I am trying to understand how Google authentication works with OAuth 2.0. They give some examples at this link.
I am having trouble with one of the first steps. I can execute this http request in a browser:
https://accounts.google.com/o/oauth2/auth?scope=https://www.google.com/m8/feeds&client_id=21302922996.apps.googleusercontent.com&redirect_uri=https://www.example.com/back&response_type=token
and that works fine.
When I try to convert it to a curl GET operation,
curl https://accounts.google.com/o/oauth2/auth?scope=https://www.google.com/m8/feeds&client_id=21302922996.apps.googleusercontent.com&redirect_uri=https://www.example.com/back&response_type=token
I get a response that tells me there is an OAuth 2.0 error: invalid_request.
Converting it to a POST, I can't get this operation to work.
curl http://accounts.google.com/o/oauth2/auth -d “scope=https://www.google.com/m8/feeds&client_id=21302922996.apps.googleusercontent.com&redirect_uri=https://www.example.com/back&response_type=token”
The response is that the document has moved.
If I try this, I get similar results.
curl http://accounts.google.com/o/oauth2/auth -data-urlencode “scope=https://www.google.com/m8/feeds&client_id=21302922996.apps.googleusercontent.com&redirect_uri=https://www.example.com/back&response_type=token”
I have never used curl or OAuth in my code before, so I want to understand some of these basics. Can someone tell me what is wrong with my GET and POST ?
I don't have a sure answer for you, but I was working on something similar for Instagram and one thing that stumped me for a while was that my redirect URL looked to be the same as Instagram expected, but I kept getting errors.
Like you, when I 'hand coded' the redirect URL, I got the result I expected, but my automated calls to the authentication URL failed. It turned out my ampersands were a url encoded which Instagram compared to the redirect URL and saw they were not identical. I'm not sure if that will get you closer to an answer, but I thought I'd share my experience since your question reminds me of the situation I was in. Good luck.
Related
In Postman, I am able to successfully request a new token using the GUI. I'm wondering how to do this programatically. Or at least see the HTTP request that Postman is making. I've tried viewing it by monitoring the network traffic in Chrome, and with Wireshark, but without success. Thank you
well, OAuth2 is quite a big subject and you are not really providing a lot of details.
Postman is just a client, it creates requests based on the data you gave it so you don't need to monitor anything, you should know how you set it up and then simply mirror that in whatever language you want. Look at headers and post data specifically.
All I can do is point you to an extensive article I wrote on OAuth2, it shows a complete implementation, how to use Postman to create the correct requests and then how to write code which makes it all work.
If you don't use dot net, you can still understand all the concepts and it should be trivial to do the same thing using a different language.
https://eidand.com/2015/03/28/authorization-system-with-owin-web-api-json-web-tokens/
I know this question may be so simple but still posting here.
I have a WebService/Restful API written in RAILS which gives response in JSON format. According to the RAILS developer, it works fine under his development but not in my case.
My problem is,
Now, I want to test that Request/Response in Browser Rest Client (like
mozilla, chrome). However, when I hit the API there it gives me 401.
So I have 2 questions,
1] How to test it in Rest Client? if I make any mistake while passing header parameter in wrong way.
2] Is there anything other approach to do this?
API Details are,
URL : http://rails4.xxxxx.com/xx/xxxxx/{id}.json
//{id} can be any integer value
header
X-xxxxxx-Client:
487txxxxhu34hfixxxxxu3hfcfxxxxx4f3f3f
For more details, please refer below snaps.
Thanks is advance.
There are a lot of ways to test rest api:
cURL (CLI)
RestConsole (for Chrome)
RestAssured (java test framework)
Frisby (javascript test framework)
Problem was due to wrong credentials.
I'm developer working on integration between our product and LinkedIn. It's been decided we use https://www.linkedin.com/uas/oauth2/authorization to authenticate user. I found out the following issue, that I'll explain in detail below.
Positive scenario, everything works as expected:
when using valid client_id, everything is fine. To make everything clear, please see this URL (API key replaced with fake one):
https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=VALID_API_KEY&state=b4ac5e2ab5404d6fad2f25521d83e825&redirect_uri=http%3A%2F%2Flocalhost%3A8085%2Fapply-app%2Fpages%2Fsocial-networks%2Flinkedin%2Fauthenticated%3FsiteIdentifier%3DPIUFK026203F3VBLZ6G79V7OU%26token%3Db4ac5e2ab5404d6fad2f25521d83e825
When I remove client_id, everything is also fine and message is displayed (Missing client_id. A valid client_id is required to proceed.)
But when I use invalid client_id in browser I receive Content Encoding Error and http status code 500. URL: https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=invalid_client_id&state=b4ac5e2ab5404d6fad2f25521d83e825&redirect_uri=http%3A%2F%2Flocalhost%3A8085%2Fapply-app%2Fpages%2Fsocial-networks%2Flinkedin%2Fauthenticated%3FsiteIdentifier%3DPIUFK026203F3VBLZ6G79V7OU%26token%3Db4ac5e2ab5404d6fad2f25521d83e825
And the most interesting part goes here: when I fetch same URL using either wget or even java HttpConnection.connect() there result is different: HTTP status code 200 and html response. But when I started to analyze given output, I noticed that is ends up unexpectedly after <ul class="permissions, so it must me error in your code, that requires fixing.
I reported that, because it's quite inconvenient to support such behavior. Could you please inform me if you have any plans to fix this? If you need any further details regarding steps to reproduce this issue, please do not hesitate to contact me.
Best regards,
Piotr
I'm trying to HTTP POST to a Google Spreadsheet that is both Published to the Web and the visibility is set that anyone can find and edit. I'm using Postman to make sure my URL works for posting. I've tried using public/basic and private/full. private/full gives me a status of 200 OK and doesn't actually post anything to the spreadsheet. I'm using the correct XML for data as well. I've read on the API that you can do this without authorization but it isn't working for me. I'm not sure where it's failing.
The public/basic version of the url tells me:
You do not have add-row access to the spreadsheet. Make sure you are properly authenticated.
I'm not sure why though because it is public and published. I've had similar troubles with using Phonegap and using an HTTP GET to get spreadsheet info but that even worked in Postman so I'm unsure what's going on with this.
Any help/direction/suggestions would be greatly appreciated. Thanks.
I think your xml is wrong.
<entry xmlns="http://www.w3.org/2005/Atom"
xmlns:gsx="http://schemas.google.com/spreadsheets/2006/extended">
<gsx:{nameOfHeaderColumn}>contents to display</gsx:{nameOfHeaderColumn}>
</entry>
I've went back to this and it's working using the same requests. I'm unsure of what the exact issue was but it appears to be fixed. I would like to note that POST should only be used with list feeds, for cell based feed posting use PUT.
I'm authenticating with OAuth getting my request token, authorizing, doing POST to get the AccessToken and then pulling my user_timeline.xml
At this point I try and call the destroy api on a particular status id and it returns a 401 unauthorized.
I am able to take the url and the parameters out and call this through Fiddler2 and it works, but using it in a Delphi app with Indy V10 component, doing a POST it's giving this 401 still.
What can I be missing?
Thanks,
david
If I can figure this out this app is good to go, very frustrating.
Please help!
Figured it out. Finally ran a .NET version of code, ran Fiddler2 to see what it did and noticed the Authorization Header. I then had to find a reference to this in regards to the Indy Components to figure it out. You have to add CustomHeaders with a specific format.
You may wanna try my implementation with ICS, supports Unicode as well
http://eden.fm/2011/02/27/twitter-library-for-delphi/