I am trying to connect to Google via OAuth2. I am using code which works in another application, so I am quite sure the problem is in the configuration at Google.
I registered a client-id and secret-key in the Google Console which I added to the authorization config:
var client = new GoogleOAuth2Client("[client id].apps.googleusercontent.com", "[secret key]");
var extraData = new Dictionary<string, object>();
OAuthWebSecurity.RegisterClient(client, "Google", extraData);
Unfortunately, when I press the button to connect I get the following error:
That’s an error.
Error: invalid_request
Invalid parameter value for redirect_uri: Missing authority: file:///Account/ExternalLoginCallback%3FReturnUrl=/Request Details scope=https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email
response_type=code
redirect_uri=file:///Account/ExternalLoginCallback%3FReturnUrl=/
state=provider=google&sid=[numbers]
client_id=[client id].apps.googleuserconte
I've tried changing the localhost parameter in /etc/hosts file to other base URLs and I've added these locations to redirect URIs in Google Console as follows:
http://localhost:8080/Account/ExternalLoginCallback%3FReturnUrl=/
http://localhost.example.com:8080/Account/ExternalLoginCallback
http://localhost.example.com:8080/Account/ExternalLoginCallback%3FReturnUrl=/
The error persists. I don't know what the problem can be and I hope someone can give me some guidance. Thanks
The value of the redirect_uri parameter in the authorization request that is sent to Google upon pressing the button to connect must be set to one of the values that you have registered for you client in the Google API Console. So instead of passing:
file:///Account/ExternalLoginCallback%3FReturnUrl=/
you should pass e.g.
http://localhost:8080/Account/ExternalLoginCallback%3FReturnUrl=/
but properly URL-encoded so:
http%3A%2F%2Flocalhost%3A8080%2FAccount%2FExternalLoginCallback%253FReturnUrl%3D%2F
See sample code at: https://github.com/mj1856/DotNetOpenAuth.GoogleOAuth2/blob/master/DotNetOpenAuth.GoogleOAuth2/GoogleOAuth2Client.cs
Related
Hello Microsoft/Azure/Skype experts,
I'm tasked with accessing presence data from Skype For Business Online accounts from my macOS app (native).
I'm unfortunately stuck and i always get a 403 error when i access the autodiscover request and never get the link to the applications resource
I have been following this documentation
https://learn.microsoft.com/en-us/skype-sdk/ucwa/authenticationusingazuread
STEP 1
We have registered the app in the Azure Management Portal using our Office 365 account credentials.
We have used custome redirect URL (http://localhost)
Allow Implicit Flow is set to true in manifest
We pre-configure the permissions needed for Skype for business
online
STEP 2
Issuing a GET as specified in the documentation to initiate sign in and authorization check.
GET https://login.microsoftonline.com/common/oauth2/authorize?response_type=token&client_id=c#####-4d41-485e-871f-0a22aa79e52b&redirect_uri=http://localhost
This returns a 200 OK.
STEP 3
We got the Auto discover URL as described in the documentation.
This is what i get - i use the domain marked in RED.
STEP 4
As per the documentation, they ask me to do this
Requesting an access token using implicit grant flow
So i issue a GET as described
https://login.microsoftonline.com/oauth2/authorize?
response_type=id_token &client_id=######-4d41-485e-871f-0a22aa79e52b
&redirect_uri=http://localhost
&state=8f0f4eff-360f-4c50-acf0-99cf8174a58b
&resource=https://webdirin1.online.lync.com
Now this shows the sign in page, i sign in and then it throws an error
AADSTS90014%3a+The+required+field+%27nonce%27+is+missing.
I researched and could not fix this error.
So after lots of research and looking at this Microsoft documentation LINK (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#requesting-individual-user-consent) , apparently there is another way of getting the bearer token.
STEP 4 - SECOND TRY
I then Request individual user consent by sending the SCOPE parameter for Skype for Business.
I then issue a GET request to
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id=#######-4d41-485e-871f-0a22aa79e52b&response_type=code&redirect_uri=http://localhost&response_mode=query&scope=https://api.skypeforbusiness.com/User.ReadWrite&state=12345
This returns an access code which i use in next step to get the TOKEN
STEP 5 - Get the bearer TOKEN
Issue a POST to following URL
https://login.microsoftonline.com/common/oauth2/v2.0/token With the
following data in POST body
"grant_type": "authorization_code", "client_id":
"######-4d41-485e-871f-0a22aa79e52b", "scope":
"https://api.skypeforbusiness.com/User.ReadWrite", "code":
"OAQABAAIAAACEfexX.........", "redirect_uri": "https://localhost"
This returns the bearer token in the following response JSON
{
"access_token" = "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1........w4b-- gnWG_iOGtQ";
"expires_in" = 3599;
"ext_expires_in" = 3599;
scope = "https://api.skypeforbusiness.com/User.ReadWrite";
"token_type" = Bearer;
}
STEP 6
Yay! Got the bearer token at laaast!
Now back to the main documentation
https://learn.microsoft.com/en-us/skype-sdk/ucwa/authenticationusingazuread
And where we do this - 'Resending an autodiscovery request with the bearer token'
We execute a GET request to
https://webdirin1.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user
Now this, as per the documentation should return this JSON
{
"_links":{
"self":
{"href":"https://webdirX.online.lync.com/Autodiscover/AutodiscoverService.svc/root/user"},
"applications":
{"href":"https://webpoolXY.infra.lync.com/ucwa/oauth/v1/applications"}
}
}
BUT i GET A 403: PERMISSIONS denied error
<div class="content-container"><fieldset>
<h2>403 - Forbidden: Access is denied.</h2>
<h3>You do not have permission to view this directory or page
using the credentials that you supplied.</h3>
</fieldset></div>
So thus i have never got the applications url and I have checked the manifest, registration and i have no idea, why i get this error.
Any inputs would be appreciated.
For step 4, you need to specify nonce=somestring in the URL. Typically this should be a securely random value that is only used once. It can contain any value.
Also, you are only requesting an id token. Set response_type=id_token+token.
I'm developing an app that will need google's OAuth2.0. Initially, I was trying to test the webservice using postman. and below are the steps that I've followed.
In https://console.developers.google.com/, I've created a project.
Under Library I've enabled Google People API
In credentials, I've created one with https://www.getpostman.com/oauth2/callback as redirect URL
I got the lient secret and client ID.
With the above details I'm trying to test the same in postman.
In post man I did the below steps.
Selected OAuth2.0 under Authorization and clicked on get new Access token. This opened a new window and I entered the below details.
Auth URL : https://accounts.google.com/o/oauth2/auth
Access Token URL : https://accounts.google.com/o/oauth2/token
Client ID : the one that I got from google console
Client Secret : the one that I got from google console
Scope: https://www.googleapis.com/auth/contacts https://www.googleapis.com/auth/contacts.readonly https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/user.addresses.read https://www.googleapis.com/auth/user.birthday.read https://www.googleapis.com/auth/user.emails.read https://www.googleapis.com/auth/user.phonenumbers.read https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/userinfo.profile
Grant Type: Authorization Code.
And when I click on request token, I'm redirected to accept the permission and to my surprise, the configuration details window (In postman), doesn't go off and display me a token. Below is a screenshot post I click on Request Token.
Please let me know where am I going wrong and how can I fix this.
Thanks
I have created an API application in linkedIn, so I got client-id and client-secret key. I am however not able to get access token and secret key from LinkedIn.
I have used the below python code to do the job. Everything works well and I get the 'authorization_url', but when I paste it in my browser I get error: "invalid redirect_uri. This value must match a URL registered with the API Key."
*** Note that at the moment the "Authorized Redirect URLs" section in my application is blank and my question is what I should put there? I understand that it should be the same as what I feed in OAuth2Session function (instead of "arbitrary_url" such as 'http://127.0.0.1') in my below code. But have no clue on where to get this url?
Snapshot of my authorization_url page
*** To clarify on what I exactly do step by step:
1) add a url in "Authorized Redirect URLs" textbox in my API application and click on "Add".
2) Then I replace "arbitrary_url" in my code with exactly the same url.
3) Continue to run my code to get the "redirect_response".
4) Try the "redirect_response" in my browser; So far I always got the error: "invalid redirect_uri. This value must match a URL registered with the API Key."
Would appreciate any help on this.
# Import packages
from requests_oauthlib import OAuth2Session
from requests_oauthlib.compliance_fixes import linkedin_compliance_fix
# Credentials you get from registering a new application
client_id = '<my client id>'; client_secret = '<my client secret>'
# Redirect user to LinkedIn for authorization
linkedin = OAuth2Session(client_id, redirect_uri='<arbitrary_url>')
linkedin = linkedin_compliance_fix(linkedin)
authorization_url, state = linkedin.authorization_url('https://www.linkedin.com/uas/oauth2/authorization')
print(authorization_url)
Finally I got my mistake in the first phase! What I was missing was that I needed to click on "update" after clicking "Add" in my application to get that addition be actually performed!
However, still haven't got the client id and and client secret, as I get error after authorization!
Please refer to samples https://github.com/ozgur/python-linkedin. I see that you are missing to match redirect_url in your code. And more samples and explanation here http://requests-oauthlib.readthedocs.io/en/latest/examples/linkedin.html
I tried using the auth0 postman template to make an authentication request using username and password and I'm getting an unsupported grant type: password error. What am I doing wrong?
var client = new RestClient("https://test.auth0.com/oauth/token");
var request = new RestRequest(Method.POST);
request.AddHeader("postman-token", "abc");
request.AddHeader("cache-control", "no-cache");
request.AddHeader("content-type", "application/x-www-form-urlencoded");
request.AddParameter("application/x-www-form-urlencoded", "grant_type=password&client_id=foo&audience=&username=test&password=test&scope=openid%20email%20picture%20nickname", ParameterType.RequestBody);
Log into the Auth0 dashboard
Go to account settings (top right under your username)
On the general tab scroll down to the API Authorization Settings section
Default Audience would be your API identifier (if you have an API)
Default Directory would be your connection such as database connection name
In your POST to oauth/token do not include audience (if you specified the default above).
Gotta love how Auth0 makes authentication easy and painfully hard at the same time.
Refer below screenshot as a reference.
Go to Default App > Settings >
In the bottom of settings, Click {Show Advanced Settings}
Select Grant Types Tab
Check the password which is unchecked by default
Post request to *//oauth/token and it works
These are the exact steps I have taken in order to resolve this exact issue
Login with browser on desktop
At top right of UI, click click username, Settings
Scroll down to API Authorization Settings
Enter valid values in BOTH Default Audience, and Default Directory.
For example, for me I already had been using the Lock screen, and had already setup a Default Audience which I was setting in my client application and everything was working.
I also had already setup a Connections > Database, with the name of Username-Password-Authentication.
Here is a screenshot of it working after doing the above, using the postman collection , which at the time of writing, is contained here
https://app.getpostman.com/run-collection/2a9bc47495ab00cda178
which is referenced here
https://auth0.com/docs/api/authentication#code-samples
I am trying to create an MVC4 project that is going to read tweets using the streaming api. I am facing a challenge when im an trying to get an appId and appSecret. I am getting this error: "Error
The client application failed validation: Not a valid URL format
The client application failed validation: Not a valid URL format" when i am specifying my localhost address as my website and callback url. Please help.
This is how i am typing-in my URL http://localhost:50470/ still it does not work. I also tried this https://localhost:50470/
Thank you.
need to put in both the website and the callback URL the same domain value
Ex
Website:
http://127.0.0.1
Callback URL:
http://127.0.0.1/api