Invalid OAuth response from oidc.<provider_name> - firebase-authentication

I am trying to add Azure B2C as on OIDC provider for Firebase Auth. The implicit flow works fine but the code flow fails with either of the following errors :
Malformed response cannot be parsed from oidc.<provider_name> for CODE_EXCHANGE
or
Invalid OAuth response from oidc.<provider_name>
On investigation I found that the last call where this failure happens is this :
curl --location --request POST 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyAssertion?key=<web_key>' \
--header 'Content-Type: text/plain' \
--data-raw '{
"returnSecureToken" : true,
"requestUri" : "https://<firebase_project_name>.firebaseapp.com/__/auth/handler?state=<state_goes_here>&code=<authcode_flow_code>",
"postBody" : "providerId=oidc.<provider_name>",
"sessionId" : "<random_session_id>",
"autoCreate" : true,
"returnIdpCredential" : true
}'
Response for this request comes as :
{
"error": {
"code": 400,
"message": "INVALID_IDP_RESPONSE : Invalid OAuth response from oidc.<provider_name>",
"errors": [
{
"message": "INVALID_IDP_RESPONSE : Invalid OAuth response from oidc.<provider_name>",
"domain": "global",
"reason": "invalid"
}
]
}
}
I tried checking Firebase logs but no helpful information available. However, I did noticed that Firebase exchanged this code for the id_token successfully from Azure B2C before failing and returning 400 error.
Any help in this regard?

Related

Flurl \ RestSharp: `\r\n` is added to each parameter of the Multipart request

I'm trying to write a call to the Freshdesk API using either Flurl or RestSharp library.
The API call I'm trying to write is Creating a Ticket: https://developers.freshdesk.com/api/#create_ticket
An example of cURL:
curl -v -u yourapikey:X -F "attachments[]=#/path/to/attachment1.ext" -F "attachments[]=#/path/to/attachment2.ext" -F "email=example#example.com" -F "subject=Ticket Title" -F "description=this is a sample ticket" -X POST 'https://domain.freshdesk.com/api/v2/tickets'
Note params are passed by -F (i.e. --form) flag.
With the following code calling Flurl:
var rs = await url.WithBasicAuth(_configuration.ApiKey, _configuration.Password)
.PostMultipartAsync(mp =>
{
mp.AddString("email", ticket.Email);
mp.AddString("subject", ticket.Subject);
mp.AddString("status", ticket.Status.ToString());
mp.AddString("priority", ticket.Priority.ToString());
mp.AddString("description", ticket.Description);
});
...Or the following code calling RestSharp:
var request = new RestRequest("tickets", Method.Post);
request.AlwaysMultipartFormData = true;
request.AddParameter("email", ticket.Email);
request.AddParameter("description", ticket.Description);
request.AddParameter("subject", ticket.Subject);
request.AddParameter("status", ticket.Status);
request.AddParameter("priority", ticket.Priority);
var rs = await client.ExecuteAsync(request);
...I'm receiving 400 BadRequest with the following information (in both cases):
{
"description": "Validation failed",
"errors": [
{
"code": "invalid_field",
"field": "email\r\n",
"message": "Unexpected/invalid field in request"
},
{
"code": "invalid_field",
"field": "subject\r\n",
"message": "Unexpected/invalid field in request"
},
{
"code": "invalid_field",
"field": "status\r\n",
"message": "Unexpected/invalid field in request"
},
{
"code": "invalid_field",
"field": "priority\r\n",
"message": "Unexpected/invalid field in request"
},
{
"code": "invalid_field",
"field": "description\r\n",
"message": "Unexpected/invalid field in request"
}
]
}
Note that:
Freshdesk API uses -F / --form as a way to pass parameters.
I want to use Multipart for handling attachments later on.
All data has proper values. If it wouldn't have a proper value, a validation error would come as a response.
When sending the same values in Postman (via form-data), I'm receiving 201 Created.
Update 1
Postman screenshot (working example):
Update 2
I tried to use Tiny.RestClient which has cURL listener and it came with the following cURL generated:
curl -X POST [...] -d "--1c3acb07-77bd-494d-bc56-21290dcd5088
Content-Type: text/plain
Content-Disposition: form-data; name=email
a#a.com
[...]
Perhaps, Flurl and RestSharp uses the same way to proceed with parameters and thus, the \r\n in fields.
It's the FreshDesk API issue. They want, for some reason, for multipart form-data parameter names to be enclosed in quotation marks. It's not a requirement per HTTP standards. RestSharp and Flurl use MultipartFormDataContent, and it adds uses parameter names as provided.
Following up on your issue, I added this property to RestRequest:
/// <summary>
/// When set to true, parameters in a multipart form data requests will be enclosed in
/// quotation marks. Default is false. Enable it if the remote endpoint requires parameters
/// to be in quotes (for example, FreshDesk API).
/// </summary>
public bool MultipartFormQuoteParameters { get; set; }
It is available in RS 107.3.0.
You can also make it work by adding parameters like this:
request.AddParameter("\"status\"", ticket.Status);

AMADEUS API Error on credentials when requesting on production environment

I'm trying to use your AMADEUS API but i have trouble to display hotels offers on production environment ..
Note that everything is ok on sandbox.
On https://api.amadeus.com endpoint I do :
/v1/security/oauth2/token to get an access token
then add the access token as bearer authentication
Then launch the request /v2/shopping/hotel-offers/?cityCode=NCE
((( Same as the sandbox )))
Here the response :
"errors": [
{
"status": 401,
"code": 701,
"title": "Wrong authentication credentials.",
"source": {
"pointer": "uri"
}
}
]
So I test the token on /v1/security/oauth2/token/{{XXXXXXXX}}
The token is not expired and approuved.
Anyone to help?
Thank you so much (sorry for english mistakes)
Akim

Google Cloud Admin authentication

Referring to the following link https://cloud.google.com/sql/docs/mysql/admin-api/how-tos/authorizing . I've tried on the apikey but no success. The response from the API as follows;
//https://www.googleapis.com/sql/v1beta4/projects/<projectid>/instances/<instanceid>/databases?key=<API_KEY>
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"errors": [
{
"message": "Login Required.",
"domain": "global",
"reason": "required",
"location": "Authorization",
"locationType": "header"
}
],
"status": "UNAUTHENTICATED"
}
}
I've no issue with oAUth 2.0, hence would like to confirm if authorization through api key is no more supported?
I tested get information from the endpoint using only the API key and is not possible to retrieve information, since is necessary to use an authentication bearer.
I used these commands to get the databases information
export TOKEN=`gcloud auth application-default print-access-token`
curl -X GET \
https://sqladmin.googleapis.com/sql/v1beta4/projects/[MY PROJECT ID]/instances/[MY INSTANCE NAME]/databases \
-H 'authorization: Bearer '"$TOKEN"''
Since this request has sensitive data (non public) is necessary the OAuth token and the api key is not mandatory, as is stated on this document.
Looks like key parameter is not anymore necessary.

Request unlisted videos from youtube user via php

i'm trying to get unlisted videos from a user authenticated by api key
https://www.googleapis.com/youtube/v3/search?part=snippet&forMine=true&type=video&maxResults=50&key=keyremoved
i receive the error
"error": {
"errors": [
{
"domain": "youtube.search",
"reason": "invalidSearchFilter",
"message": "The request contains an invalid combination of search Note that you must set the \u003ccode\u003etype\u003c/code\u003e parameter to \u003ccode\u003evideo\u003c/code\u003e if you set a value for the \u003ccode\u003eeventType\u003c/code\u003e, \u003ccode\u003evideoCaption\u003c/code\u003e, \u003ccode\u003evideoCategoryId\u003c/code\u003e, \u003ccode\u003evideoDefinition\u003c/code\u003e, \u003ccode\u003evideoDimension\u003c/code\u003e, \u003ccode\u003evideoDuration\u003c/code\u003e, \u003ccode\u003evideoEmbeddable\u003c/code\u003e, \u003ccode\u003evideoLicense\u003c/code\u003e, \u003ccode\u003evideoSyndicated\u003c/code\u003e, or \u003ccode\u003evideoType\u003c/code\u003e parameters.",
as you can see my get request contains a type=video parameter.
When i try https://developers.google.com/apis-explorer/#p/youtube/v3/youtube.search.list?part=snippet&forMine=true&maxResults=50&type=video
with logged in the youtube account using oauth2 it works fine
You can't use an API key for the forMine parameter.
You need to send an authorized OAuth2 request for it to work.
$ curl --header "Authorization: Bearer <YOUR_ACCESS_TOKEN>" https://www.googleapis.com/youtube/v3/search?part=snippet&type=video&forMine=true&maxResults=50
{
"kind": "youtube#searchListResponse",
"etag": ...
https://developers.google.com/youtube/v3/docs/search/list#forMine

Google + access token insufficient permission

Using OAuth code i am able to generate access token for google+ API .
using this access token in oauthpalyground iam getting JSON response .
When I paste this this URL into a browser am get an error message.
https://www.googleapis.com/plus/v1/activities?query=%22great%22&access_token=xxxxxxxxxxx
Error Message
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientPermissions",
"message": "Insufficient Permission"
}
],
"code": 403,
"message": "Insufficient Permission"
}
}
Can anyone explain to me why?
You can not query directly from browser sending the access_token as a querystring. You must send access_ token in headers this way:
Authorization: Bearer <access_token>
Try it with Fiddler or some similar software.