am request this url
http://xxxxxx/mobileapi/public/oauthtest/authorize?response_type=token&client_id=userapi&redirect_uri=./receivecode&state=xyz
and show this page
image in that link:https://www.apigility.org/apigility-documentation/img/auth-oauth2-authorize.png
but i want only return json value with token
You should do some reading in the ZF-OAuth documentation.
To request a token you send a POST request with user credentials and client id to the oauth endpoint:
So for example a POST request to your base url for /oauth with the following json data:
{
"grant_type": "password",
"password": "1234abcd",
"username": "john.doe#example.com",
"client_id": "MyClient"
}
Related
I'm trying to insert multiple rows in my data extension by using a POST request on postman. I'm using this documentation :https://developer.salesforce.com/docs/marketing/marketing-cloud/guide/postDataExtensionRowsetByKey.html.
Details of my first POST request :
My URL :
https://MY_SUBDOMAIN.auth.marketingcloudapis.com/v2/token
My body (by using the informations of the package created on marketing cloud) :
{
"client_id": "ssd6ssd6ssd6ssd6ssd6ss",
"client_secret": "p3sp3sp3sp3sp3sp3sp3sp3",
"account_id": "7842222",
"grant_type": "client_credentials"
}
I send the request => Status 200 OK
I copy the tokken access.
I create a second POST request.
Tab Authorization, Type = Bearer Token, I paste my token access
Details of my second POST request :
My URL :
https://MY_SUBDOMAIN.rest.marketingcloudapis.com/hub/v1/dataevents/key:EXTERNAL_KEY_OF_MY_DATA_EXTENSION/rowset
My body :
`
Host: https://MY_SUBDOMAIN.rest.marketingcloudapis.com
POST /hub/v1/dataevents/EXTERNAL_KEY_OF_MY_DATA_EXTENSION/rowset
Content-Type: application/json
[
{
"keys":{
"ID_Crawl": "test123"
},
"values":{
"Source": "2013-05-23T14:32:00Z",
"Type_contenu": "no",
"Statut_Notification": "non lu",
"Champ": "20081105",
"Origine_contenus": "test blablablablablablabla",
"Date_crawl": 02/02/2023
}
},
{
"keys":{
"ID_Crawl": "test"
},
"values":{
"Source": "2013-05-23T14:32:00Z",
"Type_contenu": "ok",
"Statut_Notification": "valide",
"Champ": "00000007",
"Origine_contenus": "test blablablablablablabla",
"Date_crawl": "02/02/2023"
}
}
]
I send the request and I had an error message (Status:400 Bad request means that bad synthax):
{"documentation":"https://developer.salesforce.com/docs/atlas.en-us.mc-apis.meta/mc-apis/error-handling.htm","errorcode":0,"message":"Bad Request"}
Does someone know where is my mistake ?
Sorry if it seems that my mistake is a stupid one, I'm completely a beginner in api call
I am using this example code
I am able to get a response from authorize endpoint.
request: {"clientId": "<retracted>", "clientSecret": undefined, "codeChallenge": "t6xISsEiAwOIwQxk0Ty1JNo2Kqa53mECL9a7YahLv_A", "codeChallengeMethod": "S256", "codeVerifier": "<retracted>", "extraParams": {}, "prompt": undefined, "redirectUri": "exp://192.168.0.22:19000", "responseType": "code", "scopes": undefined, "state": "o7FeO9ANoa", "url": "https://<retracted>"//oauth2/authorize?code_challenge=t6xISsEiAwOIwQxk0Ty1JNo2Kqa53mECL9a7YahLv_A&code_challenge_method=S256&redirect_uri=exp%3A%2F%2F192.168.0.22%3A19000&client_id=<retracted>"f&response_type=code&state=o7FeO9ANoa", "usePKCE": true}
LOG response: {"authentication": null, "error": null, "errorCode": null, "params": {"code": "<retracted>"", "state": "o7FeO9ANoa"}, "type": "success", "url": "exp://192.168.0.22:19000?code=<retracted>"&state=o7FeO9ANoa"}
const exchangeFn = async (exchangeTokenReq) => {
try {
const exchangeTokenResponse = await exchangeCodeAsync(
exchangeTokenReq,
discoveryDocument
);
setAuthTokens(exchangeTokenResponse);
} catch (error) {
console.error(error);
}
};
while exchangeFn is being invoked i am getting an error "ERROR [Error: Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the "Authorization" request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code and include the "WWW-Authenticate" response header field matching the authentication scheme used by the client.]"
Here is the application flow enter image description here
As per Oauth 2.0 while Exchanging an authorization code grant with PKCE for tokens we need to add Authorization header.
The authorization header string is Basic Base64Encode(client_id:client_secret). The following example is an authorization header for app client djc98u3jiedmi283eu928 with client secret abcdef01234567890, using the Base64-encoded version of the string djc98u3jiedmi283eu928:abcdef01234567890
The example code does not include this. That is the issue. we have to get the App client secret from aws cognito and add it to exchangeTokenReq.
const clientId = '<your-client-id-here>';
const userPoolUrl =
'https://<your-user-pool-domain>.auth.<your-region>.amazoncognito.com';
const redirectUri = 'your-redirect-uri';
const clientSecret = 'app-client-secret';
exchangeFn({
clientId,
code: response.params.code,
redirectUri,
clientSecret,
extraParams: {
code_verifier: request.codeVerifier,
},
});
When I am trying to login with username and password to get token_id and access_token using postman with auth0 by installed using Postman Collection in Postman
I get an error in login method of database:
You are correct that the /oauth/ro endpoint is being deprecated. You should be making a call to /oauth/token instead.
Your question is unclear.
Try to send the first request with login/password by standard authentication (Authorization tab > Type > Basic Auth).
As the following steps I recommend to check the relevant Postman manual: Using the Auth0 API with our Postman Collections and use the predefined collections from Auth0 API Documentation (press on "Run in Postman" button).
In addition, it's strongly recommended to use the Native Postman app, but not its deprecated Chrome extension.
I was able to get the id_token by using the /oauth/token endpoint, and passing scope=offline_access. Here is an example of my POST payload (Python code):
{
"grant_type": "http://auth0.com/oauth/grant-type/password-realm",
"scope": "offline_access",
"client_id": client_id,
"client_secret": client_secret,
"username": username,
"password": password,
"realm": database_connection,
}
Response:
{
access_token: "lK...",
expires_in: 1000,
id_token: "eyJ...",
refresh_token: "ym...",
}
I a requesting an API to get response but it gives below some "JWT_TOKEN_MiSSING" response:
{
"response": {
"ids": "",
"time": 1505890122982,
"error": "JWT_TOKEN_MISSING",
"status": "failure"
}
}
API is: "https://www.viu.com/api/container/load?appid=viu_desktop&iid=9fa3fec0-9457-11e7-bee5-ed8c9b3d7f48®ionid=all&ver=1.0&aver=5.0&fmt=json&contentCountry=in&contentFlavour=telugu&languageid=en&platform=desktop&vuserid=viu-guest-9fa3fec0-9457-11e7-bee5-ed8c9b3d7f48&userid=guest-9fa3fec0-9457-11e7-bee5-ed8c9b3d7f48&ccode=IN&geo=2&id=playlist-24926470&start=0&limit=20&geofiltered=false"
I tried passing all the headers but no luck.
It seems that this API use JWT TOKEN or other tokens (such as HTTP BASIC AUTHENTICATION) to authenticate, you need to know this and add it to your request headers.
I have create a user role in Magento 2 and a new user
image capture
I used in Chrome the application Postman:
In the GET box: http://example.com/php.index/rest/V1/products/
In Type use Basic Auth with Username and Password
But I get this status '401 Unauthorized' and this requests:
{
"message": "Consumer is not authorized to access %resources",
"parameters": {
"resources": "Magento_Catalog::products"
}
}
I can login in Magento backend with the user and password
Any solution?
You need to pass basic Authorization with access key in header:
Step 1:
Call API: /V1/integration/admin/token with parameters:
username=your_admin_username
password=your_admin_password
This will give you an access key like at0o6w5rhno6sltcuhf3****k0603l
Step2:
Call API : /V1/products/ with parameters
searchCriteria=*
Put **Header**
Authorization : Bearer at0o6w5rhno6sltcuhf3****k0603l
Content-Type : application/json