I've been using a Grails Oauth Plugin for LinkedIn authentication for a few months now without any issues; today we are seeing this error with no change to our existing codebase. I verified that the API keys and the scope were correct on the LinkedIn Developer site. Anyone know how to solve this issue?
Error
response status code: 403
response body: oauth_problem=Scope%20INVALID%20%3A%20r_contactinfo%2Br_basicprofile%2Br_emailaddress
This is a version of the request that is being sent by the Scribe lib:
using base64 encoder: CommonsCodec
base string is: POST&https%3A%2F%2Fapi.linkedin.com%2Fuas%2Foauth%2FrequestToken&oauth_callback%3Dhttps%253A%252F%252Flocalhost%253A8443%252Foauth%252Flinkedin%252Fcallback%26oauth_consumer_key%3Dxxxxxxxxxxxxx%26oauth_nonce%3Dxxxxxxxxxxxxxxxxx%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1431479305%26oauth_version%3D1.0%26scope%3Dr_contactinfo%252Br_basicprofile%252Br_emailaddress
signature is: xxxxxxxxxxxxxxxxxxxxxxx
appended additional OAuth parameters: { oauth_callback -> https://localhost:8443/oauth/linkedin/callback , oauth_signature -> xxxxxxxxxxxxxxxxxxxxxxxxxxx, scope -> r_contactinfo+r_basicprofile+r_emailaddress , oauth_version -> 1.0 , oauth_nonce -> xxxxxxxxxxx , oauth_signature_method -> HMAC-SHA1 , oauth_consumer_key -> xxxxxxxxxxxxxxxxxx , oauth_timestamp -> 1431479305 }
using Http Header signature
Linked has changed their API usage terms with special permission needed for "r_contactinfo"
See
https://developer.linkedin.com/support/developer-program-transition
And
https://developer.linkedin.com/support/developer-program-transition
So if your Oauth request required r_contactinfo previously you are going to see this error. The fix is to not request r_contactinfo unless you have the specific permission from Li - uncheck this on Li Developer Dashboard for your application.
r_basicprofile & r_emailaddress can still be retrieved.
Related
I need to read and import google people contacts but I get the following error:
"Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project."
"status": "UNAUTHENTICATED"
This is the script (classic asp) I am using:
StrURL="https://people.googleapis.com/v1/people/get"
ApiKey="my api key"
Set objXMLHTTP = CreateObject("Msxml2.ServerXMLHTTP.6.0")
objXMLHTTP.Open "GET", StrURL, False
On Error Resume Next
objXMLHTTP.setRequestHeader "Authorization", "Bearer " & ApiKey
If Err.Number<>0 Then Response.Write "Error:" & Err.Description & "<br>"
On Error GoTo 0
objXMLHTTP.send
content = CStr(objXMLHTTP.ResponseText)
statuscode = objXMLHTTP.Status
How can I get the token using classic asp? Can anyone help me?
objXMLHTTP.setRequestHeader "Authorization", "Bearer " & ApiKey
You appear to be sending an api key. An api key is not a bearer token. Api keys only grant you access to public data, not private user data.
In order to access private user data you need to request authorization from that user to access that data that is done using Oauth2
Once you have been grated consent of the user to access their data you will have an access token. This access token can then be sent to the api in the authorization header.
I haven't used asp classic in years. These videos may help you understand how to make the authorization request.
Google 3 Legged OAuth2 Flow
How to create web app credetinals
Understanding oauth2 with curl
Trying to get access token by following the microsoft instructions.But I get an error, for that there is no answer with a solution.
What am I doing wrong, what this mean in my situation?
enter image description here
Requests:
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize
*auth_code : client_id & response_type & redirect_uri & response_mode & scope & code_challenge & code_challenge_method.
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
*get access token: client_id & scope & code & redirect_uri & grant_type & code_verifier & client_secret.(Content-Type: application/x-www-form-urlencoded)
redirect_uri == are the same in both cases.
In the first request it is possible to get auth_code, but when i trying to get access token with this auth_code then I get : Error "AADSTS700025" Client is public so neither 'client_assertion' nor 'client_secret' should be presented.
But I use client_secret NOT client_assertion_type & client_assertion.
Followed the microsoft instructions...
Reproduce the same kind of issue as you are facing (As i am using AuthCode to generate Access Token)
Solution--
Aussming you are using grant_type is client_credentials to get the access token using below API:
https://login.microsoftonline.com/{tenantid}/oauth2/v2.0/token
To get the access token you don't require the AuthCode you can get it by client credentails only. Please do the configuration as i did below picture in my Body.
I am having a hard time understanding Oauth verification. I'm trying to use bing's search api. They request oauth verification. I have a primary key that they gave me. The issue I am running into it how to make a request, providing the oauth verification key.
For example, if I try to make a get request by the following:
http//api.datamarket.azure.com/Bing/Search?Query=%27xbox%27
I receive an error
The authorization type you provided is not supported. Only Basic and OAuth are supported
So the question is, do I embed my key into the URL, something like
http//api.datamarket.azure.com/Bing/Search?Query=%27xbox%27&authetication="myautherizationkey"
How do I provide my credentials in order to access their api?
This isn't a complete answer, because I'm still getting a "401 Unauthorized" error, but here is how I configured my OAuth for AngularJS. This is for a Bing image search.
var accountKey = '/*Your Account Key*/';
var base64EncodedKey = btoa(accountKey);
$http({
method: 'GET',
url: 'https://api.datamarket.azure.com/Bing/Search/v1/Image?Query=%27Pizza%27&$format=JSON',
headers: {'Authorization': 'Bearer ' + base64EncodedKey}
}).success(function(json) {
console.log('Returned: ' + JSON.stringify(json));
}).error(function(err) {
console.log('There was an error retrieving the image JSON: ' + err);
});
This at least gets rid of the authorization type error, but I still seem to have an error with the way I am providing the account key. Hope it helps point you in the right direction!
I am trying to connect to QuickBooks Online, but when I try to request a token from https://oauth.intuit.com/oauth/v1/get_request_token
I am getting a signaure_invalid message. My signature matches what what googles signature generator makes: http://oauth.googlecode.com/svn/code/javascript/example/signature.html
So I am really at a loss for what QuickBooks is expecting and I am not providing. I have tried including the oauth_callback in the signature, but this did not make a difference. Does anyone have some pointers for where are I am wrong?
Here are my test app details:
ConsumerKey: qyprd46Is0FZ3v1tuE4unkw3iq6cUB
oauth_timestamp: 1398355877
oauth_nonce: X3e3aflZMeKPDwMI
oauth_callback: /qbGetOAuthToken
oauth_signature_method: HMAC-SHA1
Signature Base String: POST&https%3A%2F%2Foauth.intuit.com%2Foauth%2Fv1%2Fget_request_token&oauth_consumer_key%3Dqyprd46Is0FZ3v1tuE4unkw3iq6cUB%26oauth_nonce%3DX3e3aflZMeKPDwMI%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1398355877%26oauth_version%3D1.0
Authorization Header:
Authorization: OAuth oauth_signature_method="HMAC-SHA1",oauth_nonce="X3e3aflZMeKPDwMI",oauth_timestamp="1398355877",oauth_consumer_key="qyprd46Is0FZ3v1tuE4unkw3iq6cUB",oauth_version="1.0",oauth_signature="SJNPyQU7yuhcVvoLRUgyzw9KTlA%3D",oauth_callback="%2FqbGetOAuthToken"
For everyone's benefit-
The developer resolved this issue by twice encoding the callback URL.
How properly create oauth signature base string?
I am following oauth authorization flow(http://developer.yahoo.com/oauth/guide/oauth-requesttoken.html) for accessing Yahoo's Contact API . I am able to get consumer key and consumer secret for my application from first step.
However I am getting "File Not Found" in 2nd step while giving URI request.
My URI request is given below===>
https://api.login.yahoo.com/oauth/v2/
get_request_token?oauth_nonce=rs2130523f788f313f76314ed3965ea6
&oauth_timestamp=1325661943
&oauth_consumer_key=dj0yJmk9VndXdnhUbkJMc2MyJmQ9WVdrOVUzcFdkbnA0TXpnbWNHbzlNamMxTXpJeU9UWXkm
cz1jb25zdW1lcnNlY3JldCZ4PTkw
&oauth_signature_method=plaintext
&oauth_signature=1daaeb467916f4331023fc5fce3cb6b6c27ac7ed
&oauth_version=1.0
&xoauth_lang_pref="en-us"
&oauth_callback="http://mysitename.freetzi.com/index.html"
Can you please tell why I am getting "File not found"?
The response status code is 401 if there is something wrong with your parameters. So you got the "File not found" error. But you can see the error message in the http header with Firebug. Your problem is if the oauth_signature_method is plaintext, you should add a %26 after your oauth_signature
Like this
&oauth_signature_method=plaintext
&oauth_signature=1daaeb467916f4331023fc5fce3cb6b6c27ac7ed%26
&oauth_version=1.0
Hope this helps.