First steps of the Coinbase Oauth Authorization seem to work fine.
I request the customer code via the following URL:
"https://www.coinbase.com/oauth/authorize?response_type=code&client_id=XXXXXXXXXXXXXXXXXXXX&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=user+balance"
I get back the code via URL..
Then trying to request the token with given CODE and CLIENT SECRET and CLIENT ID:
"https://api.coinbase.com/oauth/token&grant_type=authorization_code&code=XXXXXXX&redirect_uri=urn:ietf:wg:oauth:2.0:oob&client_id=XXXXXXX&client_secret=XXXXXXX"
With that I get an "404 Not found" Error..
Is there any obvious mistake in the URL.. or is it most likely an issue with the
Code or Secret etc. itself?
If Yes.. anything important to know there?
All that was followed from the description:
https://developers.coinbase.com/docs/wallet/authentication
Thank you so much for help!
The URL that you pasted:
https://api.coinbase.com/oauth/token&grant_type=authorization_code&code=XXXXXXX&redirect_uri=urn:ietf:wg:oauth:2.0:oob&client_id=XXXXXXX&client_secret=XXXXXXX
does not contain a query component since there's no ? character in there. You should rather use:
https://api.coinbase.com/oauth/token?grant_type=authorization_code&code=XXXXXXX&redirect_uri=urn:ietf:wg:oauth:2.0:oob&client_id=XXXXXXX&client_secret=XXXXXXX
and it looks like the documentation that you point to is the source of that error.
Moreover, the OAuth 2.0 spec says to use POST to the token endpoint, which is also stated in the docs but not clearly demonstrated in the sample. So you should send the parameters as form-encoded values an HTTP POST, e.g. the equivalent of the following cURL request:
curl -d "grant_type=authorization_code&code=XXXXXXX&redirect_uri=urn:ietf:wg:oauth:2.0:oob&client_id=XXXXXXX&client_secret=XXXXXXX" https://api.coinbase.com/oauth/token
Requesting it as a POST BODY did the job!
Although important changes:
- Redirect uri needs to be a proper external domain, uri for mobile apps will create a 401 Error..
-Encoding in ascii
import urllib
import urllib.request
import urllib.parse
data = urllib.parse.urlencode({'grant_type':'authorization_code', 'code': 'XXXXXX',
'redirect_uri': 'https://XXXXXX', 'client_id': 'XXXXXXXXXXX',
'client_secret' : 'XXXXXXXXXXX'})
binary_data = data.encode('ascii')
try:
response = urllib.request.urlopen('https://api.coinbase.com/oauth/token', data=binary_data)
print(response.status)
print(response.read())
except urllib.error.HTTPError as e:
print('%s %s' %(e.code, e.reason))
Got the rough structure from:
https://docs.python.org/3/library/urllib.request.html
Thanks a lot for the fast help!
Related
I'm trying to exchange an authorization code for access code, but I'm getting an error saying "redirect_uri_mismatch".
I waited ~8 hours just in case it needs to update, but no luck so far.
The redirect uri's are set correctly, as you can see from the image here.
Initial Front-End redirect/request:
GET => https://accounts.google.com/o/oauth2/v2/auth
?scope=https://www.googleapis.com/auth/youtube.readonly
&include_granted_scopes=true
&state=state_parameter_passthrough_value
&redirect_uri=http://localhost:4200/profile?platform=youtube
&access_type=offline
&response_type=code
&client_id=[HIDDEN]
After code is parsed, I exchange the code for access code:
POST => https://oauth2.googleapis.com/token
?client_id=[HIDDEN]
&client_secret=[HIDDEN]
&code=[HIDDEN]
&grant_type=authorization_code
&redirect_uri=http://localhost:2222/youtube/oauth
Response:
data: {
error: 'redirect_uri_mismatch',
error_description: 'Bad Request'
}
Apparently, the redirect_uri has to match the initial request's uri.
Problem solved, feel free to upvote for visibility - thanks.
Source: https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3
I am attempting to get an OAuth2 access token from ZOHO using RestSharp code. The Postman simulation works correctly so I know there is something I'm missing in my code.
I always get an "invalid client id" result status. However in Postman, it works and returns a code when I click the "Get new access token". I have the same items as in the Postman authorization tab (client_id, client_secret, etc). In Postman, "Body" is set to "none", and there are no parameters or headers. The only difference between my code and postman, is that Postman requires the Callback URL. My code is trying to get the code using "self-client", which bypasses the callback URL.
I have tried several different alternatives to the request call including ParameterType.Body, and ParameterType.GetOrPost. Is GetOrPost the same as a form?
client = New RestClient(ZOHO_API_URL)
request = New RestRequest(TokenUrl, Method.POST)
request.AddHeader("content-type", "application/x-www-form-urlencoded") ' also tried: "application/json")
request.AddParameter("grant_type", "authorization_code",
ParameterType.GetOrPost)
request.AddParameter("client_id", Client_ID, ParameterType.GetOrPost)
request.AddParameter("client_secret", Client_Secret,
ParameterType.GetOrPost)
request.AddParameter("code", Grant_Token, ParameterType.GetOrPost)
response = client.Execute(request)
This is the translated Postman code for RestSharp:
var client = new RestClient("http://");
var request = new RestRequest(Method.POST);
request.AddHeader("Postman-Token", "xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxx");
request.AddHeader("cache-control", "no-cache");
IRestResponse response = client.Execute(request);
Any ideas on what I am doing wrong. I have tried to view the raw data coming across with Fiddler, but when I do that, Postman indicates a failure.
What code do I need to use to duplicate what Postman is doing?
How do I implement a callback URL if that is also required?
I quickly checked ZoHo REST API docs and it seems like you should use the Limited Input Device authentication flow.
From what I can understand from their help page, you indeed need to do a POST request, but parameters must be specified as query parameters:
https://accounts.zoho.com/oauth/v3/device/code?
client_id=1000.GMB0YULZHJK411248S8I5GZ4CHUEX0&
scope=AaaServer.profile.READ&
grant_type=device_request
You will also get better off with JSON set as a default for serialisation and content type just by using client.UseJson().
It maybe that Postman is following a redirect from your API endpoint as the functionality is different Postman verses RestSharp (possibly missing a trailing slash or similar).
Try adding
client.FollowRedirects = false;
to your RestSharp code and analyse the result.
I'm trying to use the refresh_token to (obviously) refresh the Spotify access_token I have. The documentation gives this as an example curl statement:
curl -H "Authorization: Basic ZjM4Zj...Y0MzE=" -d grant_type=refresh_token -d refresh_token=NgAagA...NUm_SHo https://accounts.spotify.com/api/token
and here is my Python implemtation:
payload = {
'grant_type': 'refresh_token',
'refresh_token': <REFRESH_TOKEN>
}
r = requests.post('https://accounts.spotify.com/api/token', data=payload,
headers={'Authorization': 'Basic <CLIENT_SECRET>'})
In both cases I get back {"error":"invalid_client"}
I've tried passing my client_id and the client_secret in the post data but I always get back invalid_client. Someone here on SO said I need to pass in code, but code is a single use, very short lived object that has already been consumed/expired.
Any thoughts to what I'm doing wrong?
The only problem I can see is that you write:
headers={'Authorization': 'Basic <CLIENT_SECRET>'}
when it, using your notation, should be:
headers={'Authorization': 'Basic ' + base64.b64encode('<CLIENT_ID>:<CLIENT_SECRET>')}
However, that could be simplifed further since you are using requests. As described here: http://docs.python-requests.org/en/latest/user/authentication/ Just remove headers and replace it with auth instead:
auth=('<CLIENT_ID>', '<CLIENT_SECRET>')
However, I guess that this isn't what is actually wrong in your code either, since you somehow managed to get a refresh token which requires that you authorized successfully once before.
I have been implementing the Google web server OAuth flow, but when I attempted to exchange the authorization code with access token, it always complains "invalid_code".
Here is the issue:
Step 1:
Redirect one of our pages to 'https://accounts.google.com/o/oauth2/auth?scope=email&redirect_uri=https%3A%2F%2Fmyurl.com%2Fcallback&response_type=code&client_id=some_client_id'
Step 2:
The redirection happens and google would redirect to our url
https://myurl.com/callback?code=somecode
Step 3:
curl -X POST --data "code=somecode&client_id=some_client_id&some_client_secret=some_client_secret&redirect_uri=https://myurl.com/callback&grant_type=authorization_code" https://accounts.google.com/o/oauth2/token -v --trace-ascii /dev/stout
The response comes back:
HTTP 400 Bad request
{
"error" : "invalid_grant",
"error_description" : "Invalid code."
}
Can someone help me with this issue? Thanks!
The life span of authorization code is only 10 mins,and can only be used one time. So do these checks:
Do you use it 10 min later? If so, use it in 10 mins.
Have you used it before? If so, obtain a new one and then use it.
Is you server time in sync with Google OAuth server's? If not, change your time.
I was using http://localhost:8080 as my redirect url since I was just trying out their examples. And my json file contents had this:
"redirect_uris": [
"http://localhost:8080"
],
"javascript_origins": [
"http://localhost:8080"
]
In the developer console I had the redirect_uri set to "http://localhost:8080" and I was getting the same error. I changed it to "http://localhost:8080/" and then it started working. (Essentially adding a '/' at the end.)
Hope this helps!
I am following oauth authorization flow(http://developer.yahoo.com/oauth/guide/oauth-requesttoken.html) for accessing Yahoo's Contact API . I am able to get consumer key and consumer secret for my application from first step.
However I am getting "File Not Found" in 2nd step while giving URI request.
My URI request is given below===>
https://api.login.yahoo.com/oauth/v2/
get_request_token?oauth_nonce=rs2130523f788f313f76314ed3965ea6
&oauth_timestamp=1325661943
&oauth_consumer_key=dj0yJmk9VndXdnhUbkJMc2MyJmQ9WVdrOVUzcFdkbnA0TXpnbWNHbzlNamMxTXpJeU9UWXkm
cz1jb25zdW1lcnNlY3JldCZ4PTkw
&oauth_signature_method=plaintext
&oauth_signature=1daaeb467916f4331023fc5fce3cb6b6c27ac7ed
&oauth_version=1.0
&xoauth_lang_pref="en-us"
&oauth_callback="http://mysitename.freetzi.com/index.html"
Can you please tell why I am getting "File not found"?
The response status code is 401 if there is something wrong with your parameters. So you got the "File not found" error. But you can see the error message in the http header with Firebug. Your problem is if the oauth_signature_method is plaintext, you should add a %26 after your oauth_signature
Like this
&oauth_signature_method=plaintext
&oauth_signature=1daaeb467916f4331023fc5fce3cb6b6c27ac7ed%26
&oauth_version=1.0
Hope this helps.