Access token does not have the openid scope - oauth

I am doing sso sample(travelocity.com) example. When I am trying to access user info with oauth access token using this command,
curl -k -H "Authorization: Bearer b68ba941c9da3d2644d8a63154d28"
https://localhost:9443/oauth2/userinfo?schema=openid
I am getting follwing error
{"error":"insufficient_scope","error_description":"Access token does
not have the openid scope"}
please help, thank you

When you make the first request to the authorization endpoint, you have to include openid in the scope request parameter. OpenID Connect Core 1.0, 3.1.2.1. Authentication Request says as follows.
scope
REQUIRED. OpenID Connect requests MUST contain the openid scope value. If the openid scope value is not present, the behavior is entirely unspecified. Other scope values MAY be present. Scope values used that are not understood by an implementation SHOULD be ignored. See Sections 5.4 and 11 for additional scope values defined by this specification.

For those who tried to put scope in request param and it does not works, put it in the request body in POST /token request
curl --location --request POST 'http://keycloak.local.webapp/realms/WordSpreads/protocol/openid-connect/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=word-spreads-web' \
--data-urlencode 'username=bob' \
--data-urlencode 'password=king' \
--data-urlencode 'grant_type=password' \
--data-urlencode 'scope=openid'
I think the change happen keycloak-1902-released

By default the travelocity.com sso sample web app doesn't sent the openid scope in it's access token request. That is the cause for the error you have encountered.
In order to send the openid scope along with the access token request in the travelocity sample you can try the following,
Open travelocity.properties[1] file in the sample web app (You can find it in travelocity.com/WEB-INF/classe)
Uncomment and edit the QueryParams property in the file[1] as shown below
QueryParams=scope=openid
Save the properties file and redeploy the web app and try the access token generated on the userinfo endpoint now :)
[1] https://github.com/wso2/product-is/blob/master/modules/samples/sso/sso-agent-sample/src/main/resources/travelocity.properties
Update
Looks like the setting the scope in QueryParams isn't working,
There's a workaround
Can you change OAuth2.TokenURL in travelocity.propeties as below and try out? I tested this locally and should work.
#OAuth2 token endpoint URL
OAuth2.TokenURL=https://localhost:9443/oauth2/token?scope=openid

Related

How to call zoho invoice rest api after access and refresh token?

I am following the steps mentioned in
https://www.zoho.com/invoice/api/v3/oauth/#overview
able to get access token and refresh token.
and not clear what to pass for invoice rest API for example
How to get the list of invoices?
Zoho's documentation has an example call to list invoices :
https://www.zoho.com/invoice/api/v3/invoices/#list-invoices
curl https://invoice.zoho.com/api/v3/invoices
-H "X-com-zoho-invoice-organizationid: 10234695"
-H "Authorization: Zoho-oauthtoken 1000.41d9f2cfbd1b7a8f9e314b7aff7bc2d1.8fcc9810810a216793f385b9dd6e125f"
So it looks like you will need to pass 2 items of information to get a list of invoices:
Your zoho-invoice-organizationid
Your access token
Here is a pseudo-code example with the 2 items in curly-brackets
curl https://invoice.zoho.com/api/v3/invoices
-H "X-com-zoho-invoice-organizationid: {my-zoho-invoice-organizationid}"
-H "Authorization: Zoho-oauthtoken {my-access-token}"

Bing Geo Migration query bug

I am trying to migrate our LinkedIn API logic from legacy locations to Bing geo location. However, when i follow the guide a request fails. The request is as follows:
GET https://api.linkedin.com/v2/adTargetingEntities?q=urns&queryVersion=QUERY_USES_URNS&urns=List(urn%3Ali%3Astate%3A%28urn%3Ali%3Acountry%3Aus%2CCA%29,urn%3Ali%3Aregion%3A82)&locale=(language:en,country:US)
Which is actually an example query from the guide. It fails with a code 403 Forbidden: Unpermitted fields present in PARAMETER: Data Processing Exception while processing fields [/locale]. When i try to remove the locale parameter, it casts an error of 400 Bad Request: Array parameter 'urns' value 'List(urn:li:state:(urn:li:country:us,CA),urn:li:region:82)' is invalid. Reason: Invalid URN syntax: Urn doesn't start with 'urn:'{...}. This means that i can only query for one urn at a time, which is not what i want. How do i achieve the following:
Provide locale to the query
Query for multiple urns at a time
The curl command for the request is here:
curl --location --request GET 'https://api.linkedin.com/v2/adTargetingEntities?q=urns&queryVersion=QUERY_USES_URNS&urns=List(urn%3Ali%3Astate%3A%28urn%3Ali%3Acountry%3Aus%2CCA%29,urn%3Ali%3Aregion%3A82)' \ --header 'Authorization: Bearer {AUTH}' \

How to call Twitter's POST /statuses/filter with 5000 user ids?

Both GET and POST methods supported by the endpoint. The POST method is recommended to call endpoint with a huge number of user ids to follow, because the GET method will lead to an oversized URL that the server can't handle. How the "follow" parameter can be passed in the body of the request?
UPD: here is what I've already tried using Insomnia (the URL is always 'https://stream.twitter.com/1.1/statuses/filter.json' and the method is always 'POST' and the server response is always "No filter parameters found. Expect at least one parameter: follow track locations"):
A plain text body with Content-Type: text/html
follow=2731236345
A json body with Content-Type: application/json
{
"follow": "2731236345"
}
Another json body
{
"follow": [
2731236345
]
}
However, when I use form-url-encoded with field "follow" and the value "2731236345" I receive the response "Unauthorized".
First of all, consider looking at the Twitter Developer Labs new endpoint, because this existing API will be retired, likely (but not yet confirmed) in 2020.
When you say "without any success", what libraries are you using, and at what levels of query parameters - you're not being very clear about what is not working here. 5000 user IDs is very large. Can you please be more specific about the errors you're seeing, and the code you're trying to run?
I've managed to connect using curl:
curl --request POST \
--url 'https://stream.twitter.com/1.1/statuses/filter.json' \
--header 'authorization: <censored>' \
--data 'follow=2731236345'
The same request doesn't work in Insomnia for some reason, but it doesn't matter for the goal of this post.

How to call request in Postman

I have request to rest api. Request from help page looks like:
curl -X POST \
'https://allegro.pl/auth/oauth/device' \
-H 'Authorization: Basic base64(client_id:client_secret)' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id={client_id}'
How to call above request from Postman? I've choosed POST type. In url I've pasted https://allegro.pl/auth/oauth/device.
But now I have problem. Which tab I should choose? On Authorization tab in Postman I have autorization type. And there is Basic Auth but I have to type username and password and I don't have both of them because I have only client id and secret id. On the Headers tab I can add two parameters: Authorization and Content-Type. But it doesn't work. I don't know if I should additionally put clientid:secretid into base64 and then past to the Value input?
Where I should past parameter -d clientid ?
Simply, you can just import your cUrl to Postman as follow:
Click on "import" tab on the upper left side.
Select the Raw Text option and paste your cURL command.
Hit import and you will have the command in your Postman builder!
Answering your questions:
Which tab I should choose? On Authorization tab in Postman I have
authorization type
You have two options:
You chose Authorization tab, chose type as Basic Auth, and yes put client_id as Username and client_secret as Password, cause it concatenate them with a colon (:) in-between and base64-encode this string, check Basic Auth RFC for more details, and this will automatically set Authorization key in your headers.
Or chose Headers tab, and paste directly the string if you have it ready encoded as Basic base64({{client_id}}:{{client_secret}}).
Where I should past parameter -d clientid ?
That's your request body in application/x-www-form-urlencoded as keys and values, so you set key as client_id and value as {{client_id}}.

Is this Calendly.com URL Valid?

I am using webhooks for the first time with calendly.com. I would like to create a subscription as described here. When I get to doing this
curl --header "X-TOKEN: <your_token>" --data "url=https://blah.foo/bar&events[]=invitee.created" https://calendly.com/api/v1/hooks
I am concerned that the url is not in a valid format. I tried replacing the & with a ? as in here
curl --header "X-TOKEN: <your_token>" --data "url=https://blah.foo/bar?events[]=invitee.created" https://calendly.com/api/v1/hooks
but I receive this error
{"events":{"events":["can't be blank]}}
Likewise, I try to leave the & and everything after it blank and it give the same error as above.
But using a url with the & and everything in it gives a 404 not found error. Can a url even have the format they are saying is required?
But using a url with the & and everything in it gives a 404 not found error.
The URL part in the following is just the https://blah.foo/bar part before the & character.
curl --header "X-TOKEN: <your_token>" --data "url=https://blah.foo/bar&events[]=invitee.created" https://calendly.com/api/v1/hooks
The events[]=invitee.created part is a separate parameter and value. It’s not part of the url.
See the Create A Webhook Subscription page in the calendy docs:
So the URL is the site that runs your webhook; you don’t send the events parameter/value back to that site—instead you’re sending both the url param and events param to the calendly API endpoint at https://calendly.com/api/v1/hooks. The calendly backend presumably then calls to https://mywebsite.com/webhooks/invitee_created or https://blah.foo/bar whatever url you’ve given it—but without the events parameter, which is for calendly’s internal use.

Resources