I'm getting error 500 in token endpoint.
I'm using Google SSO with hosted login UI
he login URL is https:/sso.auth.ap-northeast-1.amazoncognito.com/login?response_type=code&client_id=asd123&redirect_uri=https://dev.test.com:5000/dev.html
I'm using 'Authorization code grant' flow. After successful login it returns to url with authorization code callback_url?code=c015030f-d7bc-48e4-b046-0431b1b66ac7
Then I need to get access_token and refresh_token on 'token endpoint'.
url: https://sso.auth.ap-northeast-1.amazoncognito.com/oauth2/token
using application/x-www-form-urlencoded
Authorization: Basic base64(client_id:client_secret)
fields
grant_type=authorization_code
scope=email openid profile
redirect_uri=https://dev.test.com:5000/dev.html
code=the code that I got to callback to url
I'm doing all as described in https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
All I get is error 500 and json
{"error": "Internal Error"}
I found the problem. I had double space in header's Authorization between Basic and the hash. Anyway there is also a problem in error handling in amazon, we shouldn't get 500.
Related
I'm trying to get the access token using an http request.
According to the Oauth guide:
https://developers.google.com/identity/protocols/oauth2/web-server#incrementalAuth
the endpoint for exchanging authorization code to access token is https://oauth2.googleapis.com/token but it gives a page can't be found HTTP 404 error
Here's my entire url (I've replaced the code, client id, and secrets)
https://oauth2.googleapis.com/token?
code=xxxxx&
client_id=xxxxx&
client_secret=xxxxx&
redirect_uri=http://localhost&
grant_type=authorization_code
It looks like you are passing in the required fields as query parameters, but you need to put them in the post body and send an HTTPS POST request to https://oauth2.googleapis.com/token. You can find this information further down in the documentation you were referring to: https://developers.google.com/identity/protocols/oauth2/web-server#httprest_7.
I'm using the OAuth Authorization Code flow to authenticate the user and authorize my application against the WSO2 Identity Server. I'm using a simple node/express server, with Passport.js, to get the Access Token, and Postman to use that Access Token to make a few test requests to the SOAP APIs.
When using a Bearer Token method to authorize my application, I get the following error in the IS logs: 0 active authenticators registered in the system. The system should have at least 1 active authenticator service registered. I get the following error in Postman: 500 Internal Server Error, with the following response body, <faultstring>Authentication failure</faultstring>.
Here is what it looks like in Postman:
The same Access Token works with a REST API request, like "https://localhost:9443/scim2/Me".
Can anyone tell me what I'm missing here?
SOAP APIs in WSO2 Identity Server cannot be authenticated with Bearer tokens. They can be authenticated with Basic authentication and cookies. That's the reason for getting Authentication failure in the response.
But REST APIs in the Identity Server can be authenticated with Bearer tokens. So /scim2/Me authenticate successfully with access token.
Try to get the Access token manually from Authorize service and use it
Step 1: Get authorization code
https://<is_server_url>:9443/oauth2/authorize?client_id=<id>&redirect_uri=<callback_url>&response_type=code&scope=openid
You will get an authorization code on the callback URL
Step 2: Call token service to get access token
Post https://<is_server_url>:9443/oauth2/token
Content-Type:application/x-www-form-urlencoded
Authorization:Basic <base64encoded "<client_id>:<client_secret>">
grant_type:authorization_code
scope:openid
code:<code_from_step_1>
redirect_uri:<callback_url>
exp:
client_id=**abcdefgh12345678**
client_secret=**xyzsecretkey**
callback_url=**http://locahost/callback**
scope=openid
server: localhost
base64encode(client_id:client_secret)= base64encode(abcdefgh12345678:xyzsecretkey) => YWJjZGVmZ2gxMjM0NTY3ODp4eXpzZWNyZXRrZXk=
GET https://localhost:9443/oauth2/authorize?client_id=**abcdefgh12345678**&redirect_uri=**http://locahost/callback**&response_type=code&scope=openid
it will make a request back to the callback url with a parameter code, lets say code=this01is02your03code, please check your browser address bar
POST https://localhost:9443/oauth2/token
HEADERS
Content-Type:application/x-www-form-urlencoded
Authorization:Basic **YWJjZGVmZ2gxMjM0NTY3ODp4eXpzZWNyZXRrZXk=**
BODY
grant_type:authorization_code
scope:openid
code:this01is02your03code
redirect_uri:http://locahost/callback
this will return an access token, let say token returned by the server is 12345678ASDFGH
Now you could use this token to call any RestFull or SOAP service
Authorization: Bearer 12345678ASDFGH
I believe I am running the exact POST request in the OAuth docs ( with my credentials ), but I'm getting a 400 error. I was getting a 404 error, but then reset my client_secret and started using the new client_secret and am now getting a bad request error. Any ideas what I am doing wrong?
$.ajax({
url:'https://www.googleapis.com/oauth2/v4/token',
data:{
'code':getParameterByName('code'),
'client_id':'',
'client_secret':'',
'redirect_uri':encodeURI(url+'?mail=tokened'),
'grant_type':'authorization_code'
},
dataType:'json',
method:'POST',
success:function(response){console.log(response);}});
Most probably the redirect_uri value that you send is off; it should be exactly the URL that you sent in the authorization request i.e. the redirect to the authorization endpoint earlier.
This may be a long shot, but according to the HTTP/REST example available at Using OAuth 2.0 for Web Server Applications (section Handling the OAuth 2.0 server response) you should be sending the payload with a content type of application/x-www-form-urlencoded instead of JSON.
I've seen other OAuth implementations accepting JSON payload besides the application/x-www-form-urlencoded mentioned in the specification, but maybe Google implementation is more strict.
I've tested your code and it works fine if you have a valid Authorization Code and fill the Client ID, Secret and Redirect URI accordingly. In your snippet client_id and client_secret are set to empty string and this may be why it's not working.
Google OAuth endpoints return nice error messages with the Bad Request responses and can help you discover what is wrong with the parameters you sent.
your grant_type needs to be different than 'authorization_code'. You are having issues while getting tokens.
try grant_type=refresh_token
Redirect URL in .env file should be the same URL in google developer account and also check the redirect url in your route web.php
I am trying to access token from one-time code using Google oAuth2. But I am getting an error message redirect_uri_mismatch in the response. However i've already added the redirect_uri in console.
I have my Authorized redirect uri as:
http://localhost:3020/api/users/google_oauth_store_token
My request:
Request URL = https://www.googleapis.com/oauth2/v3/token?code=xXXXxx&client_id=xxxxxx&client_secret=xxx&redirect_uri=http://localhost:3020/api/users/google_oauth_store_token&grant_type=authorization_code
My response:
response = {
"error": "redirect_uri_mismatch",
"error_description": "Bad Request"
}
That was my mistake. I had to use the redirect_uri that i had used in one-time redirect uri. Google uses one of the redirect_uri to rest the client origin.
I am trying exchange authentication code to access token on OAuth2.
I sent a request to google using GET request, and I got a code. And now I'm trying to exchange the code to access token.
I sent request to https://accounts.google.com/o/oauth2/token with these arguments
using POST request
code=[Authentication code]
client_id=[Client ID]
client_secret=[Client Secret]
redirect_uri=urn:ietf:wg:oauth:2.0:oob
grant_type=authorization_code
But google responsed like this with 400 error
{
"error" : "redirect_uri_mismatch"
}
I created Client ID on google developers console. I used type 'Installed Application'.
I also tried:
request_uri=#://localhost:8081
request_uri=#://localhost:8081/
(# means http. I edited on my phone, so I couldn't insert code block for http)
But it didn't worked.
What's wrong with request?
Check these 2 steps below
The redirect uri to retrieve auth code and access token should be same
Use the same redirect uri that you configured while creating the application, screenshot below