I am trying to perform OAuth authentication for JIRA. And I got stuck at step-1 only where it said like:
1. Obtain a request token from JIRA
Execute this command:
java -jar rest-oauth-client-1.0.one-jar.jar requestToken JIRA_BASE_URL CALLBACK_URL
Replace JIRA_BASE_URL with the URL to your JIRA instance
and replace CALLBACK_URL with the URL that should be called after the user has authorized the OAuth request token.
Here I am not getting what is CALLBACK_URL
Can you please tell me what should be the value of CALLBACK_URL
My JIRA instance is: https://chandanjira.atlassian.net
Related
As part of Snowflake Oauth configuration, we have created SECURITY INTEGRATION with a redirect_uri which has queryparam and the same we rre using to invoke authorize api and we are getting an error
'there is a mismatch in the given redirect uri with the one in the registered OAuth client integration.'
redirectUri -> 'https://localhost:8080?authType=snowflake/#/dashboard'
If we remove the '?', it works fine. So is there any limitation/contrain in adding query param for Snowflake oauth?
I am developing a web application that allows any user to connect with its Salesforce account. I've implemented User-Agent Flow and I obtain correctly access_token and other info but I can't obtain refresh_token, even if I have the correct scopes (api, web, refresh_token, offline_access).
This is the request I use:
https://login.salesforce.com/services/oauth2/authorize?response_type=token&scope=refresh_token&client_id=[MY_CLIENT_ID]&redirect_uri=[MY_REDIRECT_URL]
And my redirect URL is:
http://[MYSITE].com/#/services/oauth2/success
(that corresponds to the host from where I make the call)
This call correctly gives me access_token but not refresh_token.
if I use "https" instead "http" as redirect uri I receive this error:
error=invalid_scope&error_description=the requested scope is not available
From the documentation, I read that:
The refresh token for the user-agent flow is only issued if you
requested scope=refresh_token and one of the following scenarios is
true:
....
The redirect URL host matches the request host and includes the servlet services/oauth2/success.
...
I think to be in this case, what am I doing wrong?
Thanks in advance
Try adding Perform requests at any time (refresh_token, offline_access) under Selected OAuth Scopes in your connected app
I have setup an App in Azure Ad for Oauth 2.0 using JWT, the access token is returned successfully but the url has a hashtag(#)between the redirect URL and the access_token. Application is expecting a question mark(?) to complete the sign, so if I replace the # with ? on the address bar the sign-process completes.
Is there a way to do this from Azure App Registration itself so that the response is returned with a ? instead of #? or should I be sending the request differently?
Below is the request
https://login.microsoftonline.com/<tenant>/oauth2/v2.0/authorize?client_id=<client_id>&response_type=token&redirect_uri=<url_encoded_redirect_uri>&scope=<scope>&response_mode=fragment&state=12345&nonce=678910
In the request, response_mode had to be form_post instead of fragment. That solved the issue
https://login.microsoftonline.com/<tenant>/oauth2/v2.0/authorize?client_id=<client_id>&response_type=token&redirect_uri=<url_encoded_redirect_uri>&scope=<scope>&response_mode=form_post&state=12345&nonce=678910
Reference - https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-protocols-oidc#send-the-sign-in-request
I have a REST API implemented using grails v2.5.2 and a client using AngularJS. I am using the JWT authentication that the plugin provides by default.
I've set the token expiration as 3600 and I would like to refresh the access_token automatically (transparently to the user). I know that I have to make a POST to /oauth/access_token with an application/x-www-form-urlencoded and send the refresh_token in order to get a new access_token.
The question I have is:
What is the status code returned by this plugin when the token expires?
I set the log4j and I see it is sending a 401 once the token has expired.
I would expect a 403 instead of a 401 due to the last one is used for invalid login credentials.
I need to know this in order to set up the response interceptor to request a new access_token.
Thank you!
I have tried to use OAuth2 to build a group settings service with the following:
def groupSettingsService(request):
CLIENT_SECRETS = os.path.join(os.path.dirname(__file__), 'client_secrets.json')
FLOW = client.flow_from_clientsecrets(CLIENT_SECRETS, scope=['https://www.googleapis.com/auth/apps.groups.settings'], message=tools.message_if_missing(CLIENT_SECRETS))
storage = Storage('groups-settings.dat')
credentials = storage.get()
if credentials is None or credentials.invalid:
credentials = run(FLOW, storage)
http = httplib2.Http()
http = credentials.authorize(http)
return discovery.build('groupssettings', 'v1', http=http)
But the problem is when the token isn't valid anymore (expires) it redirect to a page to tell a user to grant access again to that scope...things that is inappropriate for API calls !
is there a way to work with a username/password or client_secret to grant a full access permanently to the API without asking to grant access or not ?
You need to ask for access_type=offline when you redirect the user to Google.
You will than get an code, which can be exchanged (by POSTing with your client_id and client_secret) into an access_token (that is the one you are already using) and a refresh_token.
When your access_token expires, you can POST the refresh_token, client_id and client_secret to get another access_token. You can do that multiple times if you need (or weeks later...)
Did you save the credentials to storage upon getting a credentials successfully?