I am using below mentioned API and keys to get access token from Postman :-
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
scope=User.Read%20CallRecords.Read.All%20Mail.Read%20mail.read
code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
redirect_uri=https://office365test.com
grant_type=authorization_code
client_secret=xxx
It is not showing access token and refresh token attributes and the status is 404 Not Found
Thanks in advance.
Related
I am trying to use Vue + axios to query the N26 bank API. To do so you need to ask for a MFA token and go through MFA authorization. The first step is to get the MFA token, by querying https://api.tech26.global/oauth2/token/ and they reply with a 403 with the token in the data. It works when I curl :
% curl -i -H "Authorization: Basic bmF0aXZld2ViOg==" -H "Content-type: application/x-www-form-urlencoded" -H "device-token: aDeviceToken" https://api.tech26.global/oauth2/token --data "username=myUsername&password=MyPassword&grant_type=password"
HTTP/1.1 403 Forbidden
{"userMessage":{"title":"A second authentication factor is required.","detail":"Please provide your second form of authentication."},"mfaToken":"mfaToken","error_description":"MFA token is required","detail":"MFA token is required","hostUrl":"https://api.tech26.global","type":"mfa_required","error":"mfa_required","title":"A second authentication factor is required.","message":"Please provide your second form of authentication.","userId":"MyUserID","status":403}
As you can see, the MFA token is in the answer and can be used to continue the workflow.
However when doing so with Axios on Vue.js, It is impossible for me the get the message with the 403 reply:
let data = new URLSearchParams();
data.append('grant_type', 'password');
data.append('username', 'myUserName');
data.append('password', 'MyPassword');
let headers = { "Authorization": "Basic bmF0aXZld2ViOg==", "Content-type": "application/x-www-form-urlencoded", "device-token": "MyDeviceToken" };
let response = await axios.post(`https://api.tech26.global/oauth2/token`, data, { headers });
console.log(response)
But the only thing in the logs is "XHR OPTIONS https://api.tech26.global/oauth2/token", and when I click on it it just shows 403, without the response body. I tried looking for a way to retrieve the 403 body message, but nobody seems to be interested in this (and it is quite weird that they reply with 403 when this is the normal workflow). Does anyone know how to fetch the response body with axios please ?
This is actually a CORS problem.
The OPTIONS message is the preflight request the browser automatically sends (because you have a custom header: device-token) before it can proceed with the POST. Since the preflight failed with 403, the POST request is not actually sent to the server.
You'll need another way to get the mfaToken, and that's beyond the scope of the question.
I haven't had an issue getting access tokens, but when I try to test my access token by requesting households, I am getting 'Invalid Access Token' as a response. My refresh token appears to be working fine, but even refreshed access tokens are failing for this request.
I may be setting up my curl incorrectly for this request, can you please let me know exactly which tokens/keys/values are to be placed in these 2 headers, I don't find the documentation to be clear:
Authorization: ***** Hidden credentials *****
X-Sonos-Api-Key: 00000000-0000-0000-0000-000000000000
Thanks
In the sample getHouseholds request, you need to provide your access token as a header in the format:
Authorization: Bearer <Access-Token>
and then your API Key (generated when you created your integration) in a second header:
X-Sonos-Api-Key: <Api-Key>
Be sure to also include the content-type header:
Content-Type: application/json
I am unable to obtain a LinkedIn Access Token. My setup is as follows:
I have setup an app on LI with this redirect URL http://localhost:5000/home
I request authorization from LI and get a response with the 'code'.
In under 10 seconds, I copy the code query param out of the URL bar and paste it into Postman.
In Postman, I have a setup as follows:
POST /oauth/v2/accessToken HTTP/1.1
Host: www.linkedin.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&
client_id=<client id>&
client_secret=<client secret>&
redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fhome&
code=AQSbUzcWwSk_3sqQfusRZWEa4tZqU_x4fSQKub9c3eoeCzZwNO2ZH8uAzJc-T0T40WRv6qNxNpCDxckEjuXHqb56ZhKQqReB5mDjm1kZrCrLlBBYhzyymF5oRzwNgObylJukUVQ_0OiSuE0W0RQ
I have made multiple attempts but in response, I get the following error.
{"error":"invalid_request","error_description":"Unable to retrieve access token: appid/redirect uri/code verifier does not match authorization code. Or authorization code expired. Or external member binding exists"}
We have a LI login deployment that suddenly stopped working and started returning this error. On simplifying the use case, I find that Postman does the same.
What gives? What am I doing wrong? This used to work!
I am trying to retrieve an authorization code for a token but keep getting a 401 error. I get the authorization code from my callbackUrl.
It believe I am sending the request properly. I am sending a base64 Bearer token in the authorization header using my key:secret. I am just not sure what to do from here to resolve things. I am new to oauth so I don't know if there is a way for me to determine the problem from my end of things? I'm completely stumped...
[callbackUrl]/?scope=READ&state=test&code=98LtBkcY
https://www.[testapi].net/v1/id/oauth/access_token?grant_type=authorization_code&code=98LtBkcY
Error:
HTTP/1.1 401 Unauthorized
Content-Type: application/json
WWW-Authenticate: Bearer realm="null",error='invalid_token",error_description='keymanagement.service.invalid_access_token: Invalid Access Token"
Content-Length: 116
{"fault":{"faultstring":"Invalid Access Token","detail":{"errorcode":"keymanagement.service.invalid_access_token"}}}
I'm working in VB.NET and creating my bearer token like this:
Authorization_Token = System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(ConsumerKey & ":" & ConsumerSecret)).ToString
I got it working. Their documentation told me to use the token as a Bearer token but tried it and worked with out it.
I am trying to get the latest tweets from a twitter user. This is what I've got so far:
$string = file_get_contents("https://api.twitter.com/1/statuses/show.json?id=Cristiano&include_entities=true");
$json_=json_decode($string,true);
This is my error message:
{"errors":[{"message":"Bad Authentication data","code":215}]}
What is the problem?
You'll want/need to migrate to the latest version of the API: 1.1. More information about the deprecation of version 1 can be found at the Twitter API Calendar of Changes documentation.
Next, you'll need to authenticate to the API prior before having access to it. More information about that can be found at the Twitter API Authentication & Authorization page.
POST /oauth2/token HTTP/1.1
Host: api.twitter.com
User-Agent: My Twitter App v1.0.23
Authorization: Basic eHZ6MWV2RlM0d0VFUFRHRUZQSEJvZzpMOHFxOVBaeVJn
NmllS0dFS2hab2xHQzB2SldMdzhpRUo4OERSZHlPZw==
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Content-Length: 29
Accept-Encoding: gzip
grant_type=client_credentials
That is the required HTTP POST request. How do I sent it using PHP?