Paypal Ruby SDK not fetching refresh token - ios

I'm trying to integrate Future Payments in my iOS using Ruby SDK on server. According to instructions at https://developer.paypal.com/docs/integration/mobile/make-future-payment/ I follow the following procedure:
I receive OAuth2 token from mobile client.
I use FuturePayment.exch_token(oauth2_code) to exchange it for refresh and access token.
I expect a response similar to what's mentioned in https://github.com/paypal/PayPal-iOS-SDK/blob/master/docs/future_payments_server.md
But I receive just a string which is similar to access token. This is what I got in one of the calls: A015IvJ2HjzJgSI-Qve0VXT3LNKEi67KBGplwkGEptj3DCg
I tried using this token immediately to create a FuturePayment object and I succeeded eventually. But the problem is, since I dont get a refresh token, how would I be able to process/create FuturePayments for the same account in later future?

This looks like a bug in ruby SDK. Please open an issue on github.
Until fix is released, you can make future payment calls.
Exchange authorization code with Tokeninfo object that has both refresh token and access token by calling create_from_authorization_code(). Use create_from_refresh_token() if you have a refresh token and want to retrieve an access token with it: https://github.com/paypal/sdk-core-ruby/blob/master/lib/paypal-sdk/core/openid_connect.rb#L60

Related

Disable one time use on refresh tokens in Datapower/API Connect [OAuth2]?

We have an OAuth/OIDC service developed in API Connect/Datapower.
When a user requests a new refresh_token - if any unexpected error occurs in the flow, the new refresh_token is not issued, and their existing refresh_token is revoked. This forces the user to go through a new consent flow. This can be problematic if large numbers of customers are affected due to some unexpected error. We would like the old refresh_token to still be valid in this scenario.
We raised this with our IBM support contact - and he said this works as intended (i.e. - it should revoke the old refresh_token as the first action - it is single use, regardless of outcome).
He did suggest that it is possible to configure the refresh_token to be used multiple times until it is revoked/expired.
I am not sure how to do this - or what versions it is supported in. He said '(in 2018.4.1.x)? For v5 gw, use extension to enable it, You will need the latest DP firmware release for the above'. It's been hard to get any clarity on this. The IBM developer forums even directed me to Stack Overflow...
Does anyone have any more information/experience with enabling a refresh_token to be used multiple times? Or what versions this is supported in (or links to any documentation about this)? I'm struggling to find anything concrete on this.
Thanks
I suppose he's talking about the count configuration. it is located just below Enable refresh tokens.
Section 'OAuth 2' -> Tokens -> Enable refresh tokens -> count
Hope this could be helpfull
For IBM API Connect version 2018.4.1, you can specify whether the refresh token for OAuth provider is One time use only or not.
See OAuth native provider>Tokens screen.
After an access token expires, if the option is enabled in the OAuth provider API, the application can use refresh tokens. Each refresh token is valid for approximately 31 days after it is issued and can be used only once to request a new access token. Along with the new access token, a new refresh token is also returned.

Get refresh token with Auth0

I am developing an API. I implemented register, login, and Facebook auth using Auth0.
My token expires after one day, and I need to get my refresh token to sign in the user again without requiring its credentials again. I have to make a call to /authorize with these parametrs [sic]:
GET https://YOUR_AUTH0_DOMAIN/authorize?
audience=API_IDENTIFIER&
scope=SCOPE&
response_type=code&
client_id=YOUR_CLIENT_ID&
redirect_uri=https://YOUR_APP/callback&
state=STATE
but I get this error Image
The GET response should give me a code, which I would use to get my refresh token making another GET request on /oauth/token like that: Image
Does anyone have any idea how to get over the first step?
Have you tried using curl to get access token and refresh token and then refresh outside of your app? The following link has very detailed instruction on how to do that with auth0.
https://auth0.com/learn/refresh-tokens/

Automate Oauth process of receiving Slack access token for Web API

I am working with the Slack oAuth API.
When I do a GET on https://slack.com/oauth/authorize passing my client_id, and the scope, I get html reponse asking for workspace URL.
After that I need to sign in and provide my password before code is returned which I can use to renew my temporary token
My question is: How can I automate the process of providing workspace URL, username and password? I need to get the code return after authentication (the temporary token) so that I can call https://slack.com/api/oauth.access to renew my token
My reasoning is that if I have access (from the app I created) to: App ID, Client ID, Client Secret, Signing Secret and Verification Token there should be a way for me make simple API call to get code or is my understanding of the slack OAuth flow wrong?
NB: I have taken a look at https://api.slack.com/docs/oauth but I was not able to get it done. I am also aware that I can make the /signin and /checkcookie to get this done but it involves parsing HTML response for parameter values needed to make subsequent calls. I just feel there a simpler way to do it.
This Stackoverflow question is not a duplicate because is it mainly referred to a case of not having an app created; In my case, I have an app created.

Always getting "code_already_used" when exchanging code for access token w/Slack API

I'm writing a Slack app that adds Slash commands.
Every time I go through the OAuth flow, when I try to exchange a temporary auth code for an access token, I get the following JSON response:
{"ok"=>false, "error"=>"code_already_used"}
and despite that error message, the two slash commands provided by my app do get installed on the target Slack team.
The desired outcome is: I get a successful response from Slack's API, which contains the access_token and scopes for which the token is valid.
Troubleshooting I've tried so far:
Revoked permissions from my app & uninstalling from target team before trying again
Requesting additional scopes (e.g, commands,channels:history,users.profile:read which I don't need, instead of just commands) to see if that would cause the API to return an access token.
I am able to install on other teams outside of the original team I used when creating the app, but with the same api failure
Any suggestions for how to get the API to return an access token? Thanks in advance!

OAuth token rejected error

I want to get user profile for which I am using OAuth. http://developer.yahoo.com/oauth/guide/oauth-auth-flow.html
I have retreived the access token and now finally I need to call yahoo api by making a GET request according to http://developer.yahoo.com/oauth/guide/oauth-make-request.html#
The GET request I am sending is:-
http://social.yahooapis.com/v1/user/KMDUY7SWWTJOX4AS3XR47PNLQU/profile?format=json
&realm="yahooapis.com"
&oauth_consumer_key=my key
&oauth_nonce=24829.2331
&oauth_signature_method=plaintext
&oauth_timestamp=1219450170
&oauth_token=whole token here
&oauth_version=1.0
&auth_signature="consumer secret + token secret"
When I am sending this request it is giving me this error:-
{"error":{"lang":"en-US","description":"Please provide valid credentials. OAuth oauth_problem=\"token_rejected\", realm=\"yahooapis.com\""}}
Thankyou for your time and consideration.
I was having this issue for a while and then eventually I figured out that Yahoo! puts A= at the beginning of all of their access tokens in their response, but that is not actually part of the access token, so you should be sure to remove that part before responding back to Yahoo!
I hope this helps someone else that stumbles upon this page in the future.
probably in your case the issue is related with the protocol. You should use https when calling the Yahoo! API.
As they say in the Yahoo documentation here:
For requests to Yahoo API and Web services that require OAuth
authorization, you must use the HMAC-SHA1 encryption method because
requests are made insecurely using HTTP.

Resources