LinkedIn authorization fails even for r_basicprofile scope.
Here is the authorization request that I'm trying to execute
https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=xxx&redirect_uri=http://localhost:8080/login/linkedIn&state=987654321
client_id is changed of course.
I'm getting response 401 - Unauthorized.
{"timestamp":1465218804004,"status":401,"error":"Unauthorized","message":"Authentication Failed: Could not obtain user details from token","path":"/login/linkedIn"}
I've checked App permissions, r_basicprofile is selected and the client_id is correct.
Related
I aim to fetch purchases from googleapis by using a service account on server-side.
Method: purchases.products.get api requires an oauth2 authentication.
Therefore I create an oauth2 token -from the client-secret.json I am provided from consolce.cloud.google- inside of my server-side backend java spring application.
GoogleCredentials googleCredentials = GoogleCredentials.fromStream(new FileInputStream("src/main/resources/client_secret.json")).createScoped("https://www.googleapis.com/auth/androidpublisher");
googleCredentials.refresh();
AccessToken accessToken = googleCredentials.getAccessToken();
The token I generate is like 'ya29.c.b0AXczHcuLszNI................'
It ends with multiple dots I don't know why.
https://androidpublisher.googleapis.com/androidpublisher/v3/applications/{packageName}/purchases/products/{productId}/tokens/{token}
After I get the token I do the GET request to this URL.
I gets the following error:
"message": "Request is missing required authentication credential.
Expected OAuth 2 access token, login cookie or other valid
authentication credential. See
https://developers.google.com/identity/sign-in/web/devconsole-project.",
Why my token is not working? The way I use it, Is it wrong? And/or oauth2 token generation way is it wrong?
The access token is sent as an authorization header. The access token should be prefexed with the term bearer as it is a bearer token.
I'm using Postman a lot for API development. Most of time I use OAuth 2.0 for authentication. As this post says, the Authorization Code flow steps are as below:
The application opens a browser to send the user to the OAuth server
The user sees the authorization prompt and approves the app’s request
The user is redirected back to the application with an authorization code in the query string
The application exchanges the authorization code for an access token
In step 3, I think the user is redirected back to the application by using the redirect url. But what we always provided in the request is the configured url for real application that should get the auth code instead of Postman. I'm quite confused how can Postman get the auth token as the redirect url has no info about it.
The identity provider will create the authorisation code and return it to the redirect URI as a query string parameter, in a parameter named code the url will be yourdomain.com/app?code=authorisation-code
In postman it is possible to retrieve an access token for a Authorisation Code flow client.
Click the authorisation tab for a request, in the type select oAuth 2
Then click the orange Get Access Token button, it will prompt a new window where you can input your client & idp information.
When you click the request token button it will prompt you to enter your credentials at this point it will retrieve the authorisation code and automatically exchange it for an access token using the client id, secret and scopes that you configured on this screen, if everything is successful then you will receive your access token.
I am currently tracking a question on how to automate this process to be executed as part of the execution runner: Postman - Access Token Retrieval using Authorisation Code grant type
I am new to KeyCloak, but managed to set up the local KeyCloak server.
As a client I am using postman to test the authentication part.
I am able to get the access token when I enter the OAuth2.0 credentials in postman and able to make a request to access the API.
As the default expire time for the access token is 5 min, when I try again after 5 min to access the API I get Forbidden 403 response from KeyCloak.
I expect this should be Unauthorised(401)
If I provide a user credential that doesn't have permission to access the resource then also I get Forbidden 403 response.
How to tell I am getting 403 because of user authorization issue or because of expired access token?
Thanks,
Vikas
I'm having a trouble in requesting a refresh token, it keep returning an Unauthorized 401 error. I don't know if I'm lacking a parameters that I passed when I did a request.
I added the doorkeeper configuration for refresh token.
use_refresh_token
Here's the request details:
{{root_url}}/oauth/token
{"refresh_token"=>"034a74c085219fb8297fd8ef9b59f080918f"
"format"=>:json,
"controller"=>"/oauth/tokens",
"action"=>"create",
"grant_type"=>"refresh_token",
"client_id"=>"<client_id>",
"client_secret"=> "<client_secret>"}
Error descriptions:
{:error=>:invalid_grant,
:error_description=>
"The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}
Btw, all of my api request authentication is not failing just this refresh token. I wonder what I'm missing in the request parameters.
Do not pass the client_id and client_secret.
The required parameters for the refresh token are:
grant_type
refresh_token
Optional parameter:
scope.
See the Refresh Token section of rfc6749: The OAuth 2.0 Authorization Framework
It is mentioned in oauth documentation at https://developer.uber.com/v1/auth/ that access token remains valid for 30 days. But I have started getting invalid credential error within a week. The exact error I am getting is:-
{"message":"Invalid OAuth 2.0 credentials provided.","code":"unauthorized"}
Trying refresh token after this error gives invalid grant error whereas 'refresh_token' is valid grant type.
{"error": "invalid_grant"}
Anyone facing similar issues?
If your client credentials are used to get another access token, that will invalidate former access tokens associated with that user.
When an access token expires, you must obtain a new access token. Use the refresh token to get a new access token without prompting a user to login and grant permission again. The refresh token itself is not a valid token to access API endpoints - it is just a code you keep to exchange for a new access token when yours expires. This is described in Step Five: Refreshing Tokens in Uber's Authentication Guide.