How can I get Auth Token from AppOrchard? Is there an easier/better method than below?
"https://apporchard.epic.com/interconnect-aofeb18prd-oauth/authorize?response_type=code&redirect_uri=https://localhost:8080&client_id=myID&state=abc123";
Background:
I have a Client ID from AppOrchard and have a Client App (Standalone Launch) in test that is able to obtain needed data from the
Epic FHIR Sandlot. But issues with OAuth2 test not receiving an Auth Token.
The FHIR Client app (a Windows Desktop app, .NetCore, NOT a Web app) I am using
Visual Studio Express C# 2017 & 2019 with NuGet Packages for FHIR DSTU2 (Core,ElementModel,Serialization, Support.Poco,FhirPath).
For the OAuth2 from Epic I am using Systen.Net.Http.HttpClient:
HttpClient MyHttpClient = new HttpClient();
For the Sandlot data I used HL7.Fhir.Rest.FhirClient: getting Bundles back which I then loop thru for data.
public FhirClient client = new Hl7.Fhir.Rest.FhirClient(#"https://open-ic.epic.com/FHIR/api/FHIR/DSTU2");
It looks like you're doing a lot of the right steps, but it is hard to tell with getting into more of the details of your client ID set up, etc.
I would suggest reaching out to the apporchard#epic.com email address - they can help dive in to your specific issue, with your specific client ID, and get you connected with the right folks/experts at Epic.
Hope that helps,
Danielle
Related
I'm trying to connect to Microsoft Power BI using the Mule Power BI connector but the connector configuration is very confusing with respect to OAuth. Has anyone successfully connected to Power BI with Mule? Here is my config:
<power-bi-rest:config name="Power_Bi_Rest_Connector_Config" doc:name="Power Bi Rest Connector Config" doc:id="d9dbee0f-50fe-46ca-977e-2b3c6ce1ff3b" >
<power-bi-rest:oauth2-authorization-code-connection >
<power-bi-rest:oauth-authorization-code consumerKey="xxx" consumerSecret="yyy" authorizationUrl="https://login.microsoftonline.com/69f2560d-6d2a-4768-989e-d35ed85aeab2/oauth2/v2.0/authorize" accessTokenUrl="https://login.microsoftonline.com/69f2560d-6d2a-4768-989e-d35ed85aeab2/oauth2/v2.0/token" scopes="api://96eb9d1c-6dfb-4acf-9950-d4af04038693/Mule"/>
<power-bi-rest:oauth-callback-config listenerConfig="HTTP_Listener_config" callbackPath="https://login.microsoftonline.com/common/oauth2/nativeclient" authorizePath="https://login.microsoftonline.com/common/oauth2/nativeclient" />
</power-bi-rest:oauth2-authorization-code-connection>
</power-bi-rest:config>
I have not specifically used Power BI but I can tell the what the issue probably is.
The oAUthCallbackConfig is where you will need to make the changes.
External Callback URL: While configuring the OAuth credentials in your MS account, you must have provided a callback URL that should be pointing to your Mule application. You need to put that URL here.
Callback Path: Here you need to mention where the Mule App should be expecting to get the call back with the authorization code. For example of you have configured external path as https://localhost:8082/oauth/callbackthis parameter could be oauth/callback. (Note that you will need to consider the base path that you may have configured in the http listener)
Authorize path: This should not be a URL pointing to a Microsoft api, but it is the path that you will use to hit you mule app to start the oAuth dance. You can put something like /oauth/authorize. Then when you try https://localhost:8082/oauth/authorize the mule app will trigger the oAuth dance and will redirect you to the login screen of everything else is setup correctly.
I use self hosted Jira and I'm currently trying to connect to the Jira api using a python script (and the requests library) having 2fa enabled by my organization. I'm not an admin of the project and after creating a personal access token and using it as a Bearer token I only got so far to get a response from the server telling me to put in the OTP to proceed.
I was thinking whether I could possibly pass the OTP as part of the authorization header when making the request to the api but couldn't find any useful hints on how to do that. I have also been looking into OAuth tokens but from my understanding I'm unable to create one since I don't have the option to create an application link within Jira (since I'm not an admin).
Does anyone have an idea on how I could manage to establish the connection to the api?
Any help would be appreciated!!
Cheers,
Liz
Hey #Liz try this project for inspiration - https://github.com/dren79/JiraScripting_public
I built it out on the below examples from the API documentation.
#This code sample uses the 'requests' library:
#http://docs.python-requests.org
import requests
from requests.auth import HTTPBasicAuth
import json
url = "https://your-domain.atlassian.net/rest/api/3/issue/{issueIdOrKey}"
auth = HTTPBasicAuth("email#example.com", "<api_token>")
headers = {
"Accept": "application/json"
}
response = requests.request(
"GET",
url,
headers=headers,
auth=auth
)
print(json.dumps(json.loads(response.text), sort_keys=True, indent=4, separators=(",", ": ")))
Our setup is an on-premise Exchange Server which is accessible over the graph api. https://learn.microsoft.com/en-us/graph/hybrid-rest-support
We run in the issue, that our token is only "partial" working. And a token created by "Graph-Playground" is fully working. But we can't find any difference.
When I use Graph-Playground or use the token generated by Graph-Playground => all requests are working
When I create a token (over my app registration) => only some requests are working
The token seems to be valid some calls like /me are working, but all calls related to exchange like /me/contacts are failing with this error
Request, they work with token generated by Postman:**
Error:
{ "error": { "code": "MailboxNotEnabledForRESTAPI", "message": "REST API is not yet supported for this mailbox." } }
(that's a very generic error, and mostly don't say anything about the real issue)
Token Generation:
I create my token on the same way as Graph-Playground create the token (OAuth - Implicit flow):
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=token&state=test2&client_id=????&scope=openid%20profile%20User.Read%20email%20Contacts.Read&redirect_uri=????
Token - Analysis:
As a side note, it was working for a few days, nobody changed anything :)
So I have no idea, why the "Graph Playground" can create a working token, and my token only "partially" works. Can you help me?
There is already a thread, but I'm not the owner of it. Also there are no more responses... I can't provide a bounty for a foreign thread, that's why I create a new thread. You can find it here:
MailboxNotEnabledForRESTAPI - Microsoft Graph API integration with HMA Enabled on-premise server
I recognize your error, we see it in several cases (for Office 365):
User has no Exchange license (probably not the case, since it works in the explorer).
Customer tenant has setup additional security.
You can limit applications to certain mailboxes. Maybe there is some kind of setting or policy like this on your local Exchange as well, you have to connect to Exchange Online Powershell to set it, so maybe you can find something there. This is just a wild guess.
To track down this issue I would start checking the local Exchange logs.
Have you tried using the /users/{upn}/calendar endpoint? Maybe it's just that the /me/ part doesn't work.
I am trying to build a Custom Connector in the Power Platform to connect to the BMC Helix (formerly Remedy) system to create work orders and such. I am using OAuth2 and was given a callback URL, auth URL, token URL, client ID and client secret.
I went to create a connector from scratch. I populated the fields, but I wasn't sure what to put for the 'Refresh URL', so I used the token URL there too.
I am trying to accomplish testing this connector and my successful test would be to get a JWT from doing a POST to the /api/jwt/login endpoint of BMC Helix. It should return a JWT which I can use to make subsequent calls.
Upon testing this, I go to create a connection, but a window opens (which I believe should be a prompt for authentication), but instead it contains an error saying 'unauthorized_client' coming back from the BMC Helix system at the /rsso/oauth2/authorize endpoint. It also contains a property within the URL of redirect_uri = https://global.consent.azure-apim.net/redirect.
Is there something on the Helix side I need to further configure? Not sure why I am getting this....
It sounds like you need TWO METHODS in your connector. A POST to call the token server, a GET (or another POST) to call the API (using the token received from Call 1).
One approach I've successfully used in the past is:
Use Postman to get your token server call working with OAUTH
Then use Postman to get your subsequent API calls working with the token appended
Save both requests to a single Postman collection
Export the Postman collection (as a V1 (deprecated) if I recall correctly)
Import this collection into PowerApps Custom Connector (create new/import from Postman Collection)
You'll have to massage it a bit after import, but it will give you a good headstart and you're starting from a known-good place (working Postman calls)
Good luck!
I am trying to create a Google Assistant for my Raspberry Pi in Kotlin. I implemented a OAuth flow using the so called "device flow" proposed in this IETF draft, since my Raspberry shall later just expose a web interface and does not have any input devices or graphical interfaces.
Google does support this flow (of course) and I obtain a valid access token with user consent in the end. For testing purpose I also tried a default authorization flow that will just forward the user to localhost, as it is normally done but it did not solve the problem.
I tested the access token using this tool and it confirmed validity of scope and token. So the token itself should work.
Scope is: https://www.googleapis.com/auth/assistant-sdk-prototype as documented here
This actually does not point to any valid web resource but is referenced in every documentation.
Then I tried to stream audio data to the assistant SDK endpoint using the gRPC provided java stubs. As took a third party reference implementation as a guide how to authenticate the rpc stub. But neither the reference implementation nor my own one works. They both report
io.grpc.StatusRuntimeException: UNAUTHENTICATED: Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
The stub is authenticated this way:
embeddedAssistantStub.withCallCredentials(
MoreCallCredentials.from(OAuth2Credentials
.newBuilder()
.setAccessToken(
myAccessToken,
myAccessTokenExpirationDate))
.build()))
and the authenticated request is performed like this:
val observer = authenticatedEmbeddedAssistantStub.converse(myStreamObserverImplementation)
observer.onNext(myConfigConverseRequest)
while(more audio data frames available) {
observer.onNext(myAudioFrameConverseRequest)
}
observer.onCompleted()
(I prefixed pseudo variables with "my" for clarity, they can consist of more code in the actual implementation.)
I even contacted the author of this demo implementation. He told me, last time he checked (several months ago) it was working perfectly fine. So I finally ran out of options.
Since the client implementation I took as reference used to work and I do actually authenticate the stub (although the error message suggests the opposite) Probably, either my valid access token with correct scope is not suitable chosen for the assistant API (though I followed the suggestions of google) or the API servers had a change not properly documented in the getting started articles by google.
So: Did anyone ran in the same problem and know how to fix it? I have the project on github. So if anyone needs the broken source code, I can do a temporary commit that produces the error.
Note, to save some works for mods: This issue referres to this and this question, both unresolved and using different languages but describing a similar problem.
Well, seems I was right about my second assumption: The error is server side. Here is the github issue, let's just wait for the fix.
https://github.com/googlesamples/assistant-sdk-python/issues/138