I used OAuth 2.0 Client Credentials Flow (2-Legged) to get access token and I followed each step as described in https://developer.linkedin.com/docs/v2/oauth2-client-credentials-flow.
But when I send the API request to get access token I received following response
{
"error": "access_denied",
"error_description": "This application is not allowed to create application tokens"
}
https://medium.com/#ellesmuse/how-to-get-a-linkedin-access-token-a53f9b62f0ce
you may check this way to get linkedin access token
Related
I am using the twitch api just to test it out to fetch the top games
I get my app access token after making an app by passing in a POST to:
https://id.twitch.tv/oauth2/token?client_id=<my client id>&client_secret=<my generated secret>&grant_type=client_credentials
I then take the access token (token_type: bearer) to the actual data fetching API and do a GET request on postman to
https://api.twitch.tv/helix/games/top?Authorization=Bearer <access token form above>&client-id=<client-ID>
This is my output:
{
"error": "Unauthorized",
"status": 401,
"message": "OAuth token is missing"
}
I have tried this with and without the client ID. The documentation here says that it can take an OAuth token or an app access token as the authorization parameter.
What gives?
The ClientID and Authorization items are headers not query string parameters
So in postman you have provided them in the wrong place
I am using laravel 8.40 and passport 10.3. I want to generate token without authorization. for that I have followed the laravel passport documentation. But when I try to generate token using the following sippent
grant_type:password
client_id:959f0346-0848-4aca-af63-ed77daba2561
client_secret:lLSI6Yg4RRh5ZaH00fAaVhcU9C5Zd8ITfe9XTO8H
username:admin#test.com
password:password
scope:*
though my credentials are correct I test on my web guard, I am getting this response
{
"error": "invalid_grant",
"error_description": "The user credentials were incorrect.",
"message": "The user credentials were incorrect."
}
Just replace
"grant_type":password
to
"grant_type":client_credentials
I have an G-Suite Account..I have created a project in developer console. In that i have chosen the Oauth client Id credential for Application Type (Others). I have received client secret and Client ID..... Using this i have tried the sample mvc https://developers.google.com/drive/v3/web/quickstart/dotnet I have received the token with Below information
1.access_token
2.Experiences
3.refresh_token
4.Token_Type and so on…
I cant find any user related information (eg: UserId) in the token for Authenticate in our application (used tokeninfo api to validate token). I get below response
{
"issued_to": "123456789234.apps.googleusercontent.com",
"audience": "123456789234.apps.googleusercontent.com",
"scope": "https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.user.readonly",
"expires_in": 3520,
"access_type": "online"
}
How to get userid in access_token?
If you are try to get their user information you have to add https://www.googleapis.com/auth/userinfo.profile in your scopes.
View your basic profile info
Here is some additional reference:
How to get user email from google plus oauth
How to identify a Google OAuth2 user?
Hope this helps.
We are using App Service Authentication to protect a web API and using Google as authentication provider. It works as expected when we fire a request from a browser (when the session information is in the cookie)
IIS log:
2016-05-29T13:51:19 PID[3600] Verbose Received request: GET
https://XXXXXX.azurewebsites.net/api/user 2016-05-29T13:51:19
PID[3600] Verbose Found 'AppServiceAuthSession' cookie for site
'XXXXXX.azurewebsites.net'. Length: 728. 2016-05-29T13:51:19
PID[3600] Verbose Authenticated XXXXXX#gmail.com successfully
using 'Session Cookie' authentication.
But when we use API testing tool such as Postman and set the Authorization header with bearer token, it always results in redirection.
IIS log:
2016-05-29T13:53:38 PID[3600] Verbose Received request: POST
https://XXXXX.azurewebsites.net/api/user 2016-05-29T13:53:38
PID[3600] Information Redirecting:
https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=XXXXXXX-XXXXX7attpunn9smo4.apps.googleusercontent.com&redirect_uri=https%3A%2F%2FXXXXXX.azurewebsites.net%2F.auth%2Flogin%2Fgoogle%2Fcallback&scope=openid+profile+email&state=nonce%3De5f4aabe11cb4544bf18d00920940d47_20160529135838%26redir%3D%2Fapi%2Fuser
We also tried to set X-ZUMO-AUTH header with the same bearer token, we see error as the token is not in expected format. Apparently it expects encoded JWT token.
IIS log:
016-05-29T13:51:52 PID[3600] Verbose Received request: POST
https://XXXXXX.azurewebsites.net/api/user 2016-05-29T13:51:52
PID[3600] Warning JWT validation failed: IDX10708:
'System.IdentityModel.Tokens.JwtSecurityTokenHandler' cannot read this
string: 'Bearer
ya29.XXXXXXXXXX_RDrX_zsuvMx49e_9QS5ECz9F1yhDHe5j4H9gRN6opkjLXvN1IJZjHXa_Q'.
The string needs to be in compact JSON format, which is of the form:
'..'.. 2016-05-29T13:51:52 PID[3600]
Information Redirecting:
https://accounts.google.com/o/oauth2/v2/auth?response_type=code&client_id=XXXXXXX-k5nj6dkf987attpunn9smo4.apps.googleusercontent.com&redirect_uri=https%3A%2F%2FXXXXXX.azurewebsites.net%2F.auth%2Flogin%2Fgoogle%2Fcallback&scope=openid+profile+email&state=nonce%3De15b0915406142378XXXXX_20160529135652%26redir%3D%2Fapi%2Fuser
Note:
Bearer token obtained from Google is valid as we can verify the detail by making call to
https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=[token]
Please suggest.
The Google token you're using is an access token, not a bearer token. It can be used to access Google resources but cannot be used to authenticate with your Web API.
I wasn't able to find good documentation on this, but I can tell you it works here instead:
In your client app, you must obtain an id_token and an authorization code from Google. You normally get this when the user logs in using the Google OpenID Connect login. I assume you already know how to do this since you already know how to get the access token.
Send a POST request to https://{hostname}/.auth/login/google with a JSON payload that looks like {"authorization_code":"<code>", "id_token":"<id_token>"}.
A successful login response will contain a JSON payload that contains an authenticationToken field. Cache this token.
You can use the authentication token from #3 to make authenticated calls to your web API. Put it in the x-zumo-auth HTTP request header.
Turn on Authentication / Authorization from App Service Portal
Browse to the web app or API that requires authentication, you will be redirected to google login page, when you authenticate successfully, the response will contain:
"id_token": this token can be extracted from the response, or by accessing the Token Store /.auth/me
"redirect_uri" this token will be included in the response body, also you can just set it statically in the following step since this is the callback URL and it shouldn't change unless you change it from the google console
POST a request to https://{hostname}/.auth/login/google with the following JSON payload, {"redirect_uri":"", "id_token":""}. a successful response will contain "authenticationToken" store this token or cache it
Subsequent requests to the APIs that requires authentication should contain an HTTP request header:
"x-zumo-auth" with the value of "authenitcationToken"
Bonus:
In order to verify your token you can POST to https://{hostname}/.auth/login/google with the following JSON pay load {"id_token":""}, the response should specify if the token is valid or not
Getting auth token from uber is a two step process.
Please refer Uber Auth API
Ask the uber user to authorize : call GET https://login.uber.com/oauth/v2/authorize?response_type=code&client_id={client_id}&redirect_uri={redirect_uri}
Provide your client_id and redirect_uri specific to your website. If the authorization is successful, you will be redirected to your site with the code in the query parameter.
The the code you get in step 1 to retrieve auth token.
Send an HTTP POST request to https://login.uber.com/oauth/v2/token. Following should be the json you send to server:
{
"client_secret": "{client_secret}",
"client_id": "{client_id}",
"grant_type": "{authorization_code}",
"redirect_uri": "{redirect_uri}",
"code": "{insert authorization code obtained in previous step}"
}
In the step two I always get a error 400 with "invalid grant type" message. Please suggest where am I going wrong.
You need to send the parameter as form-data, not JSON. Take a look at the curl example in section 3 here: https://developer.uber.com/docs/authentication
The authorization and authentication documentation doesn't mention anything about JSON, therefore application/x-www-form-urlencoded media type is to be used to send the HTTP POST request to the /oauth/v2/token API endpoint