I am trying to develop a simple tool that uses Authlib OAuth2 server to get refresh tokens but example server here does not issue a refresh token. When I print the token I get the following:
{'access_token': '....', 'scope': 'profile', 'token_type': 'Bearer', 'expires_in': 864000, 'expires_at': 1532191887}
The flow is Authorization code as referred here; first I handle the consent part:
client_id = '...'
client_secret = '.....'
scope = '...'
session = OAuth2Session(client_id, client_secret, scope=scope)
authorize_url = '.../oauth/authorize'
uri, state = session.authorization_url(authorize_url)
Then I try to get the token:
urlset = '.../?code=...&state=...'
access_token_url = '.../oauth/token'
token = session.fetch_access_token(access_token_url,authorization_response=urlset)
Add a config of OAUTH2_REFRESH_TOKEN_GENERATOR=True, added in commit:
https://github.com/authlib/example-oauth2-server/commit/4f2f48cc3e74b631d9c4c3bdf8558da3de7365a2
See documentation: https://docs.authlib.org/en/latest/flask/2/
Related
I'm struggling to retrieve access token using django.
I want to get access token from users using oAuth.
This is what I have setup so far.
class GoogleExhangeViewSet(viewsets.ViewSet):
queryset = User.objects.all()
#list_route(
methods=["GET"])
def auth(self,request,pk=None):
client_id = ''
client_secret = ''
flow = OAuth2WebServerFlow(client_id=client_id,
client_secret=client_secret,
scope='https://www.googleapis.com/auth/calendar',
redirect_uri='http://localhost:8001/api/googleAuth/complete')
auth_uri = flow.step1_get_authorize_url()
return HttpResponseRedirect(auth_uri)
def complete(self, request, pk=None):
client_id = ''
client_secret = ''
host = Site.objects.get_current().name
flow = OAuth2WebServerFlow(client_id=client_id,
client_secret=client_secret,
scope='https://www.googleapis.com/auth/calendar',
redirect_uri='http://localhost')
credentials = flow.step2_exchange(request.GET.get('code'))
return Response(status=200,data=credentials.access_token)
under urls.py I have
api_router.register(r'api/googleAuth', GoogleExhangeViewSet)
This is the error I get with the following code
As seen in your error, you are encountering a redirect_uri_mismatchBad Request if you are using a wrong redirect uri. From this link, the redirect_uri_mismatch will be thrown if it was not matched between auth and token requests.
Additional references:
Google oAuth2 redirect_uri_mismatch in token access
Google OAuth 2.0 redirect_uri_mismatch error
Here's a tutorial if you want to use an Access Token to authenticate users against Django’s authentication system.
You need a fully-functional OAuth2 provider which is able to release access tokens: just follow the steps in the part 1 of the tutorial. To enable OAuth2 token authentication you need a middleware that checks for tokens inside requests and a custom authentication backend which takes care of token verification.
I am currently working on connecting the withings api via web and have been able to automate getting token secret and getting the userId from the callback function inside auth, however when trying to implement step 3 (generating token) I always get signing error. Here is the base logic please help if possible.
nonce = getNonce(32);
date = Math.round((new Date()).getTime() / 1000.0);
var requestSig = oauthSign.hmacsign(
'GET',
'https://oauth.withings.com/account/access_token',
{oauth_consumer_key: <myconsumerkey>,
oauth_nonce: nonce,
oauth_signature_method: 'HMAC-SHA1',
oauth_timestamp: date.toString(),
oauth_token: oauth_token,
oauth_version: '1.0'
}, newSecret);
var hey = encodeURIComponent(requestSig);
var permanentTokensLink = "https://oauth.withings.com/account/access_token?oauth_consumer_key=<myconsumerkey>&oauth_nonce="+nonce+"&oauth_signature="+hey+"&oauth_signature_method=HMAC-SHA1&oauth_timestamp="+date+"&oauth_token="+oauth_token+"&oauth_version=1.0";
return {link:permanentTokensLink, newSecret: newSecret, tokensecret: oauth_token_secret, dataObj: dataObj, token: oauth_token};
newSecrect is a consumersercret&tokensecret, and permanentTokensLink is where I should be able to click to to get the access key and secret. Why is this not working?
I was missing an oauth verifier in the signing params and inside the link I was creating, and the secret should have been broken up into two parts (consumer-secret, token-secret) to be used correctly by the npm package hmacsign.
I can't seem to get a refresh_token whenever I'm authorized, I've tried setting headers, kind of like how it would be done with google oauth, but not luck. Here's my process:
Using oauth2 gem
Instantiate client
client = OAuth2::Client.new(
salesforce_app_key,
salesforce_secret_key,
site: 'https://login.salesforce.com/services/oauth2/',
authorize_url: 'https://login.salesforce.com/services/oauth2/authorize',
token_url: 'https://login.salesforce.com/services/oauth2/token',
raise_errors: false
)
Authorize connection
auth = client.auth_code.authorize_url(
redirect_uri: 'https://my_app_callback.com/oauth/authorize'
)
Fetch token
token = client.auth_code.get_token(
code,
redirect_uri: 'https://my_app_callback.com/oauth/authorize'
)
From this point, I have the connection set, but when I do token.refresh_token I get a nil value.
By using:
access_token = OAuth2::AccessToken.new(oauth, token)
The session was reestablished successfully. It's in the docs, but not written in a way I could uderstand it's used to reauthenticate.
I'm trying to make authenticated calls to the Bitbucket REST API, with Oauth authentication. I've successfully retrieved an oauth_token and an oauth_token_secret (although they are the same as the request_token and request_token_secret, which seems strange but not outside of the spec). When I make an API call to another endpoint, I get a 401 (not authenticated). I've tried using header authentication and/or passing the oauth_token and oauth_token_secret as HTTP params with the sane result.
Here's the code:
account_name_url = 'https://api.bitbucket.org/1.0/user'
feedback_oauth_hook = OAuthHook(
access_token='REDACTED',
access_token_secret='ALSO_REDACTED',
consumer_key=CLIENT_ID,
consumer_secret=CLIENT_SECRET,
header_auth=True
)
params = {
'access_token': auth_tokens['access_token'],
'access_token_secret': auth_tokens['access_secret']
}
response = requests.get(account_name_url, data=params, hooks={'pre_request': feedback_oauth_hook})
import oauth2 #pip install oauth2
accessToken = oauth2.Token(OAUTH_TOKEN, OAUTH_TOKEN_SECRET)
consumer_key = YOUR_COMSUMER_KEY
consumer_secret = YOUR_CONSUMER_SECRET
consumer = oauth2.Consumer(consumer_key, consumer_secret)
client = oauth2.Client(consumer, accessToken)
api_url = "https://api.bitbucket.org/1.0/user"
resp, content = client.request(api_url, "GET")
print resp, content
The above python code works for me.
I print the request info, notice that it contains oauth_version=1.0 which is required.
I tried removing it, then 401 was returned. I think BitBucket should document this.
I am trying to use the scribe oAuth plugin (in a grails environment). I am able to get the user to authorize my app and authenticate. I can then get the xml response. my question, though, is how do I re-query a users profile without having to have them re-authorize my app. Once they authorize it the first time, I capture their Token and Secret key. So, shouldn't I be able to re-query the profile (as long as they do not revoke their authorization.)? I was able to do this with the older version of the plugin. The problem is with creating a new token. I don't see a way to create the Authorization token without the Verifier and Request Token (which wont exist because my code is executing the query on their behalf, with their permission.)
If I try to create the token like this:
Token accessToken = new Token()
accessToken.secret="XXX"
accessToken.token = "YYY"
I get an initialization error.
I can't create it like this, because I dont have the Request token and verifier:
Token accessToken = service.getAccessToken(requestToken, verifier);
accessTokenSecret = accessToken.secret
accessTokenKey = accessToken.token
And If i dont have the access token object, I am unable to sign my request. The full code looks like this (assuming their is a request token and verifier)
OAuthService service=new ServiceBuilder()
.provider(LinkedInApi.class)
.apiKey(apiKey)
.apiSecret(apiSecret)
.build();
Verifier v = new Verifier(ver);
Token accessToken = service.getAccessToken(rt, v);
accessTokenSecret = accessToken.secret
accessTokenKey = accessToken.token
OAuthRequest request = new OAuthRequest(Verb.GET, apiUrl);
service.signRequest(accessToken, request);
Response response = request.send();
xmlString=response.getBody();
Thanks for your help
jason
well, after some time, I got this to work:
public getProfileWithTokens(getAccessToken, getAccessTokenSecret){
Token newAccessToken = new Token(getAccessToken, getAccessTokenSecret);
String xmlString =""
OAuthService service=new ServiceBuilder()
.provider(LinkedInApi.class)
.apiKey(apiKey)
.apiSecret(apiSecret)
.build();
OAuthRequest request = new OAuthRequest(Verb.GET, apiUrl);
service.signRequest(newAccessToken, request);
Response response = request.send();
xmlString=response.getBody();
}