Not able to Authenticate using OAuth2 for Twitter from Postman - api

I am trying to send the Single Tweet GET request from Twitter API v2 collection. I used the OAuth2 Authorization Type.
When I click on Get New Access Token, after providing the Configuration Options I get the following window
But when I click on Back, I am logged in to my Twitter account.
Meanwhile, my Get New Access Token window is still waiting to receive a response.
Has anybody encountered this before?
I've tried using Bearer Token instead and it works without a problem.
I also tried logging out and logging back in from the Twitter login but still did not authenticate successfully.

For me, it's because I used localhost in my callback URL.
Don’t use localhost as a callback URL
Instead of using localhost, please use a custom host locally or http(s)://127.0.0.1
ref: https://developer.twitter.com/en/docs/apps/callback-urls

My Problem is solved Now, This issue was caused Because I have not added the Callback URL in the postman that I have added in the Twitter developer account project.
And Second main reason for that because I did not add the accurate scopes tweet.

Related

Callback URL not working in Auth0, locally

I am trying to configure login using Auth0. As part of the initial steps, I created an application and added Allowed Callback URLs and Allowed Logout URLs. I have no hosted pages in /login, /login-results, /logout routes. I am just trying to learn working of Auth0 by getting the JWT token and test it in http://jwt.io/.
I tried to use the login UI flow which available out of the box in Auth0. I created the login URL as mentioned in this doc to hit this endpoint
GET https://YOUR_DOMAIN/authorize?audience=API_IDENTIFIER&scope=SCOPE&response_type=code&client_id=YOUR_CLIENT_ID&redirect_uri=https://YOUR_APP/callback&state=STATE
But I am getting this error while executing the endpoint which I created using the credentials of my application with above-mentioned callback URL.
http://127.0.0.1:8080/login-results#error=access_denied&error_description=Service%20not%20found%3A%20name
Endpoint which I generated:
https://fsnd-kavin.auth0.com/authorize?audience=audiencename&response_type=token&client_id={CLIENT_ID}&redirect_uri=http://127.0.0.1:8080/login-results
What is the actual issue? Am I missing any other configurations?
Service Not Found
This error message points to that you passed non existent API identifier as audience. Check that API is created in the API section of Dashboard.

Attempting to implement silent refresh with fusion auth

I'm currently trying to implement silent refresh follow this workaround
However, even when I'm logged in, if I try to do an AJAX GET request to the oauth2/authorize endpoint, I get a status of 200. I tried going to the URL in the browser directly, and it worked. Do I need to pass additional information?
Any help would be greatly appreciated, thanks!
I ended up solving my own problem and was able to not have to use an iframe.
Solution to original problem (I was using authorization code flow):
Set up an endpoint on your server with a silent response that FusionAuth can redirect to (endpoint 1).
Set up an endpoint that you will call from your app to perform the silent refresh (endpoint 2).
From the app, send AJAX GET request to endpoint 2.
On the server side of endpoint 2, send AJAX GET request to FusionAuth with redirect_uri=(endpoint 2)
On success, get redirected url. (In express.js with axios I did response.request.res.responseUrl)
If the url is current server host and not the fusionauth service host, complete auth code flow. Return the token and tell the browser that the user is logged in.
In all other cases the user is not logged in, so return to app that user is not logged in.

Gmail label request fails with http 403 (forbidden)

I have an application that uses OAuth 2 to access Gmail. This is working fine for most users. For some users, however, my application fails at the point of trying to read the Gmail labels, with http error 403 (forbidden). Keep in mind that previous to this API call, I have accessed the user profile successfully. Here is the call that fails:
GET /gmail/v1/users/user.name#domain.com/labels?access_token=ya29.fwI_zL1rF3xOIQcHNzpBhmjVlJhRpofkh4a9mVvwhYRo6H09qX5RNKv76zKT7e6-sEZr
I am requesting the following scopes when getting the access token, and the user has logged in to Google and accepted the request for access (and I can see this when we look at his security dashboard):
https://www.googleapis.com/auth/calendar
https://www.googleapis.com/auth/userinfo.profile
https://www.google.com/m8/feeds
https://www.googleapis.com/auth/tasks
https://www.googleapis.com/auth/gmail.labels
https://mail.google.com/
Note that I just added the gmail.labels scope in at attempt to fix this.
Again, this code is working fine for most users - why do some users fail the label request?
Use the shorthand value me instead of user.name#domain.com and the user who the access token belongs to will be used automatically.

How to authentificate on SoundClound using OAuth 2.0 without using redirect uri on a desktop application?

I would like to develop a desktop application.
Sadly I got stuck at login. I want to use a web view which be SoundClound login end point.
https://soundcloud.com/connect?client_id=my_client_id&response_type=token_and_code&scope=non-expiring
Using the above I received error : "invalid_client: The configured redirect_uri of the client application is invalid."
Would be nice if API would tell you which parameters are required and which are optional. As I read about OAuth 2.0, redirect uri is optional. This caused me confusion when received this error. I also tried curl version, same kind of error.
If I tried to add a random redirect_uri won't pass either. (I'm aware this is about security.)
I found this answer, but I doesn't work and I think is error-prone: it requires 2 text fields and you're asking the user to provide their credentials (then you're able to do what you want with them...)
Soundcloud API authentication without a web browser
I would like to do the flow this way:
Open a web view with SoundCloud login end point.
User is providing his credentials to SoundCloud Server.
SoundCloud Server is sending me a token.
Something similar to OAuth 1.0.
Is possible or is there something similar to achieve my goal?
After another few hours of research and keep trying to login I figured it out.
It works with redirect_uri after I did the setup for it on page "Your apps" on SoundCloud.

UserAuthentication via Flattr-REST: No PIN returned?

I'm trying to write a new application using the Flattr REST-API version 1 (not the beta v2). The application acquires a request token at first, which seems to work properly. But I run into a problem authenticating the user. The link created for authentication looks like this:
https://api.flattr.com/oauth/authenticate?access_scope=read,click&oauth_token=MY_REQUEST_TOKEN
Clicking the link everything seems alright. Information about the application and the scope requested is shown, but clicking "Authenticate", there's no pin code, but the following error from https://flattr.com/apps/pincode/MY_REQUEST_TOKEN:
Something went wrong. Please try again
BUT now the Application IS in the authorized application list of the user though that doesn't really help if the user can't get the pin code...
The Application type is set to client. It's the first time I try to work with the API so I'm not sure if I miss anything important? Would be grateful for some help.
Just as an update: We finally changed to API v2. Getting Authorization for our application feels a bit clumsy, as we set the redirecturi to some webpage, where we display the returned code and let the user copy&paste it into our client application... we kind of made our own pincode-flow :/
If possible, please use the v2 api, which uses oauth2 + bearer token.
However, the new API doesn't support authentication using the pincode flow.
As stated by Maike this is probably a bug that has surfaced yet again :(
I'll create an internal bug ticket and try to get it fixed.
The pincode isn't a feature planned. You can use the oauth2 "implicit grant" to authenticate the resources owner. This isn't documented at the moment but is possible.
When you do the request to https://flattr.com/oauth/authorize you pass the response_type token instead of code. This will append a access_token fragment in your callback URL. In your http client it might be possible to catch the 302 from our server and parse the access_token from the fragment.
All this requires a http client in your application whom you can control the flow inside your app.