I'm trying to implement an OAuth 2 client to Workday and I'm getting hung up on trying to request a token. I can call the authorization endpoint and it redirects to my callback with the authorization code just fine, but when I try to post the authorization code to the token endpoint, I get:
"{\"error\" : \"application=service - invalid_request\"}"
I've tried different combinations of URL encoding on the request_uri. I've tried passing a state parameter. I've even gone as far to proxy the call to make sure the I was actually sending the correct information. Here is the PHP code I wrote to try and retrieve the token.
function callback() {
$code = $_GET["code"];
log_message('info', 'Using code: ' . $code);
$url = "https://wd5-impl-services1.workday.com/ccx/oauth2/<redacted>/token";
$data = array(
'client_id' => '<redacted>',
'client_secret' => '<redacted>',
'grant_type' => 'authorization_code',
'code' => $code,
'redirect_uri' => 'https://<redacted>/account/callback'
);
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_POST, 1);
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/x-www-form-urlencoded'));
curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_VERBOSE, 1);
$result = curl_exec($curl);
log_message('info', json_encode(curl_getinfo($curl)));
curl_close($curl);
log_message('info', json_encode($result));
#redirect(base_url()."account/login");
}
I'm kind of at a lost as to what is wrong. I've combed all the forums and I've tried to compare against conversations regarding other OAuth 2 servers, but I cannot find anything on my specific problem. Has anyone else successfully done this with Workday?
Try this...
it worked for me:
curl -X POST \
https://wd2-impl-services1.workday.com/ccx/oauth2/ <tenant> /token \
-H 'Authorization: Basic T0RJM1pqa3pZbVV0WXpBeU15MDBZV0kwTFRnMU4yRXROV1UyTW1Wak16ZzFNamxqOmNudzZwbDI3Zmc4eG54YWIxamE1cWR6cHlqMGtkZW9mdmNubjF0czhyN3U2OHpiZ3llOTJyajZvbWhiMjY3ZjlrYzE0ajU3d3F5cHQyNjN5Ymc3N3h3ZXdvc3h2bmVodTc1Mw==' \
-H 'Cache-Control: no-cache' \
-H 'Connection: keep-alive' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Host: wd2-impl-services1.workday.com' \
-H 'cache-control: no-cache' \
-H 'content-length: 60' \
-d 'grant_type=authorization_code&code=4pwzdn1vs63alnm1fyas62za6'
Its result is:
{
"refresh_token": "r50ditl18yt0osdfnoasdsadfouwerljsdfkauooiu5h5hvanlkf8ow5n9ugjc3d8wiz99c6xxbi2t8ruqhxhohfzl4jfmuy",
"token_type": "Bearer",
"access_token": "e1zrm1ccwb9werwer6upb3tkp"
}
Related
I want to use a scripted approach (probably via) curl, to access some simple info from the drive api, like creation date. Essentially I want to script what I can do in their web interface: https://developers.google.com/drive/api/v3/reference/files/list.
I having been using a curl command that they expose in a query at the above link:
curl \
'https://www.googleapis.com/drive/v3/files?corpora=user&q=createdTime%20%3E%20%272021-11-23T12%3A00%3A00%27&key=[YOUR_API_KEY]' \
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
--header 'Accept: application/json' \
--compressed
I have created an API key for this purpose (unrestricted for now). And used this app to generate an access token: https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&client_id=735795831119-kcpkamhiaojavqrt67mti7thcaa6ce87.apps.googleusercontent.com
But I have spent hours chasing my tail over the 401 Invalid Credentials error. Any help on getting a more specific error message, or better way to do this seemingly simple query would be appreciated. Thanks!
The result of the link below is an Authorization code.
https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&client_id=735795831119-kcpkamhiaojavqrt67mti7thcaa6ce87.apps.googleusercontent.com
You need to exchange it to https://accounts.google.com/o/oauth2/token to generate an Access Token:
curl \
--request POST \
--data "code=[Authentcation code from authorization link]&client_id=[Application Client Id]&client_secret=[Application Client Secret]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code" \
https://accounts.google.com/o/oauth2/token
The result of the curl above is something like this:
{
"access_token": "access token here",
"expires_in": 3599,
"refresh_token": "refresh token here",
"scope": "https://www.googleapis.com/auth/drive",
"token_type": "Bearer"
}
Now you have the access token, you can paste it in the code below alongside with your API key.
curl \
'https://www.googleapis.com/drive/v3/files?corpora=user&q=createdTime%20%3E%20%272021-11-23T12%3A00%3A00%27&key=[YOUR_API_KEY]' \
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
--header 'Accept: application/json' \
--compressed
Note:
Make sure you enable the Drive API in GCP
Application Client Id and Application Client Secret can be found after you created an OAuth 2.0 Client ID in GCP.
Reference:
DaImTo answer on How to connect to the Google Drive API using cURL.
I'm trying to get token from Cloud Foundry. I'm getting token from cf oauth-token command but I try using curl its giving me an error:
{
"description": "Unknown request",
"error_code": "CF-NotFound",
"code": 10000
}
The Curl command I'm using:
curl 'https://<domian>/oauth/token' -X POST \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Accept: application/json
What am I doing wrong?
It depends on used flow. See doc: https://docs.cloudfoundry.org/api/uaa/version/4.31.0/index.html#authorization
curl -X PUT
-H "Content-Type: application/json"
-d
'{ “Owner”: { "id" : "root" } }'
-H 'Authorization: token XXX_Token_XXX'
'http://XXX_RT_URL_XXX/REST/2.0/ticket/6'
This command works for updating values of a ticket at the top level of JSON, but values such as 'Owner' fails. The documentation does not denote any method as to update these specific fields. What is the recommended way to update a ticket's Owner field via the Request Tracker REST API 2.0 (rt-extension-rest2)?
Try with the username as the value:
curl -X PUT
-H "Content-Type: application/json"
-d
'{ “Owner”: "root" }'
-H 'Authorization: token XXX_Token_XXX'
'http://XXX_RT_URL_XXX/REST/2.0/ticket/6'
That should accept a username or user ID.
First I got a token using curl command as shown here. Then used this token to authorize swagger and tried some endpoints, but all of them responded with
{
"status": 401,
"message": "Authentication failed",
"errorCode": 10,
"timestamp": 1490619586352
}
On server side I get this exception:
2017-03-27 13:31:16,149 [http-nio-0.0.0.0-8080-exec-9] ERROR o.t.s.s.s.m.token.RawAccessJwtToken - Invalid JWT Token io.jsonwebtoken.MalformedJwtException: Unable to read JSON value: ��!L��ȉ
I also tried this with curl, with the same results, using this syntax:
curl -X GET --header 'Accept: application/json' --header 'Content-Type: application/json' --header 'X-Authorization: MY_TOKEN' 'http://MY_SERVER:MY_PORT/api/tenants?limit=3'
where I changed MY_TOKEN, MY_SERVER and MY_PORT appropriately for my server.
It seems that a parameter(Bearer) was missing from one of the headers. It should be --header 'X-Authorization: Bearer MY_TOKEN'. When I added it the responses were as expected. So the complete command for curl is:
curl -X GET --header 'Accept: application/json' --header 'Content-Type: application/json' --header 'X-Authorization: Bearer MY_TOKEN' 'http://MY_SERVER:MY_PORT/api/tenants?limit=3'
When i used CURL post from console then its work but when i used linkedin gem method in controller then its not working and get error regarding access token. Where is wrong here not findout.
CURL Code
curl -v -H "Accept: application/json" -H "Content-type: application/json" -X POST -d '{"comment":"hello from google www.google.com! http://ibm.com","visibility":{"code":"anyone"}}' https://api.linkedin.com/v1/people/~/shares?oauth2_access_token=AQVxxxxJXygzp_8Exxxxg7_7FaxxxxxxtWzBXAxxxxxa5z1MVK6-kubHJ5JIaGAxxxx234wndpAMc_CxmCsIHxxxxraleZqkU0t_WNEhxxxz8_cKpeOixxxxsd15-X-MdvzYVxxxx9hQ&format=json&title=linkedin HTTP/1.1
LinkedIn gem code
client = LinkedIn::Client.new(
config[:your_consumer_key],
config[:your_consumer_secret]
)
client.authorize_from_access(
config[:oauth_user_token],
config[:oauth_user_secret]
)
client.add_share(
comment: 'Good Morning',
content: {'submitted-url' => 'http://www.github.com/blazeeboy' }
)
Any one have a idea where is wrong here.
============= UPDATE =============
system 'curl -H "Content-Type: application/json" -H "authToken: auth_token" --data '{"comment":"hello from google www.google.com! http://google.com","visibility":{"code":"anyone"}}' https://api.linkedin.com/v1/people/~/shares?oauth2_access_token=AQVxxxxygzp_8E3ySvg7_7FahixxxxxxtWzBXAja5OQ8a0wta5z1MVK6-kubHJ5JIxxxxwndpAMc_CxmCsIHxFlexxxxxleZqkU0t_WNxxxxmi7CMz8_cKpexxxx15-X-MdvzYVOxxxxm9hQ&format=json&title=linkedin HTTP/1.1'
Thanks
curl -H "Content-Type: application/json" -H "authToken: auth_token" --data '{}' https://api.linkedin.com/v1/people/~/shares
Try running this :
system "curl -H 'Content-Type: application/json' -H 'authToken: auth_token' --data '{'comment':'hello from google www.google.com! http://google.com','visibility':{'code':'anyone'}}' https://api.linkedin.com/v1/people/~/shares?oauth2_access_token=AQVxxxxygzp_8E3ySvg7_7FahixxxxxxtWzBXAja5OQ8a0wta5z1MVK6-kubHJ5JIxxxxwndpAMc_CxmCsIHxFlexxxxxleZqkU0t_WNxxxxmi7CMz8_cKpexxxx15-X-MdvzYVOxxxxm9hQ&format=json&title=linkedin HTTP/1.1"
In rails when you use double quotes inside single quotes it gives error with some commands.
OR you can try like this :
`curl -H 'Content-Type: application/json' -H 'authToken: auth_token' --data '{'comment':'hello from google www.google.com! http://google.com','visibility':{'code':'anyone'}}' https://api.linkedin.com/v1/people/~/shares?oauth2_access_token=AQVxxxxygzp_8E3ySvg7_7FahixxxxxxtWzBXAja5OQ8a0wta5z1MVK6-kubHJ5JIxxxxwndpAMc_CxmCsIHxFlexxxxxleZqkU0t_WNxxxxmi7CMz8_cKpexxxx15-X-MdvzYVOxxxxm9hQ&format=json&title=linkedin HTTP/1.1`