I created an integration in the Snowflake and got a client id and when I tried to get an oauth token it is giving me an error stated that "Invalid consent request." but my username and password is correct. Please suggest me what can I do?
Related
I aim to fetch purchases from googleapis by using a service account on server-side.
Method: purchases.products.get api requires an oauth2 authentication.
Therefore I create an oauth2 token -from the client-secret.json I am provided from consolce.cloud.google- inside of my server-side backend java spring application.
GoogleCredentials googleCredentials = GoogleCredentials.fromStream(new FileInputStream("src/main/resources/client_secret.json")).createScoped("https://www.googleapis.com/auth/androidpublisher");
googleCredentials.refresh();
AccessToken accessToken = googleCredentials.getAccessToken();
The token I generate is like 'ya29.c.b0AXczHcuLszNI................'
It ends with multiple dots I don't know why.
https://androidpublisher.googleapis.com/androidpublisher/v3/applications/{packageName}/purchases/products/{productId}/tokens/{token}
After I get the token I do the GET request to this URL.
I gets the following error:
"message": "Request is missing required authentication credential.
Expected OAuth 2 access token, login cookie or other valid
authentication credential. See
https://developers.google.com/identity/sign-in/web/devconsole-project.",
Why my token is not working? The way I use it, Is it wrong? And/or oauth2 token generation way is it wrong?
The access token is sent as an authorization header. The access token should be prefexed with the term bearer as it is a bearer token.
I am sending an OAuth request to an Acumatica endpoint, and it is responding with "You are not logged in.". I was under the impression that retrieving an access token, then sending it to an OAuth request would not require an actual login previous. If this is correct, then any idea why I'm getting this message?
I first POST to the .../identityconnect/token URL with client_secret, client_id, username, password, etc. to retrieve an access token. Then I use the access token on an OAuth GET request, and receive the login error (401).
The issue turned out to be a 3rd party license manager customization package that was published and was throwing an error and preventing a successful OAuth submittal. This was discovered by reviewing the Request Profiler.
I got this issue while trying to fetch user attributes from AWS Cognito.
I can't tell how it can be an "Invalid Token" because I have copied and pasted it, also I have make sure that it's the accessToken not idToken or anything else.
There are some other similar questions on this site but they don't address my issue:
"Access token does not contain openid scope" in AWS Cognito
Access token does not have the openid scope
Update: here my app client config
OK, I got you detail.
Short answer: You must use oauth2 Cognito authentication instead of using default Cognito authentication API in SDK.
Let me explain why you meet error: You're using Cognito authentication, then Cognito return to you an "access token" that not contains "openid" scope, you can paste the Token here to check: https://jwt.io/#encoded-jwt.
You have to use oauth2 authentication to get the "access token" that contains "openid". In order to do it, you have to use Hosted UI or AUTHORIZATION Endpoint to get the "access token".
You can try Hosted UI by access link (pls edit your domain + response_type + client_id + redirect_uri): https://tsunami.auth.us-east-2.amazoncognito.com/login?response_type=code&client_id=CLIENT_ID&redirect_uri=CALLBACK_SIGNIN_URL
You can use AUTHORIZATION Endpoint: https://tsunami.auth.us-east-2.amazoncognito.com/oauth2/authorize?response_type=code&client_id=CLIENT_ID&redirect_uri=CALLBACK_SIGNIN_URL&identity_provider=COGNITO and it will redirect to Hosted UI
Getting user info is an open id connect feature and requires the openid scope in the token.
I suspect the problem originates from not specifying this scope when you authenticated and got the token.
Usually you configure scopes such as these when authenticating:
openid profile email
You also provide these in the OAuth Client trust entry configured in Cognito
The profile scope enables you to get the user name from the user info endpoint
The email scope enables you to get the email from the user info endpoint
See step 9 of my write up for an example
I want to fetch token from on-premisis ADFS Server how can i get the token by passing client credentials rather than redirecting to ADFS Login Page and getting token.
Depending on #SamuelsD's answer, you can either use the OAuth "client credentials" flow (refer this) or the OAuth "resource owner password" flow (refer this).
The resource owner password flow is deprecated these days as it is not considered to be secure.
It is mentioned in oauth documentation at https://developer.uber.com/v1/auth/ that access token remains valid for 30 days. But I have started getting invalid credential error within a week. The exact error I am getting is:-
{"message":"Invalid OAuth 2.0 credentials provided.","code":"unauthorized"}
Trying refresh token after this error gives invalid grant error whereas 'refresh_token' is valid grant type.
{"error": "invalid_grant"}
Anyone facing similar issues?
If your client credentials are used to get another access token, that will invalidate former access tokens associated with that user.
When an access token expires, you must obtain a new access token. Use the refresh token to get a new access token without prompting a user to login and grant permission again. The refresh token itself is not a valid token to access API endpoints - it is just a code you keep to exchange for a new access token when yours expires. This is described in Step Five: Refreshing Tokens in Uber's Authentication Guide.