I was using apim 3-m18 previously and post'ing to localhost:9443/api/auth/oauth2/v1.0/token?grant_type=password&scope=apim:api_view with the basic auth token of clientid:clientsecret returned from /api/id4entity/oauth2/dcr/v1.0/register endpoint worked fine in giving me the oauth token for admin api's - e.g. the logic laid out at wso2 API-M 3.0 - how to get oauth token for product/admin api calls
However, I upgraded to latest rev (m24) and the dcr register endpoint still works fine, but when I then hit the token api with the base64-encoded clientid:clientsecret from dcr, the request hangs before i get a timeout error.
When I exit m24 and restart m18 and make the exact same requests (dcr call for clientid/secret, then token api call), it works. Then switching to m22 fails with same requests.
I didn't see any documentation or issues in github on this, so was curious if anyone knows what I might need to change to get the oauth token. Thanks.
Could you please use the following curl command
curl -X POST -H "Authorization: Basic N2Y4MzM0ODEtNjk1ZS00OWY4LTg0OTgtOGU0NjUwNzhmYjljOmU1NmZlOTM3LTQwZjYtNGEwMy04MDIzLTE4ZGE0YmZmNWU3OA==" -H "Content-Type: application/x-www-form-urlencoded" -d 'username=admin&password=admin&grant_type=password&scope=scope' "https://localhost:9443/api/auth/oauth2/v1.0/token" -kv
Authorization token is Base64 encoded(clientId:clientSecret)
Related
I am trying to implement the new TikTok Login Kit for Web and am stuck on the getting the access token.
Here's this specific step described in TikTok's doc.
https://developers.tiktok.com/doc/manage-user-access-tokens
I have registered the app.
I am able to reach the OAuth login screens.
I'm also able auth. and get a response from the auth. endpoint with an authorization code.
But when fetching the access token using the said authorization code my POST request comes back to my redirect URL with a "Status=Temporary Redirect, StatusCode=307" in the response.
I assume 307 means there's something missing on the tiktok server, but their support isn't very responsive unfortunately.
Perhaps someone in the community has dealt with this before?
I'm sending my POST request with the following parameters.
URL: https://open-api.tiktok.com/oauth/access_token
?code=atGaIopCm2M9L2vfad0l4IJzzX8qFfg7aButDrjqerJqs5rhIqmWZLLGk1YRJZUZ6-mGBaYxX_asSdw1TNe7NHhvysS99Yz5o4MtkNv2-nA*1
&client_key= <client key in plain text>
&client_secret=<secret in plain text>
&grant_type=authorization_code
Any ideas what could that 307 Error be hinting at in general?
Add -L in your curl command to enable redirections automatically
curl -X -L POST -H 'Content-Type:application/json' --data '{"secret": "xxx","app_id":"xxx","auth_code":"xxx" }' "https://business-api.tiktok.com/open_api/v1.2/oauth2/access_token/"
See the document here:
https://ads.tiktok.com/marketing_api/docs?id=1709207085043713
I'm in the context of an embedded devices that uses an HTTPS client to request an access token on behalf of a user (delegated permission needed for the app).
I'm currently using OAuth 2.0 ROPC (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc) to get my token and everything works fine.
But since this authentication is deprecated I'd like to change to a more secure solution that works in hybrid identity federation scenarios.
I see that many other solutions exists, but I can't find one that doesn't need to interpret an HTML/JS response.
Here a CURL example to explain my point:
ROPC request:
curl -X POST "https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token" --data "grant_type=password&scope=EWS.AccessAsUser.All&username=<username>&password=<password>&client_id=<client_id>&client_secret=<client_secret>" -H "Content-Type: application/x-www-form-urlencoded"
Response:
{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"eyJ0eX....1234"}
Here I can extract the token directly from the response.
But using other ways to get delegated permission token such as OAuth 2.0 Implicit Grant flow (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow), responses are always an HTML that I can't interpret.
So here I am wondering if there is a solution to this situation.
Thanks in advance,
Aloïs KYROU
You cannot use the implicit flow to obtain the token in the tool, you can only run the request url in the browser. Because using the implicit flow requires you to log in. Please note that before this, you must enable id token and access token.
Request the id token and access token in the browser.
https://login.microsoftonline.com/{tenant id}/oauth2/v2.0/authorize?
client_id={client id}
&response_type=id_token token
&redirect_uri={redirect_uri}
&scope=openid EWS.AccessAsUser.All
&response_mode=fragment
&state=12345
&nonce=678910
can anyone help me I am trying to call below request
curl https://rtm.zopim.com/stream/{resource} \
-H "Authorization: Bearer {API access token}"
initially, I tried with basic auth (adding id : password in the request) response was unauthorized,
then I generate access token with postman like in below screenshot
and when call API with that access token then the response is 403 forbidden
I can successfully hit and get response other api like ( https://www.zopim.com/api/v2/chats) with the same access token
but not the specific "rtm.zopim.com/stream/"
The Real Time Chat API is available on Enterprise plans only, so if you are not on the Enterprise plan you will receive a 403 Forbidden error.
I was trying to make a iOS which will use the Uber API to do things like get rides and what not. I am trying to implement the OAuth 2.0 on the iPhone without using any server side help.
Is that possible? Has anyone done this?
Here are some references:
Uber Authentication: https://developer.uber.com/v1/auth/
Oauth 2.0: https://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified
Yes, this is possible. I was able to configure OAuth2 for my app using Uber API. Here are step-by-step instructions:
In your app, redirect to https://login.uber.com/oauth/authorize with your client_id and response_type=code in order to allow user to authorize your app.
Upon successful authorization, Uber will redirect to your redirect_uri (you can specify any redirect_uri, including localhost:xxxx for testing purposes, etc.) to provide you with an auth code that is single-use and valid for 10 min. Implement a callback to retrieve this auth code.
With the valid auth code from Step 2, make a POST request to exchange for an access token. As a simple check, I would recommend using curl to confirm access token validity. For ex:
curl -F 'client_secret=YOUR_CLIENT_SECRET' \
-F 'client_id=YOUR_CLIENT_ID' \
-F 'grant_type=authorization_code' \
-F 'redirect_uri=YOUR_REDIRECT_URI' \
-F 'code=AUTHORIZATION_CODE' \
https://login.uber.com/oauth/token
Upon successful exchange, use the access token as the value for the 'Authorization' header for subsequent endpoint calls. For ex:
curl -H 'Authorization: Bearer YOUR_ACCESS_TOKEN' 'https://api.uber.com/v1/products?latitude=37.7759792&longitude=-122.41823'
Trying to add twitter login using OAuth and it has been a nightmare to get the first step of requesting the token, which results in 401 error as always.
I used twitter's Test OAuth tool to compare the http request that my scala server sends.Curl request works while my server request fails. Pasting them below for comparison.
Curl Request
curl --request 'POST' 'https://api.twitter.com/oauth/request_token' --data 'oauth_callback=http%3A%2F%2F0.0.0.0%3A8081%2Fweb' --header 'Authorization: OAuth oauth_consumer_key="wRflKWWomJ9jKeK8wbTk0Jck3", oauth_nonce="46ef029600fcc2a6cbe068eb9711401c", oauth_signature="3ptB%2B6%2Fv9QYGgyQjO9DhuD7pmzA%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1422879905", oauth_version="1.0"' --verbose
Scala server Request
HttpRequest(POST,https://api.twitter.com/oauth/request_token,List(Authorization: OAuth oauth_consumer_key="wRflKWWomJ9jKeK8wbTk0Jck3", oauth_nonce="70449464359328", oauth_signature="yEni23tuzEveIMtDm7%2F8N2anU%2FM%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1422879900", oauth_version="1.0"),HttpEntity(application/x-www-form-urlencoded,oauth_callback=http%3A%2F%2F0.0.0.0%3A8081%2Fweb),HTTP/1.1)
Things I tried:
Made sure timestamp is within 5 minutes
Made sure "Allow this
application to be used to Sign in with Twitter" is set in twitter
settings.
Callback url is set - http://0.0.0.0:8081/web (even tried
proxy names for localhost by changing ip table)
Tried generating request token using Saclaj
Used custom OAuth signature request primarily using OAuth.scala
This 401 twitter request token seems to be a recurring theme for many folks, complicated by various failure points. Any help is much appreciated.
For anyone else facing this issue, I am listing down few things that you could benefit from.
After excruciating attempts of permutations and combinations,
oauth_token had to be a part of the signature (even if its value is
empty string). I am not sure if it is mentioned anywhere and particularly ironic that you had to remove access token and secret while using Twitter's OAuth testing tool (for the Curl command to work properly which took some bloody lot of time to figure out.)
It is good to validate your basestring - Tool
Validating if your signature process is correct - Check point (f)
Another possible scenario
In my Twitter client app settings screen, I set an option "Enable Callback Locking (It is recommended to enable callback locking to ensure apps cannot overwrite the callback url)" and this caused me getting 401 unauthorized error on trying to get request token.