Here's the API error:
DiscordAPIError
at RequestHandler.execute (/rbd/pnpm-volume/04d08e99-6e35-44ec-9f4c-98cf4b966f51/node_modules/.registry.npmjs.org/discord.js/12.2.0/node_modules/discord.js/src/rest/RequestHandler.js:170:25)
at processTicksAndRejections (internal/process/task_queues.js:88:5) {
name: 'DiscordAPIError',
message: '',
method: 'get',
path: '/gateway/bot',
code: undefined,
httpStatus: 403
}
I have no idea what any of this means or what I need to fix, it was working fine before, I didn't change any of the code :c
Since the error included the method 'GET', we know there was likely a failure requesting data from some part of the Discord API.
In the Discord API Docs, the following is stated:
403 responses are avoided by inspecting role or channel permissions and by not making requests that are restricted by such permissions
Your client may be attempting to do something that they don't have access to, e.g editing a role above their highest role, renaming a channel without sufficient guild permissions, etc.
Look through your code and see if you can find what's making it do that.
Related
I am trying to send and receive messages to/from SFB (Skype for business) through UCWA web apis but facing access denied issue.
1) I created Azure AD application.
2) I am able to login successfully and fetching access token and refresh token.
3) But when i try to auto-discover with the above access token, it is giving 403 access denied error. Please see the request in the code below.
Is it because of SFB deprecation or something else? Please help.
let options = {
method: 'GET',
url: 'https://webdirin1.online.lync.com/Autodiscover/Autodiscoverservice.svc/root/oauth/user',
headers:
{
accept: 'application/json',
'x-requested-with': 'XMLHttpRequest',
'access-control-allow-origin':'*',
cors:true,
'Access-Control-Allow-Origin':'*',
'x-ms-diagnostic': `PNQIN100EDG08.infra.lync.com`,
'x-ms-origin': `MAAIN100EDG03.infra.lync.com`,
authorization: `Bearer ${users[0].access_token}`
}
};
In general, 403 means you have provided the wrong access token.
Please refer to Requesting an access token using implicit grant flow.
Note: It seems that the request in the official example is incomplete, you can refer to mine:
https://login.microsoftonline.com/{Tenant ID}/oauth2/authorize?response_type=id_token+token&client_id={Client ID}&redirect_uri={Reply URL}&state=8f0f4eff-360f-4c50-acf0-99cf8174a58b&resource=https://webdirXX.online.lync.com&nonce=12434152345
Modify the above string based on your need and put it directly into the browser for access and log in with your admin account. The access token will be included in the string returned in the address bar.
At last, you could use the access token to call
Get https://webdirXX.online.lync.com/Autodiscover/AutodiscoverService.svc/root/oauth/user.
Are there any CORS issues?
check in the response header if you see something like : "Service does not allow a cross domain request from this origin."
Refer: https://ucwa.skype.com/documentation/itadmin-configuration
I am trying to connect my React app to the Jira Cloud API and can't seem to get past a 403 error.
My code currently does a Auth dance using OAuth 2.0 and returns the token and cloudid. I can use this to GET issues, however POST request (like creating an issue) return with 403. I have found here that this error is returned if the user does not have the necessary permission to access the resource or run the method.
I have ensured the user has the correct scope ([write: jira-work, read: jira-work]) and verified this is reflected in the user account (in their account > connect apps tab).
My app is not linked (via ApplicationLink) or installed (via Apps, Manage Apps), is this necessary to perform POST requests?
Here is a sample of my code:
fetch(`https://api.atlassian.com/ex/jira/${jira.cloudid}/rest/api/2/issue/`, {
method: "POST",
headers: {
"Content-Type": 'application/json',
"Authorization": `Bearer ${jira.token}`
},
body: JSON.stringify(data)
})
.then(...)
Neither api version 2 or 3 are working for this POST request. I have explored using Basic Auth however this fails due to CORS errors.
I have verified that the POST request does work in POSTMAN (using the cloudid and token).
---------------------------------------------------------------------------------------------------------------------------
UPDATE
After talking to Atlassian Staff, there is an issue within their API security:
"By trying the same thing you mentioned I think I found what the problem is. Your request likely fails with a ‘XSRF check failed’ in the browser.
I’ve already talked to one of our security engineers and we quickly dived into the implementation code to confirm why this not working and what would need to be changed on our side. We’ve also already opened a engineering ticket to get this addressed. This will likely take a few weeks to get addressed, but I’ll keep you posted if I hear any updates!"
The XSRF check failed was the main error for my 403 response. I'll post any updates I receive and answer the question when a resolution is found.
This has apparently been resolved. Follow the discussion here: https://community.developer.atlassian.com/t/jira-cloud-rest-api-oauth-2-0-error-403-on-post-requests/25621/4
I am trying to reset another user's password through the Graph API (specifically graph.windows.net, though the same behavior occurs using graph.microsoft.com as well).
I believe all security is properly set up. The application registration has the Directory.ReadWrite.All permissions and the service principal is a Global Administrator. There are no errors regarding insufficient privileges, but whenever I try to provide a password inside the password profile I get an error.
PATCH request to
https://graph.windows.net/{tenant_id}/users/{userPrincipalName}?api-version=1.6
with the following body gives me a 204 response.
{
"passwordProfile": {
"password": null,
"forceChangePasswordNextSignIn": true
}
}
But the same request with a password of "P#ssword1" or any other valid password returns a 400 Bad Request with the message "One or more properties contains invalid values."
Anyone encountered anything like this? These are accounts being synced from local AD but the password reset has been turned on in Azure and you can manually reset the passwords in AAD. Any help or advice is much appreciated.
It turns out this was a problem with how AD sync is set up in their environment. Apparently a federated domain syncing to Azure AD locks out the ability to reset passwords via the Graph API but the error messages don't tell you its a permissions issue.
It's outline here under unsupported operations, my problem was not understanding the full AD environment set-up: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-sspr-writeback
According to your description, I assume you want update user's password through the Graph API.
According to this document, when we update the passwordProfile property, the following permission is required: Directory.AccessAsUser.All.
Based on my test, we can modify someone's password by using the following steps:
Grant the permission by following this document.
Check the password in the profile whether satisfy minimum requirements as specified by the passwordPolicies property.
Use the following request to update someone's password.
The Request URL:
PATCH /users/{id | userPrincipalName}
And the request body:
{
"passwordProfile": {
"forceChangePasswordNextSignIn": true,
"password": "P#assword1"
}
}
If successful, this request returns a 204 No Content response code.
You're calling the wrong URL, graph.windows.net is the legacy Azure AD Graph API. The Microsoft Graph APIs are located at graph.microsoft.com. While these APIs are similar in function, they're calling paterns are very different.
As kikang mentioned, in order to change a user's password you need need to request the Directory.AccessAsUser.All scope. There are a few important cavetes with this scope:
This is a Delegated scope, so it can only be requested when using Authorization Code or Implicit OAuth flows. It cannot be used with Client Credentials.
Before a User can consent to Director.AccessAsUser.All, you must first obtain Admin Consent from an Admin on the user's AAD tenant/instance.
Once you have the proper scopes consented, you need to issue a PATCH to the /user resource.
Your call will look similar to this:
PATCH https://graph.microsoft.com/v1.0/me
Content-type: application/json
{
"passwordProfile": {
"forceChangePasswordNextSignIn": true,
"password": "A-Strong-Password"
}
}
I call a dahua API for preset response in angular js but it gives me a 401 Unauthorised error.
My code is below :
var streamurl='http://admin:123456#192.168.1.202/cgi-bin/ptz.cgi?action=start&channel=0&code=PositionABS&arg1=180&arg2=190&arg3=10';
$http.get(streamurl, { withCredentials: true })
.then(function(response2) {
console.log(response2.data);
});
I could be wrong but I think you are getting login screen with that request. I've read through documentation and I have found your way of authentication only working on rtsp:// protocol, and for http I believe you should modify headers, and encode your username/pasword to base64, here's documentation:
ftp://ftp.wintel.fi/drivers/dahua/SDK-HTTP_ohjelmointi/DAHUA_IPC_HTTP_API_V1.00x.pdf
Also you should probably use this since you are using AngularJS/NodeJS, it will make your life easier - or check how this guy did his authentication and "borrow" from him:
https://github.com/nayrnet/node-dahua-api
How to Fix the 401 Unauthorized Error
Check for errors in the URL. It's possible that the 401 Unauthorized error appeared because the URL was typed incorrectly or the link that was clicked on points to the wrong URL - one that is for authorized users only.
If you're sure the URL is valid, visit the website's main page and look for a link that says Login or Secure Access. Enter your credentials here and then try the page again. If you don't have credentials, follow the instructions provided on the website for setting up an account.
If you're sure the page you're trying to reach shouldn't need authorization, the 401 Unauthorized error message may be a mistake. At that point, it's probably best to contact the webmaster or other website contact and inform them of the problem.
The 401 Unauthorized error can also appear immediately after login, which is an indication that the website received your username and password but found something about them to be invalid (e.g. your password is incorrect). Follow whatever process is in place at the website to regain access to their system.
From https://www.lifewire.com/401-unauthorized-error-what-it-is-and-how-to-fix-it-2622934
I want to get the access token from platform life-log.
What should I do to get the access token or code .I'm using Node.js. this is my request,but I didn't know how can I get the code.
request.post({
url: 'https://platform.lifelog.sonymobile.com/oauth/2/token',
form: {
client_id: 'client',
client_secret: ' secret',
grant_type: 'authorization_code',
SCOPE :'lifelog.profile.read+lifelog.activities.read+lifelog.locations.read',
REDIRECT_URL : 'https://localhost:8000/callback'
},
},
function(err, res, body) {
var accessToken = JSON.parse(body).access_token;
I appreciate any help on this.
Have you already signed up for an account here?
https://developer.sony.com/develop/services/lifelog-api/create-app/
If so then the steps on this page should be able to guide you in getting everything you need to make successful API calls:
https://developer.sony.com/develop/services/lifelog-api/authentication/
The above documentation says that to get your code you will make a GET or POST request to this url:
https://platform.lifelog.sonymobile.com/oauth/2/authorize?client_id=YOUR_CLIENT_ID&scope=lifelog.profile.read+lifelog.activities.read+lifelog.locations.read
When you sign up for an account you will be asked for a callback url. Make sure you have an endpoint in nodejs to handle the callback url you supplied. Once you run the above line of code and authenticate you will receive the "code" to your callback url. You can then follow the rest of the steps on the authentication page of the documentation to walk you through making your first API call.