When I try to generate access token using:
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=xxxxxxxxxxx&redirect_uri=http%3A%2F%2Fws-100945%3A9080%2FArtisWeb%2Findex.html&client_id=xxxxx&client_secret=xxxxx
it's throwing error as:
{"error_description":"missing required parameters, includes an invalid
parameter value, parameter more than once. : Unable to retrieve access
token : appId or redirect uri does not match authorization code or
authorization code expired","error":"invalid_request"}.
Could you guide me on this issue?
The URL itself looks correct so it must be the code that is expired or reused. Make sure the code is used immediately after you receive it and use it only once.
Also make sure that you URL-encode in fact all parameter values, including client_id and client_secret if/since they may contain URL-unsafe characters like '&' and ' '.
Related
I have a ADF flow where I first retrieve an Oauth 2.0 token which then should be used in an Odata request.
This works perfect if I first extract the token and then hard code it in the auth headers(Bearer xxxxxxxx).
However I want to use a variable which I set earlier in the flow in this value. Like "Bearer [variable]". I have tried with the following: "Bearer #variables('Token')" but it doesnt work. I have double checked and the variable 'Token' is getting the correct token value so this should not be the problem.
enter image description here
So my question is whether it is possible to use variables in the Auth Header section?
I have tried to use "Bearer #variables('Token')" in the Value field for Auth Headers. This doesnt work unfortunately.
I reproduced the same thing in my environment and got this output
Create a web activity and generated a bearer token with a sample URL and Create a parameter variable with the name Token
Create a set variable and use this dynamic content value #activity('Web1').output.data.Token
*Then, I created a copy activity with Additional headers.
As suggested by #Scott Mildenberger*
Authorization: #concat('Bearer ', variables('token'))
Pipeline successfully executed and got the output:
I have multiple pages that authenticate via Microsoft Graph. One doesn't work. It returns a (400) Bad Request, with the error_description of AADSTS70000: The provided 'code_verifier' input value does not match the original 'code_challenge.'
All Redirect URL's are defined under my Microsoft Applications. Except for the URI, they are the same.
I cannot find anything that actually says what they mean be code_verifier and code_challenge. Since I never pass any parms by those names, they must be referring to one of the other parms being passed in before and after the login. But I really need to know what they refer to so I can attempt to figure out what the real issue seems to be.
I have seen several posts claiming a trailing slash is required, but I don't have this on any of my Redirect URI's, and most of them work.
Here is the initiating request:
href="https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={redacted}&response_mode=form_post&response_type=code&redirect_uri=https://wrmatthiesen.com/ApprovedContact/InviteeSignup.aspx&scope=openid offline_access User.Read Calendars.ReadWrite Contacts.Read Mail.Send& nonce=mauth:-6:Y:Y;1b803d44-f70b-4fed-b6c3-bc3afdb55646& state=mauth:-6:Y:Y;1b803d44-f70b-4fed-b6c3-bc3afdb55646"
Here is the follow up request once I have received the code:
code=Mabb3f2bb-25b0-8e3b-541e-9763dd1e4136&redirect_uri=https%3a%2f%2fwrmatthiesen.com%2fApprovedContact%2fInviteeSignup.aspx&grant_type=authorization_code&client_id={redacted}&client_secret={redacted}&scope=openid+offline_access+User.Read+Calendars.ReadWrite+Contacts.Read+Mail.Send
1) Your initial request included several unencoded strings that include special characters.
2) You have a couple of space your query string: & nonce and & state
You're first URL should look like this:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=00000000-0000-0000-0000-000000000000&response_mode=form_post&response_type=code&redirect_uri=https://wrmatthiesen.com/ApprovedContact/InviteeSignup.aspx&scope=openid+offline_access+User.Read+Calendars.ReadWrite+Contacts.Read+Mail.Send&nonce=mauth%3A-6%3AY%3AY%3B1b803d44-f70b-4fed-b6c3-bc3afdb55646&state=mauth%3A-6%3AY%3AY%3B1b803d44-f70b-4fed-b6c3-bc3afdb55646
The components here being:
client_id: 00000000-0000-0000-0000-000000000000
response_mode: form_post
response_type: code
redirect_uri: https%3A%2F%2Fwrmatthiesen.com%2FApprovedContact%2FInviteeSignup.aspx
scope: openid+offline_access+User.Read+Calendars.ReadWrite+Contacts.Read+Mail.Send
nonce: mauth%3A-6%3AY%3AY%3B1b803d44-f70b-4fed-b6c3-bc3afdb55646
state: mauth%3A-6%3AY%3AY%3B1b803d44-f70b-4fed-b6c3-bc3afdb55646
On the second call, your POST body looks correct:
code: Mabb3f2bb-25b0-8e3b-541e-9763dd1e4136
redirect_uri: https%3A%2F%2Fwrmatthiesen.com%2FApprovedContact%2FInviteeSignup.aspx
grant_type: authorization_code
client_id: 00000000-0000-0000-0000-000000000000
client_secret: 00000000-0000-0000-0000-000000000000
scope: `openid+offline_access+User.Read+Calendars.ReadWrite+Contacts.Read+Mail.Send
I have been passing in a nonce parameter since I have been doing this. I just made it match my state parameter for ease. In this situation, my nonce looked like this: "nonce=mauth:-6:Y:Y;b5a41fdb-4b42-494e-85e1-8c193006d444".
When I dropped everything except the "mauth:", it worked.
I then dropped the nonce all together, and it still worked. So, for now, I will not pass the nonce in.
I am trying to GET an issue in Jira using POSTMAN. I have selected Type as OAuth 1.0. For that it is asking me some fields mentioned below. I have generated Token and Token Secret which I am passing to it. I have also configured my generic application to Jira in Application links. I am not aware of what to be passed in Consumer Secret and Signature Method (what should be the signature method). I am currently selecting HMAC-SHA1. For rest of the fields it is generating values based on the parameters passed above.
Consumer Key : hardcoded-consumer
Consumer Secret : ?? (What should I pass here)
Token : ojn33TZALMlvp5eCa6HeErDSx9K8LL6A
Token Secret : inHfn2QFJkkYkWQ8FxT9mXkdcoNxYPf5
Signature Method : HMAC-SHA1
Timestamp : 1474290363 (Generated value)
Nonce : x1hs2v (Generated value)
Version : 1.0 (Generated value)
Realm : (It is optional)
After hitting my jira Url it is giving me oauth_problem=token_rejected error. Can anyone tell me where I am making the mistake?
Here is the Jira URL which I am hitting :
http://bmh1060149:8080/rest/api/2/issue/NWFM-1 (NWFM-1 is the Jira issue)
Please find the below screen shot for more reference.
After little bit of research I found the answer. Once we get the access token we can directly pass that to your Jira Url. There is no need to pass all those parameters.
To get all issue types we can use the following URL and passing access token as an argument.
http://bmh1060149:8080/rest/api/2/issuetype?access_token=euyyIxB6q5waBHeZ9zB7kGV21GRNNOud
Please see the attached screen shot for more reference.
Steps to reproduce
Register a redirect_uri in the client: http://example.com/publisher/auth
Direct a user to the /oauth/authorize endpoint with the redirect_uri including a query parameter:
https://api.instagram.com/oauth/authorize/?client_id=xxx&redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth%3FinviteId%3D00001000-cf33-11e4-9f26-8789dd0b3e01&response_type=code&scope=basic&type=web_server
For reference, those query parameters are:
client_id=xxx
redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth%3FinviteId%3D00001000-cf33-11e4-9f26-8789dd0b3e01
response_type=code
scope=basic
type=web_server
Authenticate an instagram user and allow the app.
The user is redirected back to the correct redirect_uri.
Use the code query parameter from the redirected URI to post to Instagram's /oauth/access_token endpoint.
Expected behavior
The endpoint responds with 200 and an access token.
ACTUAL behavior
The endpoint responds with:
code=400
error_type = 'OAuthException'
error_message = 'Redirect URI doesn't match original redirect URI'
What I've Investigated So Far
To confirm that this is a problem with Instagram, I checked the API docs which very clearly state that adding query parameters to the redirect URI should be possible. I also tried varying only that query parameter. For example, when replaced with this /oauth/authorize URL I get the expected behavior:
https://api.instagram.com/oauth/authorize/?type=web_server&client_id=xxx&redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth&response_type=code&scope=basic
For reference, those query parameters are:
client_id=xxx
redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth
response_type=code
scope=basic
type=web_server
Notes
This question is actually a duplicate of another question which actually didn't really turn out to be a question, and which never got any answers.
I have submitted a bug with Instagram, but I wanted to see if anyone had found this or come up with a workaround.
Had the same issue today. To get the custom data passed between requests you must include it as state param. My authorize request url looked something like this:
https://www.instagram.com/oauth/authorize?client_id=SOME_CLIENT_ID&response_type=code&redirect_uri=http://example.com/auth/InstagramRedirect/&state=855C0114-F860-420A-AEB1-A276644FCCEA
Notice the & and state=...
You have to provide the redirect_uri with your extra search params as the last parameter:
https://www.instagram.com/oauth/authorize/?client_id=be1b911b487f4919b9c2fb7df0c4142c&type=web_server&response_type=code&scope=basic&redirect_uri=https://wpwifidemo.alepo.net/instagram/joinus/?inviteId=00001000-cf33-11e4-9f26-8789dd0b3e01
User will be redirected to:
https://wpwifidemo.alepo.net/instagram/joinus/?inviteId=00001000-cf33-11e4-9f26-8789dd0b3e01&code=CODE
It might be too late reply for this question. But i faced the same issue today & got this question already posted and solution for passing parameters to authentication URL is as follows.
It seems that your extra parameter is type=web_server , taking that into consideration, your URL for getting for code should be as follows
https://www.instagram.com/oauth/authorize/?client_id=be1b911b487f4919b9c2fb7df0c4142c&redirect_uri=https://wpwifidemo.alepo.net/instagram/joinus/?type=web_server&response_type=code&scope=basic
And then while calling the accessToken API append your redirect_uri parameter with your passed parameter (not the same configured in the app).
e.g.
redirect_uri=http%3A%2F%2Fexample.com%2Fpublisher%2Fauth%3FinviteId%3D00001000-cf33-11e4-9f26-8789dd0b3e01?type=web_server
I'm successfully able to get an access token through the OAuth process.
However, when I try to run a POST to the /statuses/update.json endpoint, I get a "Could not authenticate with OAuth."
I'm signing with the token I got back from authenticating with my consumer secret, I don't understand what else could be.
Twitter forums were no help either.
Any tips would be greatly appreciated.
Making authenticated calls to Twitter can be a pain.
Make sure that the parameters in your signature base string are ordered alphabetically.
Take this:
oauth_consumer_key={consumerkey}&oauth_nonce={nonce}&oauth_signature_method=HMAC-SHA1&oauth_timestamp={timestamp}&oauth_token={token}&oauth_version=1.0&status={tweet text}
fill out the values, encode it in Base64, and then put it together like this:
POST&{base64 encoded url}&{base64 encoded base string}
this will be the string you need to sign (without the brackets). (The url in this case will be https://api.twitter.com/1.1/statuses/update.json)
The signing key needs to be built like this:
{consumer secret}&{token secret}
The signature is a HMACSHA1 hash, which is then base64 encoded.
Then you need to put this in the Authorization header:
OAuth oauth_consumer_key="{consumer key}",oauth_nonce="{nonce}",oauth_signature="{signature}",oauth_signature_method="HMAC-SHA1",oauth_timestamp="{timestamp}",oauth_token="{token}",oauth_version="1.0"
And finally put status=your tweet text as the posted data in your request.
I hope this helps.