API details:.Net Core 3.1 REST API using IdentityServer4 version 3.1.3
I have many APIs which send responses in a specified format.
For e.g. Register endpoint returns below response:
{
"responseCode": 0,
"developerMessage": "Response code not specified.",
"clientMessage": null,
"data": {"id":123},
"exception": null
}
I developed the authentication server using IdentityServer4.
But, my token endpoint returns below response:
{
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ik...",
"expires_in": 1209600,
"token_type": "Bearer",
"refresh_token": "1u8_VOFHTaeqWEWd6R...",
"scope": "offline_access api1"
}
Now the requirement is that all the endpoints of the API should return the response in the same format.
Which means I need to change the response of the token (or more) endpoints.
I looked into the ICustomTokenResponseGenerator service (mentioned here) but all it does is adding more fields to the response. And it is from IdentityServer3
class CustomTokenResponseGenerator : ICustomTokenResponseGenerator
{
public Task<TokenResponse> GenerateAsync(ValidatedTokenRequest request, TokenResponse response)
{
response.Custom.Add("custom_field", "custom data");
return Task.FromResult(response);
}
}
But, I want to completely change the response.
Is there any other service that I can use to get the below response?
{
"responseCode": 0,
"developerMessage": "Response code not specified.",
"clientMessage": null,
"data":
{
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6Ik...",
"expires_in": 1209600,
"token_type": "Bearer",
"refresh_token": "1u8_VOFHTaeqWEWd6R...",
"scope": "offline_access api1"
},
"exception": null
}
As explained in your GitHub ticket:
IdentityServer is an OAuth implementation - what you are suggesting would be incompatible with OAuth and thus is not supported by us.
If you need to change the complete payload to something custom - write some middleware to intercept the response.
Related
After integrating the WebProvider for ActiveDirectoryFederationServices from preview 4.1.0-preview-1.23108.18, a 401 occurs after the frontchannel redirect and userinfo call.
Probably this is due to the behavior described here: ADFS 4.0 (2016) OpenID Connect userinfo endpoint returns 401 when provided with access token.
Apparently the attachment of the resource = urn:microsoft:userinfo is missing.
In my experience when trying to hit the ADFS OIDC userinfo endpoint you need to pass a querystring key value pair (resource=urn:microsoft:userinfo)
The retrieval and validation of the token was successful.
The token response returned by https://[redacted]/adfs/oauth2/token/ was successfully extracted: {
"access_token": "[redacted]",
"token_type": "bearer",
"expires_in": 3600,
"resource": "8f238a5c-2dea-42cd-80eb-abf7638fcadd",
"refresh_token": "[redacted]",
"refresh_token_expires_in": 26751,
"scope": "openid",
"id_token": "[redacted]"
}.
Is there any way to set the resource or disable the retrieval of user info?
I am trying to translate some text using GCP translation service with REST api https://translation.googleapis.com/v3
I'm using API key auth method.
url and
Body
https://translation.googleapis.com/v3/projects/my-translator-1122333:translateText?key=thisismykey
{
"content": ["Hello"],
"sourceLanguageCode": "en",
"targetLanguageCode": "ru"
}
However I got
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
Could anyone explain me what is wrong I do?
Thanks
I'm trying to integrate my app with OneDrive. I'm following this tutorial: https://learn.microsoft.com/en-us/onedrive/developer/rest-api/getting-started/?view=odsp-graph-online For oauth I'm using Azure AD v2.0 endpoint.
To get the access token, I'm calling https://login.microsoftonline.com/common/oauth2/v2.0/token and it successfully answers with some json:
{ token_type: 'Bearer',
scope: 'onedrive.readwrite',
expires_in: 3600,
ext_expires_in: 3600,
access_token: '...',
refresh_token: '...' }
When using the access_token that I received to call https://graph.microsoft.com/v2.0/me/drive/root/delta, I get this response:
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "CompactToken parsing failed with error code: 8004920A",
"innerError": {
"request-id": "5eda75b0-c2d5-467f-a728-8006490c00b2",
"date": "2019-08-19T15:56:10"
}
}
}
This error is pretty cryptic and for the life of me I can't work out why that token won't work with this endpoint. Can someone help?
Never mind -- needed to set the scope as files.readwrite.all instead of onedrive.readwrite
I a requesting an API to get response but it gives below some "JWT_TOKEN_MiSSING" response:
{
"response": {
"ids": "",
"time": 1505890122982,
"error": "JWT_TOKEN_MISSING",
"status": "failure"
}
}
API is: "https://www.viu.com/api/container/load?appid=viu_desktop&iid=9fa3fec0-9457-11e7-bee5-ed8c9b3d7f48®ionid=all&ver=1.0&aver=5.0&fmt=json&contentCountry=in&contentFlavour=telugu&languageid=en&platform=desktop&vuserid=viu-guest-9fa3fec0-9457-11e7-bee5-ed8c9b3d7f48&userid=guest-9fa3fec0-9457-11e7-bee5-ed8c9b3d7f48&ccode=IN&geo=2&id=playlist-24926470&start=0&limit=20&geofiltered=false"
I tried passing all the headers but no luck.
It seems that this API use JWT TOKEN or other tokens (such as HTTP BASIC AUTHENTICATION) to authenticate, you need to know this and add it to your request headers.
I am using http://jsonapi.org as a the format for the responses of my api. I am however a little puzzled how to correctly respond to a request for an access token.
As far as I am aware, from the oAuth side I need to return the following:
{
"access_token": "abc1234...",
"token_type": "Bearer",
"expires_in": 3600
}
From the jsonapi docs I got that every request needs to return a resource object. And every resource object needs a data element with type and id.
However I feel this is not correct for the oAuth token request. Please help me how to do this correctly. Thanks.
I asked in the jsonapi forum and tyler kellen provided a very good answer (http://discuss.jsonapi.org/t/json-api-response-format-for-non-resource-data-like-oauth-token/74). I settled for this now:
{
"jsonapi": {
"version": "1.0"
},
"data": {
"id": "Qcg6yI1a5qCxXgKWtSAbZ2MIHFChHAq0Vc1Lo4TX",
"type": "token",
"attributes": {
"access_token": "Qcg6yI1a5qCxXgKWtSAbZ2MIHFChHAq0Vc1Lo4TX",
"token_type": "Bearer",
"expires_in": 3600
}
}
}