I am trying to do the wallet integration with Paytm. To generate the Oauth token we need to supply the client ID send it by encrypting with client secret key.
I am struggling to find out how or from where I would get the client ID and secret key from Paytm. The API doc at Paytm says
Oauth APIs
Pre-requisites:
Client Id : Will be provided by paytm for authentication purposes
Client secret : Will be provided by paytm for authentication purposes
http://paywithpaytm.com/developer/paytm_api_doc?target=oauth-apis
Related
Is there any endpoint in AWS Cognito to validate the bearer token?
I am using cognito as my oauth provider and I am able to get the bearer token successfully with app client id and secret.
Now I have to make a call to cognito, to cross verify if it really generated this token and validate the authenticity of the token from my application.
Cognito issues JWT tokens, so you must validate them via a library, which will download the token signing public key from Cognito's AWS endpoint.
Here is an API example in AWS, that validates access tokens using Node.js. A front end app could use similar validation for ID tokens:
JWT Validation Code
If you have particular technology preferences, post back and I'll recommend a library.
I am using oAuth Model to access Podio API. I am able to generate the Access Token and Refresh Token using a pair of Client ID and Client Secret.
Later when i tried to authenticate using previously generated Access Token and Refresh Token with new pair of Client ID and Client Secret then getting Following Error Message:
{"{\"error_propagate\":false,\"error\":\"invalid_grant\",\"error_description\":\"Invalid refresh_token\",\"error_detail\":\"different_client_id\",\"request\":{\"url\":\"http://api.podio.com/oauth/token\",\"query_string\":\"\",\"method\":\"POST\"}}"}
When i tried to authenticate using same Pair of Client ID and Client secret that was originally used to generate the Access Token , it Works.
My Question is: Can we use different Client ID and Client Secret to authenticate through Access Tokens that were generated using different Client Id and Secret.
I hope i have clearly described my question.
No, access tokens are tied to a specific client and secret. Allowing access tokens to be used with other clients would be a security hole.
I've seen these questions about using Postman in order to invoke Google's API with OAuth 2:
Using Postman to access OAuth 2.0 Google APIs
Could not obtain Google oAuth 2 token on POSTMan
and many more, but they all have client ID and client secret.
For the 'Save to Android Pay' API, all I got is a .p12 key and an issuer ID. I also have Service Account Email Address but defiantly no client id or secret. I think I also have the Auth URL but I'm not sure: https://www.googleapis.com/auth/wallet_object.issuer
Looking in the Save to Android Pay API, doesn't say anything about a client id so I'm really not sure how I'm supposed to obtain a token in POSTMAN with what I have.
So my question is: giving a .p12 key, an issuerId and a Service Account Email Address, What do I need to fill in POSTMAN OAuth 2 fields:
Token Name, Auth URL, Access Token URL, Client ID, Client Secret, Scope (Optional), Grant Type
To obtain OAuth 2.0 client credentials, you need to register an application to the Google API Console as specify in the basic steps and then you'll get a client ID and client secret.
I'm trying to understand what each string in the Oauth 1 scheme does.
As per my understanding, the consumer key and consumer secret are used to sign a request to the api, from the calling application, and the access_token and access_secret pair are used as a proxy for the user's login credentials.
Am I right in my understanding?
Not quite. The consumer key is a value that identifies the client application that is being used to access the user resources, and the access token is the value that provides the authorization to access those resources.
A combination of the consumer secret and token secret are used to sign the request which provides verification that the request is being sent by an authorized party.
You can read more about the definitions of the oauth 1.0a spec here.
I am using oAuth to call Intuit Quickbook Onlinde data API.
Is there any method to get comsumerKey and Secret ussing App Token value in oAuth ?
thank,
manish
You can use this - https://appcenter.intuit.com/Playground/OAuth
Connect to QB Ref (3 legged Oauth) Ref - https://developer.intuit.com/docs/0025_quickbooksapi/0010_getting_started/0020_connect/0010_from_within_your_app
You can refer the sample JAVA/.Net app as well to generated accessKey, accessSecret against your QBO account(relam).
Thanks
As the official document says:
Both Consumer Key and Secret are assigned to your app by Intuit and displayed in the app profile on the IPP developer site.
consumer key
An OAuth value, used by the app to identify itself to the Intuit OAuth provider service. The consumer key is generated when you create the app on the IPP developer site and is displayed on the Manage App tab. The Development and Production instances of an app have different consumer key values. A consumer key is required in the header of an HTTP request to Data Services for QuickBooks or the QuickBooks API.
consumer secret
An OAuth consumer secret. A secret used by the app to establish ownership of the consumer key. The consumer secret is generated when you create the app on the IPP developer site and is displayed on the Manage App tab. The Development and Production instances of an app have different consumer secret values. A consumer secret is required in the header of an HTTP request to Data Services for QuickBooks or the QuickBooks API.
And here is a tutorial of Implement OAuth in Your App.