how to create new contacts in Xero using API?
i have tried this API - https://api.xero.com/api.xro/2.0/Contacts but i always get this error : "oauth_problem=consumer_key_unknown&oauth_problem_advice=Consumer key was not recognised."
I don't know how to pass client id and client secret or access token in API?
passing parameter in the header is not working -
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"Authorization: Basic " . base64_encode('75F16AECC7F749E08D1822B32CD110EB:lJ_h1cG7dvE5xIAXDWyFDcmGQPqtZOlHzfAzw0ImdLPKOxL5'),
'Content-Type: application/json'
]);
please help
Xero uses the OAuth2 authorization flow. Broadly speaking, you'll need to:
Send the Xero user to an authorising URL with your client id, which will result in the user being redirected to your specified redirect uri with a code
Swap this code for an access token using your client id and secret
Use the access token as a bearer token in your authorization header when you're making your request to the contacts endpoint
The full details are described in the Xero Developer docs.
Related
I understand that I need to call:
curl --request POST \
--url 'https://auth.atlassian.com/oauth/token' \
--header 'Content-Type: application/json' \
--data '{"grant_type": "authorization_code","client_id": "YOUR_CLIENT_ID","client_secret": "YOUR_CLIENT_SECRET","code": "YOUR_AUTHORIZATION_CODE","redirect_uri": "https://YOUR_APP_CALLBACK_URL"}'
to get access token. There is some attempt to explain what are client_id, client_secret, code, redirect_uri, but it's totally cryptic to me. Can someone explain to me, what these are and where to get them?
I can login to company jira. I can create my personal access token in my profile. I cant get any meaningful support from my company. I need to get somehow from here to access token, so that I can call rest api.
OAuth needs that the user login through a web interface.
Once logged, is possible to retrieve the code you are looking for in the URL.
In my case, in order to get that code I have to open the oauth login web page of the service I want to use (in your case atlassian) and just login.
I usually manage this process with code, not using curls.
redirect_uri is where you want to be redirected after you login in the web interface.
i.e. Do I need to login with atlassian in order to call api and use data from my app ?
mobile app/Desktop App (redirect_uri will be a schema defined by you in the app, could be something like: myCompany://myApplicationExample or with desktop http://localhost should work ). In this case I suggest you to read something about deeplink for applications.
website (redirect_uri will the url of your website : https://yourwebsite.com
In my case, with the services I usually work with, cliend_id and client_secret are given per user or per application, when requested to the company which provides services you need.
I hope this can help you clarify
BY THE WAY:
if you say you already have an Access Token , you should be able to do everything without Loggin in, because the final purpose of login and use all this parameters you asked for, is to get an Access Token.
The endpoint you are trying to call, will just return you an Access Token.
The Access token is what you need in order to call rest api in this case.
I would suggest you to try to call an atlassian rest API you want, using the Access Token you already have in the headers of the rest API, and see the results.
In my case, I have to create an header like this:
Authorization : Bearer {your Access token}
I hope this helps you.
EDIT:
As shown in point 1 in this doc https://developer.atlassian.com/cloud/jira/platform/oauth-2-3lo-apps/
you should open this url by your application:
https://auth.atlassian.com/authorize?
audience=api.atlassian.com&
client_id=YOUR_CLIENT_ID&
scope=REQUESTED_SCOPE_ONE%20REQUESTED_SCOPE_TWO&
redirect_uri=https://YOUR_APP_CALLBACK_URL&
state=YOUR_USER_BOUND_VALUE&
response_type=code&
prompt=consent
read the doc on you should set redirect_uri (http://localhost is valid if is a desktop application, but you will have to implement an http listener in order to get the authorization code, I suggest you to set a schema in you app or simply use a web page url).
You should get a client_id by atlassian to use in the url,same for scope.
I don't know exaclty the state parameter but in the docs should be writtend.
Once logged you will be redirected to the redirect_uri you set, getting also this authorization_code, then you can call the /token endpoint in order to get the Access Token.
curl --request POST \
--url 'https://auth.atlassian.com/oauth/token'
--header 'Content-Type: application/json'
--data '{"grant_type": "authorization_code","client_id": "YOUR_CLIENT_ID","client_secret": "YOUR_CLIENT_SECRET","code": "YOUR_AUTHORIZATION_CODE","redirect_uri": "https://YOUR_APP_CALLBACK_URL"}'
Here you have to use the authorization code you get from the login, re use the same client_id, set also the client_secret (should be given with the client_id) and re use the same redirect_uri you used in the login url.
Once done you will have finally the Access Token, which must be used in order to call Apis.
as shown in the doc you should be able to call apis like this curl
curl --request GET \
--url https://api.atlassian.com/oauth/token/accessible-resources
--header 'Authorization: Bearer ACCESS_TOKEN'
--header 'Accept: application/json'
Where 'ACCESS_TOKEN' will be your access token obtained before.
Remind that an Access Token usually has an expiration date, after which you will need to login again or refreshing the token.
EDIT 2:
A Client ID is an identifier associated with an application that assists with client / server OAuth 2.0 authentication.
So basically is a constant string, this should be given to you from atlassian/jira in some way.
Client Secret should be given to you with Client ID from atlassian/jira.
Client_id and client_secret usually are also called api keys.
Usually the Scope is the name of the application you are requesting api keys for (you should request new api keys for each application),this is up to you, and should be comunicated to the company in your case (atlassian/jira) when requesting api keys.
(i.e. For my company I work with Trimble Connect, which is just a platform, everytime I develop for example a plugin/addon on top of it I ask them new api keys)
for what concerns the state:
state: (required for security) Set this to a value that is associated with the user you are directing to the authorization URL, for example, a hash of the user's session ID. Make sure that this is a value that cannot be guessed. You may be able to generate and validate this value automatically, if you are using an OAuth 2.0 client library or an authentication library with OAuth 2.0 support.
In the beginning I would try to give the state a random value.
I think you should ask to Atlassian how to get your api keys (maybe there's a page for that, like for Trimble Connect in my case).
I would send them an e-mail.
Seems you are not interested in call Apis from an application you are developing, but just from curls.
if I'm right, I know I have already told you, but if I were you I would definitely try to call an atlassian API not trying to get the access token from the OAuth Login, but using that ACCESS TOKEN you told me you told me you manually created.
Please try this curl:
curl --request GET \
--url https://api.atlassian.com/oauth/token/accessible-resources
--header 'Authorization: Bearer {ACCESS_TOKEN}'
--header 'Accept: application/json'
just use your Access Token string instead of {ACCESS_TOKEN} and see the results.
i am new to keycloak.
I have made web portal that authentication (login, logout,forgot password) of users is done in backend ( PHP ) using REST Api. After successful authentication user is allowed to enter secure part of portal.
I am having trouble to get REST API endpoint so that when user is logged in i would like to get a list of permissions that this user have so i can render the UI with functions that specific user have permissions to. So far i found endpoint which can ask for specific permission only
curl -X POST http://$URL/auth/realms/argo/protocol/openid-connect/token -H "Authorization: Bearer $TOKEN" --data "audience=$CLIENTID" --data "permission=$PERMISSIONNAME#$PERMISSIONSCOPE"
Is this possible with keycloak ? I would have maybe around 10 navigation functions and some will be payable so once user buys this function we will allow this permission to this specific user.
Thanks
I spent a lot of time to make it work.
Basically, once the user is logged in (via a JWT access token) your app has to issue an additional call to an OIDC endpoint, in order to get an extended JWT token (including fine grained permissions).
Here are the details of this extra call:
POST http://server:port/auth/realms/<realm>/protocol/openid-connect/token
Content-Type: application/x-www-form-urlencoded
Authorization: "Bearer ....." (=access token of logged-in user)
Parameters:
- grant_type: the constant "urn:ietf:params:oauth:grant-type:uma-ticket"
- audience : the keycloak client id
- response_include_resource_name: true
You will get in response a JWT token that should be decoded
either programatically (quite easy)
or by invoking Keycloak token introspection endpoint (ie /auth/realms//protocol/openid-connect/token/introspect
And, once decoded, you will notice that the json payload contains an extra "authorization" node.
I am using Auth0 for User-Authentication in my VueJS-Application.
Now I want to create a backend providing a REST-API that will also use OAuth2-protocol and JWT-tokens in conjunction with our Auth0-based Frontend. This basically means: after SignUp of a new User, I want to send this new User to our backend in order to create a new record (which is already done).
The REST-API will be only accessible with a valid JWT-Token, which works perfectly following some tutorials and examples provided by Auth0 like this one.
I'd like to validate an access_token on my backend with Auth0 for a user, that was authenticated on the frontend application using auth0 also in the backend without sending any passwords.
This way, the Frontend or any other client can obtain an Access-Token like with this curl-command:
curl --request POST \
--url https://dev-xxxxx.eu.auth0.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"DLjQxxxx","client_secret":"*****","audience":"https://api.example.org","grant_type":"client_credentials"}'
On the backend, I am able to parse this token against Auth0 to check if this token is valid or not.
But how can I obtain a token on the Frontend for a specific user consisting of its email and password in Auth0-authentication? The Auth0-API will not return any access token after user authentication that I can use together with my API in order to validate the JWT token for specific roles.
I think I don't get the final workflow here.
Can someone point me please into the right direction?
I've got some code (a script on a server) that tries to send an OAuth2 request to get a token from an API. I have a client id, and client secret from the "OAuth 2.0 Client Ids" section of the "Credentials" tab in the Google Cloud Platform > APIs and Services. I also have a refresh token that I originally obtained somehow.
The URL I am POSTing to is:
https://www.googleapis.com/oauth2/v4/token
I'm sending the header
Content-Type: application/x-www-form-urlencoded
In the body of my post I have the following information:
grant_type=refresh_token&client_id=${encodeURIComponent(client_id)}&client_secret=${encodeURIComponent(client_secret)}&refresh_token=${encodeURIComponent(refresh_token)}
However, it has been a long time since I last ran this code and now it returns an error "bad grant". On this page it says that a refresh token will stop working if it has not been used for six months, which explains why I am getting the error. However, it does not say how to get another refresh token using the client id and client secret similar to how I am now creating a post to get an access token. How do I do this?
I believe your goal and your current situation as follows.
You want to retrieve new refresh token from the current client ID and client secret.
Your client ID and client secret are the valid values.
In this case, in order to retrieve new refresh token, it is required to use the additinal 2 parameters of scope and redirect_uri. These parameters can be confirmed at your created client ID of "OAuth 2.0 Client IDs" of "Credensials" tab in the Google Cloud Platform. When the parameters including client_id, client_secret, scope and redirect_uri are used, new refresh token can be retrieved. The flow for this is as follows.
1. Retrieve authorization code.
Please create the following endpoint using client_id, redirect_uri and scope.
https://accounts.google.com/o/oauth2/auth?client_id={your client ID}&redirect_uri={your redirect uri}&scope={your scopes}&response_type=code&approval_prompt=force&access_type=offline
When you created above endpoint, please access it to your browser. By this, the login screen is opened. When you logged in to Google account, the authorization screen is opened. When you permit the scopes, the authorization code can be retrieved.
When your credential is for the web application, you can retrieve the code at the URL on the browser like http://{your redirect uri}/?code={the authorization code}&scope={your scopes}.
Please copy the code.
2. Retrieve refresh token.
Using the retrieved authorization code, you can retrieve new refresh token. The sample curl command for this is as follows.
curl \
-d "client_id={your client ID}" \
-d "client_secret={your client secret}" \
-d "redirect_uri={your redirect uri}" \
-d "grant_type=authorization_code" \
-d "code={retrieved your authorization code}" \
"https://www.googleapis.com/oauth2/v4/token"
When above curl command is run, the following result is obtained.
{
"access_token": "###",
"expires_in": 3600,
"refresh_token": "###",
"scope": "{your scopes}",
"token_type": "Bearer"
}
Reference:
Using OAuth 2.0 to Access Google APIs
I want to make app based on youtube channel. I have google access token but I don't know how to call youtube api with my access token or how to pass parameters.
This is my code:
NSString *newURL = [NSString stringWithFormat:#"googleapis.com/youtube/v3/…;, idToken];
As discussed in Calling the YouTube Data API, after obtaining an access token for a user, your application can use that token to submit authorized API requests on that user's behalf. The following are the two supported ways to specify an access token.
This first option provides greater security and is the recommended approach. Specify the access token as the value of the Authorization: Bearer HTTP request header:
`POST /feeds/api/users/default/uploads HTTP/1.1
Host: gdata.youtube.com
Authorization: Bearer ACCESS_TOKEN
...`
You can test this using cURL with the following command:
curl -H "Authorization: Bearer ACCESS_TOKEN" gdata.youtube.com/feeds/api/users/default/uploads
Specify the access token as the value of the access_token query parameter:
https://gdata.youtube.com/feeds/api/users/default/uploads?access_token=ACCESS_TOKEN
You can test this using cURL with the following command:
curl gdata.youtube.com/feeds/api/users/default/uploads?access_token=YOUR_ACCESS_TOKEN