im getting unauthorized error when calling https://sandbox-api.uber.com/v1/estimates/price
I'm using Auth0 and can successfully login with scopes profile request and all_trips.
I get the id.token from the result and pass it to client header
_authHeader = new AuthenticationHeaderValue("Bearer", token);
_client.DefaultRequestHeaders.Authorization = _authHeader;
If using a server_token and not an oauth access token the header should be "Authorization: Token ". See the example in the curl guide.
Related
I need to read and import google people contacts but I get the following error:
"Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project."
"status": "UNAUTHENTICATED"
This is the script (classic asp) I am using:
StrURL="https://people.googleapis.com/v1/people/get"
ApiKey="my api key"
Set objXMLHTTP = CreateObject("Msxml2.ServerXMLHTTP.6.0")
objXMLHTTP.Open "GET", StrURL, False
On Error Resume Next
objXMLHTTP.setRequestHeader "Authorization", "Bearer " & ApiKey
If Err.Number<>0 Then Response.Write "Error:" & Err.Description & "<br>"
On Error GoTo 0
objXMLHTTP.send
content = CStr(objXMLHTTP.ResponseText)
statuscode = objXMLHTTP.Status
How can I get the token using classic asp? Can anyone help me?
objXMLHTTP.setRequestHeader "Authorization", "Bearer " & ApiKey
You appear to be sending an api key. An api key is not a bearer token. Api keys only grant you access to public data, not private user data.
In order to access private user data you need to request authorization from that user to access that data that is done using Oauth2
Once you have been grated consent of the user to access their data you will have an access token. This access token can then be sent to the api in the authorization header.
I haven't used asp classic in years. These videos may help you understand how to make the authorization request.
Google 3 Legged OAuth2 Flow
How to create web app credetinals
Understanding oauth2 with curl
I have included the 'extended' scope while generating the authorization URI for oauth code grant flow, but while refreshing the access token, in the response I am getting the scope as 'signature'. How to get the refresh token with extended scope when refreshing the access token. I have attached my code to get the access token from refresh token.
auth_string = "{0}:{1}".format(
DOCUSIGN_CLIENT_ID, DOCUSIGN_CLIENT_SECRET
)
auth_encoded_hash = b64encode(auth_string.encode("utf-8"))
auth_header = auth_encoded_hash.decode("utf-8")
url = "https://account-d.docusign.com/oauth/token"
headers = {
"Authorization": "Basic {0}".format(auth_header),
"Content-Type": "application/x-www-form-urlencoded",
}
body = {"grant_type": "refresh_token", "refresh_token": refresh_token}
_response = requests.post(url, data=body, headers=headers)
response = _response.json() # here I am getting scope as 'signature'
My second follow up question on this, if the refresh token itself get expires while refreshing the access token what would be the error message I will be getting in the response above?
The "extended" scope is needed when you originally consent and get the token from the user so that the refresh token will not expire for 30 days. It is not needed every time you use said refresh token to obtain a new access token.
Error messages for an expired token will typically get an invalid grant error, but the error is subject to change, you should handle all errors and not look for a particular error string.
See Which is the error returned when a DocuSign refresh token is expired? for similar question/answer.
The refresh operation request does not include scopes.
The refresh operation response may include the scopes that were previously requested.
Here is the refresh operation:
curl --location --request POST 'https://account-d.docusign.com/oauth/token' \
--header 'Authorization: Basic 'NWYxZTg4…………...TJkOGI2Yg==' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'refresh_token=eyJ0eX…………...Dp_hA' \
--data-urlencode 'grant_type=refresh_token'
If the refresh operation succeeds, then the response contains a new access token and a new refresh token.
Next, throw away the old refresh token and use the newly received refresh token until the next time.
In other words:
the first refresh API call uses the refresh token returned by the Authorization Code grant flow
then each subsequent refresh API call uses the refresh token returned by the prior refresh API call
Blog post about using refresh tokens
For my API testing, I have been getting the Authentication Token with the help of Postman. API uses OAuth2.0 for authentication.
While using Postman, I am entering the details like Token Name, Grant Type, Access Token Url, Client ID, Client Secret, Scope, Client Authentication. Once clicked on the Request Token, Bearer token is received and is updated in the Header of the request. Please refer the image attached.Getting OAuth2.0 bearer token with Postman
But now, I want to do it with Rest Assured using Java. Hence I want to know the code how do I get the Bearer token by using Rest Assured?
Assuming you are sending the client id secret and other details in the Query Parameters, for the GET and your response header access_token has the value you are looking.
public class Sample {
String oauth_token ;
#BeforeTest
public void sampletest() {
oauth_token = RestAssured.given().auth().basic("username", "password").
.queryParams("client_id", "client_id_value")
.queryParams("client_secret", "client_secret_value")
.queryParams("grant_type", "authorization_code")
.queryParams("redirect_uri", "https://someuritoredirect")
.queryParams("otherparams", "sampleparam")
.when().get("https://uri.to.get.hostname.com/oauth2/access_token")
.then()
.statusCode(200)
.extract().header("access_token");
}
}
I'm new to keycloak and tyring to get access token from keycloak using GET request method through postman but experiencing http 405 error (Method not allow)
I already have tried this but it's not working and throwing HTTP 405 error method not allowed
MEHTOD: GET
URL: https://keycloak.carbook-dev.gocarbook.com/auth/realms/carbook/protocol/openid-connect/token
{
"realm":"carbook",
"bearer-only":true,
"grant_type":"password",
"client_id": "web_app",
"username":"admin*****",
"password":"a*****"
}
I'm expecting access token upon successfully completion of that request such as
eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJJQk1YWTd0TGpfejg5c1p2Z2JrUHp.....
I can achieve the same using postman GET NEW ACCESS TOKEN form but i want to achieve this through rest call so that later on i could use the same request in cypress to access the token for subsequent calls.
Shouldn't you POST the request instead of GET ?
The message seems to tell that GET method is not allowed for this endpoint...
I am using the Twitter OAuth to authenticate user and to show the user tweets on my site.
Following are the some Constants that are used for API:
public const string REQUEST_TOKEN = "https://api.twitter.com/oauth/request_token";
public const string AUTHORIZE = "https://api.twitter.com/oauth/authorize";
public const string ACCESS_TOKEN = "https://api.twitter.com/oauth/access_token";
Now when I am making a webrequest using the
new StreamReader(webRequest.GetResponse().GetResponseStream());
Then I am getting error : "The remote server returned an error: (401) Unauthorized."
My webrequest uri is https://api.twitter.com/oauth/access_token?oauth_consumer_key=myConsumerkey&oauth_nonce=3403339&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1366792353&oauth_token=1372849567-3BtbvrvJ3HXl774InICgBz1T2jcLpif9xecxWmc&oauth_version=1.0&oauth_signature=%2bLyQZwQwiNGJNP9uk591Hy4arfk%3d
So what is wron with this url. Please Healp me to get rid of this.
Thanks,
Dalvir
Are you sending the oauth_verifier code that you received when the user authorized your app?
Twitter applications not using the oauth_verifier will fail to complete the OAuth flow. If you're not receiving an oauth_verifier in your callback, verify that you're explicitly setting your oauth_callback on POST oauth/request_token.