I would like to create a new Trello Card when a new User signs up for our webapplication.
To do that I requested a "read,write" Token (lets name it "myToken" ) for my user and I have my application key (lets name it "myKey").
Because I could not find any PHP-Wrapper I first used Fiddler to test the HTTP-Post request. Specifically I tried the following:
HTTP-POST
URL:
http://api.trello.com/1/cards
Request-Headers:
User-Agent: Fiddler
Host: api.trello.com
Content-Length: 177
Request Body:
key=myKey&token=myToken&name=newCardName&desc=newCarddescription&idList=myListId
However this doesnt work. I get back an HTML-Code, that shows a website which tells the user to login! What am I doing wrong?
Thanks #Daniel LeCheminant.
I made two mistakes:
1.) I used http instead of https
2.) I put the variables in the request body. Even though it is a post request, trello expects the variables in the url itself
This solution works for me:
https://api.trello.com/1/cards?key=myKey&token=myToken&name=newCardName&desc=newCarddescription&idList=myListId
Related
Following this procedure:
https://learn.microsoft.com/en-us/graph/auth-v2-user
I'm trying to get a refresh token from this microsoft end point:
https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/authorize
Using PostAsync method from System.Net.Http.HttpClient class from nuget (asp.net core 2.2) library, I'm able to get a response back with this error: "AADSTS90102: 'redirect_uri' value must be a valid absolute Uri.":
I tried to set some redirect url in the Azure Portal including:
https://automation.legroupeti.com/Configurations/GetRefreshToken/
https://automation.legroupeti.com/Configurations/GetRefreshToken
https://automation.legroupeti.com/
https://automation.legroupeti.com
The post request is the following (Using PostAsync method from System.Net.Http.HttpClient class from nuget (asp.net core 2.2)):
Here are the configured redirect urls form the registred application in the Azure Portal:
I expect a valid response from the endpoint.
How do I configure the redirect_uri to be valid?
EDIT 1
I fixed the redirect_uri parameter.
From the screenshot, it appears that the URLEncoding is incorrect. The '/' character in the path should be encoded to %2F, while your code has %2. (After '.com' and before 'Configurations'.)
Also, have you considered the Authorization Provider from the SDK?
https://learn.microsoft.com/en-us/graph/sdks/choose-authentication-providers?tabs=CS#AuthCodeProvider
I was getting this error and for me the issue was that I was encoding the redirect_uri value in the post request to the /oauth2/v2.0/token endpoint. Notice how redirect_uri is not encoded in this request.
POST /{Tenant ID}/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
Cookie: {cookie}
Content-Length: 941
client_id={Application (client) ID}
&scope=https://graph.microsoft.com/mail.read
&redirect_uri=http://localhost/myapp/
&grant_type=authorization_code
&client_secret={secret}
&code={code}
I used the Postman sample provided by Microsoft to find the root cause.
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#request-an-access-token
You seem to be mixing the authorize and token endpoints.
If you want the user to authenticate, you have to redirect the user to that URL, not send a POST request to it.
After the user returns to your app, you need to exchange the authorisation code for tokens.
Documentation: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-web-app-call-api-overview
If you want a token just for your app without user authentication, you need to call the token endpoint.
Documentation: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-daemon-overview
I also faced the same problem:
AADSTS90102: 'redirect_uri' value must be a valid absolute Uri.
I tried few URL variants (with encoding, without, etc.) in Chrome, but was getting different exceptions about a wrong URL. Then I used the Safari browser and voila, I got a response code.
In the final result, I just copied the URL from the documentation, pasted tenant and client_id values from the registered application into the return_url parameter, and instead of the /myapp/ prefix I pasted %3A8080, where %3A it's the : symbol. The redirect_utl param has to be the same as URL in the registered application.
I maintain a private repository but want to make one file publicly available.
GitHub documentation states that the CURL command below can retrieve a file:
curl -u username:token https://api.github.com/user
But I would like to provide access through a URL. E.g.
https://username:token#raw.githubusercontent.com/me/repo/master/README.md
This always return a 404. Am I missing something?
From "How can I download a single raw file from a private github repo using the command line?", you wouldneed to use a PAT (Personnal Access Token) without the username:
curl -s https://$TOKEN#raw.githubusercontent.com/....
But I would not recommend making that token visible in any way: it would give access to that file and the rest of the repository.
Putting that file in a separate location (be it a separate public repository, or any other online text storage service) would be safer.
For those of you wondering the "why" on 404 vs 401, it's basically a security measure on GitHub's part to output 404 instead of 401: https://docs.github.com/en/github-ae#latest/rest/overview/other-authentication-methods#basic-authentication
For those wondering why we get a 404 in the browser while cURL gives us a success response, you might've assumed that providing the username and password in the URL like https://username:password#somesite.com would pass the credentials along in the initial request. That is not the case - the browser steps in and sees if the page you are requesting returns a WWW-Authenticate response header, and only then does it send your credentials. In the case of your GitHub url, the resource doesn't send back a WWW-Authenticate. If it did return WWW-Authenticate, then you obviously wouldn't run into this problem.
And then there's cURL. cURL assumes Basic Authentication by default and automatically sets the Authorization header to your username and password (either from the url like my previous example, or set through CLI options like in your example), and it sends it regardless of whether or not the server returns a WWW-Authenticate response header.
Unfortunately for us, there's no way to force the browser to send it with the initial request. As to why GitHub doesn't send a WWW-Authenticate response header, it's probably because they don't want to promote the least secure way of authentication - they no longer allow account passwords to be sent this way, after all. However, they do realize its ease of use and have mitigated some of its weaker points by allowing users to use oAuth access token, GitHub App installation access token, or Personal Access Token in its place that can limit its scope of access. So really, it's the browser that is following standards, and GitHub allowing a form of Basic Authentication with some alterations, and cURL immediately passing our credentials into the Authorization header. I believe the below is what's happening behind your requests:
cURL sends a request along with Authorization header → GitHub: "Well, I didn't ask, but yeah, your creds check out" → GitHub: Authorized and redirects to resource
Browser sends request and waits for WWW-Authenticate response before handing credentials → GitHub: "Umm, you don't have permission to access this resource but I can't let you know whether it actually exists") → GitHub: Returns 404 (instead of 401 with WWW-Authenticate header) stopping the browser short from receiving the WWW-Authenticate header response and sending out an Authorization header with the credentials on hand.
Referring to TopDesk's Login API,
I'm using PostMan to be authorized.
GET http://www.topdesk.com/api/login/person
Authorization: Basic <base64 encoded password removed>
However, I get 404 Not Found Error and Content-Type is html.
I was expecting it to be either:
200 - OK
401 - Unauthorized
500-Internal-Server-Error
in JSON format.
Any ideas?
Looking at the docs I don't think http://www.topdesk.com/ is the base URL for the API. I don't know what your specific API URL is.
Do you have a set up like the screen shots in this example, if so then the url will be available in that
A 404 code suggests the URL is wrong - http://topdesk-url/tas/api/login/person is the one in the API docs which is slightly different than the one you provided in the question.
The base path that you’re using and the /tas/ (this might be a username or account name etc) section is missing from your example request.
http://www.topdesk.com is not a real TOPdesk instance, it's just a website. A real TOPdesk instance's address looks like one of these:
mycompany.topdesk.net (if it is hosted in the cloud)
topdesk.mycompany.com (if it is hosted locally)
The reason why you got a 404 is because that url simply doesn't exist.
I am unable to obtain a LinkedIn Access Token. My setup is as follows:
I have setup an app on LI with this redirect URL http://localhost:5000/home
I request authorization from LI and get a response with the 'code'.
In under 10 seconds, I copy the code query param out of the URL bar and paste it into Postman.
In Postman, I have a setup as follows:
POST /oauth/v2/accessToken HTTP/1.1
Host: www.linkedin.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&
client_id=<client id>&
client_secret=<client secret>&
redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fhome&
code=AQSbUzcWwSk_3sqQfusRZWEa4tZqU_x4fSQKub9c3eoeCzZwNO2ZH8uAzJc-T0T40WRv6qNxNpCDxckEjuXHqb56ZhKQqReB5mDjm1kZrCrLlBBYhzyymF5oRzwNgObylJukUVQ_0OiSuE0W0RQ
I have made multiple attempts but in response, I get the following error.
{"error":"invalid_request","error_description":"Unable to retrieve access token: appid/redirect uri/code verifier does not match authorization code. Or authorization code expired. Or external member binding exists"}
We have a LI login deployment that suddenly stopped working and started returning this error. On simplifying the use case, I find that Postman does the same.
What gives? What am I doing wrong? This used to work!
GET /imfpush/v1/apps HTTP/1.1
Host: mobilefoundation-3b-mf-server.mybluemix.net
Authorization: Bearer eyJhbGciOiJSUzI1NiIsImp....
Content-Type: application/json
another type of invocation
curl -X GET -H "Authorization: Bearer eyJhbGciOiJSUzI1N...." "https://mobilefoundation-3b-mf-server.mybluemix.net/imfpush/v1/apps"
Error 502: Failed to make token request, reason: Unsuccessful request to Authorization Server, server responded with status code: 400 and body : {"errorCode":"invalid_client"}, check the Authorization URL: http://localhost:8080/mfp/api/az/v1/token
TL;DR: right now looks like there is a bug in the /imfpush/v1/apps endpoint where it does not filter the applications by the vendor (APNS, GCM, WNS), so you can only get a list of all applications instead...
Note however that it all depends on your end goal. You can accomplish this by code or by using tools such as curl or Postman, Swagger etc... it all depends on what you want to achieve.
Here are 3 ways:
In the local development server - not available in Mobile Foundation service on Bluemix, you can use this URL to see the REST endpoints exposed in Swagger. You can then view push-enabled applications with this one: http://localhost:9080/doc/?url=/imfpush/v1/swagger.json#!/Applications/getAllApplications
First, in MobileFirst Operations Console > Runtime Settings > Confidential clients:
Add (just an example, choose your own) a new user client (id: user, secret: user)
Add the apps.read and push.application.* scopes
Be sure to click on the knob and add the apps.read and push.applications.* scopes.
You will also be asked to authorize. Use the username and password for the user confidential client that you previously created.
Using the /imfpush service, as described below.
Using the mfpadmin service, as described below.
In my examples I will use Postman.
In MobileFirst Operations Console > Runtime Settings > Confidential clients:
Added (just an example, choose your own) a new user client (id: user, secret: user)
Added the apps.read and push.application.* scopes
Obtained an access token by making a POST request to http://localhost:9080/mfp/api/az/v1/token with:
Authorization tab:
Type: Basic Auth
user: user
password: user
Body tab:
x-www—form-urlencoded
grant_code: client_credentials
scope: apps.read push.application.*
Obtained the list of applications by making a GET request to http://localhost:9080/imfpush/v1/apps with:
Headers tab:
Authorization: Bearer the-access-token-from-step-2
To filter the list by platform, the URL should change to the following, like the example in the API documentation: http://localhost:9080/imfpush/v1/apps/?expand=true&filter=platform==A&offset=0&size=10 But since this does not work right now... use: http://localhost:9080/imfpush/v1/apps/
Of course, you need to change localhost to your server's host.
To only obtain a list of all applications, it'd be faster to use the mfpadmin service applications endpoint. Using Postman:
Created a new GET request to http://localhost:9080/mfpadmin/management-apis/2.0/runtimes/mfp/applications
You can change the domain to yours.
In the Authorization tab, I have set the following:
Type: Basic Auth
Username and Password: your username and password (to the console)
In return I have received a list of registered applications.