How to obtain authorization token for skype bot apis? - api

I want to create a skype bot and am referring to https://developer.microsoft.com/en-us/skype/bots/docs/api/chat , for authorization the doc refers to https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-code/ but it is unclear about the scope to be mentioned for using skype bot apis.
So can anybody tell me how to obtain authorization token for making skype bot rest api calls.

try this
curl -X POST -H "Cache-Control: no-cache" -H "Content-Type: application/x-www-form-urlencoded" -d 'client_id=<your-app-id>&client_secret=<your-app-secret>&grant_type=client_credentials&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default' 'https://login.microsoftonline.com/common/oauth2/v2.0/token'

I'm trying to try token access to the skype bot.
I have also tried the above mentioned cURL function in "POSTMAN" but I have this return message:
{
"error": "invalid_request",
"error_description": "AADSTS90014: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: 53dcaec0-...\r\nCorrelation ID: d6d650ec...\r\nTimestamp: 2018-01-15 09:53:04Z",
"error_codes": [
90014
],
"timestamp": "2018-01-15 09:53:04Z",
"trace_id": "53dcaec0-...",
"correlation_id": "d6d650ec-..."
}
The following is a header and body structure in POSTMAN:
HEADER
Content_type: application/x-www-url-form-urlencoded
Cache-Control: no-cache
BODY
client_id=&client_secret=&grant_type=client_credentials&scope=https%3A%2F%2Fgraph.microsoft.com%2F.default
In BODY I replace the fields client_id and client_secret with the correct codes provided during registration.
Thanks to the availability...

Related

Getting 403 Forbidden Error While Accessing Google Chrome Web Store API

We have a chrome extension in Google web store under my Google user id and I want to give API access to my colleagues (in the same organization). I am following this guide but it is not allowing me to access API. Here is exactly what I did
Created a Google Cloud console project using the email id that is
used to access the chrome store
Enabled Google Chrome Web Store API
Generated Oauth credentials as described in the link
Added my colleagues email address as test users under Oauth Consent section
Generated the "code" as described in the link using Colleague's Google ID
Successfully got the token by sending the curl request as described in the instructions above
Sent a curl API GET request using the token as shown below
curl \
-H "Authorization: $TOKEN" \
-H "x-goog-api-version: 2" \
-H "Content-Length: 0" \
-H "Expect:" \
-X GET \
-v \
https://www.googleapis.com/chromewebstore/v1.1/items/ITEM_ID?projection=DRAFT
The response I get is this
{
"error": {
"code": 403,
"message": "Forbidden",
"errors": [
{
"message": "Forbidden",
"domain": "global",
"reason": "forbidden"
}
]
}
}
Any idea on what I am missing here?
https://www.googleapis.com/chromewebstore/v1.1/items/ITEM_ID?projection=DRAFT
The Authorization header is missing the token type: Bearer
-H "Authorization: Bearer $TOKEN"

Keycloak - 500 Internal Server Error- when validating a token generated by a confidential client

In the Keycloak server, we created a client that has an Access Type of confidential.
By calling /protocol/openid-connect/token endpoint with the client_id and the client_secret, we got the access_token, which was supposed to authenticate the application (client) in question in the follow-up requests.
Even though the token is valid (which I double-checked by calling the introspect endpoint), I am getting a 500 Error from the server for any request that has this access_token
So in short:
Calling this endpoint <base_url>/auth/realms/<realm>/protocol/openid-connect/token gives an access_token
Provided data: client_id,client_secret, grant_type: "client_credentials"
Calling <base_url>/auth/realms/<realm>/protocol/openid-connect/userinfo gives 500Internal Server Error
{
"error": "unknown_error"
}
Any insights on what the issue could be?
This should be fixed in Keycloak 13.0.0.
See this commit: https://github.com/keycloak/keycloak/commit/056b52fbbe5af06aab957d37405215f1f4ed6ecd
It is not quite clear from the question how you are sending the token to the userInfo endpoint, Provided that the access token you have received is valid make sure that you are sending the token in the request header. Try the below curl command:-
curl
-X GET
-H "Authorization: Bearer <Access Token>"
-H "Content-type: application/json"
http://{hostname}/auth/realms/{realm_name}/protocol/openid-connect/userinfo

"INVALID" Service Account key on Google Cloud Platform

I use the GCP Text-to-Speech API to create greetings and interactive menus that are played to phone customers who call into businesses. I have successfully used the Text-to-Speech API in the past using this Google quick-start: Google Cloud Text-to-Speech
I used the same quick-start guide again for a new organization and project but I keep getting an invalid key error which I have been unable to debug.
Here are the commands I have used to invoke the service and the results:
# curl -X POST \
-H "Authorization: Bearer $(gcloud auth application-default print-access-token)”\
-H "Content-Type: application/json; charset=utf-8" \
-d #request.json \
https://texttospeech.googleapis.com/v1/text:synthesize > synthesize-output-base64.txt
{
"error": {
"code": 403,
"message": "The request is missing a valid API key.",
"status": "PERMISSION_DENIED"
}
}
I tried again with a different authentication header:
# curl -X POST \
-H "X-Goog-Api-Key:***my_API_key***.json" \
-H "Content-Type: application/json; charset=utf-8" \
-d #request.json \
https://texttospeech.googleapis.com/v1/text:synthesize > synthesize-output-base64.txt
{
"error": {
"code": 400,
"message": "API key not valid. Please pass a valid API key.",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.rpc.ErrorInfo",
"reason": "API_KEY_INVALID",
"domain": "googleapis.com",
"metadata": {
"service": "texttospeech.googleapis.com"
}
}
]
}
}
I have re-verified the following configurations:
The Text-to-Speech API is enabled for my project.
The credential (service account) I am attempting to use is listed with the Text-to-Speech API as compatible. I verified that that service account key is the key that was used in the attempted authentications.
I compared my configuration on GCP with another working configuration I manage for a different company. There are no differences I can see.
I compared my key and the other company's working key and they are identical except for the specific user data.
The billing account for the project is active with valid payment card in place.
These two links were helpful but did not clear up the problem:
Google Cloud Text-to-Speech API - permission error
Google Cloud Text to Speech INVALID API KEY
Any help on this issue would be very appreciated!
The solution to this problem is to install the Google Cloud SDK.
The CLI was missing so the returned output from gcloud auth application-default print-access-token was an error.
I enabled the Cloud Text-to-Speech API
I created a service account with Editor role.
Note: Ensure you have set the GOOGLE_APPLICATION_CREDENTIALS environment variable to your service account private key file path.
Save the request body in a file called request.json,
Execute the following command:
curl -X POST \
-H "Authorization: Bearer "$(gcloud auth application-default print-access-token) \
-H "Content-Type: application/json; charset=utf-8" \
-d #request.json \
https://texttospeech.googleapis.com/v1/text:synthesize
Response body
{
"audioContent": "//NExAARcrn0ABhEudAgAjuem7vohckY3IAFgWvxrBkAD//ARvqc/QhCZ/6EJO6E9Dvo2cjHPQhLfWQ/rTU7yEznsoGBn8hJz5xbQiOgEfwDzD1DVARLPlzGNXylbM8s//NExA0SCnoAAUIQAd8vlrM9DPR//6t5fpUpS
sk3MbzGUvMhqOpdSsjmcpeY2Zz ...................
}
Everything worked as expected

Auth0 unsupported_challenge_type error during 2-factor auth

I want to implement 2-factor sign up with auth0 (username / password and SMS code). I'm not using Lock widget, trying to implement sign-up based on auth0 API instead.
So, I have following steps now.
1 Sign up with
POST https://somedomain.eu.auth0.com/dbconnections/signup
{
"client_id":"MY_CLIENT_ID",
"client_secret":"MY_CLIENT_SECRET",
"connection": "Username-Password-Authentication",
"email": "sowhat#what.what",
"username": "sowhat",
"password": "sowhat#what.what",
"phone_number": "+38...56" // I have access to this number
}
Response is created user.
2 Attempt to login with username / password
POST https://somedomain.eu.auth0.com/oauth/token
{
"client_id":"MY_CLIENT_ID",
"client_secret":"MY_CLIENT_SECRET",
"audience":"http://localhost",
"email": "sowhat#what.what",
"username": "sowhat",
"password": "sowhat#what.what",
"grant_type":"password"
}
Response is mfa_required and mfa_token string.
3 Requesting mfa challenge
POST https://somedomain.eu.auth0.com/mfa/challenge
{
"client_id":"MY_CLIENT_ID",
"client_secret":"MY_CLIENT_SECRET",
"challenge_type": "oob otp",
"mfa_token": "MFA_TOKEN_FROM_PREVIOUS_STEP"
}
The response is
{
"error": "unsupported_challenge_type",
"error_description": "User is not enrolled with guardian"
}
So I don't really know how can I fix this one. I guess the reason is probably because phone_number is missing in user profile but I don't actually know how can I add it with Username-Password-Authentication connection.
It looks like you need to involve users in 'Guardian'.
Firstly you need enable Guardian Factory:
Just call this:
curl -H "Authorization: Bearer %your_token%" -X PUT -H "Content-Type: application/json" -d '{"enabled":true}' "https://%your_domain%/api/v2/guardian/factors/sms"
And now we can involve users in Guardian:
Create ticket:
curl -H "Authorization: Bearer %your_token%" -X POST -H "Content-Type: application/json" -d '{"user_id":"%user_id%"}' "https://%your_domain%/api/v2/guardian/enrollments/ticket"
Follow ticket_url in response
Put phone number into
opened form
Waiting for otp on you device
Put otp into early opened form.
After those steps user will be involved in Guardian. It should avoid the problem described above.

`Required session does not exist` error while using REST api of Quickblox

I am using REST api of Quickblox. but everytime , i am getting response :
{"errors": {
"base": ["Required session does not exist"]
}}
And i am using below api : url : http://api.quickblox.com/users.json
Data & header is :
curl -X POST \
-H "Content-Type: application/json" \
-H "QuickBlox-REST-API-Version: 0.1.0" \
-H "QB-Token: cf5709d6013fdb7a6787fbeb8340afed8aec4c69" \
-d '{"user": {"login": "xyz", "password": "xyz#123", "email": "xyz#domain.com", "external_user_id": "68764641", "facebook_id": "87964654", "twitter_id": "132132", "full_name": "test 1234", "phone": "87654351", "website": "", "tag_list": ""}}' \
can anybody help me to resolve this error?
When someone connects with an app using QuickBlox, the app has to obtain an access token which provides temporary, secure access to QuickBlox APIs.
A session token is an opaque string that identifies a user and an app.
Session tokens are obtained via Create Session request.
Then, because of privacy checks, all REST API requests must be authenticated with a token - the QB-Token header of each request to REST API must contain valid session token.
Expiration time for session token is 2 hours after last request to REST API. Be aware about it. If you will perform query with expired token - you will receive error 'Required session does not exist'. In this case you have to recreate a session token.
Each REST API response contains header 'QB-Token-ExpirationDate' which contains session token expiration date.