I'm trying to POST to a Auth0 delegation URL to obtain an access token and getting a "Grant Type not allowed" error as seen below. (This is when not using Postman.)
I came across a post in the forums that Delegation is deprecate in Auth0. Can anyone confirm if that is the issue here and if I'm trying something that's not available anymore?
Request:
Content-Type: 'application/json'
{
"client_id": "ID",
"grant_type": "urn:ietf:params:oauth:grant-type:jwt-bearer",
"id_token": "TOKEN",
"target": "lwTL1rYVfC0KsBUFPeKWY3HvGjbIgdDM",
"api_type": "salesforce_api",
"scope": "openid"
}
Error:
{
"error": "unauthorized_client",
"error_description": "Grant type 'http://auth0.com/oauth/legacy/grant-type/delegation/id_token' not allowed for the client.",
"statusCode": 403,
"error_uri": "https://auth0.com/docs/clients/client-grant-types"
}
Related Question:
"Missing grant-type parameter" in Auth0 Delegation endpoint call
In that question, using Postman to call the endpoint with the same request results in a different error!
Related
Following this guide: https://developer.twitter.com/en/docs/authentication/oauth-2-0/user-access-token. I am getting this error when making the POST oauth2/token at the step 3 request:
`
{
"errors": [
{
"code": 99,
"message": "Unable to verify your credentials",
"label": "authenticity_token_error"
}
]
}
`
This is my request: (Note that I hide the client_id and code). The code is the one I receive after the step 2, doing the GET oauth2/authorize callback. Header: Content-Type - application/x-www-form-urlencoded;charset=UTF-8
My Request
I found the issue, the problem was that in the Bot Application, editing the Auth settings of my twitter app, I had the option: Confidential client which needed a Basic Auth = authorization: Basic ${'username + password encoded here'}
I'm trying to to a request to the Google Calendar API using Postman. Following this Google documentation:
https://developers.google.com/calendar/v3/reference/?apix=true
I'm doing a:
GET https://www.googleapis.com/calendar/v3/calendars/{my_calendar_id_here}
On the Postman Authorization tab i'm specifying that i want to use OAuth 2.0 and i also put my access token (which i use to make Calendar API calls from code, works fine). However, Postman responds with the following body:
{
"error": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"errors": [
{
"message": "Invalid Credentials",
"domain": "global",
"reason": "authError",
"location": "Authorization",
"locationType": "header"
}
],
"status": "UNAUTHENTICATED"
}
}
I really don't understand what i'm doing wrong, and other answers don't seem to target my particular scenario. I'd be grateful if someone could point out what am i doing wrong.
I would recommend replicating the request in Google's OAuth 2.0 Playground. Then using the confirmed to be working access token to troubleshoot Postman.
For Postman you could also pass the access token as a request header and if that resolves the issue.
Postman Headers Tab Input:
| Key | Value |
|---------------|-----------------------|
| Authorization | Bearer {access_token} |
I am using Microsoft Graph API to send an email on behalf of an admin. The token has the permission Mail.Send at application level. I am getting a 400 - Bad Request as the response.
Request: POST https://graph.microsoft.com/v1.0/me/sendmail
{
"message": {
"subject": "first mail",
"body": {
"contentType": "Text",
"content": "commented commmented"
},
"toRecipients": [{
"emailAddress": {
"address": "Alex#*******"
}
}]
},
"saveToSentItems": "false"
}
Response is 400 - Bad Request:
{
"error": {
"code": "AuthenticationError",
"message": "Error authenticating with resource",
"innerError": {
"request-id": "4c5cc54c-e590-4d9f-903f-4bc9828da707",
"date": "2018-01-19T19:48:11"
}
}
}
I searched all over Stack Overflow but I could not find a solution. Can someone please help me? Thank you in advance.
When using client_credentials you cannot use the /me endpoint. Graph translates requests to /me as /users/{ID of the Authenticated User}. Since you do not have an "Authenticated User" when using Client Credentials (i.e. App-only) you cannot use /me here.
Also note that the response is an AuthenticationError. This suggests that you haven't gone through the Admin Consent process yet. Any application looking to leverage the Client_Credentials OAUTH flow must first have an Admin provide Consent for the Tenant. It isn't clear how you're retrieving your token but if you're using the v2 Endpoint you can follow this walk-though: v2 Endpoint and Admin Consent
I have already managed to add some posts to my blog using google api and oauth and ran into some problems. I have tried for days - or weeks - to find the best question to ask and I believe I have isolated the problem. Apparently the secret key only works only for one hour. but after an hour at this line:
$service->blogs->getByUrl("theurlofmyblog.blogspot.com");
I get this error:
Google_Service_Exception in REST.php line 118:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
}
Some of the experts on forums have suggested that one must go to this address https://developers.google.com/oauthplayground/ and get a referesh token. But nobody has mentioned that how should we use that token. Do I put it inside the json file? There must be something like this - don't laugh please, this is supposed to be a suedo code -:
if(the key is expired)
use my referesh key and get me another key
Any experience?
As described in Google’s OAuth 2.0 documentation, you should receive a refresh token during the authentication flow. You should store that token someplace, then use it to get a new access token when necessary.
The exact procedure to exchange a refresh token for a new access token will depend on what OAuth client library you are using. In Signet (Google’s OAuth library for Ruby), for example, it’s done as part of fetch_access_token.
I have OAuth login in my app. After that I have access_token.
I check token in google token info service:
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=<access_token>
And It returns:
{
"issued_to": "554651647288-tquejcu6mctplq4kin5dd9r81mtkg3vv.apps.googleusercontent.com",
"audience": "554651647288-tquejcu6mctplq4kin5dd9r81mtkg3vv.apps.googleusercontent.com",
"scope": "https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.orgunit https://www.googleapis.com/auth/admin.directory.user",
"expires_in": 3299,
"access_type": "online"
}
As you can see I have admin user directory permission.
Then I send GET request for getting information about user
curl -X GET https://www.googleapis.com/admin/directory/v1/users/test_user#test.com?access_token=<access_token>
And google returned me right user information. After that I decided to get list of users.
curl -X GET https://www.googleapis.com/admin/directory/v1/users?customer=my_customer&access_token=<access_token>
And google returned me:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
But I don't understand why google returned me so error.
Could you please help me with this problem?
Thanks.
There are two solutions here.
1.This is the simple one. Put the URL params in quotes. This should do the trick - (fake access token used)
curl "https://www.googleapis.com/admin/directory/v1/users?customer=my_customer&access_token=asdf.AHEasdfyIc9vuPQ_BGONpzEJkasdfWYXGujPw5iPI"
You don't need to pass in -X GET as that is the default.
2.In general it is bad practice to send the access_token in the URL as this URL may get logged somewhere along the way for innocuous reasons. You can also do this through HTTP Header of Authorization -
curl -H "Authorization: Bearer asdf.AHEasdfyIc9vuPQ_BGONpzEJkasdfWYXGujPw5iPI" https://www.googleapis.com/admin/directory/v1/users?customer=my_customer