anyone had tried using http://www.grails.org/plugin/oauth? i'm trying it in twitter.com and i'm having an issue on getting the username or accessing this API: http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-account%C2%A0verify_credentials
here's the code in my callback URL:
def twitterCallback = {
def response = oauthService.accessResource('http://api.twitter.com/1/account/verify_credentials.json','twitter', session.oauthToken)
log.debug "response: ${response}"
}
i keep getting this error:
2010-04-22 14:32:56,842 [http-8081-1]
WARN httpclient.HttpMethodBase -
Cookie rejected: "$Version=0;
_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCMQcOCQoAToHaWQiJThiYWY4MGI1YTY1M2U0%250AYTRhNjAzYTA2NTBmNjkzZTYwIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--31d191141bf32e0489967492692f1e77fc9e1845;
$Path=/; $Domain=.twitter.com".
Illegal domain attribute
".twitter.com". Domain of origin:
"twitter.com" 2010-04-22 14:32:56,854
[http-8081-1] INFO
auth.AuthChallengeProcessor - basic
authentication scheme selected
2010-04-22 14:32:56,856 [http-8081-1]
INFO httpclient.HttpMethodDirector -
No credentials available for BASIC
'Twitter API'#twitter.com:80
2010-04-22 14:32:56,865 [http-8081-1]
ERROR errors.GrailsExceptionResolver
- null
it seems that it uses BASIC authentication instead of OAuth. any ideas? or is there an issue in the OAuth Grails plugin?
thanks.
Related
We want to enable uploading apps to the Intune store via an API.
I saw this example on GitHub, and want to do something similar in JS, so I've tried using the same REST calls.
The problem is, I can't seem to make the https://graph.microsoft.com/beta/deviceAppManagement/mobileApps request properly - I always get 401. When making the same request via the Graph API Explorer it works fine.
I tried fixing my permissions, and I'm kinda stuck getting the correct token.
I did the following steps with an admin account, on both the "common" and our own tennant:
Called the admin consent - https://login.microsoftonline.com/nativeflow.onmicrosoft.com/adminconsent?client_id=<ID>&redirect_uri=<URI>
Got authorization from the user - https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=<ID>&response_type=code&redirect_uri=<URI>&response_mode=query&scope=DeviceManagementApps.ReadWrite.All
POST request to get the actual token -
https://login.microsoftonline.com/nativeflow.onmicrosoft.com/oauth2/v2.0/token
with the following body:
client_id: <ID>
scope: https://graph.microsoft.com/.default
client_secret: <secret>
grant_type: client_credentials
requested_token_use: on_behalf_of
code: <The code I got in step 2>
I tried changing the scope in step 3 to https://graph.microsoft.com/DeviceManagementApps.ReadWrite.All or simply to DeviceManagementApps.ReadWrite.All, but it says that it's not a valid scope.
I got a token in step 3, but when I try calling the actual API I receive this error:
{
ErrorCode:"Forbidden",
Message:{
_version: 3,
Message: "An error has occurred - Operation ID (for customer support): 00000000-0000-0000-0000-000000000000 - Activity ID: 7b5c3841-976d-4509-b946-f7fdabd047d7 - Url: https://fef.msub02.manage.microsoft.com/StatelessAppMetadataFEService/deviceAppManagement/mobileApps?api-version=5018-05-02",
CustomApiErrorPhrase: "",
RetryAfter: null,
ErrorSourceService: "",
HttpHeaders: {"WWW-Authenticate":"Bearer realm=urn:intune:service,f0f3c450-59bf-4f0d-b1b2-0ef84ddfe3c7"}
},
Target:null,
Details:null,
InnerError:null,
InstanceAnnotations:[]
}
So yeah, I'm pretty much stuck. Anyone have any experience with it? I've tried making the calls in Postman, curl and via code, but nothing works.
Cheers :)
You have a couple issues going on:
You're using the Authorization Code Grant workflow but requesting Client Credentials.
The scope Device.ReadWrite.All is an application scope, it is only applicable to Client Credentials. It isn't a valid Delegated scope so it will return an error when you attempt to authenticate a user (aka delegate) using Device.ReadWrite.All.
Your body is using key:value but it should be using standard form encoding (key=value).
To get this working, you need to request a token without a user. This is done by skipping your 2nd step and moving directly to retrieving a token (body line-breaks are only for readability):
POST https://login.microsoftonline.com/nativeflow.onmicrosoft.com/oauth2/v2.0/token
Content-Type: application/x-www-form-urlencoded
client_id={id}
&client_secret={secret}
&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default
&grant_type=client_credentials
I've been using a Grails Oauth Plugin for LinkedIn authentication for a few months now without any issues; today we are seeing this error with no change to our existing codebase. I verified that the API keys and the scope were correct on the LinkedIn Developer site. Anyone know how to solve this issue?
Error
response status code: 403
response body: oauth_problem=Scope%20INVALID%20%3A%20r_contactinfo%2Br_basicprofile%2Br_emailaddress
This is a version of the request that is being sent by the Scribe lib:
using base64 encoder: CommonsCodec
base string is: POST&https%3A%2F%2Fapi.linkedin.com%2Fuas%2Foauth%2FrequestToken&oauth_callback%3Dhttps%253A%252F%252Flocalhost%253A8443%252Foauth%252Flinkedin%252Fcallback%26oauth_consumer_key%3Dxxxxxxxxxxxxx%26oauth_nonce%3Dxxxxxxxxxxxxxxxxx%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1431479305%26oauth_version%3D1.0%26scope%3Dr_contactinfo%252Br_basicprofile%252Br_emailaddress
signature is: xxxxxxxxxxxxxxxxxxxxxxx
appended additional OAuth parameters: { oauth_callback -> https://localhost:8443/oauth/linkedin/callback , oauth_signature -> xxxxxxxxxxxxxxxxxxxxxxxxxxx, scope -> r_contactinfo+r_basicprofile+r_emailaddress , oauth_version -> 1.0 , oauth_nonce -> xxxxxxxxxxx , oauth_signature_method -> HMAC-SHA1 , oauth_consumer_key -> xxxxxxxxxxxxxxxxxx , oauth_timestamp -> 1431479305 }
using Http Header signature
Linked has changed their API usage terms with special permission needed for "r_contactinfo"
See
https://developer.linkedin.com/support/developer-program-transition
And
https://developer.linkedin.com/support/developer-program-transition
So if your Oauth request required r_contactinfo previously you are going to see this error. The fix is to not request r_contactinfo unless you have the specific permission from Li - uncheck this on Li Developer Dashboard for your application.
r_basicprofile & r_emailaddress can still be retrieved.
Im using Ember-Auth and have login to my rails application working.
Once logged in the auth.auth-token is set and i can view it in my templates with:
{{auth.authToken}}
I no need to pass this token along with my ember-data requests but for the life of me cant figure out how to access it.
App.Store = DS.Store.extend
adapter: DS.RESTAdapter.reopen
namespace: 'api/v1'
setHeaders: (->
this.set('headers', { "auth_token": <what goes here?> });
return
).on('init');
some of the things I've tried:
App.Session.get("authToken")
App.auth_token
App.auth.auth_token
App.Auth.get('auth_token')
App.Auth.get('authToken')
There seem to be lots of people doing it different ways, due to embers rapidly changing API. But everything I've tried ends up being undefined.
DEBUG: -------------------------------
DEBUG: Ember : 1.5.0-beta.3
DEBUG: Ember Data : 1.0.0-beta.7.f87cba88
DEBUG: Handlebars : 1.3.0
DEBUG: jQuery : 1.11.0
DEBUG: -------------------------------
Auth configuration:
App.Auth = Ember.Auth.extend
request: 'jquery'
response: 'json'
strategy: 'token'
session: 'cookie'
signInEndPoint: '/api/v1/user_session' # api url for sign-in
signOutEndPoint: '/api/v1/user_session' # api url for sign-out
tokenKey: 'auth_token' # param returned from api containing auth token
tokenIdKey: 'user_id' # param returned from api for id of authenticated user
tokenLocation: 'param' # auth token will be sent to api as a param
Well the answer to this I believe was that my authentication server wasn't returning the token with the correct name in my json response.
I switched to ember-simple-auth since having this issue, but had a similar issue until I discovered that the name of my auth token in the json my server was returning was: "auth_token" rather that what ember-simple-auth expected: "access_token"
So my guess is that the auth was seeing that the request succeeded, which explains why I could login. but then the session was empty because ember-simple-auth was looking for a token of a different name and failing that didn't bother to create the session.
Perhaps a suggestion to the ember-auth and ember-simple-auth people is to add a warning or error when the returned token is missing?
Hope this helps someone else :)
I've upgraded to from the springsecurity 1.2 plugin to 2.0. Now when I enter an invalid page into the browser I get directed to the 500 error page, not the 404 error page. Is that how it's supposed to work? I'm using the default reject rules:
grails.plugin.springsecurity.rejectIfNoRule = true
grails.plugin.springsecurity.fii.rejectPublicInvocations = false
and my 404 urlmapping looks like:
"404"(view:'/error/404')
In grails acegi plugin, you can specify the authenticationFailureUrl property in SecurityConfig.
Is there a way to get the url that caused the auth failure in the scope of the authenticationFailureUrl?
This is not as simple as just getting the request or looking on the params. If there is an auth failure, you get redirected to the authenticationFailureUrl, so the url on the request at that point is the authenticationFailureUrl, not the url that caused the auth failure.
Im my case, I set authenticationFailureUrl to be a controller method -- looking at everything in the debugger no solution is obvious to me....
Thanx in advance.
The SavedRequest representing the original request is stored as a session attribute with name specified by the constant DefaultSavedRequest.SPRING_SECURITY_SAVED_REQUEST_KEY (or AbstractProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY in pre-3.0 versions).
This may help for others working with Spring Security 3.0.0 . In SS 3.0.3
AbstractProcessingFilter is deprecated and there is no constant SPRING_SECURITY_SAVED_REQUEST_KEY in DefaultSavedRequest. So you can get this by:
SavedRequest savedRequest = (SavedRequest) session.getAttribute(WebAttributes.SAVED_REQUEST);
Reference :
Spring Security: How to get the initial target url