I'm working on an API, i need to get a token access using PostMan, it's an openid connect token i've tried to get using a GET Method and a POST Method but the result is the same i always have Invalid Request , with missing form parameter for the grant type key.
As you can see bellow the grand type is already setted but not working.
Do you have any ideas ?
Thanks
As a guess, as I don't know the full details, I would have thought it would need to be something like this:
Add the details for the client_id, client_secret and grant_type to the request body. These should be placed in the x-www-form-urlencoded option.
As I don't know the full details, I'll be happy to update the answer if more are provided.
Related
I'm trying to retrieve a course work for a course using the Google Classroom API. For this it's required multiple scopes. I can get this working from Java so I believe the list of scopes is correct. However, when trying from Postman, I get a 403 "Request had insufficient authentication scopes." error, which makes me think perhaps the way I'm adding the scopes together may not be correct. I've already tried using "+", ",", ";" and also spaces but none of them got rid of the error. Any ideas about what I may be missing please?
Thank you.
Update
Showing the Postman console which seems to identify only one scope for the request.
Perhaps you changed the scopes and forgot to request a new access token and click the use token button or are running on an old access token prior to requesting additional scopes?
just tested this using both Google analytics scopes.
as you can see the response gives me an access token containing both scopes that i requested.
I just starting working on an iOS Swift 3 application that will integrate with a certain EHR. I had it working several months ago, but when I tried it this eve I noticed the application froze when I tried to get the access token. it appears that the token part of the OAuth2 exchange has changed and now looks like this:
POST https://api.xxxxxx.com/oauth2/access_token
curl -X POST https://api.xxxxxx.com/oauth2/access_token \
-H 'Authorization: Basic Y2xpZW50X2lkOnNlY3JldA==' \ //dummy auth
--data "code=a14d2c8e-9c8a-4820-8ae1-d9313bb6abe2&grant_type=authorization_code&redirect_uri=YOUR_REDIRECT_URI" //dummy code
I was going to include a pic of their documentation concerning this, but its copyrighted. Basically this is what must be included in the post to the token URL:
The Authorization header is required and must be in the format API_KEY:SECRET_KEY and then url safe base64 encoded.
The body of the request must include the following fields:
code - The authorization code that was sent to your Redirect URI at the end of the OAuth login process (see above).
grant_type - The type of authorization grant in use. In this case code for the authorization code.
redirect_uri - The redirect URI for the application, URL encoded.
Any idea of how to do this in Paw would be greatly appreciated! Right now the only way I can figure it to do each call manually as a request and pass along the pertinent items.
thanks!
Mark
From what I see here, it should be nicely supported by Paw. Here's an example config that should fit your needs:
In Paw, if you do NOT check "Set client credentials in the body", it will set the Client Key and Secret in the Authorization header exactly as you described (base64, separated by a :, that's the Basic Auth format).
Otherwise, things should be working ok. Let me know if you need any help.
I try to authenticate Slack. I will use, oauth, if I can.
How can I get the code field which is required for oauth.access?
https://api.slack.com/methods/oauth.access
To be able to test the method, I should fill;
client_id Required
client_secret Required
code Required
redirect_uri Optional
Alright I get client_id and client_secret from OAuth Information. But where should I get the code field?
The steps of negotiating tokens with OAuth are sequential -- it's not possible to test all of the OAuth API methods in the tester alone, as part of the sequence of events is your server receiving a callback containing that token value you'll need for the oauth.access step.
The OAuth documentation lays out the steps in order and is probably a better overall reference than the method documentation alone.
so - tearing my hair out here
im sending this a POST to https://api.twitter.com/oauth/request_token
my Authorisation header is
OAuth oauth_callback="splat%3A%2F%2F",
oauth_consumer_key="Fh71vIGgcR9zJO7eF1Rc4NC5t",
oauth_nonce="c0ec4fcb6b84b089821a4eea187e8dbc0b4629fb1760203805304cb25193b72f%2C",
oauth_signature="OTkyYmI2NDM1MTc4YjY0OTQwYzYwZTUwNWEyZGVkZDI3MzYyNjBkZg%3D%3D",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1414442911001",
oauth_version="1.0"
and my base string used to generate this was
POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Dsplat%253A%252F%252F%26oauth_consumer_key%3DFh71vIGgcR9zJO7eF1Rc4NC5t%26oauth_nonce%3Dc0ec4fcb6b84b089821a4eea187e8dbc0b4629fb1760203805304cb25193b72f%252C%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1414442911001%26oauth_version%3D1.0
i keep getting a 401 however, my example seems to match any examples i can find
any help/obvious mistakes would be much appreciated...
Without your consumer key (and I suggest you don't post it here!), we can't check whether your signature is correct or not.
However you could try verifying your signature using one of the online signature generators such as:
The LinkedIn OAuth Test Console
Had the same problem, what fixed it for me was to remove the oauth_callback altogether.
Just specify a callback in the app settings, then it should work.
I know the documentation labels it as required, but somehow with the callback it doesn't work.
Your header should look like this:
OAuth oauth_consumer_key="XXXXXXXXXXXXXXX",
oauth_nonce="Lhw1HTTtPojMXTsPNWwlXMp1J8UPST9GftzelvW6rQ6",
oauth_signature="zQyHupvnJwFaRPU8IR%2F2axaMFVc%3D",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1415554564",
oauth_version="1.0"
And your basestring something like this:
POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_consumer_key%XXXXXXXXXXXXXX%26oauth_nonce%3DLhw1HTTtPojMXTsPNWwlXMp1J8UPST9GftzelvW6rQ6%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1415554564%26oauth_version%3D1.0
I am trying to make a GET request with AFNetworking to facebook's graph api. For various reasons, I'd rather not use the facebook SDK's native objects and would prefer to make those requests via AFNetworking. However, I'm a bit new to the networking side of things and I am unsure how to include the access token along with my GET request. Can anyone point me in the right direction?
I've tried setting the http header field to include this:
Authentication : {my access token}
but that doesn't seem to be working.
You need to add access_token as a URL query parameter for GET requests. See the docs here.