I am completely stuck here.. the authorization works fine, but keep getting the following error when i initialize my POST request to exchange an oAuth code for a token. This is using Bubble.io and Discord's API.
Related
I tried to make a token joiner on discord with the requests library but not from any error but the tokens do not enter even if they are valid
Someone can help me thanks
On invalid tokens, Discord's API returns a 401 Unauthorized error. So that should be one sign to spot if a token has expired or is no longer valid due to other circumstances.
You should just be able to use a POST request to the URL https://discord.com/api/v9/invites/{invite}. Then the response from this request would be data about the server or a 401 Unauthorized error.
I'm trying to register an application in Azure AD using Graph API with an oauth token obtained with the Authorization Code grant type. I can do it with Client Credentials, but not with Authorization Code. With the latter I can list applications, but not create them.
Here's the permissions I've set in the application:
And here's what I set in postman to get the token:
I get the token just fine and I can list the applications, but when I try to create a new one through the endpoint 'POST https://graph.microsoft.com/v1.0/applications' I get the following response:
Anyone knows why this is happening? Thanks!
According to the last screenshot you provided, it seems the process stopped at login page(the response body is the html of login page) when do authorization code flow.
I test it in my side(also in postman) but it works fine, below is my configuration in postman for your reference:
Although I didn't reproduce your problem in my test, but I can provide you some information about authorization code backend request to know what does the response in your postman mean.
When we do authorization code flow(not in postman) to get access token, there are two steps. First we need to request the url https://login.microsoftonline.com/{tenantId or commone}/oauth2/authorize?resource=https://graph.microsoft.com&client_id={clientId}&response_type=code&redirect_uri=https://hurytest&response_mode=query in your browser like below screenshot.
We can find the content in the red box in screenshot above is same to the response you get in postman. So I think the process stopped here(which is the first step of authorization code flow).
Second step, we need to input username and password into the login page. It will redirect to another page like below screenshot.
Copy the code after code= in the above screenshot and then use the code in below request to get access token.
In a word, I didn't reproduce your problem in my postman. But the backend request in your postman may stopped in the first step(login page) of authorization code flow which I mentioned above. So please check if you configured correct in postman. If still doesn't work, you can do authorization code flow by the two steps I provided to get the access token.
Background
I have a simple NodeJS server hosted on localhost/Heroku which handles JWT authentication for adding data to the registered user amongst other (unrelated) things.
Here's the GitHub: https://github.com/mlee93dev/pw-keychain-server
I also have a simple Angular2 client on localhost/Heroku for this server:
https://github.com/mlee93dev/pw-keychain-app
Currently, I have my JWT access tokens configured to last only 5 seconds in my server for development purposes.
I have my CORS stuff configured to the best of my knowledge as shown below in server.js:
CORS configuration pic
The Problem
On Postman I test the POST request and I get the expected response - a JWT expiration error:
Postman POST pic
However I don't get the same response on my client - rather, I get a 'JWT must be provided' error:
Client POST pic
As you can see in the pic above, I know I'm actually attaching a token as I console.log it. Here's a pic of the code:
Client POST code pic
So what's confusing me more is that my DELETE request (for logging out) also implements the same x-auth token to request code, and it works in both Postman + client, as seen here:
DELETE error response
DELETE code
So yeah, I'm pretty confused. My guess is I have to configure my CORS some more to allow x-auth header on POST requests specifically somehow? Even though I think it should do that already with my current configuration.
You are providing the body in post request instead of headers.
Angular POST request
So in your post request just do the following
this.http.post(yoururl, {},{headers:new Headers({'x-auth':token})})...
And it should work.
So in my google cloud project I generated a Web Client ID, and follow the steps in
https://developers.google.com/adwords/api/docs/guides/oauth_playground
to get the authentication token.
In my #endpoints.api(allowed_client_ids=) I've put the client id inside it. Then in OAuth2 playground I sent a http request using the authentication token which I have acquired (e.g: Bearer ya29.bwL-f-hz-wcxFq_i-IlEQaJDiinwIP7ad7CaZoRkJRdGrsxxs4Wc9ZeNOgVlhD69zOQk) to the API.
But the problem is, it did not recognize the token, and said it is an invalid token. To compare with, I put endpoints.API_EXPLORER_CLIENT_ID together inside the allowed_clients_ids=, and when I tested it using API Explorer it just works. So am I doing something wrong?
You have specify your own client id and client secret. see this
screenshot
I'm using OAuth2.0 User-Agent Authentication flow to get the access & refresh tokens so that I can use the Foce.com REST API over remote access. Now, the problem is that I'm able to authorize successfully and recieve the tokens, but while using those tokens just after authorizing my client application, I'm recieving a java.net.ConnectException: Connection refused error.
Following Steps I'm doing
Redirecting to
https://login.salesforce.com/services/oauth2/authorize?response_type=token&client_id={my_client_id}&redirect_uri={my_redirect_uri}&state=myState
Authorizing the app in salesforce and then receiving back the access token and refresh tokens in the hash of the redirect_uri as
{my_redirect_uri}#access_token={my_access_token}&refresh_token={my_refresh_token}&instance_url=https%3A%2F%2Fap1.salesforce.com&id=https%3A%2F%2Flogin.salesforce.com%2Fid%2F00D90000000gscOEAQ%2F00590000000sdtJAAQ&issued_at=1351151192815&signature={my_signature_value}&state=myState
&scope=id+api+refresh_token
Now I'm using the REST API using the same access token by doing a POST to
https://ap1.salesforce.com/services/data/v20.0/sobjects/Lead/
with request headers:
Content-Type: application/json
Authorization: OAuth {my_access_token}
I have not escaped the access token while sending the post as it needs to be done when using CURL. Is that needed when using HttpClient Java API also?
The response that I'm getting is "java.net.ConnectException: Connection refused error."
Can someone please let me know what I'm doing wrong or how I can debug it further ?? Is there any way to see whats happening at Salesforce end? Some logs may be ?
I'm getting the exact same connection refused error if I try OAuth Refresh Token Process also.
Sorry for the noise.
I was getting "invalid_grant" with "expired access/refresh token" while validating the customer secret using the Refresh Token Procedure but since it was secured transmission so all I was getting in Java was "Connection Refused" with no detailed error message.
I got to know the detailed error by Setting up SSL Proxy in Charles as described here. After that I was able to see the request parameters and response send to https://ap1.salesforce.com which was earlier not readable.