OAuth 1.0b receiving access token - oauth

Until few days ago everything worked fine. But after some changes on FitBit new user can not get OAuth handshake anymore. The problem is when I receive temporary tokens and make call to finish handshake and receive credentials.
So in first step I get:
TOKEN: 1a227cfde686220183763946a98173bc and VERIFIER: p2g5ims7o4ffscev603rbif05g
and in second step I use theme to make call to https://api.fitbit.com/oauth/access_token ...
Signature Base String is:
POST&https%3A%2F%2Fapi.fitbit.com%2Foauth%2Faccess_token&oauth_consumer_key%3D7c5e888aa3dd4d17a26d82a7f541b278%26oauth_token%3D1a227cfde686220183763946a98173bc%26oauth_nonce%3D5hw45lgu%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1391094796%26oauth_verifier%3Dp2g5ims7o4ffscev603rbif05g%26oauth_version%3D1.0
And by that I receive header (with signature calculated using the same function as in first step)
Authorizing with HEADER: OAuth oauth_consumer_key="7c5e888aa3dd4d17a26d82a7f541b278",oauth_token="1a227cfde686220183763946a98173bc",oauth_nonce="5hw45lgu",oauth_signature="X4udgn9A7Q2xI%2FN38QELl%2BIDVqM%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1391094796",oauth_verifier="p2g5ims7o4ffscev603rbif05g",oauth_version="1.0"
That should work but I get 401 error saying:
{"errors":[{"errorType":"oauth","fieldName":"oauth_access_token","message":"Invalid signature or token 'JNGSIMomid/oghtWGrz7crC6KhM=' or token '6c45d0ce39195e848da14cad0a4f9719'"}],"success":false}
I have been working od that for 7 hours now ... and as far as I can see everything is OK ... Error is saying about field name oauth_access_token ... This fields doesn't even exist. I tried anyway and recived error saying that security is not OK ...
Any Idea?

I had the same problem. After doing some research I noticed that the API has changed and the lib I was using was out dated.
To fix that, I updated my lib and did some code changes.
Here is the link of a .Net implementation after the change:
https://github.com/aarondcoleman/Fitbit.NET/wiki/Breaking-Change-on-1-24-2014-as-a-result-of-OAuth-update-in-Fitbit-API
Regards,
Fredy

Related

com.microsoft.graph.http.GraphServiceException: Error code: SyncStateInvalid

com.microsoft.graph.http.GraphServiceException: Error code: SyncStateInvalid
Error message: The sync state identified using the request token 'HzWyBB6EZsMOpd9NmgmVnqAnVEMAAAQ9rM8FAwAA' is no longer valid.
GET https://graph.microsoft.com/v1.0/users/6be2c2df-8e20-4f99/mailFolders/AQMkADlmY2YxNTY3LWVhNjItNDFhMS1iZDA0LWZ/messages/microsoft.graph.delta?$deltatoken=LztZwWjo5IivWBhyxw5rAHNeTrUj6tmJCwsicW9zTkZhNFWO0u7VKvvdkBxQHWUvDsSPLMpUBSlb3nEcc_qVbTk1hQlWa3MIyqHvnT47wRA.NIA-bd_JnbZrpOuTHnjHoWWo1K5QPy4CLrFTODjYn9c
Prefer : odata.maxpagesize=1
Prefer : IdType="ImmutableId"
SdkVersion : graph-java/v1.6.0
Authorization : Bearer eyJ0eXAiOiJKV1QiLCJub25jZSI[...]
Hi guys, I'm getting the above SyncStateInvalid error, I've done a search, realizing that most people are facing SyncStateNotFound error instead.
Not sure if anyone faces this issue before and knows what is the fix.
I am trying to sync incremental mail messages based on the delta token.
I've tried to paste the same link in graph explorer, and was able to get result.

Can't deploy an app to Intune store via graph API - DeviceManagementApps.ReadWrite.All is an invalid scope?

We want to enable uploading apps to the Intune store via an API.
I saw this example on GitHub, and want to do something similar in JS, so I've tried using the same REST calls.
The problem is, I can't seem to make the https://graph.microsoft.com/beta/deviceAppManagement/mobileApps request properly - I always get 401. When making the same request via the Graph API Explorer it works fine.
I tried fixing my permissions, and I'm kinda stuck getting the correct token.
I did the following steps with an admin account, on both the "common" and our own tennant:
Called the admin consent - https://login.microsoftonline.com/nativeflow.onmicrosoft.com/adminconsent?client_id=<ID>&redirect_uri=<URI>
Got authorization from the user - https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=<ID>&response_type=code&redirect_uri=<URI>&response_mode=query&scope=DeviceManagementApps.ReadWrite.All
POST request to get the actual token -
https://login.microsoftonline.com/nativeflow.onmicrosoft.com/oauth2/v2.0/token
with the following body:
client_id: <ID>
scope: https://graph.microsoft.com/.default
client_secret: <secret>
grant_type: client_credentials
requested_token_use: on_behalf_of
code: <The code I got in step 2>
I tried changing the scope in step 3 to https://graph.microsoft.com/DeviceManagementApps.ReadWrite.All or simply to DeviceManagementApps.ReadWrite.All, but it says that it's not a valid scope.
I got a token in step 3, but when I try calling the actual API I receive this error:
{
ErrorCode:"Forbidden",
Message:{
_version: 3,
Message: "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 7b5c3841-976d-4509-b946-f7fdabd047d7 - Url: https://fef.msub02.manage.microsoft.com/StatelessAppMetadataFEService/deviceAppManagement/mobileApps?api-version=5018-05-02",
CustomApiErrorPhrase: "",
RetryAfter: null,
ErrorSourceService: "",
HttpHeaders: {"WWW-Authenticate":"Bearer realm=urn:intune:service,f0f3c450-59bf-4f0d-b1b2-0ef84ddfe3c7"}
},
Target:null,
Details:null,
InnerError:null,
InstanceAnnotations:[]
}
So yeah, I'm pretty much stuck. Anyone have any experience with it? I've tried making the calls in Postman, curl and via code, but nothing works.
Cheers :)
You have a couple issues going on:
You're using the Authorization Code Grant workflow but requesting Client Credentials.
The scope Device.ReadWrite.All is an application scope, it is only applicable to Client Credentials. It isn't a valid Delegated scope so it will return an error when you attempt to authenticate a user (aka delegate) using Device.ReadWrite.All.
Your body is using key:value but it should be using standard form encoding (key=value).
To get this working, you need to request a token without a user. This is done by skipping your 2nd step and moving directly to retrieving a token (body line-breaks are only for readability):
POST https://login.microsoftonline.com/nativeflow.onmicrosoft.com/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded
client_id={id}
&client_secret={secret}
&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default
&grant_type=client_credentials

Unable to Setup Adwods API through Java, Giving several errors in last step

I am Trying to set up Adwords API through Java, All the steps are going good but in last step while running GetCampaigns.java , Its giving several errors
"Exception in thread "main" com.google.api.ads.common.lib.exception.OAuthException: Credential could not be refreshed. at com.google.api.ads.common.lib.auth.OfflineCredentials.generateCredential(OfflineCredentials.java:240) at adwords.axis.v201705.basicoperations.GetCampaigns.main(GetCampaigns.java:46) Caused by: com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Request { "error" : "invalid_grant" } at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenResponseException.java:105) at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenRequest.java:287) at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.java:307) at com.google.api.client.auth.oauth2.Credential.executeRefreshToken(Credential.java:570) at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.executeRefreshToken(GoogleCredential.java:362) at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.java:489) at com.google.api.ads.common.lib.auth.OAuth2Helper.callRefreshToken(OAuth2Helper.java:69) at com.google.api.ads.common.lib.auth.OfflineCredentials.generateCredential(OfflineCredentials.java:234) ... 1 more"
After this error message its not going through.
This looks like a problem with your refresh token. Have you generated your refresh token?
I normally run this file to generate a refresh token.
https://github.com/googleads/googleads-java-lib/blob/master/examples/adwords_axis/src/main/java/adwords/axis/auth/GetRefreshToken.java
Did you copy the refresh token into your ads.properties file?

Yelp Place API returning "Invalid Signature" Error only from Nginx on EC2

Problem: I am getting an "Invalid Signature" error from Yelp API only from production (running on nginx server in AWS) When I run locally on my localhost:3000, there is no signature error, and everything works fine.
I am using the yelp gem in rails. Here's some code in ruby.:
$client = Yelp::Client.new({
consumer_key: $SL_CONSUMER_KEY,
consumer_secret: $SL_CONSUMER_SECRET,
token: $SL_TOKEN,
token_secret: $SL_TOKEN_SECRET
})
begin
$client.search("Los Angeles")
rescue => error
puts error.message
puts error.inspect
end
error.message prints out: "Signature was invalid"
error.inspect prints out: < Yelp::Error::InvalidSignature: Signature was invalid >
Everything works when I run locally on rails' Webrick server but when I run it in production, I get an "Invalid Signature" error.
Has anyone seen this? I've looked at some relevant posts, but this seems different. Thanks!
This will probably not pertain to most people, but the off chance it could help someone, here it is:
My "time" was effed up on my EC2 instance. So for example, in ruby, Time.now was not printing the actual time. (I think it was off by a few minutes or so).
Anyway, Yelp API requires a oauth_timestamp when you send a request. Of course, then, my request was timing out b/c the time was off.
How did I found this error out?
I just pinged the URL on my browser with the oauth, token, oauth_timestamp, etc. (few more) as query params. The browser spits out the error response in JSON, and it was saying that my request was timing out. When you use the ruby Yelp Client and catch the exception in code, it doesn't spit out the error response in terminal, so it's a bit more difficult to locate the exact root of the error.
How I solved it:
I re-calibrated the time in my ec2 instance by following the directions here: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html
Problem is solved. Peace.
Invalid signature error in Yelp API occurs due to two reasons .
First , Either of your four keys i.e consumer_key , consumer_secret_key , Token & Token Secret is invalid . Secondly Parameters passed to Yelp API Function are either invalid or any of those are nil .

Required parameter is missing: grant_type

I am trying to authenticate google api in ruby. I got code parameter successfully. But I couldn't get access token using code params.i am passing following parameter to get access token
https://accounts.google.com/o/oauth2/token?code=4/HttxxNNyD8RU-emkYJufAM2&client_id=103xxxxxx-t8uaeuc4cexxxxxxxxv3ha1r50e.apps.googleusercontent.com&client_secret=xxxxxx&grant_type=authorization_code
i got following response:
An error occured connecting to the server: 400 returned.
<TITLE>Required parameter is missing: grant_type</TITLE> </HEAD> <BODY BGCOLOR="#FFFFFF" TEXT="#000000"> <H1>Required parameter is missing: grant_type</H1> <H2>Error 400</H2>
Any one help me to get accesstoken
Looks like the slash shouldn't be there in your code parameter. If needed it should be url encoded.
The format that Google shared these code keys is like the one given in the example. I do not believe your problem is because any of the credentials. I highly recommend to visit http://www.visualab.org/index.php/using-google-rest-api-for-analytics and I assure you will be fine. Also do not forget these tokens expires in 3600 seconds so have to whether reload the key approval screen for requesting new 'code' or follow the instructions in the link and understand 'refresh token' 'access token' for further lines of codes.

Resources