If I send a request into my API with an invalid access token, I get the following response:
Base Address: https://localhost:54701/
Token Expired: True
IsSuccessStatusCode: False
Status: Unauthorized
StatusCode: 401
WwwAuthenticate: Bearer error="invalid_token", error_description="The specified
token is invalid.", error_uri="https://documentation.openiddict.com/errors/ID2004"
ReasonPhrase: Unauthorized
ContentType:
ContentLength: 0
Content:
I would like to be able to customise this response so that I can also return some JSON content in the body like:
{
"Message": "Authorization has been denied for this request."
}
Does anyone know if there is an event I can hook into to customise the response to add this message, so it looks like this?
Base Address: https://localhost:54701/
Token Expired: True
IsSuccessStatusCode: False
Status: Unauthorized
StatusCode: 401
WwwAuthenticate: Bearer error="invalid_token", error_description="The specified
token is invalid.", error_uri="https://documentation.openiddict.com/errors/ID2004"
ReasonPhrase: Unauthorized
ContentType: application/json; charset=utf-8
ContentLength: 61
Content:
{
"Message": "Authorization has been denied for this request."
}
I thought I'd reply here too in case it helps someone who doesn't see the conversation in gitter.
You do it by intercepting the 401 response in the pipeline with a custom middleware like this: Intercept 401 error in ASP.net Core 2.0 pipeline
Related
I am using HTTPoison to send request to the Paypal api. Here is the paypal documentation for using its api for logging in: https://developer.paypal.com/docs/log-in-with-paypal/integrate/
When I get the code, and try to exchange it for an access token, I get this error: "{\"error\":\"invalid_client\",\"error_description\":\"Client Authentication failed\"}",
Here is how HTTPoison.post!/3 post request:
url = "https://api-m.sandbox.paypal.com/v1/oauth2/token"
headers = [
Authorization: "Basic #{ClientID}:#{Secret}"
]
body = "grant_type=authorization_code&code=#{code}"
HTTPoison.post!(url, body, headers)
This shows the a status_code: 401 and {\"error\":\"invalid_client\",\"error_description\":\"Client Authentication failed\"}", error.. How can this issue be solved?
HTTP Basic Authentication requires the value to be base-64 encoded. Try doing that:
Authorization: "Basic " <> Base.encode64("#{ClientID}:#{Secret}")
I have developed an Python webapp on GCP App Engine.
I want to use OAuth 2.0 client ID as an authentication for my app.
In APIs & Services -> Credentials there is an OAuth 2.0 client ID with my app URL added as Authorized redirect URIs.
My Postman access token configuration looks like the following:
And authorization configuration:
Despite that I am getting following response: Status: 401 Unauthorized
Info from the header: WWW-Authenticate: Bearer, error="invalid_token"
Response body:
{
"code": 16,
"message": "JWT validation failed: Bad JWT format: Invalid JSON in header",
"details": [
{
"#type": "type.googleapis.com/google.rpc.DebugInfo",
"stackEntries": [],
"detail": "auth"
}
]
}
What I am doing wrong? How should I troubleshoot this?
EDIT: Adding request
POST /parse HTTP/1.1
Host: [my_app_name].appspot.com
Content-length: 0
Content-type: application/json
Authorization: Bearer [token_generated_by_postman]
try to POST FCM from Postman, but got error message
"The request's Authentication (Server-) Key contained an invalid or malformed FCM-Token (a.k.a. IID-Token).
Error 401"
note: copy auth key from Project credentials-Server key
url : https://fcm.googleapis.com/fcm/send
header
Content-Type : application/json
Authorization : key=AAAAQJ50ukk:Gf9m5PCwpwb1EG .....aovqy
Body :
{
"to": "",
"data":
{
"title":"Test"
"message":"Test Message"
}
}
I would like to get "access_token" and "id_token" from Token endpoint through Authorization Code flow. But, I am getting "invalid_grant" error while calling the token endpoint with following parameters on postman.
POST /connect/token HTTP/1.1
Host: localhost:2000
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
Postman-Token: a8a29659-0ea3-e7dc-3bd6-6e6630a7370d
client_id=client
&client_secret=client
&grant_type=authorization_code
&username=admin
&password=admin
&scope=openid+profile
Client Configuration:
new Client
{
ClientId = "client",
ClientSecrets =
{
new Secret("client".Sha256())
},
AllowedGrantTypes = new List<string> { OidcConstants.GrantTypes.AuthorizationCode },
AllowedScopes = {
StandardScopes.OpenId.Name,
StandardScopes.Profile.Name,
}
}
What is wrong in my client configuration section? and, How do i make a successful post request to Token Endpoint?
The authorization code grant type requires a code parameter to be sent during the token request (see RFC6749 section 4.1.3).
This code is issued by the authorization server after the resource owner authorized the client (see RFC6749 section 4.1.2).
When i try to update user using REST API PUT request. I got an error "You are not owner of this object".
Request :
PUT /users/14055179.json HTTP/1.1
Host: api.quickblox.com
Content-Type: application/json
QuickBlox-REST-API-Version: 0.1.0
QB-Token: 10b89fb07e0b871230d5c8ce662aa70e4429f761
Cache-Control: no-cache
Postman-Token: 5d89f9ba-4da2-8ba2-5e82-0de2b57a2b3f
{"user": {"full_name": "hpmakwana"}}
Response :
{
"errors": {
"base": [
"You are not owner of this object"
]
}
}
Quickblox provide two tyes of session :
Application session token (only READ rights)
User session token (READ+WRITE rights)
For Write we have to create User session token.
For More Details click here