From my google chrome browser I enter:
https://stream.twitter.com/1.1/statuses/filter.json?track=canucks
I get a window "Authentication Required". I have set up a Developer app in my twitter account. I enter my twitter User Name and my Password, and press Log In, but it keeps giving me the same Authentication Window. Any ideas what the problem could be?
In the Authentication Required window I see the text:
"The server https://stream.twitter.com:443 requires a username and password. The server says: Firehose."
The problem is that authorization with header info is needed. It is more complicated than the simple URL above. It is best done by writing some code with the authorization header needed, along with the above URL.
Related
So I currently have all my requests set up in postman and to be able to make the request to my api I first need to go to the Authorization tab and click "Get Access Token" then a new window appears showing the log in screen from the Identity Server where I can enter the correct username and password to obtain the access token.
I am now wanting to use Postman to test my api however when the access token expires the tests of course fail.
What I want to know is the best way to approach setting up a script that could run the authorization before that request/tests are run.
I can see lots of examples if you only use ClientId and Secret however our Identity Server also requires the user to log in with username and password as that information is needed so that the Identity Info can be included in the returned token as the api called in the request uses this to determine which user to return data for.
Really hitting a brick wall here as I cannot see a way to automate the identity login.
How do others deal with running automated tests against an api protected with IdentityServer login?
You would have to mimic the set of requests and responses that would normally go through the browser. For example, you first make an authorization request. The server responds with a 302 to a login page. You can grab the location header and call the login page. Then you would post the username and password to the login form's action, etc.
You can have a look at this example: https://github.com/curityio/token-handler-node-express/blob/master/test/login.sh this is a set of curl commands which perform such login to an instance of the Curity Identity Server.
You should be able to script it as a series of requests in Postman.
We have a code that logins to Sharepoint Online using :
https://login.microsoftonline.com/extSTS.srf or https://login.microsoftonline.com/RST2.srf, but recently we starting to get authentication failed saying that "Incorrect Username or Password" and after some retries it returns:
"0x80048823 message : AADSTS70002: Error validating credentials. AADSTS50053: You've tried to sign in too many times with an incorrect user ID or password."
While using same username and password to login in the browser works fine, and neither password or username were changed, also code didn't changed. As same code works fine for another Sharepoint tenants. Seems that something changed in the Microsoft login servers, where it's started to not accept user credentials, while web browser login works fine.
Please advise.
Thanks
Microsoft Rep has helped me get this far.
They had us create a "Cloud Only" user. This user was setup as "#" so if your name is bill and your corporate sharepoint site is name is FakeCompany.sharepoint.com then you would have the person as "bill#FakeCompany.onmicrosoft.com"
This user was able to login to https://login.microsoftonline.com/extSTS.srf by just passing username and password.
Our on prem AD users are still having issues, i mentioned this and got the following response.
There is no issue with sync as you are able to login to portal using the same account and password.
The solution you need is documented in https://learn.microsoft.com/en-gb/azure/active-directory/manage-apps/configure-authentication-for-federated-users-portal#enable-direct-authentication-for-legacy-applications
You need to create a home realm discovery (HRD) policy where "AllowCloudPasswordValidation":true.
We have not yet implemented the last solution but the creating of a cloud account may help some of you.
So I think I understand what they are trying to say. There are 2 paths that you are able to authenticate with according to the node-sp-auth example.
"Managed" and "Federated"
"Managed" was the easier version and allowed for you to be able to just provide username and credentials in a soap assertion to login.
Federated is a lot more complicated. You need to first perform a post to Microsoft to validate the user hitting your adfs server. https://adfs.XXXXXXX.com/adfs/services/trust/13/usernamemixed
Then you take the saml:Assertion from that response and put it into the "Token" section of the call you make to https://login.microsoftonline.com/extSTS.srf utilizing the templates from the node-sp-auth.
I have C# code that performs all these steps but I am getting an error
AADSTS70002: Error validating credentials. AADSTS50008: SAML token is invalid. AADSTS50006: Invalid signature. Signature verification failed.
Even though the signature is being generated by Microsoft in their SAML.
node-sp-auth code refrence is OnlineUserCredential.ts file.
If someone can figure out the last mile I can post a comprehensive C# solution.
First, I'd like to mention that problems like this had been discussed before in the topics like:
How to authenticate user with just a Google account on Actions on Google?
But I could not find any information at all related to ways of linking Google Assistant app with my own web server.
Problem:
GET https://oauth-redirect.googleusercontent.com/r/my-google-assistant-app#access_token=ACCESS_TOKEN&token_type=bearer&state=STATE always returns "Account field to link" error
A Way to Reproduce:
I created a new project in Actions on Google Console
I built an application using Dialogflow
I created a Heroku Web Server as my webhook (ex: webhook.herokuapp.com)
So everything worked just fine. I've successfully connected my Google Assistant app with my webhook.
But then I decided to send requests to my another one Heroku Web Server (ex: webserver.herokuapp.com) which needs a user to be logged in. So I decided to implement account linking of my Google Assistant app with webserver.herokuapp.com
I implemented Google-OAuth2 authorization at webserver.herokuapp.com. Also I want to mention that I used Client ID and Client Secret of my Google Assistant App
So, Google Authorization worked perfectly at my webserver.herokuapp.com
Then I enabled account linking settings for my Google Assistant app with Implicit Flow
So, that's it!
Epilogue
I open Google Assistant, tell it "Talk to my test app", then it greets me and offers me to link accounts. I say "yes".
Then I see how Google Assistant requests my login URL at webserver.herokuapp.com. Then I enter my Google email and password. As a result I logged in at my webserver! Then my webserver makes a redirection to:
https://oauth-redirect.googleusercontent.com/r/my-google-assistant-app#access_token=ACCESS_TOKEN&token_type=bearer&state=STATE
And I get the error I've described at the top of my post.
Any help would be appreciated
UPDATE with parameter information
These are my constants:
Google Assistant Project_ID = nodejs-sdk-local-test
Google Assistant Client_ID = 1067979601708-ldr3ga115es3fdo823slfnj46gjoes66.apps.googleusercontent.com
state = manually_set_state_value
The flow is I open my Google Assistant and say "Ok Google, talk to my test app", it answers my request and then I say something like "do some action which need authorization". Google Assistant app offers me to link an account and I say "Yes".
This is where Google Assistant app makes a call to my https://webserver.herokuapp.com/google-oauth2 endpoint. A purpose of this endpoint is to redirect me to the Google Login Page.
Now I'm being redirected to the Google Login Page (everything seems to be correct. client_id and state parameters are similar to the constants). This is the example of an URL where I am being redirected to: https://accounts.google.com/o/oauth2/auth?client_id=1067979601708-ldr3ga115es3fdo823slfnj46gjoes66.apps.googleusercontent.com&redirect_uri=http://webserver.herokuapp.com/complete/google-oauth2/&state=manually_set_state_value&response_type=code&scope=openid+email+profile
At the Google Login Page I enter my credentials and then I'm being redirected to the redirect_uri=http://webserver.herokuapp.com/complete/google-oauth2 endpoint. A purpose of this endpoint is to register or login me at webserver.herokuapp.com and then redirect me to another Google URL. An example of the Google URL: https://oauth-redirect.googleusercontent.com/r/nodejs-sdk-local-test#access_token=<token_omitted>&token_type=bearer&state=manually_set_state_value
So it seems that everything is correct. I logged in to my webserver.herokuapp.com, got an access token. Also project_id and state parameter in the last Google URL are similar to constants. Anyway, this Google URL returns me an error "Accounts failed to link"!
The most common cause of this is that you're not passing back the same value for state that was sent to you when Google redirected to your site. Make sure this is the same value and, for your security, make sure you validate the other parameters that are sent to you as well.
When the user is redirected to https://webserver.herokuapp.com/google-oauth2, there should be some parameters sent as part of the query. Those parameters include a state parameter. It should look something like this:
https://myservice.example.com/auth?client_id=GOOGLE_CLIENT_ID&redirect_uri=REDIRECT_URI&state=STATE_STRING&response_type=token
Note that while the client_id and redirect_uri are values that you should expect and test for, the state value is not one that you would have set. Google generates a different one every time. This is the state that you should be using later when you redirect to
https://oauth-redirect.googleusercontent.com/r/nodejs-sdk-local-test#access_token=<token_omitted>&token_type=bearer&state=STATE_STRING
I would like to develop a desktop application.
Sadly I got stuck at login. I want to use a web view which be SoundClound login end point.
https://soundcloud.com/connect?client_id=my_client_id&response_type=token_and_code&scope=non-expiring
Using the above I received error : "invalid_client: The configured redirect_uri of the client application is invalid."
Would be nice if API would tell you which parameters are required and which are optional. As I read about OAuth 2.0, redirect uri is optional. This caused me confusion when received this error. I also tried curl version, same kind of error.
If I tried to add a random redirect_uri won't pass either. (I'm aware this is about security.)
I found this answer, but I doesn't work and I think is error-prone: it requires 2 text fields and you're asking the user to provide their credentials (then you're able to do what you want with them...)
Soundcloud API authentication without a web browser
I would like to do the flow this way:
Open a web view with SoundCloud login end point.
User is providing his credentials to SoundCloud Server.
SoundCloud Server is sending me a token.
Something similar to OAuth 1.0.
Is possible or is there something similar to achieve my goal?
After another few hours of research and keep trying to login I figured it out.
It works with redirect_uri after I did the setup for it on page "Your apps" on SoundCloud.
I'm using this as a reference:
https://code.google.com/p/google-api-javascript-client/wiki/Authentication
I'm trying to authenticate a user and then fetch his/her google_id after auth.
I have a button called "login with google" and when the user clicks on it, it launches a popup that asks if he/she wants to give authorization to the app. After that
it throws an error saying "bad request" and "400 not found" when it tries to do a GET on this
https://www.googleapis.com/discovery/v1/apis/plus/v1//**/*** 400 (Bad Request)
I'm using the same code as described in the above mentioned api.
I also crosschecked the api key and client id, but everything seems fine.
Any help on this?
Your best bet is to move to Google+ Sign-In. It uses the same JS client but does a lot of the hard work for you.