I'm trying to get my access token for my application, using this URL:
https://datamarket.accesscontrol.windows.net/v2/OAuth2-13?grant_type=client_credentials&client_id=//CLIENT ID//&client_secret=//CLIENT SECRET//=&scope=http://api.microsofttranslator.com
Obviously I replace //CLIENT ID// and //CLIENT SECRET// with my applications information.
I tried encoding the tokens with HtmlEncode in my application but got a 400 error. So I tried the request in my browser and this is the JSON response I got:
{
"error":"invalid_request",
"error_description":"ACS90007: Request method not allowed. \r\nTrace ID: 2144c829-f3fa-4ed8-80e6-40841e6a3f69\r\nTimestamp: 2012-06-27 01:11:27Z"
}
I don't know what I'm doing wrong, any help?
I believe when you are making the WebRequest call your parameter is set to use GET and this will cause error ACS90007. When making the WebRequest call please use POST along with application/x-www-form-urlencoded set Content-Type.
If you still have problem post your WebRquest code snippet and i will take a look.
It would be better if you can provide the code for AdmAuthentication. For now, please make sure you have correctly translated the code on http://msdn.microsoft.com/en-us/library/hh454950 to VB. Please also try to use Fiddler to monitor the request to ensure it is sending a POST request.
Best Regards,
Ming Xu.
Making my own client secret helped my cause
Related
I'm new to oauth2, but I have tried my best to learn it.
this should be just a simple first step into getting token.
so the situation is like this.
I have succeeded trying it with postman web, but postman desktop always failed (callback timeout or Esockettimeout).
what I did was only filling in the type oauth2, granttype = client_credentials, client id = client_id and client secret = client_secret.
I dont know why, I have tried to view the console and making sure all parameter is the same. I have tried to disable my firewall and antivirus, and disable proxy and ssl on postman desktop's setting but still the same.
so I tried with powershell and iwr. using this :
iwr 'https://thesite.com/token?grant_type=client_credentials' -Headers #{ 'Authorization' = 'Basic OAuthE='} -Method "POST"
of course "thesite.com" should be my site, and "OAuthE=" was the authorization base64 from clientid:clientsecret.
this was successful in getting token.
I did it just to prove that my router and firewall setup is ok that the request and the token should be able to pass through.
so I tried to translate this to .net with newest restsharp (108.0.3).
Dim client As RestClient
client = New RestClient("https://thesite.com/token")
client.Authenticator = New HttpBasicAuthenticator("clientid", "clientsecret")
Dim Request = New RestRequest(Method.POST)
Request.AddHeader("content-type", "application/x-www-form-urlencoded")
Request.AddParameter("grant_type", "client_credentials")
Dim response = client.Execute(Request)
MsgBox(response.Content)
with this, response.content always empty, and response.statuscode always 0.
I have tried many other ways like putting the client id and client secret in request.addheader or request.addparameter. I even tried the executeasync, like :
client.ExecuteAsync(Request, Sub(response)
Console.Write(response.Content)
End Sub)
but I'm not familiar with async, and have trouble getting it to not error. I want to get the response.content to a global variable to be use later, but I couldnt get it to not error, so the only way I can get it to run successfully only with console.write above, but it still return empty.
all the example or questions/answered about this seems to be simple only like that. But why mine always return empty ?
please help.
oh and please give me the answer and example in vb.net. All the other samples that I saw using c#, and I'm afraid that my trouble was because I translate it to vb.net wrong. And if can, I dont want to use async, only if it's really2 needed.
thx very much
ok.
this is just for future reference if somebody encounter the same problem
so I have tried all things that I found (even tried the certificate and protocol of tls12, etc), and almost gave up.
when at last, I tried to change the addparameter for grant-type to :
Request.AddQueryParameter("grant_type", "client_credentials", True)
at last I got the token after a week trying
could anyone tell me how to add request headers for subscription keys in SOAP request.
I am using NuSOAP toolkit for making SOAP calls. Setting keys for authorisation SOAP calls seems difficult for me. Unless I pass the subscription keys in request headers, I didn't get an access.
I tried:
$this->nusoap_client->setHeaders("<soapHeader xmlns='http://test.com/'>
<Ocp-Apim-Subscription-Key>***mykey***</Ocp-Apim-Subscription-Key>
</soapHeader>");
but it adding keys to the soap header instead of request header.
Then I tried :
header("Ocp-Apim-Subscription-Key: ***mykey***");
but still no hope, its added to the response header now.
I am using $this->nusoap_client->call() for making SOAP call, and the response getting is
{ "statusCode": 401, "message": "Access denied due to missing subscription key. Make sure to include subscription key when making requests to an API." }
thanks in advance.
Well, I found a solution myself. Don't know if it is the right way or not! Anyway I would like to post my solution here, it may find useful to someone.
I solved this issue by modifying the nusoap library class file. Modified function soap_transport_http to set headers as:
$this->setHeader('Ocp-Apim-Subscription-Key', '***myKey***');
May be it is not the right way to modify headers in SOAP request, but it works for me. Please put your answer if you find better solution.
I'm hitting the following endpoint
https://<my company>.onelogin.com/oidc/token
and sometimes I get the following error response and I'm not sure what it means.
{"error":"invalid_request","error_description":"client authentication must only be provided using one mechanism"}
I am sending the following fields as params:
grant_type=authorization_code
code=redacted
redirect_uri=redacted
client_id=redacted
client_secret=redacted
Can anyone shed some light on why this endpoint fails intermittently?
We have figured out what has been causing this "one mechanism" problem. We emailed OneLogin tech support team and received the following response:
As you can see in our documentation the placement of "client_secret" is dependent on your Token Endpoint Authentication Method setting. API Reference
If the Authentication Method = POST then "client_secret" is in the body.
If the Authentication Method = Basic then the "client_secret" is encoded and placed in the Authorization header.
Your application is currently sending this value in both Authorization Header and POST body. In the past this would not have been an issue but with the tightening to spec it will cause a 400 error for your application.
They will soon update their documentation, but for now, please use this guide to get rid of the "one mechanism" error in your application.
I have the following rest request that works:
And the following one that doesn't work:
And here is the the response from the bad message:
The bad response was run through PowerShell but it shouldn't matter as I can see everything that is getting sent in Fiddler.
Can anyone spot what I have done wrong in the bad request?
I read What HTTP status response code should I use if the request is missing a required parameter? but it did not specifically ask about headers and there didn't seem to be a consensus.
The context of this question assumes successful authentication. I'm currently favoring either a 400 (though that doesn't feel right because this isn't really a case of "malformed syntax") or 403. Given 403's description:
The server understood the request, but is refusing to fulfill it.
Authorization will not help and the request SHOULD NOT be repeated. If
the request method was not HEAD and the server wishes to make public
why the request has not been fulfilled, it SHOULD describe the reason
for the refusal in the entity.
This makes the most sense to me.
Can someone please enlighten me? Thanks.
400 Bad Request
It's a user error in the request. Unlike with a 403, the client should be allowed to repeat their request, but only after modification:
10.4.1 400 Bad Request The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.
Edit
As Mark Reed points out in the comments, a 403 says, "There is nothing wrong with what you sent me. You have proper authorization and the syntax was valid. I just don't want to do what you ask."
The part that you have in bold simply says, if the server so chooses, it can tell the client exactly why it doesn't want to fulfill the request.