regarding tapkey token exchange flow:
when exchanging access tokens through https://login.tapkey.com/connect/token api, I get error code 400 with error message invalid_grant
I am aware of a similar question and the solution in: Tapkey returns 400 bad request invalid_grant
My jwt token contains of the following:
Header:
{
"alg": "RS256"
}
Payload:
{
"algorithm": "RS256",
"audience": "local",
"iat": 1633339589,
"exp": 1633343189,
"issuer": "tapkey",
"subject": "myIpUserID1"
}
Before I make the API call I generate the jwt token with "iat": Time.now.to_i and "exp": Time.now_to_i + 3600, the call is done a few seconds later, manually.
Beforehand I created a IdentityProviderUser via API with the "IpID": "myIpUserID1", and got a success response with a new User-ID (ID).
I also tried to make the https://login.tapkey.com/connect/token api-call with "subject" to be set to that returned User-ID, but that gave me the same error message.
The payload field for the UserId is expected to be "sub" not "subject"
Related
After integrating the WebProvider for ActiveDirectoryFederationServices from preview 4.1.0-preview-1.23108.18, a 401 occurs after the frontchannel redirect and userinfo call.
Probably this is due to the behavior described here: ADFS 4.0 (2016) OpenID Connect userinfo endpoint returns 401 when provided with access token.
Apparently the attachment of the resource = urn:microsoft:userinfo is missing.
In my experience when trying to hit the ADFS OIDC userinfo endpoint you need to pass a querystring key value pair (resource=urn:microsoft:userinfo)
The retrieval and validation of the token was successful.
The token response returned by https://[redacted]/adfs/oauth2/token/ was successfully extracted: {
"access_token": "[redacted]",
"token_type": "bearer",
"expires_in": 3600,
"resource": "8f238a5c-2dea-42cd-80eb-abf7638fcadd",
"refresh_token": "[redacted]",
"refresh_token_expires_in": 26751,
"scope": "openid",
"id_token": "[redacted]"
}.
Is there any way to set the resource or disable the retrieval of user info?
we are using FCM HTTP v1 API to send push notification.
When, our users register their device tokens, our push server just stores it to database without verification because FCM does not provide token verification APIs.
The only time the push server could detect whether the device token is valid or not is when sending push notification via FCM.
According to FCM registration token management, if the device token is invalid the FCM server responds with UNREGISTERED or INVALID_ARGUMENT.
However, the INVALID_ARGUMENT code can be returned when using invalid payload as well. So we can not distinguish errors between invalid device token and invalid payload.
The following is actual response from the FCM server in case of using invalid device token and invalid payload respectively.
{
"error": {
"code": 400,
"message": "The registration token is not a valid FCM registration token",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.firebase.fcm.v1.FcmError",
"errorCode": "INVALID_ARGUMENT"
}
]
}
}
HTTP/1.1 400 Bad Request
{
"error": {
"code": 400,
"message": "Invalid JSON payload received. Unknown name \"priority\" at 'message': Cannot find field.",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.rpc.BadRequest",
"fieldViolations": [
{
"field": "message",
"description": "Invalid JSON payload received. Unknown name \"priority\" at 'message': Cannot find field."
}
]
}
]
}
}
When the token has a proper format but its user is no longer active, you will receive an UNREGISTERED response indicating that you should delete that token from your backend.
However, if you send a token that does not have a valid format (it has been modified in your backend or truncated, for instance) you will receive an INVALID_ARGUMENT. If this is the case you probably want to check your code because you may be modifying the token somewhere (in App or backend). Probably you have to manually detect and delete those tokens.
Once this is solved, you do not have to worry anymore about the INVALID_ARGUMENT response to delete the tokens, except if you make further changes that corrupt them again.
When generating oauth token from ordercloud sandbox environment, ordercloud returns ServerError as the error. Double checked the client_id, username, password and grant_type and it is correct. I am able to generate token using client_credentials grant_type. Is there a different way to generate token using password grant_type?
"client_id": "827D3F9E-F0AE-4C12-AF55-24D1D526303F",
"grant_type": "password",
"username": "admin02",
"password": "Test1234567#",
"scope": "CatalogAdmin BuyerReader MeAdmin InventoryAdmin PasswordReset OrderAdmin PriceScheduleAdmin ProductAdmin ProductAssignmentAdmin ShipmentAdmin"
"ErrorCode": "ServerError",
"Message": "An unknown error has occurred on the server.",
Your API Client has a ClientSecret set and you are not passing the ClientSecret in the request body. If you remove the ClientSecret, or pass it in the request body, your call should succeed.
It should be returning a 400 though rather than 500, so I will log that as a bug on our end.
I'm trying to integrate my app with OneDrive. I'm following this tutorial: https://learn.microsoft.com/en-us/onedrive/developer/rest-api/getting-started/?view=odsp-graph-online For oauth I'm using Azure AD v2.0 endpoint.
To get the access token, I'm calling https://login.microsoftonline.com/common/oauth2/v2.0/token and it successfully answers with some json:
{ token_type: 'Bearer',
scope: 'onedrive.readwrite',
expires_in: 3600,
ext_expires_in: 3600,
access_token: '...',
refresh_token: '...' }
When using the access_token that I received to call https://graph.microsoft.com/v2.0/me/drive/root/delta, I get this response:
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "CompactToken parsing failed with error code: 8004920A",
"innerError": {
"request-id": "5eda75b0-c2d5-467f-a728-8006490c00b2",
"date": "2019-08-19T15:56:10"
}
}
}
This error is pretty cryptic and for the life of me I can't work out why that token won't work with this endpoint. Can someone help?
Never mind -- needed to set the scope as files.readwrite.all instead of onedrive.readwrite
I a requesting an API to get response but it gives below some "JWT_TOKEN_MiSSING" response:
{
"response": {
"ids": "",
"time": 1505890122982,
"error": "JWT_TOKEN_MISSING",
"status": "failure"
}
}
API is: "https://www.viu.com/api/container/load?appid=viu_desktop&iid=9fa3fec0-9457-11e7-bee5-ed8c9b3d7f48®ionid=all&ver=1.0&aver=5.0&fmt=json&contentCountry=in&contentFlavour=telugu&languageid=en&platform=desktop&vuserid=viu-guest-9fa3fec0-9457-11e7-bee5-ed8c9b3d7f48&userid=guest-9fa3fec0-9457-11e7-bee5-ed8c9b3d7f48&ccode=IN&geo=2&id=playlist-24926470&start=0&limit=20&geofiltered=false"
I tried passing all the headers but no luck.
It seems that this API use JWT TOKEN or other tokens (such as HTTP BASIC AUTHENTICATION) to authenticate, you need to know this and add it to your request headers.