I am trying to used OAuth,
I have a front end of html page which calls https://accounts.google.com/o/oauth2/v2/auth
which then gives the response of 302 with redirect_url
https://oauth2.example.com/callback#access_token=4/P7q7W91&token_type=Bearer&expires_in=3600
this request have '#' instead of '?' for a query param i am unable to redirect that hash with the whole url in backend.
below is the link for the docs 👇
https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow#handlingresponse
can anybody help with the answer?
Authorization Error
Error 400: redirect_uri_mismatch
You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy.
If you're the app developer, register the redirect URI in the Google Cloud Console.
The redirect uri sit he URI where you are telling the authorization server to return authorization to. This uri must be registered in Google developer console for your project.
So redirect uri miss match means that your application is telling the authorization server to return the authorization code to a uri that you have not configured in Google developer console. The easiest solution is to take the uri its telling you is missing and simply add it.
This video will show you how to add it. Google OAuth2: How the fix redirect_uri_mismatch error.
Following this procedure:
https://learn.microsoft.com/en-us/graph/auth-v2-user
I'm trying to get a refresh token from this microsoft end point:
https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize
Using PostAsync method from System.Net.Http.HttpClient class from nuget (asp.net core 2.2) library, I'm able to get a response back with this error: "AADSTS90102: 'redirect_uri' value must be a valid absolute Uri.":
I tried to set some redirect url in the Azure Portal including:
https://automation.legroupeti.com/Configurations/GetRefreshToken/
https://automation.legroupeti.com/Configurations/GetRefreshToken
https://automation.legroupeti.com/
https://automation.legroupeti.com
The post request is the following (Using PostAsync method from System.Net.Http.HttpClient class from nuget (asp.net core 2.2)):
Here are the configured redirect urls form the registred application in the Azure Portal:
I expect a valid response from the endpoint.
How do I configure the redirect_uri to be valid?
EDIT 1
I fixed the redirect_uri parameter.
From the screenshot, it appears that the URLEncoding is incorrect. The '/' character in the path should be encoded to %2F, while your code has %2. (After '.com' and before 'Configurations'.)
Also, have you considered the Authorization Provider from the SDK?
https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS#AuthCodeProvider
I was getting this error and for me the issue was that I was encoding the redirect_uri value in the post request to the /oauth2/v2.0/token endpoint. Notice how redirect_uri is not encoded in this request.
POST /{Tenant ID}/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
Cookie: {cookie}
Content-Length: 941
client_id={Application (client) ID}
&scope=https://graph.microsoft.com/mail.read
&redirect_uri=http://localhost/myapp/
&grant_type=authorization_code
&client_secret={secret}
&code={code}
I used the Postman sample provided by Microsoft to find the root cause.
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-access-token
You seem to be mixing the authorize and token endpoints.
If you want the user to authenticate, you have to redirect the user to that URL, not send a POST request to it.
After the user returns to your app, you need to exchange the authorisation code for tokens.
Documentation: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-web-app-call-api-overview
If you want a token just for your app without user authentication, you need to call the token endpoint.
Documentation: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-overview
I also faced the same problem:
AADSTS90102: 'redirect_uri' value must be a valid absolute Uri.
I tried few URL variants (with encoding, without, etc.) in Chrome, but was getting different exceptions about a wrong URL. Then I used the Safari browser and voila, I got a response code.
In the final result, I just copied the URL from the documentation, pasted tenant and client_id values from the registered application into the return_url parameter, and instead of the /myapp/ prefix I pasted %3A8080, where %3A it's the : symbol. The redirect_utl param has to be the same as URL in the registered application.
I have an issue with generating a sandbox auth token, I get redirected the following link:
https://signin.ebay.com/ws/eBayISAPI.dll?ThirdPartyAuthSucessFailure&ebaytkn=&tknexp=1970-01-01+00%3A00%3A00&username=testuser_jdawg)
once the request grant the application permission.
Which states the following message:
Thank YouHelp
Authorization cancelled
It's now safe to close the browser window/tab.
Has anyone else had this issue?
The ebay URL redirect after authentication is somewhat broken.
The default URL redirects are:
On Success: https://signin.ebay.com/ws/eBayISAPI.dll?ThirdPartyAuthSucessFailure&isAuthSuccessful=true
On Failure: https://signin.ebay.com/ws/eBayISAPI.dll?ThirdPartyAuthSucessFailure&isAuthSuccessful=false
You can also define your own URLs on the Auth tokens for eBay page of the developer site.
The problem is that ebay truncates any url you enter at the first ampersand (&) encountered. This breaks their own accept URL which ends with &isAuthSuccessful=true
To fix this all you have to do is encode the ampersand as %26. So you need to change their URLs to:
On Success: https://signin.ebay.com/ws/eBayISAPI.dll?ThirdPartyAuthSucessFailure%26isAuthSuccessful=true
On Failure: https://signin.ebay.com/ws/eBayISAPI.dll?ThirdPartyAuthSucessFailure%26isAuthSuccessful=false
Edit: As you noted, this does not affect whether or not the authorization is actually successful or not, just the message that the user sees. You can also apply this solution to your own URLs too if you don't want to use theirs.
I am getting error of Unknown authentication scheme. My request url is
http://api.linkedin.com/v1/people/~?header=Authorization%3A+Bearer+MY ACCESS TOKEN%0D%0Ax-li-format%3A+json%0D%0A
Please tell me where I am wrong. My scope is same in files and dev account
The header value with your Authorization + bearer token is not meant to be passed as a URL parameter, it's meant to be included as an actual HTTP header in your request.
Same goes for the x-li-format.