How to find API endpoints that accept oauth2 tokens - api

I have an angular 6 application which makes requests to various oauth2 providers. I’ve managed to successfully request access tokens from these providers using the implicit grant type (will be working on authorization code soon). Now I’m trying to find a list of API endpoints that I can test the access tokens with. For example, requesting user profile information from Google.
So far, I’ve been able to get access tokens from the following providers:
Google (https://accounts.google.com)
Anilist (http://anilist.co)
OneDrive (https://login.live.com)
DropBox (https://www.dropbox.com)
Does anyone know any publicly accessible API endpoints for any of the above (or any other oauth2 provider) that I can test with?
Thanks

Here is how you can answer your question for Google.
You first connect to the Google API explorer web application: https://developers.google.com/apis-explorer/#p/
This web page helps you browse the many Google APIs. So, search for an API named API Discovery Service. It will answer an API that provides information about other Google APIs, such as what APIs are available, the resource, and method details for each API.
Therefore, to get a list of every APIs, you can call the list entry point of this API Discovery Service here: https://www.googleapis.com/discovery/v1/apis?preferred=true
Here is the beginning of the result:
{
"kind": "discovery#directoryList",
"discoveryVersion": "v1",
"items": [
{
"kind": "discovery#directoryItem",
"id": "abusiveexperiencereport:v1",
"name": "abusiveexperiencereport",
"version": "v1",
"title": "Abusive Experience Report API",
"description": "Views Abusive Experience Report data, and gets a list of sites that have a significant number of abusive experiences.",
"discoveryRestUrl": "https://abusiveexperiencereport.googleapis.com/$discovery/rest?version=v1",
"icons": {
"x16": "https://www.gstatic.com/images/branding/product/1x/googleg_16dp.png",
"x32": "https://www.gstatic.com/images/branding/product/1x/googleg_32dp.png"
},
"documentationLink": "https://developers.google.com/abusive-experience-report/",
"preferred": true
},
[...]
On each of those APIs listed by the previous call, the discoveryRestUrl field gives you an URL on which you can get informations like the entrypoint of the corresponding API.
For instance, you can find that the GMail API is described here: https://www.googleapis.com/discovery/v1/apis/gmail/v1/rest
In the output, extract the OAuth2 part from the auth entry to get the scopes:
"auth": {
"oauth2": {
"scopes": {
"https://mail.google.com/": {
"description": "Read, compose, send, and permanently delete all your email from Gmail"
},
"https://www.googleapis.com/auth/gmail.compose": {
"description": "Manage drafts and send emails"
},
"https://www.googleapis.com/auth/gmail.insert": {
"description": "Insert mail into your mailbox"
},
"https://www.googleapis.com/auth/gmail.labels": {
"description": "Manage mailbox labels"
},
"https://www.googleapis.com/auth/gmail.metadata": {
"description": "View your email message metadata such as labels and headers, but not the email body"
},
"https://www.googleapis.com/auth/gmail.modify": {
"description": "View and modify but not delete your email"
},
"https://www.googleapis.com/auth/gmail.readonly": {
"description": "View your email messages and settings"
},
"https://www.googleapis.com/auth/gmail.send": {
"description": "Send email on your behalf"
},
"https://www.googleapis.com/auth/gmail.settings.basic": {
"description": "Manage your basic mail settings"
},
"https://www.googleapis.com/auth/gmail.settings.sharing": {
"description": "Manage your sensitive mail settings, including who can manage your mail"
}
}
}
},
In the description, you will also find the endpoint for the GMail API : https://www.googleapis.com/gmail/v1/users/
Finally, you can access this API by means of OAuth2.
NOTE: every scopes associated with one or several APIs are listed here: https://developers.google.com/identity/protocols/googlescopes

Related

Rest API for Authentication with nHost

So I know there's several SDK packages for many languages available for nHost, however I need to create my own interface to the system since the language I'll be using isn't typical.
I basically just need to know how to interact with authentication endpoints, send a users un/pw and recieve a JWT token. I've been successfully able to do this with aws Cognito, but I'd like to explore this instead.
I'm also not sure if I'm using the right base url, here's my thought so far:
https://kbvlufgpikkxbfkzkbeg.nhost.run/auth/login
So I would POST to there with some json in the body with the un/pw stuff, and the response should be the jwt token right?
I get a "resource does not exist" response from the above, however, so obviously I'm not forming the url correctly in the first place.
Thanks for the help!
Nhost supports multiple sign-on methods.
For example, using the email+password method, you would send:
POST https://xxxxxxxxxxxxx.nhost.run/v1/auth/signin/email-password
{"email":"foo#example.com","password":"bar"}
and the response:
{
"session": {
"accessToken": "somejwt....",
"accessTokenExpiresIn": 900,
"refreshToken": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"user": {
"id": "xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
"createdAt": "2022-09-17T19:13:15.440221+00:00",
"displayName": "foo#example.com",
"avatarUrl": "",
"locale": "en",
"email": "foo#example.com",
"isAnonymous": false,
"defaultRole": "user",
"metadata": {},
"emailVerified": true,
"phoneNumber": null,
"phoneNumberVerified": false,
"activeMfaType": null,
"roles": [
"user",
"me"
]
}
},
"mfa": null
}
The JWT is short-term, when it expires, the refresh token is used to get a new one.
The Nhost JavaScript SDK handles it automatically for you, that's a big benefit to the platform (in addition to being integrated with Hasura). If you are trying to port it to another unsupported language, you'd have to reimplement it. Probably by reading the library and/or running one of their sample client application and reverse-engineering the HTTP over the wire.

What are these media providers in whatsapp apis?

I have setup a two way communication between business account and customer using whatsapp business apis. I am having trouble understanding media providers that there documentation talks about for sending text message to customer with image/media.
Heres the link to it: https://developers.facebook.com/docs/whatsapp/api/settings/media-providers/
Who are these providers? are they some specified organisation?
I am currently storing the media files in AWS S3 using some pre-signed url method. Can I use media stored in S3 in whatsapp media message?.
An example would be great help.
According to the Whatsapp API media messages documentation, there are two ways of sending an image outbound message:
Send the image by its Media ID
Send the image by its URL
When choosing 2, sending it by its URL, sometimes you may need to setup a Media Provider settings if the images URL you reference is not directly accessible and requires a username/password authentication or even a bearer token. (check https://developers.facebook.com/docs/whatsapp/api/messages).
Sending images by Media ID
To send it by ID, you need first to upload the image file using the POST /v1/media endpoint. That will return the Media-ID (e.g: 456) that you should use to compose the message object on the POST /v1/messages/ endpoint, like this:
{
"to": "1234567",
"type": "image",
"recipient_type": "individual",
"image": {
"caption": "The image caption",
"id": "456"
}
}
Sending images by URL
When sending it by URL, you can simply inform the URL of a image file (e.g.: http://yourcompany.com/images/your_image.png) on the link field of the POST /v1/messages/ endpoint, just like this:
{
"to": "1234567",
"type": "image",
"recipient_type": "individual",
"image": {
"caption": "The image caption",
"link": "http://yourcompany.com/images/your_image.png"
}
}
What if the URL http://yourcompany.com/images/your_image.png is behind some authentication on the server? (username/password ou maybe a bearer token). Then you need first to setup a Media Provider with such credentials, using the POST /v1/settings/application/media/providers endpoint, like this:
[{
"name": "yourcompany-images",
"type": "www",
"config": {
"basic": {
"username": "the-username",
"password": "the-password"
}
}
}
]
Once you have this set up on your API, then you are able to reference this Media Provider by its name on the POST /v1/messages/ endpoint, like this:
{
"to": "1234567",
"type": "image",
"recipient_type": "individual",
"image": {
"caption": "The image caption",
"link": "http://yourcompany.com/images/your_image.png"
"provider": {
"name" : "yourcompany-images"
}
}
}
Using S3 pre-signed URLs as image links
You have to consider that pre-signed URLs are temporary links that will expire after a while. It can work when everything is fine with you Whatsapp API Client and the message is promptly received by the recipient. But if something goes wrong on this chain, maybe the Whatsapp API will try to download the image again later. So keep this in mind and try to create pre-signed URLs with long expiration time (maybe a 7 day expiration link using IAM User as explained here).

How to config Cognito to get Facebook Login to pass back picture url included?

Recently I had configure to use amplify with #aws-amplify/ui-react library to login Federated users.
Once login, for google user, I would get payload like
{
"id": "",
"email": "",
"name": "",
"picture": "",
"token": ""
}
Yet for facebbook user, I get similar stuff but no picture info
{
"id": "",
"email": "",
"name": "",
"token": ""
}
I had tried to update config in my Cognito for Facebook provider. However, this failed to get picture info for me.
Is it possible to make amplify's federated login through Facebook to pass me back picture info as well? I know I could just call another Facebook api to retrieve picture, but I wish this could be avoided, since Google login would return picture info automatically.
P.S.
Here's my Facebook identity providers config:
PPS.
Here's my recent Cognito attribute mapping config:
For Facebook:
and in CognitoUserSession's idToken's payload:
the picture field would include a JSON object about profile picture's information
For Google, much simpler:
and the payload:
the picture field is simply the image link
Assuming you're requesting public_profile, use "picture" from Facebook Attribute is actually correct, I do face similar problems that I couldn't receive it until i delete the userpool, and creating a new one.
The value you will get from picture should be something like this
{
"data": {
"height": 50,
"is_silhouette": false,
"url": "https://platform-lookaside.fbsbx.com/platform/profilepic/?etcetcetcetc",
"width": 50
}
}

Foursquare API Error 403 - User not authorized to edit venue

We are trying to update details information for serveral Venues in behalf of our clients/users by using Foursquare API.
It works pretty well for most of the clients, and we are using their own personal oauth credentials most of the time.
BTW, we have a lot of problems with some clients/accounts, because we are getting this error when trying to update the venues:
{
"meta": {
"code": 403,
"errorType": "not_authorized",
"errorDetail": "User not authorized to edit venue",
"requestId": "59bba14e351e3d0e31fcf9f1"
},
"notifications": [
{
"type": "notificationTray",
"item": {
"unreadCount": 0
}
}
],
"response": {}
We’ve checked the API limits and everything it’s correct. We’ve also checked the account Oauth token several times and it’s correct. Even we are using the 'venues/managed’ endpoint to ensure that the given Oauth credential can manage the given Venue and everything looks fine.
Any idea about what's happening?

Accessing a cloud hub API

https://anypoint.mulesoft.com/apiplatform/anypoint-platform/#/portals/organizations/68ef9520-24e9-4cf2-b2f5-620025690913/apis/8617/versions/40329/pages/35412
/applications/{domain}/logs Traits: environment_based
Retrieve log messages for the application, ordered newest to oldest.
I am trying to access this api but am unable to relate what client id does it ask. Also I am unable to relate to oauth authentication this needs.
I am new to mule.
i am sharing the steps by step instructions to access the details of apps from api.
Step 1 : Get the access token from the Api
https://anypoint.mulesoft.com/accounts/login?username=YOUR_USERNAME&password=YOUR_PASSWORD
NOTE : Use POST method and add Header Content-Type=application/json
You will get response in JSON format like below
{
"access_token": "44126898-7ed8-4453-8d28-skajnbf",
"token_type": "bearer",
"redirectUrl": "/home/"
}
Step 2: Get your organization id
https://anypoint.mulesoft.com/accounts/api/me
NOTE : Use GET method and add below Headers
Content-Type = application/json
Authorization = Bearer ACCESS_TOKE_YOU_GOT_ABOVE
Example : Authorization = Bearer 44126898-7ed8-4453-8d28-skajnbf
In the response you will have a section where you will get you organization related details like below
"organization": {
"name": "Sample",
"id": "c1e68d1e-797d-47a5-b",
"createdAt": "2016-11-29T09:45:27.903Z",
"updatedAt": "2016-11-29T09:45:27.932Z",
"ownerId": "68df9a5",
"clientId": "7200350999564690",
"domain": "******",
"idprovider_id": "mulesoft",
"isFederated": false,
"parentOrganizationIds": [],
"subOrganizationIds": [],
"tenantOrganizationIds": [],
"isMaster": true,
"subscription": {
"type": "Trial",
"expiration": "2016-12-29T09:45:27.906Z"
},
Step 3: Get the environment Details
https://anypoint.mulesoft.com/accounts/api/organizations/YOUR_ORGANIZATION_ID_FROM_ABOVE/environments
NOTE : Use GET method and add below Headers
Content-Type = application/json
Authorization = Bearer ACCESS_TOKE_YOU_GOT_ABOVE
Example : https://anypoint.mulesoft.com/accounts/api/organizations/c1e68d1e-797d-47a5-b/environments
You will get all available environments in the response in JSON format as below
{
"data": [
{
"id": "042c933d-82ec-453c-99b2-asmbd",
"name": "Production",
"organizationId": "c1e68d1e-797d-47a5-b726-77asd",
"isProduction": true
}
],
"total": 1
}
Step 4: Now specify the domain name and fetch the logs
https://anypoint.mulesoft.com/cloudhub/api/v2/applications/YOUR_CLOUDHUB_APP_NAME/logs
Example : https://anypoint.mulesoft.com/cloudhub/api/v2/applications/first-test-api-application/logs
NOTE : Use GET method and add below Headers
Content-Type = application/json
Authorization = Bearer ACCESS_TOKE_YOU_GOT_ABOVE
X-ANYPNT-ENV-ID = ENVIRONMENT_ID_YOU_GOT_ABOVE
Example : X-ANYPNT-ENV-ID = 042c933d-82ec-453c-99b2-asmbd
You will get the logs in JSON format as below
{
"data": [
{
"loggerName": "Platform",
"threadName": "system",
"timestamp": 1480503796819,
"message": "Deploying application to 1 workers.",
"priority": "SYSTEM",
"instanceId": "583eb1f1c4b27"
},
{
"loggerName": "Platform",
"threadName": "system",
"timestamp": 1480503797404,
"message": "Provisioning CloudHub worker...",
"priority": "SYSTEM",
"instanceId": "583eb1f1e4b27"
}
],
"total": 2
}
NOTE : FOR ENHANCED LOGGING YOU SHOULD SELECT APPROPRIATE DEPLOYMENT AND INSTANCE IDs TO GET LOGS IN SIMILAR MANNER
Hope this Helps for Beginners
To see the clientID. Log into your CloudHub account. Click on the "gear" icon in the upper right corner. Click on the name of your organisation. you should now see your "clientID" and the "ClientSecret" ID.
Before you use the CloudHub APIs or the Anypoint platform APIs you have to create an account on the Anypoint Platform - Check the architecture of the Anypoint API platform #
https://docs.mulesoft.com/anypoint-platform-for-apis/anypoint-platform-for-apis-system-architecture
Once your are done with the registration with the Anypoint API platform you need to set up users, roles & privileges as an admin -
https://docs.mulesoft.com/anypoint-platform-administration/managing-accounts-roles-and-permissions
As admin you need to control access to APIs by creating & supplying client Id and client Secret - https://docs.mulesoft.com/anypoint-platform-administration/manage-your-organization-and-business-groups
I guess that's the client you referring to. It needs to be present in the request for all the APIs.
As far as OAuth is concerned, it is not completely functional on Cloudhub API. You will have to raise a ticket for support. Check this out -
https://docs.mulesoft.com/mule-user-guide/v/3.7/mule-secure-token-service
If you are new to Mule, run through the Mule Intro videos and try out the Anypoint Studio to get feel of Mulesoft Applications.
Hope this helps.