I try to get a token from a Post Request to https://login.microsoftonline.com/common/oauth2/token by using a App Password I generated in order to skip the 2FA. I tryed this using the grant_type "password" but I get an error saying that my username/password combination is invalid. I assume that I'm using the wrong grant_type for the request.
Is there a different grant_type that I have to use with App password than with normal password?
Related
I'm using Ruby on Rails for get a token using Oauth2 for Clio app. So, I install the following gem:
gem 'oauth2'
And this is my code:
client = OAuth2::Client.new(CLIENT_KEY_CLIO, CLIENT_SECRET_CLIO, site: SITE)
token = client.auth_code.get_token(code, :redirect_uri => 'http://127.0.0.1/approval')
return token
Where the variable code is send by frontend. And is a code that the clio app send when user make a login in his clio account.
But the redirect_uri URL did not exist. However, I created it and the only thing it does is get the code parameter and return it.
Still, it does not work. According to the documentation I can put the default URL that is https://app.clio.com/oauth/approval but it does not work either. I always have this error:
{
"error": "invalid_grant",
"error_description": "The provided access grant is invalid, expired, or revoked (e.g. invalid assertion, expired authorization token, bad end-user password credentials, or mismatching authorization code and redirection URI)."
}
I remember that this error happened before. But it was solved when the redirect_uri value was changed.
What is wrong with the redirect_uri? Could someone provide me with an example of Oauth2 requests?
seems like it should work readin other threads. Add port to your calback url like or what port your app is running
http://127.0.0.1:3000/approval
In redirect_uri I needed the URL that generate code variable. So, if http://127.0.0.1/approval exists and is accessible by internet but not generate the code so, it's not working. But if I put the correct url that generate code, all it's works.
client = OAuth2::Client.new(CLIENT_KEY_CLIO, CLIENT_SECRET_CLIO, site: SITE)
token = client.auth_code.get_token(code, :redirect_uri => 'http://address_generate_code_from_frontend')
return token
I allow users to authorize their Microsoft accounts using oAuth and the Microsoft Graph API. I am using this omniauth strategy to facilitate the authorization. In the OmniAuth strategy, it includes the resource for both authorize_params and token_params "https://graph.microsoft.com". This allows me to authenticate just fine but when I go to refresh the auth, I get this error returned:
{"error"=>"unauthorized_client", "error_description"=>"AADSTS70001: Resource 'https://graph.microsoft.com/' is not supported as resource.\r\n"}
Along with a trace_id and some other things that I will post if needed.
The endpoint I am hitting to refresh is POST https://login.microsoftonline.com/common/oauth2/v2.0/token with the client_id, refresh_token and grant_type: "refresh_token" params.
Refreshing this oAuth token was working fine as recently as last week. Did something change with the Microsoft Graph API or something?
You may want to take a look at Refreshing a Token.
It sounds like you were partially there, you were just missing some additional parameters:
grant_type - Set as refresh_token
refresh_token - The refresh token value you received from the Provider
client_id - This is your Application ID from above
client_secret - This is the Password we generated before
scope - This should match the same set of scopes you first requested
redirect_uri - This is the redirect URI defined in your application registration
These are formatted application/x-www-form-urlencoded in you POST to https://login.microsoftonline.com/common/oauth2/v2.0/token
POST URL: https://login.microsoftonline.com/common/oauth2/v2.0/token
POST HEADER: Content-Type: application/x-www-form-urlencoded
POST BODY: grant_type=refresh_token&refresh_token=[REFRESH TOKEN]
&client_id=[APPLICATION ID]&client_secret=[PASSWORD]
&scope=[SCOPE]&redirect_uri=[REDIRECT URI]
Turns out it was as simple as I was authing to v1.0 but attempting to reauth to v2.0. Not sure why this worked up until now but ensuring they are hitting the same version of the API has solved the issue.
I am using OneLogin OpenID Connect, I did the initial redirect to OpenID server, put username and password in and OneLogin redirected me to the callback url I provided. I have received a "Code" from this and would like to exchange this code for turning it into an access_token.
I am trying to make a request to the token endpoint but it is returning a 400 Bad Request with this error:
"error_description": "invalid authorization header value format"
I have attached a screenshot below. I didn't have "Client_Secret" in the Authorization header before, I looked around and tried it with "Basic" as well. But none of it seems to work.
Can anyone help me with some insight?
I was also following these two tutorials:
https://openidconnect.net
https://developers.onelogin.com/openid-connect/connect-to-onelogin
I have looked on here to see if I was doing anything wrong. But I still get the same error.
https://connect2id.com/learn/openid-connect#token-endpoint
Your Authorization header has an incorrect format, it should look like the example below for the username "username" and the password "password".
Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=
The variable dXNlcm5hbWU6cGFzc3dvcmQ= is found by concatenating username and password with a colon as separator (username:password) and calculating the Base64 value of this new string (dXNlcm5hbWU6cGFzc3dvcmQ=).
Postman does that for you, just click on the Authorization tab next to Headers. You'll probably need Basic Auth.
I am writing PHP API for Bit.ly using oauth2 for authentication. Their docs say that in order to retrieve access token with username and password we have 2 ways of achieving that:
Resource Owner Credentials Grants
HTTP Basic Authentication
I was successful only with the basic authentication method, the first method does not work for some reason.
What I did was using PHP cURL methods I appended to header authorization method which was following the docs:
Authorization: "Basic " + base64encode(client_id + ":" + client_secret)
And I also changed content type to:
Content-Type: application/x-www-form-urlencoded
After that I added parameters:
grant_type=password&username=bitlyuser&password=bitlypassword
And I am submiting the post request and I get:
INVALID_LOGIN
That error means the Bitly user name is incorrect. If you are positive it's correct, can you email me at api#bitly.com with the client ID and the user name?
Sometimes the actual user name may differ from what's displayed, if you signed up via Facebook or Twitter. You can find the actual login by going to your settings and clicking "Show Legacy API Key". (I'll file an issue to move that data outside the API key location.)
what is the correct grant_type for foursquare oauth2 access?
I am using grant_type=authorization_code
but I keep getting {"error":"invalid_grant"}
"authorization_code" is the correct grant type (as specified # https://developer.foursquare.com/overview/auth).
Your error message seems to be related do you having a bad/expired code, or specifying an incorrect client_id