Document endpoint
https://developer.uber.com/docs/ride-requests/references/api/v1-requests-request_id-receipt-get
My application already has FULL ACCESS for request_receipt
However, in my Rails application, when I request to endpoint API at: /v1/requests/my-request-id-here/receipt I receive the full message like this:
#<HTTParty::Response:0x7f8738f833f8 parsed_response={"message"=>"Forbidden", "code"=>"forbidden"}, #response=#<Net::HTTPForbidden 403 Forbidden readbody=true>, #headers={"server"=>["nginx"], "date"=>["Wed
, 02 Nov 2016 14:31:37 GMT"], "content-type"=>["application/json"], "content-length"=>["42"], "connection"=>["close"], "x-uber-app"=>["uberex-nonsandbox", "migrator-uberex-optimus"], "strict-transport-sec
urity"=>["max-age=0"], "x-content-type-options"=>["nosniff"], "x-xss-protection"=>["1; mode=block"]}>
Do you have any suggestion? The Uber API for developer is poor!
The issue is most likely you did not request the new scope when you authorized the user and got the access token. Access tokens are limited to the scopes approved by the user (so even though it is enabled in the dashboard) you need to pass the 'request_receipt' scope when authenticating the user.
See more details in the authentication guide: https://developer.uber.com/docs/ride-requests/guides/authentication/introduction#step-one-authorize
If you create a new access token with the scope all should work as expected.
Related
I am testing Get Chat Microsoft Graph API (which is still in Beta) and it seems to work successfully when it is called from Graph Explorer (which uses an user token), instead when I call this API from Postman with an application token, I get 401 Unauthorized with an Unknown Error as response.
https://graph.microsoft.com/beta/users/<user-id>/chats/<conversation-id>
My App Registration on Azure has these permissions:
And the decoded application token contains:
"aud": "https://graph.microsoft.com",
"roles": ["User.Read.All", "Chat.Read.All" ]
The same token it works for the Get User API
https://graph.microsoft.com/beta/users/<user-id>
Basically, it seems to have problems only the GET Chat API when called with an application token, although the documentation says it is supported. Am I missing something in the App Registration configuration?
EDIT
As I have already explained in the comments, this question doesn't help me, since:
audit is correct
permissions are present in the token and are granted by the admin in the App registration
scope is correct
Should I check something else?
Have you seen this message on the (English) documentation page?
Before calling this API with application permissions, you must request access. For details, see Protected APIs in Microsoft Teams.
It seems like Microsoft has implemented an extra layer of security for apps accessing "Teams" endpoints.
we use the following HTTP GET request to get group's info:
https://graph.microsoft.com/v1.0/groups/{groupId}?$select=visibility,unseencount
Until today (18 Sep 2018) it worked, but today it stopped working. Now Postman returns 403 Forbidden: ErrorAccessDenied (message: Access is denied. Check credentials and try again).
When unseencount is removed from url data is returned successfully with the same bearer token:
https://graph.microsoft.com/v1.0/groups/{groupId}?$select=visibility
Also in our app which uses Sharepoint SPFx and HttpClient it currently returns 400 Bad request for the same url.
I am not seeing that. Have you tried this out in the Graph Explorer signed in as your user (eliminates some mistakes possibly you not seeing in Postman etc.)? http://aka.ms/ge
Is it consistent for all groups? What about ones that the user belongs to?
You will need Group.Read.All to access this property. Ensure that's coming back in your access token.
https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/group_get
I'm using the Microsoft Office 365 REST API to read calendar items from Office 365 and Outlook.com accounts.
It work's well.
Now, I need to read the same from Office 365 Deutschland accounts. That doesn't work.
I already found out the following:
Use another endpoint for login
International: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Deutschland: https://login.microsoftonline.de/common/oauth2/authorize
Use another endpoint for the REST API
International: https://outlook.office.com/api/v2.0/me/calendar/events
Deutschland: https://outlook.office.de/api/v2.0/me/calendar/events
Need another ClientID/ClientSecret
International: https://apps.dev.microsoft.com
Deutschland: https://portal.microsoftazure.de
Use different oauth2 scope
International: offline_access https://outlook.office.com/Calendars.Read
Deutschland: offline_access openid https://outlook.office.de/Calendars.Read
With all that, I can get an OAuth2 access token. But when I call
https://outlook.office.de/api/v2.0/me
or
https://outlook.office.de/api/v2.0/me/calendarview?startDateTime=2018-01-01T01:00:00&endDateTime=2018-10-31T23:00:00
with that token, I only get the following error:
Request Headers:
cache-control:"no-cache"
postman-token:"b765d2d1-9ffc-4016-8216-38678af4f245"
authorization:"Bearer AQA*** snip for security***gAA"
user-agent:"PostmanRuntime/7.1.5"
accept:"*/*"
host:"outlook.office.de"
cookie:"ClientId=DFDA316304974E36A43D11CF7BB6D8A3; OIDC=1; OpenIdConnect.nonce.v3.y7kDkk7dHuGjDZ9PZ_xiLj0CjfuLbQt629j5MuTcNp8=636667242602536754.c00ff4a6-e523-4dff-b1ce-24d1d024ce67"
accept-encoding:"gzip, deflate"
Response Headers:
server:"Microsoft-IIS/10.0"
request-id:"e59f5e5e-0980-4914-9087-064270bdd233"
x-calculatedfetarget:"LEJPR01CU002.internal.outlook.com"
x-backendhttpstatus:
0:"401"
1:"401"
x-feproxyinfo:"LEJPR01CA0057.DEUPRD01.PROD.OUTLOOK.DE"
x-calculatedbetarget:"FRXPR01MB0456.DEUPRD01.PROD.OUTLOOK.DE"
x-rum-validated:"1"
x-ms-diagnostics:"2000010;reason="ErrorCode: 'PP_E_RPS_INVALIDCONFIG'. Message: 'Invalid configuration. Check event log for actions.%0d%0a Internal error: Config directory does not exist; config directory must exist and be an absolute path:C:\Program Files\Microsoft Passport RPS\LiveIdConfig.'";error_category="invalid_msa_ticket""
x-besku:"Gen8"
x-diaginfo:"FRXPR01MB0456"
x-beserver:"FRXPR01MB0456"
x-feserver:
0:"LEJPR01CA0057"
1:"FRAPR01CA0084"
x-powered-by:"ASP.NET"
www-authenticate:"Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0003-0000-c000-000000000000#*,00000002-0000-0ff1-ce00-100000000002#84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa", token_types="app_asserted_user_v1 service_asserted_app_v1", authorization_uri="https://login.microsoftonline.de/common/oauth2/authorize", error="invalid_token",Basic Realm="",Basic Realm="",Basic Realm="""
date:"Mon, 09 Jul 2018 09:46:28 GMT"
content-length:"0"
Response Body:
What am I doing wrong?
What does PP_E_RPS_INVALIDCONFIG mean?
Where can I create the directory C:\Program Files\Microsoft Passport RPS\LiveIdConfig?
The problem was the token. It was visually fine, but inside it was not.
With Office 365 Deutschland, you have to use the Azure Active Directory authentication endpoint V1.0 (no version number in the endpoint url means V1.0). For International, you should use the V2.0 endpoint.
The V2 enpoint wants the resource hint in the scope: https://outlook.office.com/Calendars.Read.
The V1 endpoint ignores the scope (and the resource hint in it) and wants an additional OAuth2 uri parameter called resource. The errors did't pointed me in the right direction.
But it was documented (badly) at this point.
resource
recommended
The App ID URI of the target web API (secured resource).
To find the App ID URI, in the Azure Portal, click Azure Active Directory,
click Application registrations, open the application's Settings page, then click Properties.
It may also be an external resource like https://graph.microsoft.com.
This is required in one of either the authorization or token requests.
To ensure fewer authentication prompts place it in the authorization request to ensure
consent is received from the user.
I think it should say required with V1.0.
Here my working authorization endpoint call:
https://login.microsoftonline.de/common/oauth2/authorize?response_type=code&client_id=c9000000-0000-0000-0000-000000000007&redirect_uri=http://localhost:11184/&state=1P3S9RvgQyfd3xLXmbhPcYD12aNHYkBF&scope=offline_access%20Calendars.Read&resource=https://outlook.office.de
By the way: If you use the resource parameter with the V2.0 endpoint, it gives you the error:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?response_type=code&client_id=6262047e-0000-0000-0000-000000000007&redirect_uri=http://localhost:11184/&state=2pSIj7o7dJJ0bGIv0p1ZfRjK6DV2duwM&scope=offline_access%20https://outlook.office.com/Calendars.Read&resource=https://outlook.office.com
AADSTS90100: The 'resource' request parameter is not supported.
Using https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-code/, i was able to generate access token. But when i try to sent a message to skype bot using the access token generated using scopes defined in above url, i get a "401: The provided 'OAuth' ticket failed authentication." error. What scopes should i use while i generate a code or access token to sent a message to skype bot via API (https://docs.botframework.com/en-us/skype/chat/#rest-api ) . The scope specified here under skype/chat/#authentication does not even takes me to login page to generate code .
To generate a token you should do the HTTP call described in https://api.botframework.com/en-us/skype/chat/#authentication, i.e.
POST /common/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id=<your bot msa app id>&client_secret=<your bot secret>&grant_type=client_credentials&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default
So the scope is 'https://graph.microsoft.com/.default'.
I am using following Mentions Timeline API : -
https://api.twitter.com/1.1/statuses/mentions_timeline.json
I am performing authenticated API call for Mentions and using the application (tokens).
But, getting 403 Forbidden as response when i call authenticated Mentions API. prior of 14 Jan 2014 this Mentions API was working fine. after that it is returning 403 error.
I am getting response when i call following API authenticated with same application tokens: -
https://api.twitter.com/1/users/show.json?screen_name=XXXXX
Can anyone tell me why i am receiving response - 403 Forbidden for Mentions Timeline only not in other API calls
Thanks,
Ketan
Jan 14th is the day Twitter API switched to requiring SSL/TLS. This discussion has the details:
https://dev.twitter.com/discussions/24239
Based on your description, you should check your URLs to ensure they're set to "https://..." instead of "http://...".
Migrate to https://api.twitter.com/1.1/users/show.json
is now work endpoint for GET users/show.
403 Forbidden for Mentions Timeline it error mean invalidate token check authentication it requite oauth.