how to refresh google access token with refresh token without SSL? - authentication

I have faced a problem to refresh google access token on server side.
RestTemplate restTemplate = new RestTemplate();
MultiValueMap<String, String> params = new LinkedMultiValueMap();
params.add("client_id", clientSecrets.getDetails().getClientId());
params.add("client_secret", clientSecrets.getDetails().getClientSecret());
params.add("refresh_token", this.refreshToken);
params.add("grant_type", "refresh_token");
String result = restTemplate.postForObject(requestUrl, params, String.class);
Response I got from google authentication server is just 403 status code.
and message is like this
{"error":"internal_failure","error_description":"SSL is required to perform this operation."}
Is that compulsory to use SSL on my server just in order to refresh access token ?
It's been tested on my local server and does not attach any SSL to it.
References for this code is from below URL.
https://developers.google.com/identity/protocols/OAuth2WebServer#offline

I solved this issue by adding 'https' protocol instead of 'http' protocol for google api
I had called like
http://www.googleapis.com/oauth2/v4/token
but for SSL call
https://www.googleapis.com/oauth2/v4/token
is required to refresh access token

Related

I want to use MsGraph in B2C, but I get a corrs error when getting an access token

I have an SPA that uses B2C as its certification.
not AD, im using B2C.
Now I want to display user information on the SPA,
so I want to use MsGraphAPI to get data from B2C.
Therefore, we are trying to obtain an access token using credential flow.
The code is as follows
requestUri = "https://login.microsoftonline.com/{tenandId}/oauth2/v2.0/token";
var params = new URLSearchParams();
params.append("grant_type","client_credentials");
params.append("client_id","XXXX");
params.append("client_secret","ZZZZ");
params.append("scope","https://graph.microsoft.com/.default");
const response = fetch(requestUri, {
method:"POST",
body:params
});
At this time, the developer tool shows a corrs error.
The following error.
access to fetch "https://login.microsoftonline.com/{tenandId}/oauth2/v2.0/token" from origin "http://localhost:3000" has been blocked by CORS policy.
How can I resolve this?
SPA is available at http://localhost:3000.
Is the localhost no good?
The purpose of authenticating is to get user information. You can insert any attribute into the token, and then parse the id_token to display the users profile information in your application. Calling MS Graph API for this seems counter intuitive.
Next, you shouldnt be using client_credentials in your SPA, those are secret credentails, and should only be used by your server. By exposing those credentials in your SPA, any user could extract them and use them to read your entire directroy store. This is why you are getting a CORS error, it's never supposed to be running on the client browser.

Getting back 401 from Dynamics 365 despite being issued valid token

I am attempting to rewrite a client app that currently connects to Dynamics 365 using JavaScript
let URL = "https://<company-name>.operations.dynamics.com/data/FinancialDimensionValues?cross-company=true";
let body = '';
var headers = {'Content-Type':'application/json'};
let response = ai.https.authorizedRequest(URL, 'GET', body, headers);
Currently this JavaScript application works and gets back JSON data. I am attempting to rewrite this application using C#. I am first starting with Postman to make sure I have all the authentication steps in place before moving on the writing the C# code.
Using Postman I am able to successfully obtain a JWT token using the "Client Credentials" flow where I pass the Client ID and the Client Secret to the Access Token Request URL. However, when trying to access an API endpoint within Dynamics 365 I receive back an HTTP 401 even though I am passing the JWT access token properly.
Here is the Access Token Request URL:
https://login.microsoftonline.com/722b0db7-9629-4304-92a0-dfb4a1debe62/oauth2/token?resource=https://<company-domain-here>.dynamics.com
I am thinking that I must be authenticating properly or I would not get back a valid access token. Also since the JavaScript application already in place works without issue I am assuming that Dynamics 365 is provisioned properly to allow API access.
What I am trying to figure out is what I might be doing wrong within Postman that results in my receiving a 401? What could be different between the working JavaScript request and what I am sending via Postman?
Issue is finally solved.
As mentioned follow the documentation mentioned.
If you face 401 Error, here is the last trick.
In postman Under Authorization--> Add authorization data to--> select Request Headers.
Now fire the query you shall have the 200 ok.
Ref Article which helped me figure it out.

Qliksense REST Connector error: BAD_AUTH_CODE

I am trying QlikSense REST connector for connecting HubSpot's API. Following are the parameters I am using in REST connector as per HubSpot's documentation to generate access token:
method: POST
URL: https://api.hubapi.com/oauth/v1/token
authentication schema: Basic
skip server certificate validation: checked
:: query parameters ::
grant_type = authorization_code
client_id = xxxxxxxxxxxxxxxxxxxxxx
client_secret = xxxxxxxxxxxxxxxxxxxx
redirect_uri = https://www.example.com/
code = xxxxxxxxxxxxxxxxxxxxxxxx (this is the same code i got after authorizing the access to my app using this [https://app.hubspot.com/oauth/authorize?client_id=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx&scope=contacts%20automation&redirect_uri=https://www.example.com/] )
Content-Type = application/x-www-form-urlencoded;charset=utf-8
Now here's what the problem is :
When I use a totally refreshed code = xxxxxxxxxxxxxxxxxxxxxxxx for the first time and hit Test Connection on Qliksense REST window dialogue, I get connection successful but when I try to save that connection I get the following error
Now from this error, at first I thought maybe my auth_code has expired but when I do the same exercise again (getting a refresh AUTH_CODE), it (QlikSense) does the same thing i.e. at first tell me connection is successful and when I try to save it I again bump into the BAD_AUTH_CODE or error 400 (Bad Request).
F.Y.I. I have tested the API with the same parameters and setting in Postman, works like a charm but not here in QlikSense.
Any idea what's going on in here? I am sure it's not HubSpot it's something to do with the REST connector.
query parameters like "Content-Type" should be headers not query
Once you get the Access Token it should be passed to the API as a Header, not a parameter, as 'Authorization': 'Bearer {ACCESS_TOKEN}'

Okta: Failed to get authorization code through API call

I'm integrating Okta to my own IdP server by using Okta's API.
I'm implementing the Authorization code flow by following the steps below:
In my own server, use the /api/v1/authn endpoint to get the sessionToken.
Use the sessionToken to obtain the authorization by calling this endpoint: /oauth2/v1/authorize?client_id=" + clientId + "&sessionToken=" + sessionToken + "&response_type=code&response_mode=query&scope=openid&redirect_uri=" + redirectUrl + "&state=evanyang&nonce="
It's supposed to return a response with status code 302 and with the Location header containing the redirect url as well as the code value.
However, I keep getting a response with status code 200 and without the Location header, with a html body saying "You are using an unsupported browser." and "Javascript is disabled on your browser."
According to the API documentation: http://developer.okta.com/docs/api/resources/oidc.html#authentication-request, the sessionToken parameter is sufficient to do this: An Okta one-time sessionToken. This allows an API-based user login flow (rather than Okta login UI).
Am I missing any extra requirement for getting the authorization code through API? Please help.
Thanks in Advance :)
The Authorization Code grant type and the Authorization endpoint in there are meant to be access through a browser, not a non-browser client.
This issue is caused by obtaining session id between obtaining session token and authorization code. Once the session token is used to get session id, it becomes invalid, which means it cannot be used to get authorization code anymore.
According to Okta, the Authorization Code grant type and the Authorization endpoint and be used through a API-based web app too, as long as the session token is provided in the request: http://developer.okta.com/docs/api/resources/oidc.html#authentication-request. In fact, one can use this script(https://github.com/SohaibAjmal/Okta-OpenId-Scripts) to finish the flow.

https://api.dropbox.com/1/account/info generating an Invalid OAuth request

Got my tokens and can call the core API, but when I call
https://api.dropbox.com/1/account/info
I get a
{"error": "Invalid OAuth request."}
According to the documentation (https://www.dropbox.com/developers/core/docs#account-info) there are no parameters except the locale, only the GET, which is suspicious.
The use-case I am exercising validates if the access token wasn't revoked by checking the current user's account info.
I am accessing the core-api via HTTP and not via the libraries provided (Python, Ruby, PHP, ...)
You have to add your access token in your url connection by setting the authorization header with your token.
System.out.println("accesstoken:" + access_token);
String token="Bearer ";
token+=access_token;
if (access_token != null) {
URL url = new URL(
"https://api.dropbox.com/1/account/info?locale=English");
connection = (HttpURLConnection) url.openConnection();
This works for me.