.box.com/api/oauth2/token with the following parameters...",
Although all the parameters including client_id, client_secret, grant_type and code are right, if you don't make a POST request to the url, you will get error: "invalid_client".
Try:
curl https://www.box.com/api/oauth2/token \
-d 'grant_type=authorization_code&code={your code}&client_id={your client id}&client_secret={your client secret}' \
-X POST