I am trying to use the dropnet api but it requires an api key/secret and a user token/secret.
var client = new DropNetClient("API_KEY", "API_SECRET", "USER_TOKEN", "USER_SECRET");
I managed to find/generate my api key/secret but I don't find how to get "user secret" and "token" to access to my own account.
Related
I was trying to create new project in BIM 360 using this API. I thought, to create new project it may need an end user to authorize my Forge app. So I user 3-legged bearer token to request new project. But gave forbidden response saying
{
"code": 1003,
"message": "Only support 2 legged access token."
}
Whereas by using 2-legged token, it created project successfully.
Why this API works with 2-legged and not with 3-legged token, even if 3-legged token is valid?
This is documented here, see Authentication Context: app only
At the moment of creating, there are no users on the project, therefore the 2LO key is required.
I have an G-Suite Account..I have created a project in developer console. In that i have chosen the Oauth client Id credential for Application Type (Others). I have received client secret and Client ID..... Using this i have tried the sample mvc https://developers.google.com/drive/v3/web/quickstart/dotnet I have received the token with Below information
1.access_token
2.Experiences
3.refresh_token
4.Token_Type and so on…
I cant find any user related information (eg: UserId) in the token for Authenticate in our application (used tokeninfo api to validate token). I get below response
{
"issued_to": "123456789234.apps.googleusercontent.com",
"audience": "123456789234.apps.googleusercontent.com",
"scope": "https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/admin.directory.user.readonly",
"expires_in": 3520,
"access_type": "online"
}
How to get userid in access_token?
If you are try to get their user information you have to add https://www.googleapis.com/auth/userinfo.profile in your scopes.
View your basic profile info
Here is some additional reference:
How to get user email from google plus oauth
How to identify a Google OAuth2 user?
Hope this helps.
I am trying to authenticate the user with ADFS and I am using ADAL. Authetication seems to work since I can get the AccessToken. The problem is that looking at the code authResult contains a UserInfo where all properties (for instance GivenName or FamilyName) are null.
AuthenticationContext authContext = null;
AuthenticationResult authResult;
try
{
authContext = new AuthenticationContext(authority, false);
authResult = await authContext.AcquireTokenAsync(resource, clientId, new Uri(returnUri),
new PlatformParameters(PromptBehavior.Auto, false));
}
Those values are null because of ADFS configuration? I noted that decoding the AccessToken returned I can read User information. But I don't think that decoding the JWT Token is the right way to achieve those information. Do you have a better suggestion?
I have also seen people getting information by using claims, but I don't know exactly how to use it on UWP, since all the sample I found used
ClaimsPrincipal claimsPrincipal = System.Threading.Thread.CurrentPrincipal as ClaimsPrincipal;
But System.Threading.Thread is not available on UWP.
Normally, the access_token is used in Oauth and OpenID connect scenarios and intended to be consumed by the resource. To identify the user we should use the id_token( verify the token and extract the claims abut user by decoding the token). Please refer below about the usage of tokens:
id_token: A JWT token used to represent the identity of the user. The
'aud' or audience claim of the id_token matches the client ID of the
native or server application.
access_token: A JWT token used in Oauth and OpenID connect scenarios
and intended to be consumed by the resource. The 'aud' or audience
claim of this token must match the identifier of the resource or Web
API.
refresh_token: This token is submitted in place of collecting user
credentials to provide a single sign on experience. This token is
both issued and consumed by AD FS, and is not readable by clients
or resources.
And you can refer the link below about the native client to web API scenario for ADFS:
AD FS Scenarios for Developers - Native client to Web API
Depending on the ADFS version of your server. If your company is using Windows Server 2012 R2, then it is ADFS 3.0. I did successfully integrate with SSO login created by the admin of company I am working in. You should refer to this article before venturing in : https://learn.microsoft.com/en-us/previous-versions/adfs-windows-server-2012r2/dn660968(v=msdn.10). Note : you don't even need to make a web api of ToDoList.
using only GetAuthorizationHeader() and authenticationContext.AcquireTokenAsync(), you could obtain the token by asking the user to authorize their credentials and decrypt the receive token.
This is sample of code I did:
authority = https://contoso.com/adfs/ls (Endpoint from the ADFS metadata)
resourceURI = https://localhost:44300/ (Relying party, ask your ADFS admin to register)
clientID = it is recommended to use Package.appmanifest's package name from Packaging tab. As long as it is a unique ID.
clientReturnURI = use the following code to obtain the clientReturnURI (also available in the article in the link) :
string clientReturnURI = string.Format("ms-appx-web://Microsoft.AAD.BrokerPlugIn/{0}",WebAuthenticationBroker.GetCurrentApplicationCallbackUri().Host.ToUpper());
AuthenticationContext ac = new AuthenticationContext(Authority_Uri, false);
AuthenticationResult ar = await ac.AcquireTokenAsync(resourceURI, GlobalVar.clientID, new Uri(clientReturnURI), new PlatformParameters(PromptBehavior.Always, true));
var jwt = new JwtSecurityToken(ar.AccessToken);
string unique_name = jwt.Claims.First(c => c.Type == JwtRegisteredClaimNames.UniqueName).Value;
You can replace JwtRegisteredClaimNames.UniqueName with anything else. It depends what info/claims that is available in the access token. You should inspect the available info in the jwt by placing breakpoint at var jwt. Or you can decrypt the access token in the AuthenticationResult.AccessToken in this website :
https://jwt.ms/
Lastly, you need to install certificate from your ADFS admin and install the certificate across your web and UWP server to allow the application able to trust execute the actions.
Hi am developing a windows store 8.1 app using C# and xaml
For log in, am authenticating the user with Windows Azure Active directory Single Sign-on using JavaScript back-end.
Once the user is logged in and i have the access token, how to get the logged in user's user email id and Username using the access token in the app?
Anybody please provide me a solution to get the user email using the access token?
If you have the access token then that should contain the user id value. For retrieving the e-mail address you have to query the Graph API to get user details. The full documentation on that is here but in short you should make a get request like below, placing the AccessToken in the Authorization header, after "Bearer ".
GET https://graph.windows.net/contoso.onmicrosoft.com/users/Alex#contoso.onmicrosoft.com?api-version=2013-04-05 HTTP/1.1
Authorization: Bearer eyJ0eX ... FWSXfwtQ
Content-Type: application/json
You can use either user principal name or objectId in the address. Better yet, you can use the Azure AD Graph Client nuget package and call their API to get user information.
Uri servicePointUri = new Uri("https://graph.windows.net");
Uri serviceRoot = new Uri(servicePointUri, "contoso.onmicrosoft.com");
ActiveDirectoryClient activeDirectoryClient = new ActiveDirectoryClient(serviceRoot, accessToken);
IUser user = activeDirectoryClient.Users
.Where(user => user.UserPrincipalName.Equals("alex#contoso.onmicrosoft.com"))
.ExecuteAsync().Result.CurrentPage.ToList().SingleOrDefault();
See here for the full sample.
I'm using a google credential as part of the google-api-client. I'm attempting to get their email and profile using the Plus api with the https://www.googleapis.com/plus/v1/people/me endpoint. Documentation states that you can pass it the email and profile scopes and it should return the information. Though all I get is
"code": 403,
"message": "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup."
Though when I use the https://www.googleapis.com/auth/userinfo.email and the https://www.googleapis.com/auth/userinfo.profile scope the call works just fine.
Building the credential as:
GoogleCredential.Builder().setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(accountId)
.setServiceAccountScopes(accountScopes)
.setServiceAccountPrivateKey(accountPrivateKey)
.setServiceAccountUser(accountUser)
.build();
And the googleCredential.refreshToken() call fails.