In Apigee, how to pass access_token to GetOAuthv2Info policy? - oauth-2.0

I'm trying to use Apigee's GetOAuthv2Info policy but think I'm missing something really simple (still new to Apigee/APIs)...
The policy is configured based on the sample:
<GetOAuthV2Info name="GetTokenAttributes">
<AccessToken>request.queryParam.access_token</AccessToken>
</GetOAuthV2Info>`
If I try to pass a valid token via a query parameter:
http://{host}/path/to/endpoint?access_token=tUbvXzh97UtRRUuBpGUNpXESJtD1, I get a 404 Not Found error code with:
{"fault":"{\"detail\":
{\"errorcode\":\"keymanagement.service.invalid_access_token\"},
\"faultstring\":\"Invalid Access Token\"}"}
Is this the correct way to pass the access token to the policy?
Thanks in advance!

Try:
<GetOAuthV2Info name="GetTokenAttributes">
<AccessToken ref="request.queryparam.access_token"></AccessToken>
</GetOAuthV2Info>
or
<GetOAuthV2Info name="GetTokenAttributes">
<AccessToken>{request.queryparam.access_token}</AccessToken>
</GetOAuthV2Info>
Your original policy is probably using the literal string value of request.queryParam.access_token as the token reference. Also noticed that queryparam is complete lower case.

Related

Get token from request.headers['HTTP_AUTHORIZATION']

In my rails application I need to export token from request.headers['HTTP_AUTHORIZATION']. How can I export only the token from the string like this:
"Token token=\"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHBpcmVkX2F0IjoiMjAxNy0wMy0yOCAwMDozMjozMSAtMDcwMCIsImlhdCI6MTQ5MDU5OTk1MSwiaWQiOjEsImZpcnN0X25hbWUiOiJCb3NzIiwibGFzdF9uYW1lIjoiTWFuIiwicm9sZXMiOlsiYWRtaW4iXSwiZ3Vlc3QiOmZhbHNlfQ.eMoJjqY6FFWhAHxIihQ48JeHoo7z3wWMaApSWR6t4uo\""
Look into ActionController::HttpAuthentication::Token.token_and_options:
token, _options = ActionController::HttpAuthentication::Token.token_and_options(request)
But be aware of the following Github issue I fired some time ago. But for your case it doesn't matter until you need to work with options part.

How to get authentication from user in linkedin?

I am new in creating a application in linkedin. Can some one help in getting the authorization??
I tried this code:
https://www.linkedin.com/uas/oauth2/authorization?response_type=code
&client_id=78lv1rv8ryh1hf
&scope=scope=r_fullprofile%20r_emailaddress%20r_network
&state=DCEEFWF45453sdffef424
&redirect_uri=http://www.mycoolsite.com
I am getting error saying that ...
error=unsupported_response_type&error_description=We+only+support+a+response_type+of+"code"%2C+but+you+passed+code+
There are a few things that can be improved:
you have not URL-encoded the redirect_uri parameter value
you're passing scope= in the scope value, which seems to be a typo/duplicate
you may have inserted a space/line-break in your URL since the following works for me:
https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=78lv1rv8ryh1hf&scope=r_fullprofile%20r_emailaddress%20r_network&state=DCEEFWF45453sdffef424&redirect_uri=http%3A%2F%2Fwww.mycoolsite.com

Stripe Connect - Handling Response

In the process of checking out Stripe Connect.
I've got to the stage where I can access the token (which is explained here https://stripe.com/docs/connect/oauth#token-request) but I'm having trouble accessing other parts of the object.
To retrieve the object I use:
response = #client.auth_code.get_token(code, params)
and to get at the token I use:
#token = response.token #strangely it isn't response.access_token
My problem is that I can't access other parts of Stripe's response which contains amongst other things a publishable key.
I have debugged the response and I get this (trimmed down and sensitive data altered):
...#token="sk_test_abc123", #refresh_token="rt_abc123", #expires_in=nil, #expires_at=nil, #options={:mode=>:header, :header_format=>"Bearer %s", :param_name=>"bearer_token"}, #params={"livemode"=>false, "token_type"=>"bearer", "stripe_publishable_key"=>"pk_test_abc123", "stripe_user_id"=>"abc123", "scope"=>"read_write"}
Can anyone tell me how to access the stripe_publishable_key in this response?
I've tried:
response.params[:stripe_publishable_key]
and
response.params.stripe_publishable_key
Have you tried response.params['stripe_publishable_key']
The hash is using strings rather than symbols for keys. You have to access the values using a string like this:
response.params["stripe_publishable_key"]

What is the correct REST Endpoint to retrieve user (profile) information from a connections installation

Based on this information:
http://www-10.lotus.com/ldd/appdevwiki.nsf/xpDocViewer.xsp?lookupName=API+Reference#action=openDocument&res_title=OpenSocial_Profiles_API_sbar&content=pdcontent
And a working url for posting updates:
I created this one to try and find out to whom this access token belongs:
https://connections4.e-office.com/connections/opensocial/oauth/rest/people/#me/#self
But than I get Error 501: No service defined for path people/#me/#self
what should the url be ?
Apperently you don't need to include: #Self
This is it:
connections/opensocial/oauth/rest/people/#me/
See also : http://www-10.lotus.com/ldd/appdevwiki.nsf/xsp/.ibmmodres/domino/OpenAttachment/ldd/appdevwiki.nsf/B49DB47061DA9DEB85257AC9006D5256/attach/AppDev_OpenSocial.pdf
You can use the Profiles REST API URLs:
http(s)://yourserver/profiles/admin/atom/profileEntry.do?email=mailaddress
or
http(s)://yourserver/profiles/admin/atom/profileEntry.do?uid=uid

Facebook OAuth: custom callback_uri parameters

I'd like to have a dynamic redirect URL for my Facebook OAuth2 integration. For example, if my redirect URL is this in my Facebook app:
http://www.mysite.com/oauth_callback?foo=bar
I'd like the redirect URL for a specific request be something like this, so that on the server, I have some context about how to process the auth code:
http://www.mysite.com/oauth_callback?foo=bar&user=6234
My redirect gets invoked after the authorization dialog is submitted, and I get back an auth code, but when I try to get my access token, I'm getting an OAuthException error back from Facebook. My request looks like this (line breaks added for clarity):
https://graph.facebook.com/oauth/access_token
?client_id=MY_CLIENT_ID
&redirect_uri=http%3A%2F%2Fwww.mysite.com%2Foauth_callback%3Ffoo%3Dbar%26user%3D6234
&client_secret=MY_SECRET
&code=RECEIVED_CODE
All of my parameters are URL-encoded, and the code looks valid, so my only guess is that the problem parameter is my redirect_uri. I've tried setting redirect_uri to all of the following, to no avail:
The actual URL of the request to my site
The URL of the request to my site, minus the code parameter
The URL specified in my Facebook application's configuration
Are custom redirect URI parameters supported? If so, am I specifying them correctly? If not, will I be forced to set a cookie, or is there some better pattern for supplying context to my web site?
I figured out the answer; rather than adding additional parameters to the redirect URL, you can add a state parameter to the request to https://www.facebook.com/dialog/oauth:
https://www.facebook.com/dialog/oauth
?client_id=MY_CLIENT_ID
&scope=MY_SCOPE
&redirect_uri=http%3A%2F%2Fwww.mysite.com%2Foauth_callback%3Ffoo%3Dbar
&state=6234
That state parameter is then passed to the callback URL.
If, for any reason, you can't use the option that Jacob suggested as it's my case, you can urlencode your redirect_uri parameter before passing it and it will work, even with a complete querystring like foo=bar&morefoo=morebar in it.
I was trying to implement a Facebook login workflow against API v2.9 following this tutorial. I tried the solutions described above. Manuel's answer is sort of correct, but what I observed is url encoding is not needed. Plus, you can only pass one parameter. Only the first query parameter will be considered, the rest will be ignored. Here is an example,
Request a code via https://www.facebook.com/v2.9/dialog/oauth?client_id={app-id}&redirect_uri=http://{url}/login-redirect?myExtraParameter={some-value}
You'd get a callback for your url. It will look like http://{url}/login-redirect?code={code-from-facebook}&myExtraParameter={value-passed-in-step-1}. Note that facebook would make a callback with myExtraParameter. You can extract the value for myExtraParameter from callback url.
Then you can request access token with https://graph.facebook.com/v2.9/oauth/access_token?client_id={app-id}&client_secret={app-secret}&code={code-from-facebook}&redirect_uri=http://{url}/login-redirect?myExtraParameter={value-extracted-in-step-2}
Additional parameter passed in step 1 after the first query parameter will be ignored. Also make sure to not include any invalid characters in your query parameter (see this for more information).
You're best off specifying a unique callback for each oAuth provider, /oauth/facebook, /oauth/twitter etc.
If you really want the same file to respond to all oAuth requests, either include it in the individual files or setup a path that will call the same file on your server using .htaccess redirects or something similar: /oauth/* > oauth_callback.ext
You should set your custom state parameter using the login helper as such:
use Facebook\Facebook;
use Illuminate\Support\Str;
$fb = new Facebook([
'app_id' => env('FB_APP_ID'),
'app_secret' => env('FB_APP_SECRET'),
'default_graph_version' => env('FB_APP_VER'),
]);
$helper = $fb->getRedirectLoginHelper();
$permissions = [
'public_profile',
'user_link',
'email',
'read_insights',
'pages_show_list',
'instagram_basic',
'instagram_manage_insights',
'manage_pages'
];
$random = Str::random(20);
$OAuth2Client = $fb->getOAuth2Client();
$redirectLoginHelper = $fb->getRedirectLoginHelper();
$persistentDataHandler = $redirectLoginHelper->getPersistentDataHandler();
$persistentDataHandler->set('state', $random);
$loginUrl = $OAuth2Client->getAuthorizationUrl(
url('/') . '/auth/facebook',
$random,
$permissions
);
Hey if you are using official facebook php skd then you can set custom state param like this
$helper = $fb->getRedirectLoginHelper();
$helper->getPersistentDataHandler()->set('state',"any_data");
$url = $helper->getLoginUrl($callback_url, $fb_permissions_array);

Resources