I tried to make a token joiner on discord with the requests library but not from any error but the tokens do not enter even if they are valid
Someone can help me thanks
On invalid tokens, Discord's API returns a 401 Unauthorized error. So that should be one sign to spot if a token has expired or is no longer valid due to other circumstances.
You should just be able to use a POST request to the URL https://discord.com/api/v9/invites/{invite}. Then the response from this request would be data about the server or a 401 Unauthorized error.
Related
I am completely stuck here.. the authorization works fine, but keep getting the following error when i initialize my POST request to exchange an oAuth code for a token. This is using Bubble.io and Discord's API.
I am trying to get access token from api https://api.amazon.com/auth/o2/token
POST /auth/o2/token HTTP/l.l
Host: api.amazon.com
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
grant_type=refresh_token
&refresh_token=Aztr|...
&client_id=foodev
&client_secret=Y76SDl2F
But after POST request I get 500 server error.
Is it because my app is in draft status? or I am missing something while making request?
If it because of draft status then when the status will get change? any thoughts on this.
Thank you for your help in advance.
The documentation is wrong. I was getting the same exact error and came across this comment on a github issue which mentioned that the data has to be passed into the body of the request, not as query string parameters. Sure enough, this worked for me and I was able to get an access token. So just to clarify: grant_type, refresh_token, client_id, and client_secret should be passed into the body of the POST request to https://api.amazon.com/auth/o2/token and NOT as query string parameters.
Draft status will not keep you from requesting and receiving the access token.
Here are a few things to check as not much can be derived from the example post request from the documentation:
Did you configure AWS IAM role / policy / user properly
Did you use the correct IAM ARN when registering the application
Are you using the correct LWA credentials (I am assuming you're not passing foodev and Y76SDl2F as those are example parameters)
Have you self authorized the application (are you using the refresh token generated
for the authorized application)
Are you 'assuming the role' before the token exchange -- this is a very important step
and is very different in comparison to how access was handled with MWS -- if
you have not, the server will reject the token exchange regardless if the refresh
token is correct. More on that here
This is a non-exhaustive list, just some common issues I have seen other developers have with getting the access token during development, if these don't work you'll need to work with support as they can see the requests hitting the token endpoint.
I'm developing website like classified ads with Django REST framework, react and redux. I have a question about authentication with JWT.
I want to use djangorestframework_simplejwt for authenticate and I've checked a few tutorial. I saw that many tutorial are checking access token on client side like below
export function isAccessTokenExpired(state) {
if (state.access && state.access.exp) {
return 1000 * state.access.exp - (new Date()).getTime() < 5000
}
return true
}
and refresh token as well.
But I don't know why. Because just request new access token with refresh token every time we got HTTP 401 Unauthorized error with expired access token.
The workflow that I thought is
Send server a request with access token to get page which only
authenticated user can see.
If access token is expired, frontend
will get HTTP 401 Unauthorized error.
Send server a request with
refresh token to get new access token, then frontend will store it
to localStorage.
Send a request again.
Is this bad way?
My apologies with my poor English...
You shouldnt be checking the JWT on the client side. A JWT is basically a token that the server has given you that is "assumed" valid. When you send the token back, the server will tell you if the token is not valid in the form of Http Status Code 401 - Unauthorized
In my application users login with Discord via OAuth and I save their token, expiration timestamp and refresh token to the session. Every token issued is good for 7 days. However a handful of users (maybe 2-5%) have been running into an issue where the token I have for them is not accepted by the Discord API and I see the following error:
GET https://discordapp.com/api/users/#me/guilds` resulted in a `401 UNAUTHORIZED` response:
{
"code": 0,
"message": "401: Unauthorized"
}
View docs for this endpoint in Discord's API.
My first assumption is that their token is expired, so to confirm that I added the expiration time to my application's logs and have confirmed tokens don't expire until around discord_token_expires_in 2018-01-28 05:12:37.
With 95% of my users not experiencing an issue, I'm confident this isn't an issue with how the token is being sent, because then it would fail for everyone. So I'm not sure what to look at next.
There are several causes for bearer tokens becoming invalid before the expiry timestamp, including:
The bearer token being replaced with a new by refreshing it
A new bearer token was granted
The token being revoked, either by you or the user
There may be other causes, but at any rate you should anticipate that some bearer tokens are invalid, and you will want to attempt to refresh the token and/or request new user consent.
I am using REST API get information from Salesforce to my PHP page. After a long time don't use on PHP page I take a error message "failed with status 401, response [{"message":"Session expired or invalid","errorCode":"INVALID_SESSION_ID"}], curl_error , curl_errno 0". Please help me how to recall Authentication on php to avoid session timeout? I want my Page is always connection to Salesforce. please tell me other suggestions to resolve it.
The session ID or OAuth token used has expired or is invalid. The response body contains the message and errorCode. - http://www.salesforce.com/us/developer/docs/api_rest/Content/errorcodes.htm
Just catch that 401 error and reauthenticate.
Or use the refreshToken when using Oauth. As documented here: http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com