I am trying to access users Yahoo profile using YQL. For this, I am using OAuth with YQL. The query I'm using to get this data is:
q=select%20*%20from%20social.profile%20where%20guid%20%3D%20me&format=json&diagnostics=true&callback=
However, when I do this, I am getting the following error message:
Unsupported authorization scheme: "Bearer"
Are there any other things that I need to set before making the request, like headers or any other fields?
The Yahoo YQL endpoint does not support OAuth 2.0 tokens (yet?). You can use a REST API as described in https://developer.yahoo.com/social/rest_api_guide/social_dir_api.html#social_dir_intro-profiles, e.g. https://developer.yahoo.com/social/rest_api_guide/extended-profile-resource.html:
curl -H "Authorization: Bearer <token>" https://social.yahooapis.com/v1/user/me/profile?format=json
Related
I'm in the context of an embedded devices that uses an HTTPS client to request an access token on behalf of a user (delegated permission needed for the app).
I'm currently using OAuth 2.0 ROPC (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth-ropc) to get my token and everything works fine.
But since this authentication is deprecated I'd like to change to a more secure solution that works in hybrid identity federation scenarios.
I see that many other solutions exists, but I can't find one that doesn't need to interpret an HTML/JS response.
Here a CURL example to explain my point:
ROPC request:
curl -X POST "https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token" --data "grant_type=password&scope=EWS.AccessAsUser.All&username=<username>&password=<password>&client_id=<client_id>&client_secret=<client_secret>" -H "Content-Type: application/x-www-form-urlencoded"
Response:
{"token_type":"Bearer","expires_in":3599,"ext_expires_in":3599,"access_token":"eyJ0eX....1234"}
Here I can extract the token directly from the response.
But using other ways to get delegated permission token such as OAuth 2.0 Implicit Grant flow (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow), responses are always an HTML that I can't interpret.
So here I am wondering if there is a solution to this situation.
Thanks in advance,
Aloïs KYROU
You cannot use the implicit flow to obtain the token in the tool, you can only run the request url in the browser. Because using the implicit flow requires you to log in. Please note that before this, you must enable id token and access token.
Request the id token and access token in the browser.
https://login.microsoftonline.com/{tenant id}/oauth2/v2.0/authorize?
client_id={client id}
&response_type=id_token token
&redirect_uri={redirect_uri}
&scope=openid EWS.AccessAsUser.All
&response_mode=fragment
&state=12345
&nonce=678910
Hopefully I'm missing something very simple. According to this documentation to get an access token I need to hit the following url:
https://login.live.com/oauth20_authorize.srf?client_id={client_id}&scope={scope}
&response_type=token&redirect_uri={redirect_uri}
So far this appears to be working as the returned url I get contains
/#access_token=EwAYA61DBAAUcSSzo.......
According to the token flow documentation above,
You can use the value of access_token to make requests to the OneDrive API.
According to this page,
Your app provides the access token in each request, through an HTTP header:
Authorization: bearer {token}
When running curl I give it the exact token I was given before,
curl -X GET \
https://graph.microsoft.com/v1.0/drive \
-H 'Authorization: Bearer EwAYA61DBAAUcSSzoTJJs.....
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "CompactToken parsing failed with error code: 8004920A",
"innerError": {
"request-id": "8780c600-2b7f-45a0-b484-7eca9dfd2697",
"date": "2019-01-25T19:33:22"
}
}
}
Why is the token they provided not working?
What I've tried so far:
changing the case of bearer in the header
wrapping said token in {}
generating new tokens
URL decoding said token
One thing to note: the tokens I am receiving are not JWT tokens. Googling the error code pulls up several Stack Overflow questions that seem to imply the graph api is expecting a JWT. If this is the case, am I missing a step to obtaining it?
You can't call Microsoft Graph API after completing the authentication flow for Microsoft accounts (OneDrive personal).
In addition, the authorization process with Microsoft accounts is no longer recommended according the docs and new applications should be developed using Microsoft Graph:
This topic contains information about authorizing an application using Microsoft accounts for OneDrive personal. However, this approach is no longer recommended. New applications should be developed using Microsoft Graph and follow the authorization process in Authorization and sign-in for OneDrive in Microsoft Graph.
I have tried this and that.
But requesting this:
https://api.twitter.com/1.1/statuses/user_timeline.json?user_id=monyetbego
keep giving me Bad Authentication data.
I don't know exactly how to get authenticated.
You need to register an application through Twitter's developer site. Once your application is approved you will be given a set of Oauth keys, which you can use within an API request to receive a response. Note that in API V1.1, you can no longer submit unauthenticated requests (i.e. send requests through a unauthenticated URL like the one you posted).
For example, once you have your authentication information, you can use curl to submit a show_timeline request (see your Application's OAuth tool on the Twitter Dev website for parameters specific to your authentication information):
curl --get 'https://api.twitter.com/1.1/user_timeline.json' --header 'Authorization: OAuth
oauth_consumer_key="XXXXXXXXXXXXXXXX", oauth_nonce="XXXXXXXXXXXXXXXXXXXXXXXX",
oauth_signature="XXXXXXXXXXXXXXXXXXXXXXXXXXX", oauth_signature_method="XXXX-XXXXX",
oauth_timestamp="XXXXXXXXXXX", oauth_token="XXXXXXXX-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", oauth_version="1.0"' --verbose
Version of google-api-java-client:
google-api-1.13.2-beta.jar
Java environment:
Java 6
Describe the problem.
I have a question.
I want to access the Google Drive using the OAuth 2.0 for Devices.
It is an error to use "https://www.googleapis.com/auth/drive" scope.
I succeed when you use the "https://docs.google.com/feeds/" in scope.
I'm wondering do I use the "https://docs.google.com/feeds/" to use the "DriveAPI" I.
Is this the correct usage?
Request:
POST https://accounts.google.com/o/oauth2/device/code HTTP/1.1
client_id=xxxxx.apps.googleusercontent.com&scope=https://www.googleapis.com/auth/drive
Response: { "error" : "invalid_scope" }
Response:
POST https://accounts.google.com/o/oauth2/device/code HTTP/1.1
client_id=xxxxx.apps.googleusercontent.com&scope=https://docs.google.com/feeds/
Response:
{
"device_code" : "4/e6HcZHKPz-eExgLb_Ll9V8qoT1NP",
"user_code" : "zzwiv48b",
"verification_url" : "http://www.google.com/device",
"expires_in" : 1800,
"interval" : 5
}
How would you expect it to be fixed?
I think that can be authenticated in the scope of the "https://www.googleapis.com/auth/drive" I.
developers.google.com
stackoverflow.com
You are missing an h in the protocol. Try https://docs.google.com/feeds/ instead of ttps://docs.google.com/feeds/. Apply the same change to all your scope urls
From the Google documentation about "Using OAuth 2.0 for Devices" (https://developers.google.com/identity/protocols/OAuth2ForDevices#allowedscopes):
When you use the OAuth 2.0 flow for devices, you can access only the following scopes:
Analytics Configuration and Reporting APIs
Calendar API
Contacts API
Cloud Print API
Cloud Storage API
Fitness REST API
Fusion Tables API
Google Sign-In
YouTube Data and Live Streaming APIs
I don't see Drive API in this list and I think it's a reason of "invalid_scope" error
I have exactly the same problem with.
I've followed the instructions in the developing document, and use "www.googleapis.com/auth/drive" as my the scope in the request.
Eventually, I got "invalid_scope" in the response.
So I've try to use "www.googleapis.com/auth/devstorage.full_control" as the scope, and it worked!The hint is from :https://cloud.google.com/storage/docs/authentication#oauth
BUT!! When I use the access token I created to list the google drive account information, I got error code 403 and the message is "Insufficient Permission".
This is what I used to request the account infornation:
curl -H "Authorization: Bearer $ACCESS_TOKEN" https://www.googleapis.com/drive/v2/about?key=$APP_KEY
That really made me confused....
Hoping someone can help me out here. I'm using Google Contacts API to fetch a list of contacts. To my understanding, this is done by sending a GET request:
https://www.google.com/m8/feeds/contacts/default/full?alt=json&max-results=9999&oauth_token=OATH_TOKEN_HERE
However, this is wildly insecure as any intruder can gain access to the oauth_token in the URL. To combat this, I'm trying to send this as a POST request with my parameters (alt, max-results, oauth_token) as the data. However, I simply get an error that "Authorization is required". I've tried adding "Authorization: OAuth" to my headers but to no avail (get an error that authorization type is not recognized).
Any advice? I need a secure way to send the oauth token to Google such that my security software won't complain about a security hole in my program ...
Thanks!
To answer your question directly, even though security is irrelevant as you are using HTTPS, you cannot POST to Google to get a list of contacts. Google requires you use Get.
The proper formatting for authorization (Because you can still use a Get and not pass the oauth_token as a query string is to use an HTTP Header formatted:
Authorization: Bearer 1/fFBGRNJru1FQd44AzqT3Zg
Using OAuth 2.0 to Access Google APIs