I'm trying to retrieve a course work for a course using the Google Classroom API. For this it's required multiple scopes. I can get this working from Java so I believe the list of scopes is correct. However, when trying from Postman, I get a 403 "Request had insufficient authentication scopes." error, which makes me think perhaps the way I'm adding the scopes together may not be correct. I've already tried using "+", ",", ";" and also spaces but none of them got rid of the error. Any ideas about what I may be missing please?
Thank you.
Update
Showing the Postman console which seems to identify only one scope for the request.
Perhaps you changed the scopes and forgot to request a new access token and click the use token button or are running on an old access token prior to requesting additional scopes?
just tested this using both Google analytics scopes.
as you can see the response gives me an access token containing both scopes that i requested.
Related
I am trying to implement oAuth2 Linking between my WeApibApp application, and Google Home. I have implemented IdentityServer4 in order to generate my oauth2 token, that I am attempting to pass back to google thought their redirect uri, this all appears to be working correctly, but I am receiving An Error occurres in the returning from the result from the call to oauth-redirect.googleusercontent.com, no other indication of what the problem can be, has anyone run into this issue, and perhaps have some idea of what the issue could be.
Thanks
We had the same problem and the silly mistake we did was we were using "?" instead of "#".
As per the documentation there should be a # after PROJECT_ID
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID#access_token=ACCESS_TOKEN&token_type=bearer&state=STATE_STRING
Please check if you are doing the same mistake.
I'm trying to authorize my standalone application. But after I click "Allow" it always redirects to http://oauth.vk.com/error?err=2 and gives this as response body:
{"error":"invalid_request", "error_description":"Security Error"}
Here's the request URL (I do have correct client_id):
https://oauth.vk.com/authorize?client_id=...&scope=messages,offline&redirect_uri=https://oauth.vk.com/blank.html&display=page&v=5.37&response_type=token
It seems that I've tried everything:
Turning application on and off
Passing scope as bit mask
URI encoding some parameters to have correct URL
and so on
After hour of searches I've found this.
So, it means that user has an old session and must re-login in browser.
Space in state parameter causes this.
OAuth 2 RFC, sections 4.1.1 on authorization request and 4.1.2 on authorization response, recommends using state parameter to maintain state in authorization code flow, particularly to prevent CSRF.
When I set this field to CSRFTOKEN123 http://my.site/next/url, I got this error. Replacing (space) with : to get CSRFTOKEN123:http://my.site/next/url helps.
By the way, I couldn't find any mention of state parameter on VK documentation website but VK OAuth 2 authorization system actually supports it. It couldn't be called OAuth 2 otherwise. So I find it legit to use state parameter.
The topic https://vk.com/topic-17680044_30635058 mentioned by author is closed now, current discussion is https://vk.com/topic-1_24428376. There are number of questions on this. All in Russian.
This is probably a simple question but I can't seem to wrap my head around on how OAuth2 works. So I got upto the point where I can request a token and start pulling data in Ruby console. But after I exit out of Ruby console, I tried requesting data (.rb script) from API again using the same token but it says expired/invalid. Am I suppose to store this token somewhere permanently like in a database or cookie?
Not sure if this matters but when I request a token, it brings me to the OAuth2 page to allow or deny a token request. How do you bypass this in Ruby code? From what I'm reading, you use the token.refresh! method?
Can you please share your insights on what I'm not understanding or missing?
I am trying to make a GET request with AFNetworking to facebook's graph api. For various reasons, I'd rather not use the facebook SDK's native objects and would prefer to make those requests via AFNetworking. However, I'm a bit new to the networking side of things and I am unsure how to include the access token along with my GET request. Can anyone point me in the right direction?
I've tried setting the http header field to include this:
Authentication : {my access token}
but that doesn't seem to be working.
You need to add access_token as a URL query parameter for GET requests. See the docs here.
I've read all the threads about simiular issues on SO and elsewhere, and none of them have solved my problem.
I'm using Twython as a wrapper around the API. I've tried setting oauth_callback EVERYWHERE. Using the internal mechanism in Tython (which is done by setting callback_url on instantiation), by manually modifying the auth_url and appending the argument by before redirecting the user, etc. I've tried deleting and recreating both new twitter apps and new twitter accounts, to no avail.
Whenever I redirect the client to twitter, the correct oauth_callback is ALWAYS visible in the url along with the oauth_token, but the api always ignores this argument and overrides it with the url in the settings of my twitter app (both are under the same domain). I have tried figuring this out for several hours and I'm at a dead end. I've seen this work before and I've done it plenty of times, so I don't know what could possible be going wrong.
It's strange-- even if i set the callback to 'oob', which ought to trigger the PIN workflow rather than a callback, this argument is EVEN THEN ignored. Any ideas why?
You specify the oauth_callback value when you get a request token as specified in OAuth 1.0a. In 1.0 it you could pass it along with with the user when they go to twitter.com but was changed for security reasons. You can read more about it in the /oauth/request_token docs.