I've been using the Office 365 Calendar REST api for a few weeks with several users.
I'm currently experiencing something very wierd:
When fetching events of a specific user with the /calendarview call (via OAUTH2). I get perfect results (though very slow), EXCEPT when 25/01 is between my start_date and end_date, I get :
{"error":{"code":"ErrorInternalServerError","message":"Object
reference not set to an instance of an object."}}"
I suspect one the event of this user is causing this, but still, the API should not bug ?
Any clue?
Here are the instrumented logs:
GET /api/v1.0/me/calendars/AQMkAGVmMjlhY2E5LWE4MmMtNGFhAGMtYjY5OC0wNmRiMWYxZDJkM2UARgAAA4ZtZygzpnpGt-RyQ8uQQ80HAG6teJW1hzZBuLm47wZiBYIAAAIBBgAAAG6teJW1hzZBuLm47wZiBYIAAAIM4gAAAA==/calendarview?&startDateTime=2015-02-24T23:55:38Z&endDateTime=2015-02-25T23:55:38Z&$top=50&$skip=0
HTTP/1.1
Content-Type: application/json
Accept-Encoding: gzip;q=1.0,deflate;q=0.6,identity;q=0.3
Accept: */*
User-Agent: Ruby, JulieDesk
Authorization: Bearer $REFRESHTOKEN$
Return-Client-Request-Id: true
Client-Request-Id: be203946-93b7-47f6-b402-edbd0ed49653
Host: outlook.office365.com
HTTP/1.1 500 Internal Server Error
Cache-Control: private
Content-Type: application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8
Server: Microsoft-IIS/8.0
request-id: 4a0fe2ba-a761-4526-bd09-70c81e084cb5
client-request-id: be203946-93b7-47f6-b402-edbd0ed49653
Set-Cookie: ClientId=LSM5BXAUPUIJBVFLY0LDA; expires=Tue, 16-Feb-2016 23:55:39 GMT; path=/; secure; HttpOnly
X-CalculatedBETarget: co1pr07mb316.namprd07.prod.outlook.com
OData-Version: 4.0
X-DiagInfo: CO1PR07MB316
X-BEServer: CO1PR07MB316
X-AspNet-Version: 4.0.30319
Set-Cookie: exchangecookie=7b08adfab00641009c1cbbf90594797d; expires=Tue, 16-Feb-2016 23:55:40 GMT; path=/; HttpOnly
Set-Cookie: X-BackEndCookie2=3bd486f8-787b-435b-8269-5359cdbcc7ce=u56Lnp2ejJqBxsmZysiemc/SyMmazNLLyJvO0sbGxs3Smc+bm87Pz8+dm8aegYHNz87K0s/M0s7Hq83MxcrKxcvJgZGeko+Nm8/I0Y+NkJvRkIqLk5CQlNGckJI=; expires=Wed, 18-Mar-2015 23:55:46 GMT; path=/api; secure; HttpOnly
Set-Cookie: X-BackEndCookie=3bd486f8-787b-435b-8269-5359cdbcc7ce=u56Lnp2ejJqBxsmZysiemc/SyMmazNLLyJvO0sbGxs3Smc+bm87Pz8+dm8aegYHNz87K0s/M0s7Hq83MxcrKxcvJ; expires=Wed, 18-Mar-2015 23:55:46 GMT; path=/api; secure; HttpOnly
X-Powered-By: ASP.NET
X-FEServer: DM2PR09CA0014
Date: Mon, 16 Feb 2015 23:55:45 GMT
Content-Length: 111
-> "{\"error\":{\"code\":\"ErrorInternalServerError\",\"message\":\"Object reference not set to an instance of an object.\"}}"
Sorry about the odd error! I'd definitely like to find out more. Could you add client instrumentation to your request, reproduce the error, and let me know the values of the HTTP response headers in that article?
I had this issue when filtering by Subject where some events didn't have a subject.
I fixed this by including Subject ne null in the filter query
Related
I am using Jmeter 5.4.1 version, my API is of oauth1.0 type. When I ran my api through postman , it gave my proper json response for example an proper id, but the same api when ran through jmeter gives 200 response code but giving details of server and connection in response body and not the reponse that is expected(a proper id).
Below is the response :
HTTP/1.1 200 OK
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 12 May 2021 12:33:10 GMT
Content-Type: application/json; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: PHPSESSID=eqvp0l22u2jo30moqn194meugp; expires=Wed, 12-May-2021 13:33:10 GMT; Max-Age=3600; path=/; domain=dev.moorup.no; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
X-Frame-Options: SAMEORIGIN
Cache-Control: no-store
enter image description here
You're looking at Response Headers tab of the View Results Tree listener therefore you're seeing the HTTP Response Headers
Just switch to Response Body tab and you will be able to see "raw" HTML Response and several options of rendering it:
Also be aware that it is possible to convert your Postman scripts to JMeter, for OAuth you will still have to do some correlation, but for the main logic record and replay should work more or less fine
I'm using RestSharp to interface with the Auth0 and Sisense APIs. Everything's working fine except when deleting a user in Auth0. I send the delete request as a DELETE and Auth0 successfully deletes the user.
Here is the response I'm getting from Auth0:
HTTP/1.1 204 No Content
Date: Wed, 19 Feb 2020 16:35:28 GMT
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Server: nginx
ot-tracer-spanid: 21cd87957d9bac76
ot-tracer-traceid: 25a636cb6e5fd4ca
ot-tracer-sampled: true
x-ratelimit-limit: 50
x-ratelimit-remaining: 49
x-ratelimit-reset: 1582130129
vary: origin,accept-encoding
cache-control: no-cache
Strict-Transport-Security: max-age=15724800
X-Robots-Tag: noindex, nofollow, nosnippet, noarchive
And here's what I'm getting in the RestSharp response:
System.Runtime.Serialization.SerializationException: Invalid JSON string
at RestSharp.RestClientExtensions.ThrowIfError(IRestResponse response)
at RestSharp.RestClientExtensions.DeleteAsync[T](IRestClient client, IRestRequest request)
I'm making a call to a Sisense web service and RestSharp is handling the 402 just fine. Here's the Sisense response:
HTTP/1.1 204 No Content
Date: Wed, 19 Feb 2020 16:32:14 GMT
Connection: keep-alive
Set-Cookie: sisense-cookieCORS=***************************; Path=/; SameSite=None; Secure
Set-Cookie: sisense-cookie=***************************; Path=/
X-UA-Compatible: IE=Edge
x-xss-protection: 1; mode=block
x-frame-options: ALLOW-FROM https://****************************************************
content-security-policy: frame-ancestors ****************************************************
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: -1
Pragma: no-cache
The main difference between the two is the Content-Type directive present in Auth0. Is that what's causing the problem? Is there a workaround?
I'm attempting to create a bridge between another service (as a data source) and Microsoft Power BI. However, I can't get the REST API to work properly.
So far I've succeeded in creating a web application in Azure AD, getting the Client ID and secret, receiving an access token for the API, but after this all I get is 403 Forbidden with no error message. However, if I try to access the API with an expired token, I get an error message telling me that the token is expired.
I've read some posts on the subject, but they all suggest that the REST API cannot be accessed without having a user log in and access Power BI first, which isn't possible in a service-to-service application.
How do I properly access the service without any user interaction?
Here are the requests and responses, censored a little bit.
Request 1:
POST /[our domain].com/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Cookie: flight-uxoptin=true; stsservicecookie=ests; x-ms-gateway-slice=productiona; stsservicecookie=ests
Host: login.microsoftonline.com
Connection: close
User-Agent: Paw/2.3 (Macintosh; OS X/10.11.3) GCDHTTPRequest
Content-Length: 203
grant_type=client_credentials&client_id=[client id]&client_secret=[client secret]&resource=https%3A%2F%2Fanalysis.windows.net%2Fpowerbi%2Fapi
Response 1:
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/8.5
x-ms-request-id: 52d6713c-d50b-4073-b030-aa10e33fdf27
client-request-id: 3aef4765-d602-46a6-a8ce-4b7792f678e5
x-ms-gateway-service-instanceid: ESTSFE_IN_209
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
P3P: CP="DSP CUR OTPi IND OTRi ONL FIN"
Set-Cookie: x-ms-gateway-slice=productiona; path=/; secure; HttpOnly
Set-Cookie: stsservicecookie=ests; path=/
X-Powered-By: ASP.NET
Date: Wed, 24 Feb 2016 08:24:29 GMT
Connection: close
Content-Length: 1243
{"token_type":"Bearer","expires_in":"3599","expires_on":"1456305870","not_before":"1456301970","resource":"https://analysis.windows.net/powerbi/api","access_token":"[access token]"}
Request 2:
GET /v1.0/myorg/datasets HTTP/1.1
Authorization: Bearer [access token]
Content-Length: 0
Host: api.powerbi.com
Connection: close
User-Agent: Paw/2.3 (Macintosh; OS X/10.11.3) GCDHTTPRequest
Response 2:
HTTP/1.1 403 Forbidden
Content-Length: 0
Server: Microsoft-HTTPAPI/2.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Frame-Options: deny
X-Content-Type-Options: nosniff
RequestId: 803cc0cb-c65d-4212-9ab8-aed4ffa9862a
Date: Wed, 24 Feb 2016 08:25:13 GMT
Connection: close
The APIs you're using require a user's access token. They access content in a user's account. So if you don't have the access token, you'll keep getting forbidden. So what you need to do is get the access token with the user the first time. Then store the refresh token. Then use the refresh token to get new access tokens as needed. If the refresh token expires, you need to ask the user to sign in again.
I'm trying to use the Office 365 api to fetch user's calendar events. I managed to get a valid oauth2 access_token, but when I use the api, the authentication fails.
GET https://outlook.office365.com/api/v1.0/me/calendars
Headers:
Authorization: Bearer **MYACCESSTOKEN**
A very slow response (about 5 secs) give me a 401 Unauthorized...I have already checked that my access_token is not expired.
Response headers:
Cache-Control: private
Content-Length: 0
Date: Thu, 06 Nov 2014 10:53:12 GMT
Request-Id: d2a72db7-0e72-4ef4-8579-97453a28656b
Server: Microsoft-IIS/8.0
Set-Cookie: ClientId=BWUSNGYUIVTW9QOSG; expires=Fri, 06-Nov-2015 10:53:08 GMT; path=/; HttpOnly, exchangecookie=723dca46630646a2bc80b4668dd113d7; expires=Fri, 06-Nov-2015 10:53:13 GMT; path=/; HttpOnly, X-BackEndCookie2=5a7ff0a2-22c1-4d5b-b280-6af6689779a7=u56Lnp2ejJqBxpqdxs3IzczSmpzHzdLLnc7P0p7Gx5nSyMrGm5ydzMyencbKgZKejZOWmo3RkJGSlpyNkIyQmYvRnJCSgc3PzsvSzs3Sz8mrzs/FyszFzsyBmoqNj42bz87Rj42Qm9Gah5yXnpGYmpOenYzRnJCS; expires=Sat, 06-Dec-2014 10:53:13 GMT; path=/api; secure; HttpOnly, X-BackEndCookie=5a7ff0a2-22c1-4d5b-b280-6af6689779a7=u56Lnp2ejJqBxpqdxs3IzczSmpzHzdLLnc7P0p7Gx5nSyMrGm5ydzMyencbKgZKejZOWmo3RkJGSlpyNkIyQmYvRnJCSgc3PzsvSzs3Sz8mrzs/FyszFzsw=; expires=Sat, 06-Dec-2014 10:53:13 GMT; path=/api; secure; HttpOnly
Www-Authenticate: Bearer client_id="00000002-0000-0ff1-ce00-000000000000", trusted_issuers="00000001-0000-0000-c000-000000000000#*", authorization_uri="https://login.windows.net/common/oauth2/authorize", error="invalid_token",Basic Realm="",Basic Realm=""
X-Aspnet-Version: 4.0.30319
X-Beserver: AMSPR01MB103
X-Calculatedbetarget: amspr01mb103.eurprd01.prod.exchangelabs.com
X-Diaginfo: AMSPR01MB103
X-Feserver: BLUPR07CA059
X-Ms-Diagnostics: 2000001;reason="The audience claim value is invalid '00000002-0000-0000-c000-000000000000'.";error_category="invalid_token"
X-Powered-By: ASP.NET
Any idea ?
Thanks for your question. The 30s delay with some requests is a known issue and we are already working on a fix to address this. Sorry for the inconvenience.
Thanks,
Venkat
Ok I finally managed to get a 200. My problem was the resource param when asking a token was set by defaut to 00000002-0000-0000-c000-000000000000 (I'm using Rails omniauth-azure-oauth2 gem).
I changed it to https://outlook.office365.com and it works.
Still, the api give me the right answers, but the call is ultra-slow (up to 30s !). Any clue on how to make it respond in a reasonable time ?
Calling a rest api from a customer's web api and it's returning duplicate Access-Control-Allow-Origin: * and it causing COR errors.
I've tested locally and the duplicate does cause the error whereas a single Access-Control-Allow-Origin: * works.
Is there a way around this from my side when calling the GET?
HTTP/1.1 200 OK
Date: Wed, 28 Nov 2012 19:40:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Access-Control-Allow-Origin: *
Set-Cookie: TargetToken=AB3Hirk0TNDPCfVY6LZd1Fs1; Expires=Fri, 28-Nov-2014 19:40:10 G11T; Path=/; HttpOnly
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: application/xml; charset=utf-8
Content-Length: 590
XMLHttpRequest cannot load http://target.com/api/getstuff?stuffid=4.
Origin http://mysite.com is not allowed by
Access-Control-Allow-Origin.
The CORS spec explicitly states that multiple Access-Control-Allow-Origin headers are not allowed: http://www.w3.org/TR/cors/#resource-sharing-check-0
Is there any way to convince the client to fix their server implementation?