I am still receiving access_denied error even I have setup the required configuration I have found on Auth0 documentation https://auth0.com/docs/get-started/authentication-and-authorization-flow/call-your-api-using-the-authorization-code-flow#authorize-user
I have already enabled Implicit, Authorization Code, Refresh Token, Client Credentials on my application grant_types and enabled Refresh Token Rotation too.
I have tried researching more about this but I can't find anything on google as I am probably the first one encountering this? Or probably I am missing something out here.
here's the sample curl request I have
curl --location --request POST 'https://{MY_AUTH0_DOMAIN}/oauth/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--header 'Cookie: did=s%3Av0%3A6b3f22c0-ac00-11ec-b070-
0b6e59231b0a.LT0c0bBGB4EukRqKLcGtHtt9t%2B3YtiQ1nQ07bfKCkyU;
did_compat=s%3Av0%3A6b3f22c0-ac00-11ec-b070-
0b6e59231b0a.LT0c0bBGB4EukRqKLcGtHtt9t%2B3YtiQ1nQ07bfKCkyU' \
--data-urlencode 'grant_type=refresh_token' \
--data-urlencode 'client_id={MY_CLIENT_ID}' \
--data-urlencode 'refresh_token=v1.MemAxcxZBez46BV3cDnUo97zIY_lfNDi15XTCDJr5tQKbrEvnZzBjiVNvtOfrny3A0QD1AsoUDLJETl3rFkzLMM'
I found the issue, in their documentation https://auth0.com/docs/get-started/authentication-and-authorization-flow/call-your-api-using-the-authorization-code-flow#authorize-user it doesn't require you to pass client_secret but it is needed when you do request for a refresh_token. Found it here https://community.auth0.com/t/use-refresh-tokens-in-node-js-and-axios-receiving-401-error-access-denied-unauthorized/79615
Related
Good afternoon, everyone! Guys I'm going through a problem with basic authentication in Postman, I'll leave below details of what's going on. I need to send a Post so I can perform authentication and the server will return me a token bearer, but I'm taking a 400 error. I'll leave attached images of the Curl request and how I'm setting up in Postman.
Auth:
enter image description here
Body:
enter image description here
Reading the documentation I'm using I realized that I needed to perform a basic authentication using client_id and client_secret for me to be returned a token bearer, the same error is returned to me when I perform a request in curl. Could you help me with this mistake? Could you tell me where I'm going wrong?
Segue requisição curl:
curl -X 'POST' \
'https://portoapicloud-hml.portoseguro.com.br/oauth/v2/access-token' \
-H 'accept: application/json' \
-H 'Authorization: Basic NjZiNWJmMWI4MDE0NDExMWE1MGYwMWMyYmUxZjFiZDY6YzIwMGEwNzZlNmFkNDBkYThkYTkwODQ2YWI4OTI3MjU=' \
-H 'Content-Type: application/json' \
-d '{
"grant_type": "client_credentials"
}'
I have created a GraphQL API with NestJS. Some endpoints are guarded by an access token. I use Auth0 to authenticate the user and get the access token.
I get the access token by running this command:
curl --request POST \
--url 'https://dev-9fo2g1ve.us.auth0.com/oauth/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=password \
--data username=test2#test.com \
--data password=123456789Test \
--data audience=MY_AUDIENCE \
--data scope=read:sample \
--data 'client_id=MY_CLIENT_ID' \
--data client_secret=MY_CLIENT_SECRET-
When I pass the bearer token's access_token value in the HTTP header, and call a guarded endpoint, it works fine when the API is running on localhost. However, when I deploy the API, it returns an Unauthorized 401 error.
Thanks for your help!
How to get jwt token in single step(api call) from aws cognito oauth2/token endpoint passing username and password
curl --location --request POST 'https://xxx.auth.us-east-2.amazoncognito.com/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic a......k' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=t34...nu'
--Authorization base64ecoded username:password
Response- "error": "invalid_client"
App client settings :
Allowed OAuth Flows : Authorization code grant, Implicit Grant
Allowed OAuth scope : email , openid
App clients : ALLOW_USER_PASSWORD_AUTH
I tried oauth2/authorize too but getting html page in response
There's no need to add the Authorization header. Instead, use the code you see in the URL. This worked for me.
curl --location --request POST 'https://xxx.auth.us-east-2.amazoncognito.com/oauth2/token'
--header 'Content-Type: application/x-www-form-urlencoded'
--data-urlencode 'grant_type=client_credentials'
--data-urlencode 'client_id=t34...nu'
--data-urlencode 'code=afa78ac6-..-b8dd-5b'
--data-urlencode 'redirect_uri=path'
The client credentials flow to the token endpoint is to receive an access token for machine to machine communication. It is not based on a given user so no user name and password is required.
See 'Exchanging Client Credentials for an Access Token'
https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
To sign in with the oauth endpoints it is intended to do this via the HostedUI or an external IDP. However, you can do it pro-grammatically but will require a call to authorize and login endpoint.. You can see an example in python here:
https://github.com/starkshaw/aws-cognito-user-pool-custom-scope
This is a late answer, but following worked for me nicely with a client_credentials workflow.
curl --request POST \
--url 'https://XYZ.auth.us-west-2.amazoncognito.com/oauth2/token' \
--header 'content-type: application/x-www-form-urlencoded' \
--data grant_type=client_credentials \
--data client_id=7*******e \
--data client_secret=2*****5pjk9valn
Here is the response I got:
{"access_token":"eyJra*****eA","expires_in":3600,"token_type":"Bearer"}
I am trying to make post a message in a circuit conversation through a Circuit Bot via Rest API call. Please help.
You have two options:
Use an incoming webhook. This is very simple and does not require OAuth as the webhook url includes token and the specific conversation. Anyone with this url can post to a conversation. There are both option, posting as yourself, or posting as a bot. If you want to post as a bot, then you first need to create a webhook bot using the "Manage Application > Custom Apps" page. For more information see https://www.circuit.com/unifyportalfaqdetail?articleId=164448 and other webhook articles on these FAQ pages.
Here is s curl example to post a message on an incoming webhook url.
curl https://circuitsandbox.net/rest/webhooks/incoming/9999999-0b95-4088-b272-5bef80f8e68e -H "Content-Type: application/json" -d '{"text":"hello world"}'
Create an actual OAuth 2.0 bot via "Manage Application > Custom Apps" and use the regular REST API (https://circuitsandbox.net/rest/v2/swagger/ui/index.html). There are several REST examples on github. See https://github.com/circuit/circuit-REST-bot for a simple REST bot example.
This is done in two steps :
use the authentication endpoint to obtain a token for your bot
use the messages endpoint (and the token from step 1) to publish the message
Assuming you already have :
a bot (client id, client secret)
conversation ID (the bot must be a participant of it)
Step 1 : Getting the token
curl -X POST
https://<circuitBaseUrl>/oauth/token \
-H 'Authorization: Basic <base64-encode(<clientId>:<clientSecret>)>' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'grant_type=client_credentials&scope=WRITE_CONVERSATIONS'
Get the access_token from the response
Step 2 : Use the REST API to post
curl -X POST \
https://<circuitBaseUrl>/rest/v2/conversations/<conversationId>/messages \
-H 'Authorization: Bearer <access_token>' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Host: beta.circuit.com' \
-d content=hello%20from%20postman
Welcome to the Circuit Developer Community ;-)
I was reading at
https://anypoint.mulesoft.com/apiplatform/anypoint-platform/#/portals/organizations/ae639f94-da46-42bc-9d51-180ec25cf994/apis/38784/versions/127446/pages/182856
because I want to automate Anypoint Runtime Manager enablement on lots of servers.
My plan is to use REST to get the proper registration token to be used to register a server into AMC. There are directions on the page:
To register a server you must first authenticate against the Anypoint Platform Authentication Manager and get an authentication token, with this token you need to obtain a registration token to be used to register a server into AMC.
I understand the first part and can get the authentication token, but I can't find a reference to how to get the registration token.
How can I get this token?
Thanks!
have you seen the Obtain the Server Registration Token part in the documentation?
take a look here, if you want to obtain a registration token by calling the REST API. There is a API endpoint called /servers/registrationToken
You can also get a registration token with the new anypoint-cli v2.x. This will combine several REST API calls for you. The command is:
runtime-mgr server token
You can type this in the interactive shell, or add this to the end of a stand-alone call from your favorite scripting environment. For example, if you have created a profile with your ANYPOINT_USERNAME, ANYPOINT_PASSWORD, and ANYPOINT_ORG, and ANYPOINT_ENV, you can then call:
anypoint-cli runtime-mgr server token
You can find the docs and installation instructions here: docs.mulesoft.com/runtime-manager/anypoint-platform-cli#runtime-mgr-server-token.
If you want to do this directly with the REST API, you'll have to make several calls:
POST a core services access_token from
anypoint.mulesoft.com/accounts/login
with the username and password in the BODY as a JSON object.
curl -X POST \
anypoint.mulesoft.com/accounts/login \
-H 'content-type: application/json' \
-d '{
"username":"yourUserName",
"password":"yourPassword"
}'
Store the response as a variable (let's call it {{access_token}}.
Copy this access_token in the header for every other API call: Key: Authorization, Value: bearer {{access_token}}
Obtain or store the organization ID in which you want to register the server. There's several ways to do this. The value is available via a GET request to
anypoint.mulesoft.com/accounts/api/me
curl -X GET \
anypoint.mulesoft.com/accounts/api/me \
-H 'authorization: bearer aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa'
You might want to use the JQ libraries to parse the organizationID from this JSON response.
Get the environment ID for the environment in which you want to register the Mule runtime (server) from a GET request to:
anypoint.mulesoft.com/accounts/api/organizations/{{organizationId}}/environments
curl -X GET \
https://anypoint.mulesoft.com/accounts/api/organizations/bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb/environments \
-H 'authorization: bearer aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' \
-H 'content-type: application/json'
Make a GET request to
anypoint.mulesoft.com/hybrid/api/v1/servers/registrationToken
With the headers X-ANYPNT-ORG-ID and X-ANYPNT-ENV-ID set:
curl -X GET \
anypoint.mulesoft.com/hybrid/api/v1/servers/registrationToken \
-H 'authorization: bearer aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa' \
-H 'x-anypnt-env-id: cccccccc-cccc-cccc-cccc-cccccccccccc' \
-H 'x-anypnt-org-id: bbbbbbbb-bbbb-bbbb-bbbb-bbbbbbbbbbbb'
This will return a registration token.
Then use this registration token with the amc_setup -H command
amc_setup -H {{registration_token}} Server-Name