I am using OAuth 2.0 for Authorization process.
I have requested for Authorization Code with this url:
https://www.box.com/api/oauth2/authorize?response_type=code&client_id={MY_CLIENT_ID}
Then I was redirected to box.net login page for authorization.
I have entered credentials for my Box.net account.
Granted access for account.Then I got Authorization code which I encoded in URL and sent a request with this:
https://www.box.com/api/oauth2/token?grant_type=authorization_code&code={AUTHORIZATION_CODE}&client_id={MY_CLIENT_ID}&client_secret={MY_CLIENT_SECRET_ID}
I got this response:
{"error":"invalid_client","error_description":"The client credentials are invalid"}
I have checked my Client Id and Client Secret Id many times. Those are correct. What can be reason for such an error message?
As the official documentation states:
To get the access_token, you’ll need to make a POST request to https://www.box.com/api/oauth2/token with the following parameters...",
Although all the parameters including client_id, client_secret, grant_type and code are right, if you don't make a POST request to the url, you will get error: "invalid_client".
Try:
curl https://www.box.com/api/oauth2/token \
-d 'grant_type=authorization_code&code={your code}&client_id={your client id}&client_secret={your client secret}' \
-X POST
Related
has anyone succeeded in connecting to Linkedin API here?
I followed the instructions on the docs but failed to retrieve the Authorization Code.
Here's the result of my POST request to get the access_token
{
"error": "invalid_redirect_uri",
"error_description": "Unable to retrieve access token: appid/redirect uri/code verifier does not match authorization code. Or authorization code expired. Or external member binding exists"
}
I'm using the https//airbyte.io as a redirect_uri
My GET get request to obtain the authorization token is the following:
https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=78oy2gu644mxz2&redirect_uri=https%3A%2F%2Fairbyte.io&scope=r_ads,r_ads_reporting,r_organization_social
I followed a couple advices in the different thread in SO
double checked my client_id and client_secret
encoded the URI in GET request
added scope parameters to the redirect_url at the POST request
Tested the request with the code within 20 seconds window.
Couple of things:
Ensure your redirect URI is also defined within your app's configuration as an allowed redirect URI. See https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin%2Fmarketing%2Fcontext&view=li-lms-2022-11&tabs=HTTPS1#step-1-configure-your-application. The documentation specifies a certain URL to use when testing with Postman.
In your authorization call, your scopes are comma-delimited. They should be space-delimited and URL-encoded. See https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin%2Fmarketing%2Fcontext&view=li-lms-2022-11&tabs=HTTPS1#step-2-request-an-authorization-code.
I'm try to request call this route api.twitter.com/2/users/:id/following also getting the error :
Authenticating with OAuth 2.0 Application-Only is forbidden for this endpoint. Supported authentication types are [OAuth 1.0a User Context, OAuth 2.0 User Context].
I've trying to understand how I should generate an oauth token valid for this request, but i'm a bit lost! I've all the pipe line for the user authentication and for the last request I can get all user data including userToken and tokenSecret how i can use that info to generate the token for my request?
Also I've try to generate a token generate with apiKey and apiSecret withtou success
curl -u 'apiKey:apiSecret'
--data 'grant_type=client_credentials'
'https://api.twitter.com/oauth2/token'
I'm really lost using twitter api because of the multiples ways to authenticate
The curl command you're using will give an App-Only token, this won't work if you're trying the POST /2/users/:id/following endpoint. Follow this guide on generating an OAuth 2.0 User Access Token.
can anyone help me I am trying to call below request
curl https://rtm.zopim.com/stream/{resource} \
-H "Authorization: Bearer {API access token}"
initially, I tried with basic auth (adding id : password in the request) response was unauthorized,
then I generate access token with postman like in below screenshot
and when call API with that access token then the response is 403 forbidden
I can successfully hit and get response other api like ( https://www.zopim.com/api/v2/chats) with the same access token
but not the specific "rtm.zopim.com/stream/"
The Real Time Chat API is available on Enterprise plans only, so if you are not on the Enterprise plan you will receive a 403 Forbidden error.
I want users to request Uber rides from my app.
https://developer.uber.com/docs/rides/authentication
Under OAuth 2.0 section at the above url, there are 6 steps :
1. Authorize (done)
2. Receive Redirect (done)
3. Get an Access Token ('invalid_grant' error)
The following screenshot is from Postman.
I tried passing client_id, client_secret, grant_type, redirect_uri and code as params, form-data and x-www-form-url-encoded. But everytime it returns the same error.
I have put 'http://localhost:3000/auth/uber/callback' as redirect url in my Uber App dashboard.
I have even tried the following curl command in the terminal,but it returns the same 'invalid_grant' error
Can someone help me with this issue.
Your postman request looks correct to me. My best guesses at whats going on:
1) You have multiple redirects set up, and you're using one redirect url when you do the authorization phase and a different one when you try and do token exchange
2) You're doing authorization for one client_id, and trying to do token exchange for another
3) You're authorization code has already been used / expired. Keep in mind its only good for one request.
Could you try the following and tell me what happens:
1) Do the authorization flow and pay special attention that the client id and redirect uri you put in your authorization URL are correct
2) After your browser redirects, copy the authorization code out of the redirect URL
3) Put the authorization code into the postman request / curl statement and make sure that the client id / redirect URI is correct when you do it.
Status Code: 401 Unauthorized
{
"error": "invalid_grant"
}
You are using an invalid refresh_token. You can generate multiple
access tokens, but you can only use the latest generated
refresh_token.
You supplied an invalid code when exchanging an authorization code
for an access_token.
How do you get an access token from the wunderlist api using oauth?
The wunderlist documentation says:
Wunderlist redirects back to your site
If the user accepts your request, Wunderlist will redirect to your redirect_uri with a temporary code in a code parameter as well as the state you provided in the previous step in a state parameter. If the states don't match, the request has been created by a third party and the process should be aborted.
Exchange code for an access token:
POST https://www.wunderlist.com/oauth/access_token
I do not understand
Exchange code for an access token
am I supposed to redirect to https://www.wunderlist.com/oauth/access_token to get an access token?
Exchanging the code for an access_token is done by executing an HTTP POST message to the token endpoint, in your case to https://www.wunderlist.com/oauth/access_token, with JSON data as specified in: https://developer.wunderlist.com/documentation/concepts/authorization. Using cURL it would look like:
curl -H "Content-Type: application/json" -d '{ "code":"<CODE>", "client_id": "<CLIENT_ID>", "client_secret": "<CLIENT_SECRET>"}' https://www.wunderlist.com/oauth/access_token