I'm new to oauth2, but I have tried my best to learn it.
this should be just a simple first step into getting token.
so the situation is like this.
I have succeeded trying it with postman web, but postman desktop always failed (callback timeout or Esockettimeout).
what I did was only filling in the type oauth2, granttype = client_credentials, client id = client_id and client secret = client_secret.
I dont know why, I have tried to view the console and making sure all parameter is the same. I have tried to disable my firewall and antivirus, and disable proxy and ssl on postman desktop's setting but still the same.
so I tried with powershell and iwr. using this :
iwr 'https://thesite.com/token?grant_type=client_credentials' -Headers #{ 'Authorization' = 'Basic OAuthE='} -Method "POST"
of course "thesite.com" should be my site, and "OAuthE=" was the authorization base64 from clientid:clientsecret.
this was successful in getting token.
I did it just to prove that my router and firewall setup is ok that the request and the token should be able to pass through.
so I tried to translate this to .net with newest restsharp (108.0.3).
Dim client As RestClient
client = New RestClient("https://thesite.com/token")
client.Authenticator = New HttpBasicAuthenticator("clientid", "clientsecret")
Dim Request = New RestRequest(Method.POST)
Request.AddHeader("content-type", "application/x-www-form-urlencoded")
Request.AddParameter("grant_type", "client_credentials")
Dim response = client.Execute(Request)
MsgBox(response.Content)
with this, response.content always empty, and response.statuscode always 0.
I have tried many other ways like putting the client id and client secret in request.addheader or request.addparameter. I even tried the executeasync, like :
client.ExecuteAsync(Request, Sub(response)
Console.Write(response.Content)
End Sub)
but I'm not familiar with async, and have trouble getting it to not error. I want to get the response.content to a global variable to be use later, but I couldnt get it to not error, so the only way I can get it to run successfully only with console.write above, but it still return empty.
all the example or questions/answered about this seems to be simple only like that. But why mine always return empty ?
please help.
oh and please give me the answer and example in vb.net. All the other samples that I saw using c#, and I'm afraid that my trouble was because I translate it to vb.net wrong. And if can, I dont want to use async, only if it's really2 needed.
thx very much
ok.
this is just for future reference if somebody encounter the same problem
so I have tried all things that I found (even tried the certificate and protocol of tls12, etc), and almost gave up.
when at last, I tried to change the addparameter for grant-type to :
Request.AddQueryParameter("grant_type", "client_credentials", True)
at last I got the token after a week trying
Related
I’m new in working with RESTful APIs. For my case I want to make an PUT Request and then GET it.
I made an PUT Request and it worked. [1]: https://imgur.com/a/zlUTzYB
But now I want to make an GET Request. Can I somehow make so that GET Request will automatically take PUT Requests statementId and bind it to the link. [2]: https://imgur.com/a/qqBd5nR
I watched a lot of videos and documentations about APIs but still doens't get it how to make it. I’m really new for making such things and sorry if I asked a dumb question.
These steps might help to solve your case:
- Execute the PUT request
- Get the Response, parse it using Jsonslurper, and the the value out.
- Save the value into a variable, ie GlobalVariable
- Create the GET request with parameter taken from the GlobalVariable
- Execute the GET request.
Found an answer:
RequestObject ro = findTestObject("GET_request")
ro.setRestUrl(String.format(ro.getRestUrl(), idValue2))
ResponseObject resp = WS.sendRequest(ro)
I just graduated from a front-end development bootcamp and am experiencing my very first technical test. It all seems very straightforward with the exception of one aspect that I'm hoping to get some opinions on. I'm not quite sure what the company is asking here and was wondering if anyone might be able to interpret it better?
I am to recreate the profile section (name, email, etc.) of a webpage with HTML and CSS, which I understand how to do. There's a JavaScript component involving an HTTP POST request that I'm confused about. There are backend APIs that perform the changing of the profile section.
I was not given the URL for the AJAX call, and was instead provided with the following instructions: "can comment out the actual line that makes AJAX call. Simply assume that you’ll get 200 response with empty string as body. Assume csrf_token to be #####". I've been provided the numbers but have omitted them. Additionally, there was also this line: "the backend API accepts POST request with application/x-www-form-urlencoded body".
In my bootcamp I had not done any POST requests, only GET. Is anyone able to provide some guidance on what exactly this question is asking for? My first step would be to use POSTMAN but without a URL, not sure how to go about this.
EDIT:
From various Googling on how these requests are made, I've so far come up with the below code but still missing a lot (probably). The idea is that if a user were to enter in a new email (or new name, password, etc.), a POST request will be made to make this update.
I've been informed that I'm not allowed to use any jQuery for this test, so I've been trying to learn how to do this in JavaScript alone. Additionally, I'm also not sure where the csrf_token comes in.
var xhr = new XMLHttpRequest();
var url = /* URL */;
var params = ;
xhr.open('POST', url, true);
xhr.setRequestHeader('Content-type', 'application/x-www-form-urlencoded');
xhr.setRequestHeader('Content-length', params.length);
xhr.setRequestHeader('Connection', 'close');
xhr.onreadystatechange = function () {
if (xhr.readyState == 4 && xhr.status == 200) {
alert(xhr.responseText);
}
};
xhr.send(params);
My understanding is that you don't actually have to make the request, only have its place ready in code, maybe commented out. Your code should have a hard-coded 200 OK "response" from the API with an empty body, indicating that changing the profile worked. So that one line that actually makes the request could be replaced with something like a mock object for the request result and you could use that (but the text says the response is empty anyway, so you don't need to mock a lot).
I think your code should still show (in a comment, or in preceding request setup lines before the actual commented out request) how you would make the request, how you would pass the csrf token, how you would set the content-type of the request to application/x-www-form-urlencoded if anything needs to be done (probably not), and how you would pass parameters in that format.
I am working with ksoap2 for android and I am sending SOAP requests. I was googling for a whole day and couldn't find solution for my problem. The first problem was with i:type, my service was returning fault for requests with i:type, so I found that this can be fixed using
SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER10);
instead of
SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);
and that fixed the i:type problem. Now the generated request doesn't contain i:type and if I send it using SOAP UI it works fine, but now I get NullPointerException
in this line
httpTransport.call(DEFAULT_SOAP_ACTION, envelope);
Can anyone help me out with this? If u need my code I can post it. I also tried using different versions of ksoap .jar file and it didn't help.
Maybe someone will need this.
I solved this by setting types explicitly (for each PropertyInfo there is .setType function which receives type class String.class etc.) and use
SoapSerializationEnvelope envelope = new SoapSerializationEnvelope(SoapEnvelope.VER11);
and using that removes i:type from the soap request. Hope it will help someone.
I'm trying to get my access token for my application, using this URL:
https://datamarket.accesscontrol.windows.net/v2/OAuth2-13?grant_type=client_credentials&client_id=//CLIENT ID//&client_secret=//CLIENT SECRET//=&scope=http://api.microsofttranslator.com
Obviously I replace //CLIENT ID// and //CLIENT SECRET// with my applications information.
I tried encoding the tokens with HtmlEncode in my application but got a 400 error. So I tried the request in my browser and this is the JSON response I got:
{
"error":"invalid_request",
"error_description":"ACS90007: Request method not allowed. \r\nTrace ID: 2144c829-f3fa-4ed8-80e6-40841e6a3f69\r\nTimestamp: 2012-06-27 01:11:27Z"
}
I don't know what I'm doing wrong, any help?
I believe when you are making the WebRequest call your parameter is set to use GET and this will cause error ACS90007. When making the WebRequest call please use POST along with application/x-www-form-urlencoded set Content-Type.
If you still have problem post your WebRquest code snippet and i will take a look.
It would be better if you can provide the code for AdmAuthentication. For now, please make sure you have correctly translated the code on http://msdn.microsoft.com/en-us/library/hh454950 to VB. Please also try to use Fiddler to monitor the request to ensure it is sending a POST request.
Best Regards,
Ming Xu.
Making my own client secret helped my cause
I need to POST data to a server in a different domain. That server is using SSL and expects the data to be in the form of a JSON string. I am attempting to do this from javascript.
I create the data and use JSON.stringify() to get it into the correct format. Then I send it as follows:
var url = "https://api.postageapp.com/v.1.0/send_message.json";
http=new XMLHttpRequest();
http.open("POST", url, true);
http.setRequestHeader("Content-type", "application/json");
http.setRequestHeader("Connection", "close");
// create the data in a data structure named post_data
var JSONText = JSON.stringify(post_data);
http.send(JSONText);
Doing a packet trace I see my client do a handshake with the server but then twice the server replies with "Encrypted alert" including the last time it sends a packet back. The browser debugger always shows a 405 - Method Now Allowed error.
What am I missing to get this to work? When they try it within their domain it runs fine.
You need server to return a HTTP Header like that:
header('Access-Control-Allow-Origin: *');
Live example:
Making cross domain JavaScript requests using XMLHttpRequest or XDomainRequest
You cannot do a cross domain post like that.
Alternative is to use Server side proxy (read this link for a nice explanation as to why you can't do that) or iframe approach.
Strictly speaking it should not be possible (due to security issues) however using a workaround called JSONP you can achieve this with a RESTful web service.
See the link below.
http://en.wikipedia.org/wiki/JSONP
MS has some code you can download somewhere on the internet with specific bindings the code is called.
JSONPBehaviour.cs
JSONPBindingElement.cs
JSONPBindingExtension.cs
JSONPEncoderFactory.cs