Authentication fails on google home (oauth2) - oauth-2.0

I'm trying to connect to google home using OAuth2.0 mechanism. However, hitting with an issue where I'm not able to retrieve success message.
The failing request is - https://oauthintegrations.googleapis.com/v1/token:getForService
with the response payload as redirectState. I know about redirect but what is redirectState? I tried to search a bit over this one, but failed.
Any help would be appreciated.
Note:I have followed all the necessary steps mentioned in doc, I can receive authorisation code, but not able to make token request to desired endpoint.
The docs are https://developers.google.com/actions/identity/oauth2-code-flow and https://developers.google.com/actions/identity/account-linking.
In configuration settings we have Linking type as Oauth -> Authorization Code.
In dialog flow in Integration -> Integration Settings we have checked in for 'Sign in required' for Default Welcome Intent and have the firebase function as
app.intent('Default Welcome Intent', (conv) => {
conv.ask(new SignIn());
});
according to https://developers.google.com/actions/identity/account-linking document and I am currently using API version V2.
After the auth code is received as mentioned it does not call token url, we receive this screen :
Bad response from IdP in Auth Code Exchange & what is redirect_state
The https://gala-demo.appspot.com/app#redirect_state=XXX&state=yyy&service=abc when inspected fails at https://oauthintegrations.googleapis.com/v1/token:getForService as mentioned by #rajesh with status code 400, but when this request is made through postman it return the response. Here is the body and response for the request.
Body :
{
"credential" : {
"redirectState": "XXX"
},
"scopes": [],
"gdiState": "APP_AUTH",
"serviceId": "tapclicks-integration-adac2_dev"
}
RESPONSE :
{
"serviceInfo": {
"authUrl": "https://-domain-/authorization",
"name": "tapclicks dashboard",
"logoUrl": "https://placeholder.com/",
"clientId": "zdqexVMaVvxIMQ7Frjwa",
"tokenUrl": "https://-domian-/token_url",
"privacyPolicyUrl": "https://placeholder.com/",
"tosUrl": "https://placeholder.com/",
"id": "tapclicks-integration-adac2_dev"
},
"completionInfo": {
"appauthInfo": {
"appauthRedirectUrl": "https://-domain-/authorization?response_type=code&client_id=zdqexVMaVvxIMQ7Frjwa&redirect_uri=https://oauth-redirect.googleusercontent.com/r/tapclicks-integration-adac2&scope=gmail&state=yyy",
"appauthRedirectState": "abcxxx"
},
"oauthAuthorizationUrl": "https://-domain-/authorization?response_type=code&client_id=zdqexVMaVvxIMQ7Frjwa&redirect_uri=https://oauth-redirect.googleusercontent.com/r/tapclicks-integration-adac2&scope=gmail&state=yyy"
},
"gdiState": "APP_AUTH",
"header": {}
}
Can you please tell if i might be making any configuration mistake or any other info you need.
Authorization Url : https://kprb95tye7.execute-api.us-east-1.amazonaws.com/authorization/
Token Url : https://9343j46f16.execute-api.us-east-1.amazonaws.com/token_url/
Thanks

Related

Twitter API Oauth2 issue getting Access Token

Following this guide: https://developer.twitter.com/en/docs/authentication/oauth-2-0/user-access-token. I am getting this error when making the POST oauth2/token at the step 3 request:
`
{
"errors": [
{
"code": 99,
"message": "Unable to verify your credentials",
"label": "authenticity_token_error"
}
]
}
`
This is my request: (Note that I hide the client_id and code). The code is the one I receive after the step 2, doing the GET oauth2/authorize callback. Header: Content-Type - application/x-www-form-urlencoded;charset=UTF-8
My Request
I found the issue, the problem was that in the Bot Application, editing the Auth settings of my twitter app, I had the option: Confidential client which needed a Basic Auth = authorization: Basic ${'username + password encoded here'}

Unable to generate the Tiktok access token for web

Here is my Request Post URL:
https://open-api.tiktok.com/oauth/access_token/?client_key=fgjvjhg&client_secret=ghhjgjhgjkhjk&code=Web&grant_type=authorization_code
Here is the response which I got:
{
"data": {
"captcha": "",
"desc_url": "",
"description": "Authorization code expired",
"error_code": 10007
},
"message": "error"
}
Here is the documentation page which I am following:
https://developers.tiktok.com/doc/login-kit-manage-user-access-tokens
Please help me with that, thanks in advance.
Check your code to make sure you're not making duplicate requests. A second request will invalidate the first one and you'll get Authorization code expired.
You are missing 2 values there:
Code (Authorization code from Web/iOS/Android authorization callback)
grant_type (should always be set as authorization_code)
Example request:
https://open-api.tiktok.com/oauth/access_token/?client_key={{key}}&client_secret={{secret}}&code={{client_unqiue_id}}&grant_type=authorization_code

"AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token" Az API Management

I am trying to obtain an authorization token to consume a published API in Azure API Management, for which I am performing the following steps:
Call the authorization URL as follows:
https://login.microsoftonline.com/common/oauth2/authorize?
client_id=<CLIENT_ID>
&response_type=code
&response_mode=query
&redirect_uri=<REDIRECT_URI>
&scope=SCOPE
Immediately after, I call the following URL with the obtained authorization code and other parameters in the body and to send them as form-data:
POST https://login.microsoftonline.com/common/oauth2/token
client_id=<CLIENT_ID>
scope=SCOPE
grant_type=authorization_code
client_secret=<CLIENT_SECRET>
code=<AUTHORIZATION_CODE_PREVIOUS_STEP>
As a result, I get the following error and cannot continue:
{
"error": "invalid_grant",
"error_description": "AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token.\r\nTrace ID: f0264d85-2f41-4009-9e8e-1a211209e100\r\nCorrelation ID: c6b15ffb-82e8-49aa-941f-6c85be4d9601\r\nTimestamp: 2022-01-18 15:06:55Z",
"error_codes": [
54005
],
"timestamp": "2022-01-18 15:06:55Z",
"trace_id": "f0264d85-2f41-4009-9e8e-1a211209e100",
"correlation_id": "c6b15ffb-82e8-49aa-941f-6c85be4d9601"
}
I understand that the authorization code is for one use only but, in my case, on the first attempt I get this error.
Any help is appreciated

Microsoft Graph API Errors for ServiceNow

I am integrating ServiceNow with Teams specifically to push notifications to users and channels using microsoft graph api.
Issue #1 -
I have configured an OAuth profile for azure app to utilize microsoft graph API, setup required API permissions and calling various chat related API functions. For 'Create Chat' request I am getting below error:
responseBody: {
"error": {
**"code": "UnknownError",**
"message": "",
"innerError": {
"date": "2021-01-29T09:20:53",
"request-id": "90a99bf5-048f-445b-b58c-ee46fc30edf3",
"client-request-id": "90a99bf5-048f-445b-b58c-ee46fc30edf3"
}
}
}
API call -
var restMessage = new sn_ws.RESTMessageV2();
restMessage.setHttpMethod("POST");
restMessage.setEndpoint("https://graph.microsoft.com/beta/chats");
restMessage.setRequestHeader('Content-Type', 'application/json');
restMessage.setRequestHeader('Authorization', 'Bearer ' + retrieveToken()); //retrieveToken() function creates access token.
restMessage.setAuthenticationProfile('oauth', 'a5325df007022010f60df7fc7c1ed0a2');
restMessage.setRequestBody(global.JSON.stringify(
{"chatType": "oneOnOne","members":
[
{
"#odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": ["owner"],
"user#odata.bind": "https://graph.microsoft.com/beta/users('<userID>')"
},
{
"#odata.type": "#microsoft.graph.aadUserConversationMember",
"roles": ["owner"],
"user#odata.bind": "https://graph.microsoft.com/beta/users('<userID>')"
}
]
}
));
var response = restMessage.executeAsync();
var responseBody = response.getBody();
gs.info('responseBody: '+responseBody);
Most of the suggestions are to set appropriate API permissions. This is already set correctly on Azure (both delegated and apppication permissions) and in OAuth entity scope in servicenow.
Issue #2 -
For the same setup instead of usign scripted API, I defined REST Message record and trying to get the token by clicking 'Get OAuth Token' related link and getting following error:
https://dev72030.service-now.com/oauth_redirect.do?error=invalid_client&error_description=AADSTS650053%3a+The+application+%27msgraph-client-app%27+asked+for+scope+%27**Chat.Read.All%27+that+doesn%27t+exist+on+the+resource**+%2700000003-0000-0000-c000-000000000000%27.+Contact+the+app+vendor.%0d%0aTrace+ID%3a+b0b9ff39-fd1a-49c9-85fa-3c8c71943600%0d%0aCorrelation+ID%3a+9c276922-3a77-4cc1-890b-23177ffd1845%0d%0aTimestamp%3a+2021-01-29+10%3a31%3a27Z&state=-1877865371#
This say I need to set 'Chat.Read.All' API permission. This is already provided on both sides, Azure app and OAUth profile in SNOW.
What am I missing
Could you please check this docs? For second issue: Could you please check the permissions on src by going through the jwt.io

slack bot error: 'user_is_bot' for channels.join

I am trying to create a new channel using slack api https://api.slack.com/methods/channels.join but getting this response
info: ** API CALL: https://slack.com/api/channels.join
Response : { ok: false, error: 'user_is_bot' }
I tried this
controller.hears('hello', ['direct_message', 'direct_mention', 'mention'], function (bot, message) {
bot.api.channels.join({'name':'nag'}, function (err, response) {
console.log("Response : ",response);
})
});
If I am mistaken please let me know. I have started learning slack api.
The reason you are getting user_is_bot is that channels.join can not be used by a bot user. As it says in the documentation for this method:
user_is_bot: This method cannot be called by a bot user.
To create channel you will want to use channels.create. However, that method can also not be used by a bot user.
The common solution is to use the full access_token, not the bot_access_token that your Slack app received from Slack after installing it with OAuth for all methods that bot users can not use, e.g. creating a new channel.
Here is the example from the OAuth documentation on how the response from Slack with both tokens look like:
{
"access_token": "xoxp-XXXXXXXX-XXXXXXXX-XXXXX",
"scope": "incoming-webhook,commands,bot",
"team_name": "Team Installing Your Hook",
"team_id": "XXXXXXXXXX",
"incoming_webhook": {
"url": "https://hooks.slack.com/TXXXXX/BXXXXX/XXXXXXXXXX",
"channel": "#channel-it-will-post-to",
"configuration_url": "https://teamname.slack.com/services/BXXXXX"
},
"bot":{
"bot_user_id":"UTTTTTTTTTTR",
"bot_access_token":"xoxb-XXXXXXXXXXXX-TTTTTTTTTTTTTT"
}
}

Resources