I'm developing a youtube upload application and have some troubles with a specific part of authentication. ClientLogin so far, works and uploads are received by Youtube. However I have to redirect my users logged in to the Youtube-Frontpage. I've noticed that there's a possibility to login to gmail via a url: accounts.google.com/TokenAuth?auth=....
This should be possible in the exact same way for youtube. A login at "gmail" will include the cookies I'd need for youtube login.
However, I'm not getting it to work. Which auth token do I have to use? I tried many, the one provided in the clientlogin response. I queried www.google.com/accounts/IssueAuthToken url (which gives me a token back, but I cannot login with it).
For example what I've tried:
https://accounts.google.com/TokenAuth?auth=token-received-by-issueAuthToken&service=youtube&continue=http://youtube.com&source=googletalk
And:
https://accounts.google.com/TokenAuth?auth=token-received-by-issueAuthToken&service=mail&continue=http://mail.google.com/mail&source=googletalk
None of these seem to work. The Clientlogin authentication was done with "service=youtube" - is that the mistake?
I'd appreciate any information that can clarifiy my problem.
Regards,
Dennis Fischer
So - well - I got this working finally. It took me some time because there is no real documentation.
I'll explain how the requests work, you'll need to do 3 requests:
1st: Do a default clientLogin at google.com/accounts/ClientLogin
Provide Email=emailadress&Passwd=Password&service=gaia as data, as well as any other parameter you want to add to clientLogin.
You'll receive 3 Tokens, SID, LSID and Auth - you'll need SID and LSID only!
2nd: Do a request to google.com/accounts/IssueAuthToken
Add paramters SID="Extracted SID"&LSID="Extracted LSID"&service=gaia to the URL.
You'll receive an AuthToken which should start with these characters: "APh-...."
If this is not the case your this request failed due to wrong parameters (most likely missing "service=gaia").
This token will be needed in your 3rd request.
3rd: Do a request to google.com/accounts/TokenAuth?auth="token received in step 2"&service="service where you want to authenticate, e.g. mail"&source="for example googletalk"&continue="the url where you're redirected to, this is http://mail.google.com/mail for service mail"
This 3rd request is most likely done in a browser.
Congratulations, you logged in a user into his google account with 2-Step Auth. You don't need the "real password", the application specific password is enough to generate these tokens.
Regards,
Dennis Fischer
Related
I am trying to send the Single Tweet GET request from Twitter API v2 collection. I used the OAuth2 Authorization Type.
When I click on Get New Access Token, after providing the Configuration Options I get the following window
But when I click on Back, I am logged in to my Twitter account.
Meanwhile, my Get New Access Token window is still waiting to receive a response.
Has anybody encountered this before?
I've tried using Bearer Token instead and it works without a problem.
I also tried logging out and logging back in from the Twitter login but still did not authenticate successfully.
For me, it's because I used localhost in my callback URL.
Don’t use localhost as a callback URL
Instead of using localhost, please use a custom host locally or http(s)://127.0.0.1
ref: https://developer.twitter.com/en/docs/apps/callback-urls
My Problem is solved Now, This issue was caused Because I have not added the Callback URL in the postman that I have added in the Twitter developer account project.
And Second main reason for that because I did not add the accurate scopes tweet.
I am trying to make a post call in Exact Online REST API. I'm trying to create a SalesInvoiceLine. I can perfectly do a GET call via my browser. I am logged in in Exact Online so I don't need authentication since this should be passed via a cookie. I tried POST via a browser. The browser prompts me to login, when I do nothing happens. I've also tried this in Postman:
I am 100% certain these initials are correct, I can login with them in Exact Online. What am I doing wrong?
If this is not the way, how can I post data to Exact Online? There are not that many concrete examples to find online.
You can't log on to the Exact Online REST API with Basic authentication, the mode you are using now.
The web service uses OAuth as authentication mechanism, meaning you have to acquire a token first. The steps to do so are outlined in the official documentation.
It will need some work on your end to register an app, get the flow up and running. Depending on your business needs, you might be helped with one of the apps for Exact Online by the company I work for.
You need to retrieve the CurrentDivision through GET Request https://{Base Uri}/api/v1/current/Me only from OAuth then you need to assign
CurrentDivision to whatever may be the API call .../api/v1/{CurrentDivision}/../....
Without authorization by Auth 2.0, neither is impossible.
To authorize the ExactOnline API calls you have to do the following:
Register the app in the developer portal. Bear in mind that you have to do a separate registration for French, UK or Dutch version of ExactOnline (this is indeed a pain).
In case you want your application to be used by other accounts than yours, you have to submit the app for validation, this usually takes 2-3 weeks.
EO uses standard OAuth 2.0 schema (very similar to what Google is using with their services). You have to use endpoint GET /api/oauth2/auth for building an authorization link and endpoint POST /api/oauth2/token for obtaining both access and refresh tokens.
Please bear in mind that many Auth 2.0 services are proving long-lasting refresh token. This is not the case of EO. The refresh token is invalidated every time when the access token is requested (endpoint POST /api/oauth2/token). With access token new refresh token is supplied, so make sure you update you refresh token as well.
The access token is placed in HTTP header as "Authorization: Bearer {{ACCESS_TOKEN}}"
In case you want to automate the EO API calls and do not want to code anything on your own, you can try one of the pre-build Exact Online API connectors, created by the company I work for.
I'm having trouble with Adobe Sign's OAuth authentication -- every time I try to get my access token with my Client ID and redirect URI, I get this message:
Unable to authorize access because the client configuration is invalid: invalid_request
This is the request that I have been making (with the proper substitution for REDIRECT and CLIENTID):
https://secure.echosign.com/public/oauth? redirect_uri=REDIRECT& response_type=code& client_id=CLIENTID& scope=user_login:self+agreement_send:account
I am fairly new to OAuth and don't understand what I'm doing wrong. Could someone please explain the issues that could result in this error message?
I was having the same problem. I solved it by including the correct shard in the URL after "secure." and before ".echosign". You identify your shard by looking at the URL where you created your application.
I found this information here.
Hope this helps.
Is OK to have spaces in that https request?
If you still have a problems with this.
I think your URL is not correct.
I using this one
https://secure.na2.echosign.com/public/embeddedWidget
for adobe widget.
Adobe require same url for OAuth
https://secure.na2.echosign.com/public/oauth
Check your domain, and try. You can create widget just to see your domain
This comment might get helpful for others who are facing issue in Adobe Sign access token invalid_request.
Developer Guide on Sign API: https://opensource.adobe.com/acrobat-sign/developer_guide/index.html
For the Outh process and the link to be used in user's browser:
https://secure.na1.adobesign.com/public/oauth/v2?redirect_uri=https://www.google.co.in&response_type=code&client_id=paste_your_client_id_here&scope=user_read:account
If any one using sandbox,
https://secure.na1.adobesignsandbox.com//public/oauth/v2?redirect_uri=https://www.google.co.in&response_type=code&client_id=paste_your_client_id_here&scope=user_read:account
Please ensure the correct environment identifier and shard. https://helpx.adobe.com/sign/using/identify-account-shard.html
https://helpx.adobe.com/sign/kb/unable-to-authorize-access-because-the-client-configuration-is-invalid-invalid-request-while-running-oauth-process.html
After pasting URL in browser and allowing the access to your API and getting code. Please use endpoint URL to get access token as below:
for developer account: https://api.na1.adobesign.com/oauth/v2/token
for sandbox account: https://api.na1.adobesignsandbox.com/oauth/v2/token
I have an issue with generating a sandbox auth token, I get redirected the following link:
https://signin.ebay.com/ws/eBayISAPI.dll?ThirdPartyAuthSucessFailure&ebaytkn=&tknexp=1970-01-01+00%3A00%3A00&username=testuser_jdawg)
once the request grant the application permission.
Which states the following message:
Thank YouHelp
Authorization cancelled
It's now safe to close the browser window/tab.
Has anyone else had this issue?
The ebay URL redirect after authentication is somewhat broken.
The default URL redirects are:
On Success: https://signin.ebay.com/ws/eBayISAPI.dll?ThirdPartyAuthSucessFailure&isAuthSuccessful=true
On Failure: https://signin.ebay.com/ws/eBayISAPI.dll?ThirdPartyAuthSucessFailure&isAuthSuccessful=false
You can also define your own URLs on the Auth tokens for eBay page of the developer site.
The problem is that ebay truncates any url you enter at the first ampersand (&) encountered. This breaks their own accept URL which ends with &isAuthSuccessful=true
To fix this all you have to do is encode the ampersand as %26. So you need to change their URLs to:
On Success: https://signin.ebay.com/ws/eBayISAPI.dll?ThirdPartyAuthSucessFailure%26isAuthSuccessful=true
On Failure: https://signin.ebay.com/ws/eBayISAPI.dll?ThirdPartyAuthSucessFailure%26isAuthSuccessful=false
Edit: As you noted, this does not affect whether or not the authorization is actually successful or not, just the message that the user sees. You can also apply this solution to your own URLs too if you don't want to use theirs.
I would like to develop a desktop application.
Sadly I got stuck at login. I want to use a web view which be SoundClound login end point.
https://soundcloud.com/connect?client_id=my_client_id&response_type=token_and_code&scope=non-expiring
Using the above I received error : "invalid_client: The configured redirect_uri of the client application is invalid."
Would be nice if API would tell you which parameters are required and which are optional. As I read about OAuth 2.0, redirect uri is optional. This caused me confusion when received this error. I also tried curl version, same kind of error.
If I tried to add a random redirect_uri won't pass either. (I'm aware this is about security.)
I found this answer, but I doesn't work and I think is error-prone: it requires 2 text fields and you're asking the user to provide their credentials (then you're able to do what you want with them...)
Soundcloud API authentication without a web browser
I would like to do the flow this way:
Open a web view with SoundCloud login end point.
User is providing his credentials to SoundCloud Server.
SoundCloud Server is sending me a token.
Something similar to OAuth 1.0.
Is possible or is there something similar to achieve my goal?
After another few hours of research and keep trying to login I figured it out.
It works with redirect_uri after I did the setup for it on page "Your apps" on SoundCloud.