I am writing a Chrome extension which needs to access minus.com by OAuth 2.0. I have key and secret, but not refresh token, so every time I make a XMLHttpRequest, in which the refresh token is undefined, the server responses a 400 error with response text saying "No such refresh token: undefined". So could anyone tell me how to obtain the refresh token?
Thanks!
The refresh_token should be passed back in the response structure during the token fetch using user permissions step, as denoted here: http://miners.github.com/MinusAPIv2/v2/auth_tutorial.html#getting-tokens-using-user-credentials
You'll be making the request for the token with the user credentials and then get back a response structure that looks something like this:
{
"access_token": "dc19a1ea88",
"token_type": "bearer",
"expires_in": 3600,
"refresh_token": "20ad15128b",
"scope": "read_public"
}
If you extract the refresh token and then use it in the refresh step here: http://miners.github.com/MinusAPIv2/v2/auth_tutorial.html#refreshing-an-access-token that should work.
Related
Im learning about JWT, but i dont know how to manage the tokens (ACCESS token and REFRESH token) in the front end for making HTTP requests.
An example, when i log in in my page, i make a login request to the server that gives me an ACCESS token and a REFRESH token (that a save in the cookies and in the user data base).
Now, for make some other HTTP request that needs to be authenticated, how can i transfer the ACCESS token to the Authorization Header of the request? Just put it on a variable? it is safe?
Also consider that my web site have multi-pages, how can i pass the token over the diferents pages?
Another strategy that cames to my mind is to use the refresh token that i have on my Cookies (once that i logged in) to make a new access token, but i dont know how is the standard manage of this.
Sorry if im not being clear...
Thank you!!
I'm assuming you're using axios,
You could create your apiInstance like this
export const apiInstance = axios.create({
baseURL: YOUR_BASE_URL,
responseType: 'json',
headers: {
//Content-Type: 'CONTENT_TYPE',
// you dont need to pre-define all headers
},
})
To save the access token for further use
apiInstance.defaults.headers.common['Authorization'] = `Bearer ${token_here}`
Then every time you want to make a request you just use apiInstance.get/put/patch etc. The access token is saved and reusable. If it expires, you're gonna have to refresh it, in which case you need to have your refresh token saved somewhere, local storage is not recommended but could work as a start.
I want to authorize in the report portal application using chromedriver in webdriverio.
So I'm retrieving the API token via:
GET http://reportportal.io/uat/sso/me/apitoken'
Get response:
{
"access_token": "D1aexc0a-d11d-067f-xx7c-3e2e0fb96332",
"token_type": "bearer",
"scope": "api"
}
My next step is to use this token in my steps to bypass authorization.
I've tried to set this token as a cookie and as CSRF token, but no chance to receive anything successful.
I would appreciate any help or advice on how to use token to authenticate in the application.
Sorry if something written wrong or inadequately I'm new in this.
I am using caspio rest api to authenticate my users in a mobile app. Upon authenticating, I was given an access token to which I included in my AJAX call under the parameter 'Authorization' : Bearer [access token].
I understand that I can renew the token with the refresh token given to me where I can use the POST call.
My question is: prior to using the POST call for a new token, must I store the access token?
Also, the Caspio website advised this format for the POST call:
Method: POST
URL: Token Endpoint
Body: grant_type=refresh_token&refresh_token= [token value]
Header parameters:
Authorization: Basic [string "Client_ID:Client_Secret" encoded in Base64]
Content-Type: application/x-www-form-urlencoded
Should I also include the client ID and client secret in the parameters? Upon using Firefox's rest client, I'm getting a bad request (400) error.
Thank you for the help!
I never using caspio rest api before. The answer base on my OAuth experiences.
My question is: prior to using the POST call for a new token, must I store the access token?
YES! The OAuth 2.0 using the access token to switch the refresh token at first time.
Should I also include the client ID and client secret in the parameters? Upon using Firefox's rest client, I'm getting a bad request (400) error.
According to the api document. You should include the client ID and client secret in your request, like most OAuth 2.0 do.
The bad request (400) error you may see the rfc6749 to find further information.
I want to use the new vimeo api to fetch videos based on a query, but I getting a 401 Authorization Required with this message "error": "A valid user token must be passed."
I'm using this code :
var urlX = 'https://api.vimeo.com/videos?query=elvis&client_id='+VIMEO_API_KEY;
$.getJSON(urlX, function(data){
console.log(data);
});
So obviously I have an authentication problem.
As client_id I'm using my "Client Identifier" from my app created in Vimeo's dashboard.
The error I keep getting mention "user token", do I have to generate one via Vimeo's dashboard or via php ?
I'm a bit lost here.
client_id through the querystring is not a valid method of making API calls against the Vimeo API.
First you must request an access token either through the oauth2 redirect worfklow: https://developer.vimeo.com/api/authentication, or by generating it on your app page.
Second you must provide that access token with your api request either through the Authorization header:
Authorization: bearer <your_token>
or the querystring
https://api.vimeo.com/videos?query=elvis&access_token=<your token>.
The authorization header is more secure, and will continue to work indefinitely. Some changes will be made soon to the querystring form which could cause problems with your application.
I have a client-side web app (no backend) that uses Google Javascript API.
I have an issue regarding the access-token that I got after the login is successful.
From the callback, we can see that the access-token is set to expire in 1 hour.
expires_in: "3600"
Question is, how can I "get a new token"?
From the documentation, I'm under the impression that after the token is invalid, we have to (and I quote) perform a new re-authorization flow with immediate set to true to get an up-to-date access token.
Source:
https://developers.google.com/+/web/api/javascript
However, when I tried to call again the auth method:
gapi.auth.authorize(parameters, callback)
I got the token object, but there's no access-token inside.
{
client_id: "{my_client_id}.apps.googleusercontent.com"
cookie_policy: undefined
expires_at: "1370371466"
expires_in: "86400"
g_user_cookie_policy: undefined
issued_at: "1370285066"
response_type: "token"
scope: "https://www.googleapis.com/auth/plus.login https://gdata.youtube.com"
}
Am I missing something? How do we usually get a refreshed token after one expired?
On client side, access token is temporary. This is by default online access to user resources. In order to get access tokens again, you need to redirect user for permissions again.
In the OAuth protocol, your app requests authorization to access resources which are identified by scopes, and assuming the user is authenticated and approves, your app receives short-lived access tokens which let it access those resources, and (optionally or more precisely on server side) refresh tokens to allow long-term access.
for server side apps and for offline access of user resource you need to have refresh token Refer to: Google Analytics API Automated Login
Also read: https://developers.google.com/accounts/docs/OAuth2WebServer
https://developers.google.com/accounts/docs/OAuth2UserAgent