I am developing a website which need google-login button. But i failed in getting the access_token.
Here is my configuration page and curl result.
why curl doesn't work.
The problem you are having is that you have created web browser credentials and you appear to be testing with curl. Curl by itself would be run in a command prompt or shell script there for it would be installed credentials not web browser credentials.
Go to google developer console and create desktop app type creetinals Then you can follow the calls below in order to authorize to Google and get an access token and a refresh token.
Notice how desktop apps use urn:ietf:wg:oauth:2.0:oob for a redirect uri this means just send it back where it came from.
# Client id from Google Developer console
# Client Secret from Google Developer console
# Scope this is a space separated list of the scopes of access you are requesting.
# Authorization link. Place this in a browser and copy the code that is returned after you accept the scopes.
https://accounts.google.com/o/oauth2/auth?client_id=[Application Client Id]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=[Scopes]&response_type=code
# Exchange Authorization code for an access token and a refresh token.
curl \
--request POST \
--data "code=[Authentcation code from authorization link]&client_id=[Application Client Id]&client_secret=[Application Client Secret]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code" \
https://accounts.google.com/o/oauth2/token
# Exchange a refresh token for a new access token.
curl \
--request POST \
--data 'client_id=[Application Client Id]&client_secret=[Application Client Secret]&refresh_token=[Refresh token granted by second step]&grant_type=refresh_token' \
https://accounts.google.com/o/oauth2/token
code ripped from GoogleAuthenticationCurl.sh
YOu may also be interested in Which type of credentials should you create? which explains how to decide which type of Google credentials you need to use for the application you are developing.
your web application.
Redirect uri mismatch with a true web application is most often a configuration issue. If you are using a servicer sided programming language you simply need to take the redirect uri that the error message is telling you is wrong and place that in Google Developer console for your web application as a Redirect uri. Google OAuth2: How the fix redirect_uri_mismatch error. Part 2
If on the other hand you have a Client sided web application using javascript it will state that the issue is with the JavaScript origin. It is still a configuration issue. However this time you need to take the URL it is telling you is wrong and place that in the javascript origin field in Google developer console Simple solution for redirect_uri_mismatch error with JavaScript
YOu do not need both Redirect URI and Javascript origin its one or the other.
Fixed it.
The problem is that i have added two version of redirect uri in the google console:
http and https
In the first step, i redirect customer to the oauth page "https://accounts.google.com/o/oauth2/v2/auth" with http version redirect uri.
In the second step i try to got the access token with https version redirect uri, so i got this error.
Related
I'm trying to utizlie Insatgram Basic Display API to get some information about particular Instagram post. I'm going through Facebook API documentation, but there are some inconsistencies I can't seem to find solution to. My goal is to create a private app I can use on my website, that would display some information about any given Instagram post (not only from my account).
I have created FB app already and used the following url to authorize it on Instagram:
https://api.instagram.com/oauth/authorize?client_id=CLIENT_ID&redirect_uri=REDIRECT_URL&scope=user_profile,user_media&response_type=code
This redirects me to the usual Instagram permission window, which I accept and am being redirected back to this url:
https://REDIRECT_URL?opauth=CODE#_
There are two problems from now on:
1. Facebook docs state that url parameter in return should be code, not opauth:
https://developers.facebook.com/docs/instagram-basic-display-api/guides/getting-access-tokens-and-permissions
When I use value of opauth in the following CURL request, I get the Invalid Authorization Code error in return:
curl -X POST https://api.instagram.com/oauth/access_token -F "client_id=CLIENT_ID" -F "client_secret=CLIENT_SECRET" -F "grant_type=authorization_code" -F "redirect_uri=REDIRECT_URL" -F "code=OPAUTH_VALUE"
I have double checked every value in request and they seem to be correct. I went through authorization process several times just to be sure, but can't obtain access token no matter what.
Found it. The opauth parameter was somehow a result of WordPress theme using Opauth framework. Redirected url from Instagram had value of code parameter replaced with new opauth param with it's own value.
Using different theme allowed me to get correct code parameter from redirect url and get access token.
I maintain a private repository but want to make one file publicly available.
GitHub documentation states that the CURL command below can retrieve a file:
curl -u username:token https://api.github.com/user
But I would like to provide access through a URL. E.g.
https://username:token#raw.githubusercontent.com/me/repo/master/README.md
This always return a 404. Am I missing something?
From "How can I download a single raw file from a private github repo using the command line?", you wouldneed to use a PAT (Personnal Access Token) without the username:
curl -s https://$TOKEN#raw.githubusercontent.com/....
But I would not recommend making that token visible in any way: it would give access to that file and the rest of the repository.
Putting that file in a separate location (be it a separate public repository, or any other online text storage service) would be safer.
For those of you wondering the "why" on 404 vs 401, it's basically a security measure on GitHub's part to output 404 instead of 401: https://docs.github.com/en/github-ae#latest/rest/overview/other-authentication-methods#basic-authentication
For those wondering why we get a 404 in the browser while cURL gives us a success response, you might've assumed that providing the username and password in the URL like https://username:password#somesite.com would pass the credentials along in the initial request. That is not the case - the browser steps in and sees if the page you are requesting returns a WWW-Authenticate response header, and only then does it send your credentials. In the case of your GitHub url, the resource doesn't send back a WWW-Authenticate. If it did return WWW-Authenticate, then you obviously wouldn't run into this problem.
And then there's cURL. cURL assumes Basic Authentication by default and automatically sets the Authorization header to your username and password (either from the url like my previous example, or set through CLI options like in your example), and it sends it regardless of whether or not the server returns a WWW-Authenticate response header.
Unfortunately for us, there's no way to force the browser to send it with the initial request. As to why GitHub doesn't send a WWW-Authenticate response header, it's probably because they don't want to promote the least secure way of authentication - they no longer allow account passwords to be sent this way, after all. However, they do realize its ease of use and have mitigated some of its weaker points by allowing users to use oAuth access token, GitHub App installation access token, or Personal Access Token in its place that can limit its scope of access. So really, it's the browser that is following standards, and GitHub allowing a form of Basic Authentication with some alterations, and cURL immediately passing our credentials into the Authorization header. I believe the below is what's happening behind your requests:
cURL sends a request along with Authorization header → GitHub: "Well, I didn't ask, but yeah, your creds check out" → GitHub: Authorized and redirects to resource
Browser sends request and waits for WWW-Authenticate response before handing credentials → GitHub: "Umm, you don't have permission to access this resource but I can't let you know whether it actually exists") → GitHub: Returns 404 (instead of 401 with WWW-Authenticate header) stopping the browser short from receiving the WWW-Authenticate header response and sending out an Authorization header with the credentials on hand.
I am trying to connect to Google Cloud from an embedded device so I have no access to OAuth authentication. The documents show that I can use simple API key for connecting. I have created a simple API key but I am having problems using it.
I can test the API functions successfully on https://developers.google.com/apis-explorer/?hl=en_US#p/pubsub/v1/ but on this developer's site I don't enter my API key (maybe one is generated automatically in the background).
When I try the same command using curl I get a 401 error:
"Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.", "status": "UNAUTHENTICATED"
But I am copying the GET or POST command directly from the online API tester and adding my key at the end:
curl -X POST -d '{"policy":{"bindings":[{"role":"roles/editor","members":["serviceAccount:charge...."]}]}}' https://pubsub.googleapis.com/v1/projects/pl..../subscriptions/arriveHomeSub:setIamPolicy?key=AIz....
What am I missing?
With the limited information you have provided, it is tough to identify the root cause but these are some of the possible ones:
You have not used quotes for the URL argument to curl. This could lead to some characters which are part of the URL to be interpreted by your shell in a different manner. Characters like & are usual culprits although they don't seem to be part of the URL you pasted.
curl -X POST -d '{"policy":{"bindings":[{"role":"roles/editor","members":["serviceAccount:charge...."]}]}}' 'https://pubsub.googleapis.com/v1/projects/pl..../subscriptions/arriveHomeSub:setIamPolicy?key=AIz'
You have not described how you're generating your API key and hence I feel that could be one of the possible issues.
You can go over the steps for using Google OAuth 2.0 from Google, it covers a lot about client secrets, access tokens and refresh tokens.
As long as you have your client ID and secret, you can call Google OAuth APIs to generate an access token.
You pass in the current access token as the key argument to your REST API.
Access tokens have very limited lifetime and might need refreshing periodically. If your application needs to periodically refresh access tokens, consider storing the refresh token in your application in a secure manner.
I am trying to get access_token using the instructions here developers.google.com/accounts/docs/OAuth2InstalledApp (which I have followed very diligently) but keep hitting the redirect_uri_mismatch error. What am I doing wrong?
First I create a installed app/other using the console (
Client ID for native application
Client ID ...
Client secret ...
Redirect URIs
urn:ietf:wg:oauth:2.0:oob
local host url
Got the authorization code successfully using the browser using
https://
accounts.google.com/o/oauth2/auth?client_id=818722811109-8ak0a1l3ooqqt3bd97bktr33ghenlptk.apps.googleusercontent.com&redirect_uri=http://:51551/Callback&response_type=code&scope=https://www.googleapis.com/auth/adexchange.seller.readonly&access_type=offline
curl -d "code=...&client_id=...&client_secret=...&grant_type=authorization_code&redirect_uri=urn:ietf:wg:oauth:2.0:oob" -X POST https://
accounts.google.com/o/oauth2/token
gives me error "redirect_uri_mismatch"
I'm at a loss what I am doing wrong. I use the redirect_uri from the console which is for the non-domain one, but can't get past this error.
Any pointers would be appreciated.
Thanks.
http://:51551/Callback is not a valid redirect_uri, so the link you mentioned can not get authorization code. So I doubt that the authorization code you get in this way.
Use this one:
https://accounts.google.com/o/oauth2/auth?client_id=818722811109-8ak0a1l3ooqqt3bd97bktr33ghenlptk.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&scope=https://www.googleapis.com/auth/adexchange.seller.readonly&access_type=offline
Sorry the problem is not in code. stackoverflow does not allow localhost in urls, hence I had to delete that domain to get the post to go through. The code works fine after clicking the accept button I do see the code= in the redirect url in localhost.
The problem is in the curl POST.
When I try to call:
https://sonar.mydomain.com/api/resources?resource=com.mydomain.project:MY&metrics=ncloc&format=json
I get
{"err_code":401,"err_msg":"Unauthorized"}
How do I pass my credentials?
According to the newest documentation said: SonarQube now support two way authentication:
User Token
This is the recommended way. Token is sent via the login field of HTTP basic authentication, this way will be more safety, without any password. For more information about how to generate a token, please visit this page User Token. Use curl send request like this:
curl -u THIS_IS_MY_TOKEN: https://sonarqube.com/api/user_tokens/search
# note that the colon after the token is required in curl to set an empty password
HTTP Basic Access
Login and password are sent via the standard HTTP Basic fields:
curl -u MY_LOGIN:MY_PASSWORD https://sonarqube.com/api/user_tokens/search
According to the documentation SonarQube uses basic authentication. Try:
curl -u admin:SuPeRsEcReT "https://sonar.mydomain.com/api/resources?resource=com.mydomain.project:MY&metrics=ncloc&format=json"
Obviously the mechanism for passing these credentials is dependent on how you are invoking the API.
This should also work from the web browser. Try logging into the Webui, your browser will normally cache the credentials.
This happens because authentication data does not include in your api call. This is how I solved it.
1.First install a rest client "Postman" to your browser.
2.Open it and put your API call url under "Normal" tab.
3.Go to "Basic Auth" tab and put username,password then click refresh headers.
4.Come back to "Normal" tab. You'll see a header named "Authorization" in header list.
5.Now click "send" button to view results.
6.If you are using 3rd party application, add "Authorization" header to your call with the value generated by postman.