Recently google authorization api breaks and because of that other things affects like events on Calender.
We are using google_client_api for rails app and we have checked with other Client Id and Client Secret but still this fails to provide to authorization code in response and because of this everything. Is there anyone who can help me out with this. I
client = Signet::OAuth2::Client.new(client_options)
Client_options = {
client_id: Rails.application.secrets.google_client_id,
client_secret: Rails.application.secrets.google_client_secret,
authorization_uri: 'https://accounts.google.com/o/oauth2/auth',
token_credential_uri: 'https://accounts.google.com/o/oauth2/token',
scope: 'https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.email',
redirect_uri: callback_url
}
Not getting authorization code in response any solution.
Related
I have been trying to read twitch user subscription data using Auth0 - to no avail.
I found some information in their documentation, explaining how to add customs scopes to the authentication request.
I am importing the createAuth0Client function from "#auth0/auth0-spa-js" and calling the below
this.auth0Client = await createAuth0Client({
domain: options.domain,
client_id: options.clientId,
audience: options.audience,
redirect_uri: redirectUri,
scope: 'email profile user:read:subscriptions' // change the scopes that are applied to every authz request. **Note**: `openid` is always specified regardless of this setting
});
When I am redirected to twitch to authenticate, it is only requesting access to my email. Read subscriptions is never requested, and thus is not authorized.
Any guidance or example would be greatly appreciated.
I'm trying to get an Authorization Code in a react-native Application that uses react-native-app-auth from an SAP Cloudfoundry Endpoint.
This is the Config-format I am passing and which is working for other OAuth Providers(different than Cloudfoundry).
{
clientId: <CLIENT_ID>,
redirectUrl: <CLIENT_ID>',
serviceConfiguration: {
authorizationEndpoint: <ENDPOINTURL>...com/oauth2/api/v1/token,
tokenEndpoint: <ENDPOINTURL>...com/oauth2/api/v1/authorize
},
scopes: ['uaa.user'],
}
I debugged the response and it comes back with accessToken, which seems to be invalid when I test it manually in Postman.
When debugging other Oauth Providers i dont get back an ID-Token at all and directly receive an access Token.
The endpoint itself works in postman with the same settings and gives me back an valid Token.
When debugging other Oauth Providers i dont get back an ID-Token at
all and directly receive an access Token.
id_token is part of OpenID Connect. In first response there are three scopes and not just your uaa.user scope. It seems that openid is set to default scope in that provider so you are receiving id_token as well.
I debugged the response and it comes back with accessToken, which seems to be invalid when I test it manually in Postman.
Why do you think accessToken is invalid?
Im using Auth0 for authenticating users for my react application.I have been trying to access resources on server side but I keep getting UnauthorizedError: jwt malformed as an Error.
I’ve followed a the following thread on the community forums: https://community.auth0.com/t/unauthorizederror-jwt-malformed-in-express-js/7352
Many users have suggested that the audience value from the guide is wrong. The audience given in the guide is https:///userinfo but it should be ‘https://.auth0.com/api/v2/’, I’ve made that change and the error is still there.
This has worked for some people but not for me.
This is the guide ive been following: https://auth0.com/blog/react-tutorial-building-and-securing-your-first-app/
const checkJwt = jwt({
secret: jwksRsa.expressJwtSecret({
cache: true,
rateLimit: true,
jwksRequestsPerMinute: 5,
jwksUri: `https://<domain>/.well-known/jwks.json`
}),
// Validate the audience and the issuer.
audience: "https://<something>/api/v2/",
issuer: `https://<something>/`,
algorithms: ["RS256"]
});
this is the code ive written on the express side.
this.auth0 = new auth0.WebAuth({
// the following three lines MUST be updated
domain: "<Domain>",
audience: "https://<Something>/api/v2/",
clientID: "clientID",
redirectUri: "http://localhost:3000/callback",
responseType: "token",
scope: "openid"
});
This is the code written on the frontend of the application.
One of our senior engineers had a good recommendation on this that I will share below:
If you haven't done so already you should perform these steps:
capture the token you receive; for example, using a console.log statement given this is in development.
review the captured token; does it look like a JWT?
if its a JWT and you can parse it at jwt.io then update the API to log the received token before trying to validate it; does the received
token match the one you expect?
In conclusion, try to take steps that allow you to gather a bit more
of information.
I'm trying to interact with Keycloak via its REST API. I have the master realm and the default admin user, and a test realm. Firstly, I get an access token for the admin account and test realm:
let data = {
grant_type : 'password',
client_id : 'test-realm',
username : 'admin',
password : 'admin'
};
let headers = {
'Content-Type': 'application/x-www-form-urlencoded'
};
axios.post(
'https://someurl.com:8080/auth/realms/master/protocol/openid-connect/token',
qs.stringify(data),
headers
)
That works ok. Then I try to make a call to create a user (or do anything else) and I get a 401 unauthorized error:
headers = {
'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': `Bearer ${accessToken}`
};
data = {
rep: {
email: "test#email.com",
username: "test#email.com"
},
path: 'test-realm'
};
axios.post('https://someurl.com:8080/auth/admin/realms/test-realm/users',
qs.stringify(data),
headers
)
Is that not the correct way to include the token? Is the access token the one you use for authenticating other API calls? Shouldn't the admin account's token work for authenticating calls to other clients with the master realm? Would it be some setting in the master realm that I have to change in the admin console? Any help appreciated.
I got a 401 error because I generated the offline token by using http://localhost:8080 and then I tried to request the api by using http://keycloak:8080 which is not allowed. Unfortunately the log doesn't tell you that.
To debug JWT tokens I recommend https://jwt.io/
Is that not the correct way to include the token?
This is a correct way.
You just do something incorrectly.
Please, refer for an example from keycloak-request-token Node.js module:
https://github.com/keycloak/keycloak-request-token/blob/master/index.js#L43
You use
client_id : 'test-realm'
but there is
client_id: 'admin-cli'
there.
Also, to create a user, you should use
'Content-Type': 'application/json'
You can refer for Node.js examples of Keycloak REST API here:
https://github.com/v-ladynev/keycloak-nodejs-example/blob/master/lib/adminClient.js
Examples of other useful stuff like:
custom login
storing Keycloak token in the cookies
centralized permission middleware
can be found in the same project: keycloak-nodejs-example
I fixed it by enabling the below "Service Accounts Enabled" button under Settings for admin-cli
I had this issue and solved it by making sure that there is no more than 1 minute between the first and the second API request. So, if you are doing this manually (2 curl requests), the token may expire and you may get error 401. Nevertheless, you should use admin-cli as mentioned above.
I came this issue recently and after struggling for a while i figured. using a realm name containing white spaces will trigger 401 unauthorized error when interacting with via SDKs or API.
IN SUMMARY:
change: realm name
to: realm-name
I have an application that uses google's oauth system to authorize with youtube's api. The code for this is done on our server and we receive tokens without any problem. We'd like to move some of the api calls to the client using their javascript api.
Since we've already authorized the user with the correct scopes required for the youtube api (https://www.googleapis.com/auth/youtube) I assumed when I called authorize on the client it would know that my application was already authorized and allow auto login. Instead I receive a "immediate_failed" response. Does anyone know why? Thanks!
gapi.auth.authorize({
client_id: OAUTH2_CLIENT_ID,
scope: OAUTH2_SCOPES,
immediate: true
}, handleAuthResult);
If you have the token, you can just use setToken instead of going through OAuth2 again.