could anyone tell me how to add request headers for subscription keys in SOAP request.
I am using NuSOAP toolkit for making SOAP calls. Setting keys for authorisation SOAP calls seems difficult for me. Unless I pass the subscription keys in request headers, I didn't get an access.
I tried:
$this->nusoap_client->setHeaders("<soapHeader xmlns='http://test.com/'>
<Ocp-Apim-Subscription-Key>***mykey***</Ocp-Apim-Subscription-Key>
</soapHeader>");
but it adding keys to the soap header instead of request header.
Then I tried :
header("Ocp-Apim-Subscription-Key: ***mykey***");
but still no hope, its added to the response header now.
I am using $this->nusoap_client->call() for making SOAP call, and the response getting is
{ "statusCode": 401, "message": "Access denied due to missing subscription key. Make sure to include subscription key when making requests to an API." }
thanks in advance.
Well, I found a solution myself. Don't know if it is the right way or not! Anyway I would like to post my solution here, it may find useful to someone.
I solved this issue by modifying the nusoap library class file. Modified function soap_transport_http to set headers as:
$this->setHeader('Ocp-Apim-Subscription-Key', '***myKey***');
May be it is not the right way to modify headers in SOAP request, but it works for me. Please put your answer if you find better solution.
Related
Thank you for the nice work you put into this amazing library.
I have an issue with my request adapter but only with the MultipartFormData.
I want to be able to update the body of the request but when the request gets in the adapter, I'm getting a nil httpBody. I only get this behaviour on Multipart, not on classic POST requests.
I'm trying to sign the request with an oauth2 token (async), but the particularity of this API is that the token is sent in the body and not in the headers.
There's a body as the metrics in the response say (Request Body Transfer Bytes) 231306
I'm using Alamofire 5.0.0
This is most likely due to multipart forms using UploadRequests (and therefore URLSessionUploadTasks) which do not include the body data as part of the URLRequest for performance reasons. If you update your question with what you're trying to do to the body, perhaps I can provide an alternate solution. If nothing else, you could manually create multipart uploads by using MultipartFormData.encode() directly and adding the Data to a URLRequest, but that's not recommended for large uploads.
I'm hitting the following endpoint
https://<my company>.onelogin.com/oidc/token
and sometimes I get the following error response and I'm not sure what it means.
{"error":"invalid_request","error_description":"client authentication must only be provided using one mechanism"}
I am sending the following fields as params:
grant_type=authorization_code
code=redacted
redirect_uri=redacted
client_id=redacted
client_secret=redacted
Can anyone shed some light on why this endpoint fails intermittently?
We have figured out what has been causing this "one mechanism" problem. We emailed OneLogin tech support team and received the following response:
As you can see in our documentation the placement of "client_secret" is dependent on your Token Endpoint Authentication Method setting. API Reference
If the Authentication Method = POST then "client_secret" is in the body.
If the Authentication Method = Basic then the "client_secret" is encoded and placed in the Authorization header.
Your application is currently sending this value in both Authorization Header and POST body. In the past this would not have been an issue but with the tightening to spec it will cause a 400 error for your application.
They will soon update their documentation, but for now, please use this guide to get rid of the "one mechanism" error in your application.
not really sure where to start here other then to dive into CF (I REALLY don't want to do that) but....
I have an NSURLConnection signing OAuth2 requests to an ASP.NET WebAPI Resource Server, this resource server returns JSON body AND statusCode 400. I have yet to find a way to parse the data from the response when it returns code 400.
Does anyone here have any ideas? I would prefer to keep using NSURLConnection as this is only an OAuth2 consumer class. My other code is using restkit, but I do not want the OAuth2 end to require said library.
The process to parse data from a request which returns status 400 should be identical to that of a request returning status 200.
Simply note the status code in -connection:didReceiveResponse: and allow the request to continue; you will receive any additional data that the server sends in -connection:didReceiveData: as usual. Finally, you'll get a -connectionDidFinishLoading: call when all data has been received, and you can parse the JSON there.
Does your HTTP request Accept header specify "application/json"? If so, then this is probably an IIS bug and not iOS.
Interestingly enough, MVC4 ActionResult is broken in the RTM. Switching it over to Pure WebApi and fine tuning the response, I was able to finesse it into returning the proper data, it was likely serializing the json improperly which other languages weren't catching.
I'm trying to get my access token for my application, using this URL:
https://datamarket.accesscontrol.windows.net/v2/OAuth2-13?grant_type=client_credentials&client_id=//CLIENT ID//&client_secret=//CLIENT SECRET//=&scope=http://api.microsofttranslator.com
Obviously I replace //CLIENT ID// and //CLIENT SECRET// with my applications information.
I tried encoding the tokens with HtmlEncode in my application but got a 400 error. So I tried the request in my browser and this is the JSON response I got:
{
"error":"invalid_request",
"error_description":"ACS90007: Request method not allowed. \r\nTrace ID: 2144c829-f3fa-4ed8-80e6-40841e6a3f69\r\nTimestamp: 2012-06-27 01:11:27Z"
}
I don't know what I'm doing wrong, any help?
I believe when you are making the WebRequest call your parameter is set to use GET and this will cause error ACS90007. When making the WebRequest call please use POST along with application/x-www-form-urlencoded set Content-Type.
If you still have problem post your WebRquest code snippet and i will take a look.
It would be better if you can provide the code for AdmAuthentication. For now, please make sure you have correctly translated the code on http://msdn.microsoft.com/en-us/library/hh454950 to VB. Please also try to use Fiddler to monitor the request to ensure it is sending a POST request.
Best Regards,
Ming Xu.
Making my own client secret helped my cause
I read What HTTP status response code should I use if the request is missing a required parameter? but it did not specifically ask about headers and there didn't seem to be a consensus.
The context of this question assumes successful authentication. I'm currently favoring either a 400 (though that doesn't feel right because this isn't really a case of "malformed syntax") or 403. Given 403's description:
The server understood the request, but is refusing to fulfill it.
Authorization will not help and the request SHOULD NOT be repeated. If
the request method was not HEAD and the server wishes to make public
why the request has not been fulfilled, it SHOULD describe the reason
for the refusal in the entity.
This makes the most sense to me.
Can someone please enlighten me? Thanks.
400 Bad Request
It's a user error in the request. Unlike with a 403, the client should be allowed to repeat their request, but only after modification:
10.4.1 400 Bad Request The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.
Edit
As Mark Reed points out in the comments, a 403 says, "There is nothing wrong with what you sent me. You have proper authorization and the syntax was valid. I just don't want to do what you ask."
The part that you have in bold simply says, if the server so chooses, it can tell the client exactly why it doesn't want to fulfill the request.