So i created youtube api project on google cloud. I tested getting auth code via urn:ietf:wg:oauth:2.0:oob redirect-uri, i don t want to make webservice to auth my account. Everything is good because i am getting code in the browser but i have the problem with POSTing to the api this auth code. When i am trying to post authentication code via RestMan (sth like postman) it shows me that:
<html lang=en>
<meta charset=utf-8>
<meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
<title>Error 404 (Not Found)!!1</title>
<style nonce="CIsxxpEHaaEHNiQiddzf7Q">
*{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{color:#222;text-align:unset;margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px;}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overflow:hidden}pre{white-space:pre-wrap;}ins{color:#777;text-decoration:none}a img{border:0}#media screen and (max-width:772px){body{background:none;margin-top:0;max-width:none;padding-right:0}}#logo{background:url(//www.google.com/images/branding/googlelogo/1x/googlelogo_color_150x54dp.png) no-repeat;margin-left:-5px}#media only screen and (min-resolution:192dpi){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat 0% 0%/100% 100%;-moz-border-image:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) 0}}#media only screen and (-webkit-min-device-pixel-ratio:2){#logo{background:url(//www.google.com/images/branding/googlelogo/2x/googlelogo_color_150x54dp.png) no-repeat;-webkit-background-size:100% 100%}}#logo{display:inline-block;height:54px;width:150px}
</style>
<main id="af-error-container" role="main"><a href=//www.google.com><span id=logo aria-label=Google role=img></span></a>
<p><b>404.</b> <ins>That’s an error.</ins>
<p>The requested URL was not found on this server. <ins>That’s all we know.</ins>
</main>
My data in RestMan:
URL: https://accounts.google.com/o/oauth2/token/
Raw body: code=MYCODE&client_id=MYCLIENTID&client_secret=MYSECRET&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code
I think it can be problem with body in redirect_uri part. Can someone advice me what should i write there? Need i create webservice authorization with localhost?
EDIT:
Okay i just used youtube client library for java.
Example codes are really helpful and connection should be safe.
Link: https://developers.google.com/api-client-library/java/
a) You're likely using the wrong URL. Use the Google discovery doc: https://accounts.google.com/.well-known/openid-configuration to find the token endpoint:
...
"token_endpoint": "https://oauth2.googleapis.com/token",
...
b) Consider setting up localhost to get the authorization code and refresh token. See https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html.
Okay i just used youtube client library for java. Example codes are really helpful and connection should be safe. Link: https://developers.google.com/api-client-library/java/
I've been trying to update Google sign-in button on my website from old javascript method to new identity library, it works fine when I use callback function but the redirect option (for server-side verification) doesn't send credentials in POST request:
<html>
<body>
<script src="https://accounts.google.com/gsi/client" async defer></script>
<div id="g_id_onload"
data-client_id="my client id"
data-ux_mode="redirect"
data-login_uri="http://localhost:3001/api/google-auth">
</div>
<div class="g_id_signin" data-type="standard"></div>
</body>
</html>
In POST request it sends 'g_csrf_token' cookie, but doesn't contain 'credential' or 'g_csrf_token' in request body or parameters as mentioned in the document here
https://developers.google.com/identity/gsi/web/reference/html-reference#server-side
I believe I've set OAuth 2.0 Client ID and Consent Screen correctly. Any help will be appreciated
I am unable to obtain a LinkedIn Access Token. My setup is as follows:
I have setup an app on LI with this redirect URL http://localhost:5000/home
I request authorization from LI and get a response with the 'code'.
In under 10 seconds, I copy the code query param out of the URL bar and paste it into Postman.
In Postman, I have a setup as follows:
POST /oauth/v2/accessToken HTTP/1.1
Host: www.linkedin.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&
client_id=<client id>&
client_secret=<client secret>&
redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fhome&
code=AQSbUzcWwSk_3sqQfusRZWEa4tZqU_x4fSQKub9c3eoeCzZwNO2ZH8uAzJc-T0T40WRv6qNxNpCDxckEjuXHqb56ZhKQqReB5mDjm1kZrCrLlBBYhzyymF5oRzwNgObylJukUVQ_0OiSuE0W0RQ
I have made multiple attempts but in response, I get the following error.
{"error":"invalid_request","error_description":"Unable to retrieve access token: appid/redirect uri/code verifier does not match authorization code. Or authorization code expired. Or external member binding exists"}
We have a LI login deployment that suddenly stopped working and started returning this error. On simplifying the use case, I find that Postman does the same.
What gives? What am I doing wrong? This used to work!
I try to talk to my REST API built with Laravel. But the call with POSTMAN is rejected due to a token mismatch. I guess I need to include the CSRF token in the header. But do I need the encrypted one? When I insert this token I still get the error that there is a token mismatch.
I retrieve my token by using:
$encrypter = app('Illuminate\Encryption\Encrypter');
$encrypted_token = $encrypter->encrypt(csrf_token());
return $encrypted_token;
but is this supposed to change on every refresh?
If you aren't using forms - for an API for example - you can follow the steps here https://gist.github.com/ethanstenis/3cc78c1d097680ac7ef0:
Essentially, add the following to your blade or twig header
<meta name="csrf-token" content="{{ csrf_token() }}">
Install Postman Interceptor if not already installed, and turn it on
Then, in your browser log into the site (you need to be authorised), and either inspect element or view source to retrieve the token
In Postman, set GET/POST etc as needed, and in your header create a new pair
X-CSRF-TOKEN tokenvaluetobeinserted235kwgeiOIulgsk
Some people recommend turning off the CSRF token when testing the API, but then you aren't really testing it are you.
If you do find you still have errors, check the response back using preview as Laravel tends to be fairly explicit with their error messages. If nothing is coming back, check your php_error.log (what ever it is called).
ps Oct 2018 - I now user Laravel Passport for handling API registration, logins and user tokens - worth a look!
Go to app/Http/Middleware/VerifyCsrfToken.php and add this values
protected $except = [
'/api/*'
];
Yes it changes every refresh. You should be putting it in the view and when you post it needs to be sent as the value of the "_token" POST var.
If you are just using a standard POST just add this to the form:
<input type="hidden" name="_token" value="<?php echo csrf_token(); ?>">
If you are using AJAX make sure you grab the value of _token and pass it with the request.
REF: http://laravel.com/docs/5.1/routing#csrf-protection
Use Postman
Make a GET request to any page that has
<meta name="csrf-token" content="{{ csrf_token() }}">
Copy the value from the response.
Add a header field to your POST request:
"X-CSRF-TOKEN: "copied_token_in_previous_get_response"
I had this error while using a baseURL variable in my Postman environment. Turns out I was calling the site's URL without /api at the end. Sounds silly, but just to eliminate user error make sure you check that your request URL is based on:
✅ https://<your-site-url>/api
Not:
❌ https://<your-site-url>
If you are making REST API use api.php for writing routes, not web.php, according to Laravel documentation web.php is for writing routes for the website that's why you see csrf-token error while using it like API, So for API we have the api.php file which will not give you a csrf-token error.
I just had the same issue and this answer finally helped me solving it: https://stackoverflow.com/a/67435592/11854580
Apparently the CSRF token needs to be updated on every POST request. (Not on every GET request somehow.) You can solve this with a pre-request-script in Postman as explained in this tutorial: https://blog.codecourse.com/laravel-sanctum-airlock-with-postman/
Adding /api to the url should solve this for most people just testing out their APIs... Eg. https://www.yoursite.com/api/register
I'm trying to do an HTTPS POST with Postman and get a valid response with the Twitter OAuth 1.0 Sign In flow.
So the Twitter documents say I need to do an HTTPS POST with a specific Authorization header and I'll get a valid response.
Every time I try this, I get a 401 Not Authorized result.
I'm using the sample twitter data from this Twitter documentation page.
Here is a screenshot of what I'm trying...
In this example, the header value is
OAuth oauth_nonce="K7ny27JTpKVsTgdyLdDfmQQWVLERj2zAK5BslRsqyw", oauth_callback="http%3A%2F%2Fmyapp.com%3A3005%2Ftwitter%2Fprocess_callback", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1300228849", oauth_consumer_key="OqEqJeafRSF11jBMStrZz", oauth_signature="Pc%2BMLdv028fxCErFyi8KXFM%2BddU%3D", oauth_version="1.0"
(which is copied directly from that Twitter developer page).
Can anyone tell me what I've done wrong, please?