Getting auth token from uber is a two step process.
Please refer Uber Auth API
Ask the uber user to authorize : call GET https://login.uber.com/oauth/v2/authorize?response_type=code&client_id={client_id}&redirect_uri={redirect_uri}
Provide your client_id and redirect_uri specific to your website. If the authorization is successful, you will be redirected to your site with the code in the query parameter.
The the code you get in step 1 to retrieve auth token.
Send an HTTP POST request to https://login.uber.com/oauth/v2/token. Following should be the json you send to server:
{
"client_secret": "{client_secret}",
"client_id": "{client_id}",
"grant_type": "{authorization_code}",
"redirect_uri": "{redirect_uri}",
"code": "{insert authorization code obtained in previous step}"
}
In the step two I always get a error 400 with "invalid grant type" message. Please suggest where am I going wrong.
You need to send the parameter as form-data, not JSON. Take a look at the curl example in section 3 here: https://developer.uber.com/docs/authentication
The authorization and authentication documentation doesn't mention anything about JSON, therefore application/x-www-form-urlencoded media type is to be used to send the HTTP POST request to the /oauth/v2/token API endpoint
Related
I am using the twitch api just to test it out to fetch the top games
I get my app access token after making an app by passing in a POST to:
https://id.twitch.tv/oauth2/token?client_id=<my client id>&client_secret=<my generated secret>&grant_type=client_credentials
I then take the access token (token_type: bearer) to the actual data fetching API and do a GET request on postman to
https://api.twitch.tv/helix/games/top?Authorization=Bearer <access token form above>&client-id=<client-ID>
This is my output:
{
"error": "Unauthorized",
"status": 401,
"message": "OAuth token is missing"
}
I have tried this with and without the client ID. The documentation here says that it can take an OAuth token or an app access token as the authorization parameter.
What gives?
The ClientID and Authorization items are headers not query string parameters
So in postman you have provided them in the wrong place
I used OAuth 2.0 Client Credentials Flow (2-Legged) to get access token and I followed each step as described in https://developer.linkedin.com/docs/v2/oauth2-client-credentials-flow.
But when I send the API request to get access token I received following response
{
"error": "access_denied",
"error_description": "This application is not allowed to create application tokens"
}
https://medium.com/#ellesmuse/how-to-get-a-linkedin-access-token-a53f9b62f0ce
you may check this way to get linkedin access token
Hello Microsoft/Azure/Skype experts,
I'm tasked with accessing presence data from Skype For Business Online accounts from my macOS app (native).
I'm unfortunately stuck and i always get a 403 error when i access the autodiscover request and never get the link to the applications resource
I have been following this documentation
https://learn.microsoft.com/en-us/skype-sdk/ucwa/authenticationusingazuread
STEP 1
We have registered the app in the Azure Management Portal using our Office 365 account credentials.
We have used custome redirect URL (http://localhost)
Allow Implicit Flow is set to true in manifest
We pre-configure the permissions needed for Skype for business
online
STEP 2
Issuing a GET as specified in the documentation to initiate sign in and authorization check.
GET https://login.microsoftonline.com/common/oauth2/authorize?response_type=token&client_id=c#####-4d41-485e-871f-0a22aa79e52b&redirect_uri=http://localhost
This returns a 200 OK.
STEP 3
We got the Auto discover URL as described in the documentation.
This is what i get - i use the domain marked in RED.
STEP 4
As per the documentation, they ask me to do this
Requesting an access token using implicit grant flow
So i issue a GET as described
https://login.microsoftonline.com/oauth2/authorize?
response_type=id_token &client_id=######-4d41-485e-871f-0a22aa79e52b
&redirect_uri=http://localhost
&state=8f0f4eff-360f-4c50-acf0-99cf8174a58b
&resource=https://webdirin1.online.lync.com
Now this shows the sign in page, i sign in and then it throws an error
AADSTS90014%3a+The+required+field+%27nonce%27+is+missing.
I researched and could not fix this error.
So after lots of research and looking at this Microsoft documentation LINK (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#requesting-individual-user-consent) , apparently there is another way of getting the bearer token.
STEP 4 - SECOND TRY
I then Request individual user consent by sending the SCOPE parameter for Skype for Business.
I then issue a GET request to
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=#######-4d41-485e-871f-0a22aa79e52b&response_type=code&redirect_uri=http://localhost&response_mode=query&scope=https://api.skypeforbusiness.com/User.ReadWrite&state=12345
This returns an access code which i use in next step to get the TOKEN
STEP 5 - Get the bearer TOKEN
Issue a POST to following URL
https://login.microsoftonline.com/common/oauth2/v2.0/token With the
following data in POST body
"grant_type": "authorization_code", "client_id":
"######-4d41-485e-871f-0a22aa79e52b", "scope":
"https://api.skypeforbusiness.com/User.ReadWrite", "code":
"OAQABAAIAAACEfexX.........", "redirect_uri": "https://localhost"
This returns the bearer token in the following response JSON
{
"access_token" = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1........w4b-- gnWG_iOGtQ";
"expires_in" = 3599;
"ext_expires_in" = 3599;
scope = "https://api.skypeforbusiness.com/User.ReadWrite";
"token_type" = Bearer;
}
STEP 6
Yay! Got the bearer token at laaast!
Now back to the main documentation
https://learn.microsoft.com/en-us/skype-sdk/ucwa/authenticationusingazuread
And where we do this - 'Resending an autodiscovery request with the bearer token'
We execute a GET request to
https://webdirin1.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user
Now this, as per the documentation should return this JSON
{
"_links":{
"self":
{"href":"https://webdirX.online.lync.com/Autodiscover/AutodiscoverService.svc/root/user"},
"applications":
{"href":"https://webpoolXY.infra.lync.com/ucwa/oauth/v1/applications"}
}
}
BUT i GET A 403: PERMISSIONS denied error
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page
using the credentials that you supplied.</h3>
</fieldset></div>
So thus i have never got the applications url and I have checked the manifest, registration and i have no idea, why i get this error.
Any inputs would be appreciated.
For step 4, you need to specify nonce=somestring in the URL. Typically this should be a securely random value that is only used once. It can contain any value.
Also, you are only requesting an id token. Set response_type=id_token+token.
I've registered as a developer with eBay and created an app.
I generated an Oauth (not Auth'n'Auth)
Using Postman to generate a simple request (image) and recieving an error for token invalidity
Error: Invalid access token. Check the value of the Authorization HTTP request header.
What am I doing wrong here?
If your token is for "sandbox" environment, make sure you use sandbox API endpoints for your requests as well.
Instead of https://api.ebay.com/buy/browse/v1/...,
try https://api.sandbox.ebay.com/buy/browse/v1/....
One of the issues which might have happened is:
The access token might have expired
Use the refresh token to refresh the access token when it expires — you know when to do this when your call to the API returns a status code of 401 and the above body you saw in Postman.
I am using the PayPal REST API for the first time and trying to get an authentication token but keep getting an "Invalid credentials error".
I am following Step 2 in the documentation found here:
https://developer.paypal.com/webapps/developer/docs/integration/direct/make-your-first-call/
I am using the Chrome extension "Advanced rest client"
Here are the values entered in the rest client:
Header:
content-type:application/x-www-form-urlencoded
Accept:application/json
Form data
grant_type:client_credentials
clientId:ASF6RRBP0uTq7FnC90tpFx7vfA-Pliw8uQDjv5RZ10Y_NVspuc88pUPLN6yM
secret: EAdx7BDKzWczDomYG2QDHu8jhaAXj4xDZLHadvL5aRfesjwo5c81zbSpRxuE
When I send the request I get the following error:
{
error: "invalid_client"
error_description: "Invalid client credentials"
}
Can anyone help me to figure what I am doing wrong here?
Form data should only contain
grant_type=client_credentials
and then add header
Authorization: Basic put base64of(clientid:secret)here
don't pass client id and secret in form data.