i need access token for submitting sitemap.
i use passport like so
passport.authenticate('googleApi', {scope: ['profile', 'https://www.googleapis.com/auth/webmasters']});
and get
{ code: '4/aEzOOw1j-1rNCXCVajylMVRasdo2Kasdreisasdradk.MijA9hPKsg8WYFZr95uasdUzab8UkwI' }
in request.query
but this token is invalid according to
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=MY_TOKEN
thanks in advance.
The code you have got is authorization code.
You have to get access token by exchanging this authorization code.
Read about oauth 2.0 authentication
Related
I want to authorize in the report portal application using chromedriver in webdriverio.
So I'm retrieving the API token via:
GET http://reportportal.io/uat/sso/me/apitoken'
Get response:
{
"access_token": "D1aexc0a-d11d-067f-xx7c-3e2e0fb96332",
"token_type": "bearer",
"scope": "api"
}
My next step is to use this token in my steps to bypass authorization.
I've tried to set this token as a cookie and as CSRF token, but no chance to receive anything successful.
I would appreciate any help or advice on how to use token to authenticate in the application.
Sorry if something written wrong or inadequately I'm new in this.
I'm trying to get a new accessToken and idToken by hitting the endpoint oauth2/token.
I got the refresh token from cognitoUser.authenticateUser() method in amazon-cognito-identity-js
Here's my sample request in postman:
URL (seems fine)
BODY (seems fine)
HEADERS (not sure)
Authorization: Basic Base64(client_id) - i used btoa() function in JS
Note: The pool does not have a client secret
Problem: When I test this out, this is the response
I believe I supplied the right data as documented here:
https://docs.aws.amazon.com/cognito/latest/developerguide/token-endpoint.html
grant_type: refresh_tokenclient_id: required if does not have a secretrefresh_token: refresh token here
Is there something that I'm missing or something I did wrong? I am not very familiar with the flow. Any help is greatly appreciated!
Authorization Basic should be Base64(client_id:client_secret)
When switching from adal to the msal 2.0 browser library, I'm missing the UPN of the user in the idToken response, which leads to a principal that doesn't have a name in principal.Identity.Name after passing the idToken to the backend. This was available in the adal version.
var principal = tokenHandler.ValidateToken(validationToken, validationParameters, out SecurityToken validatedToken);
I get preferred_name as a claim, but it doesn't seem to be usable to call the Graph API to retrieve an email address, as it's not a UPN.
How do I need to change token validation and UPN retrieval for msal in general? Pass the accessToken and validate that separately to get more claims?
Docs for idToken
Docs for accessToken
Code sample
Turns out msal supports 2 ways to get additional claims
Via AD manifest settings
When requesting a token as below
by adding additional scopes
const loginRequest = {
scopes: ['User.Read', 'email']
};
and when validating a token different claims can be used to get the principal's identity by setting TokenValidationParameters.NameClaimType
I am using caspio rest api to authenticate my users in a mobile app. Upon authenticating, I was given an access token to which I included in my AJAX call under the parameter 'Authorization' : Bearer [access token].
I understand that I can renew the token with the refresh token given to me where I can use the POST call.
My question is: prior to using the POST call for a new token, must I store the access token?
Also, the Caspio website advised this format for the POST call:
Method: POST
URL: Token Endpoint
Body: grant_type=refresh_token&refresh_token= [token value]
Header parameters:
Authorization: Basic [string "Client_ID:Client_Secret" encoded in Base64]
Content-Type: application/x-www-form-urlencoded
Should I also include the client ID and client secret in the parameters? Upon using Firefox's rest client, I'm getting a bad request (400) error.
Thank you for the help!
I never using caspio rest api before. The answer base on my OAuth experiences.
My question is: prior to using the POST call for a new token, must I store the access token?
YES! The OAuth 2.0 using the access token to switch the refresh token at first time.
Should I also include the client ID and client secret in the parameters? Upon using Firefox's rest client, I'm getting a bad request (400) error.
According to the api document. You should include the client ID and client secret in your request, like most OAuth 2.0 do.
The bad request (400) error you may see the rfc6749 to find further information.
I want to use the new vimeo api to fetch videos based on a query, but I getting a 401 Authorization Required with this message "error": "A valid user token must be passed."
I'm using this code :
var urlX = 'https://api.vimeo.com/videos?query=elvis&client_id='+VIMEO_API_KEY;
$.getJSON(urlX, function(data){
console.log(data);
});
So obviously I have an authentication problem.
As client_id I'm using my "Client Identifier" from my app created in Vimeo's dashboard.
The error I keep getting mention "user token", do I have to generate one via Vimeo's dashboard or via php ?
I'm a bit lost here.
client_id through the querystring is not a valid method of making API calls against the Vimeo API.
First you must request an access token either through the oauth2 redirect worfklow: https://developer.vimeo.com/api/authentication, or by generating it on your app page.
Second you must provide that access token with your api request either through the Authorization header:
Authorization: bearer <your_token>
or the querystring
https://api.vimeo.com/videos?query=elvis&access_token=<your token>.
The authorization header is more secure, and will continue to work indefinitely. Some changes will be made soon to the querystring form which could cause problems with your application.