I want to authorize in the report portal application using chromedriver in webdriverio.
So I'm retrieving the API token via:
GET http://reportportal.io/uat/sso/me/apitoken'
Get response:
{
"access_token": "D1aexc0a-d11d-067f-xx7c-3e2e0fb96332",
"token_type": "bearer",
"scope": "api"
}
My next step is to use this token in my steps to bypass authorization.
I've tried to set this token as a cookie and as CSRF token, but no chance to receive anything successful.
I would appreciate any help or advice on how to use token to authenticate in the application.
Sorry if something written wrong or inadequately I'm new in this.
Related
I was integrating ebay api and want to create payment policy. According to this guide
https://developer.ebay.com/api-docs/static/make-a-call.html
i generated token and send it this postman. But it is throwing a error
{
"errors": [
{
"errorId": 1100,
"domain": "ACCESS",
"category": "REQUEST",
"message": "Access denied",
"longMessage": "Insufficient permissions to fulfill the request."
}
]
}
Please is there help or proper guide to full fil.
Headers:
Ensure that you are using the correct access tokens. In eBay, the User Access Token and the Application Access Tokens are separate entities to be used for differing purposes. From the eBay docs:
Client credentials grant flow mints a new Application access token that you can use to access the resources owned by the application.
Authorization code grant flow mints a new User access token that you can use to access the resources owned by the user.
The one that you should be using in your call is the User Access Token.
The application access token is minted on calling https://api.sandbox.ebay.com/identity/v1/oauth2/token with the header grant_type:client_credentials. The User Access Token is minted on calling the same URL, however, with the headers grant_type:authorization_code or grant_type:refresh_token.
Try to refresh the user token with by calling https://api.sandbox.ebay.com/identity/v1/oauth2/token with grant_type:refresh_token header and use that to authorize your call instead
When i try to make a POST request to Google Proximity Api i have this error:
{
"error": {
"code": 403,
"message": "Unauthorized.",
"status": "PERMISSION_DENIED"
}
}
I use a service account to make the request with the Authorization: Bearer + token
Know if Google Proximity Api support the oauth2 service account? Thank you!!
Basically you need to enable the API for it on your google console project and create credentials using the sha1 of your debug.key. Also if you're using the google oauth playground you have to configure the settings by changing the oauth flow to client side. Next click on use your own oauth credentials and then copy the browser client ID that was created for your oauth from the google console. this should authorize you to do all your work. Source from google developer
i need access token for submitting sitemap.
i use passport like so
passport.authenticate('googleApi', {scope: ['profile', 'https://www.googleapis.com/auth/webmasters']});
and get
{ code: '4/aEzOOw1j-1rNCXCVajylMVRasdo2Kasdreisasdradk.MijA9hPKsg8WYFZr95uasdUzab8UkwI' }
in request.query
but this token is invalid according to
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=MY_TOKEN
thanks in advance.
The code you have got is authorization code.
You have to get access token by exchanging this authorization code.
Read about oauth 2.0 authentication
I have a client-side web app (no backend) that uses Google Javascript API.
I have an issue regarding the access-token that I got after the login is successful.
From the callback, we can see that the access-token is set to expire in 1 hour.
expires_in: "3600"
Question is, how can I "get a new token"?
From the documentation, I'm under the impression that after the token is invalid, we have to (and I quote) perform a new re-authorization flow with immediate set to true to get an up-to-date access token.
Source:
https://developers.google.com/+/web/api/javascript
However, when I tried to call again the auth method:
gapi.auth.authorize(parameters, callback)
I got the token object, but there's no access-token inside.
{
client_id: "{my_client_id}.apps.googleusercontent.com"
cookie_policy: undefined
expires_at: "1370371466"
expires_in: "86400"
g_user_cookie_policy: undefined
issued_at: "1370285066"
response_type: "token"
scope: "https://www.googleapis.com/auth/plus.login https://gdata.youtube.com"
}
Am I missing something? How do we usually get a refreshed token after one expired?
On client side, access token is temporary. This is by default online access to user resources. In order to get access tokens again, you need to redirect user for permissions again.
In the OAuth protocol, your app requests authorization to access resources which are identified by scopes, and assuming the user is authenticated and approves, your app receives short-lived access tokens which let it access those resources, and (optionally or more precisely on server side) refresh tokens to allow long-term access.
for server side apps and for offline access of user resource you need to have refresh token Refer to: Google Analytics API Automated Login
Also read: https://developers.google.com/accounts/docs/OAuth2WebServer
https://developers.google.com/accounts/docs/OAuth2UserAgent
I am writing a Chrome extension which needs to access minus.com by OAuth 2.0. I have key and secret, but not refresh token, so every time I make a XMLHttpRequest, in which the refresh token is undefined, the server responses a 400 error with response text saying "No such refresh token: undefined". So could anyone tell me how to obtain the refresh token?
Thanks!
The refresh_token should be passed back in the response structure during the token fetch using user permissions step, as denoted here: http://miners.github.com/MinusAPIv2/v2/auth_tutorial.html#getting-tokens-using-user-credentials
You'll be making the request for the token with the user credentials and then get back a response structure that looks something like this:
{
"access_token": "dc19a1ea88",
"token_type": "bearer",
"expires_in": 3600,
"refresh_token": "20ad15128b",
"scope": "read_public"
}
If you extract the refresh token and then use it in the refresh step here: http://miners.github.com/MinusAPIv2/v2/auth_tutorial.html#refreshing-an-access-token that should work.