My auth URL:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={{app_client_id}}&scope=User.Read Sites.Read.All files.read files.read.all files.readwrite files.readwrite.all offline_access&response_type=code&redirect_uri=https://yourdomain/sharepoint-response
Using that URL, I get this response code
POST : https://login.microsoftonline.com/common/oauth2/token
body : "client_id="{{app_client_id}}"&redirect_uri="https://yourdomain/sharepoint-response"&client_secret="{{app_client_secret}}"&code="{{code from above url}}"&grant_type=authorization_code";
getting token
Then I follow all steps from https://learn.microsoft.com/en-us/sharepoint/dev/apis/webhooks/lists/create-subscription
Now I get:
"error_description" => "Invalid issuer or signature."
If you are using Azure AD try replacing grant_type=authorization_code with grant_type=client_credentials in the URL when you call the SharePoint API.
I needed the client_credentials grant_type because I'm using an Azure AD Application with Sites.Manage.All API permission which always needs client_credentials because it's an application type permission and not a delegated type.
If you want to use user login you will need to set delegated permissions.
Related
I have an issue with Socialite authentication via Google. I have two separate apps: Laravel and React Native. For react native app I use #react-native-community/google-signin and after getting a token on the client I'm sending it to the Laravel app, where I pass this token into Socialite function: Socialite::driver('google')->userFromToken($token); . I get this error:
Client error: GET https://www.googleapis.com/oauth2/v3/userinfo?prettyPrint=false resulted in a 401 Unauthorized response:
{
"error": "invalid_request",
"error_description": "Invalid Credentials"
}
I've rechecked credentials 4 times and I'm sure they are right. I use the same client id as in react native app. What am I doing wrong?
Note: I am using ID token to authorise instead of auth token.
From my research on a similar issue - It looks like Google one tap doesn't work in the same way as oAuth does.
So, you'd have to fetch a user from the $token manually, using the google/apiclient package.
There's an example in Google docs (it's in the android-section, but these particular snippets refer to back-end part, so it should still do the trick)
composer require google/apiclient
// Get $id_token via HTTPS POST.
$client = new Google_Client(['client_id' => $CLIENT_ID]); // Specify the CLIENT_ID of the app that accesses the backend
$payload = $client->verifyIdToken($id_token);
if ($payload) {
$userid = $payload['sub'];
// If request specified a G Suite domain:
//$domain = $payload['hd'];
} else {
// Invalid ID token
}
You can find more info on this Google Docs Page
Firstly, this is my Instagram URL after the login:
https://www.instagram.com/oauth/authorize?client_id=$MYCLİENTİD&redirect_uri=https://localhost:4000/İnstagram/Insta.php/&response_type=code&scope=user_profile,user_media
And this is the error that page shows me:
{"error_type": "OAuthException", "code": 400, "error_message": "Invalid redirect_uri"}
When I try to get user token from Instagram, I get that error.
I've tried to change the redirect_uri=(Valid OAuth Redirect URIs), but the error is the same as before.
I could not find this documented anywhere, but through trial and error, I found that the redirect_uri had to:
Use https
Be publicly accessible (e.g. localhost and specifying a port number won't work)
Not include parameters (I found they were getting stripped out, which would cause a redirect_uri mismatch when I later requested an access token)
I had the same problem and I solved it as following:
I first went here:
(remember to change your instagram app id in the below URL)
https://developers.facebook.com/apps/your_instagram_app_id/instagram-basic-display/basic-display/
Then I set my Client OAuth Settings, Deauthorize and Data Deletion Requests as "https://localhost:3000/".
That worked for me.
Actually, for me, it was because my URI was not exactly the same as requested by the app. I forgot to add "/" at the end.
Go to https://developers.facebook.com/apps/APP_ID/instagram-basic-display/basic-display/ -> Client OAuth Settings and put there not just https://localhost:5000, but exact authentication endpoint used in your application (https://localhost:5000/auth or else)
Actually, it does work with localhost, but it is very tedious.
First, you need to have https enabled (which from what I can see from your request you seem to have).
[I don't know if this is mandatory] you need to create a test app* from your main app (https://developers.facebook.com/docs/development/build-and-test/test-apps/)
Set the redirect OAuth URI to something like https://localhost:4000/auth/ and update also all other URIs in .../instagram-basic-display/basic-display/ settings.
Finally, don't forget to use the client-id(or app-id) of the test app in your request, which is different than your parent app
I wish you good luck ;)
*IMPORTANT: app-id and app-secret are different in test app!
As per documentation
Construct the Authorization Window URL below, replacing {app-id} with
your Instagram app’s ID (from the App Dashboard > Products > Instagram
Basic Display > Instagram App ID field) and {redirect-uri} with your website URL that you provided in Step 2 ("Valid OAuth Redirect URIs").
The URL must be exactly the same.
Syntax & Example as below
https://api.instagram.com/oauth/authorize?client_id=<instagram_app_id>&redirect_uri=<my-website>&scope=user_profile,user_media&response_type=code
https://api.instagram.com/oauth/authorize?client_id=00000123&redirect_uri=https://aashutosh-kumar.herokuapp.com/&scope=user_profile,user_media&response_type=code
Hi am trying to call an API from Postman.
The framework used is : Laravel
The website has browser authentication (using .htacess)
And The API has user authentication (Laravel Passport) (user must be logged in)
Now,
I need to call an API and include both the headers, i.e.
I added Basic Auth with username/pwd as browser credentials
Basic Auth : username/pwd
And in Headers I added
Authorization : Bearer oauthtoken
(where oauthtoken is the key retreived from an API call https://servername/auth and Basic Auth : username/pwd)
Now when I send the API call,
The Authorization Header changes to :
Authorization : Basic some_key
And thus I get Unauthorized in response.
Is there some way I can send browser creds and user auth header together?
Your OAuth token retrieved after authentication is not the same as the token attached by Postman for Basic Authentication.
If you wish to use your OAuth token in request I recommend looking at Postman variables and store that token in there.
Here is an article that helped me build my Postman collection using JWT
But some of the script in there is out of date.
I would start by creating an environment (local) in which you add a key to store the token (oauth_token) with value empty.
In the auth endpoint while in Postman you can check the Tests tab in which you can place a script to update the oauth token:
pm.test("Logged in successfully", function () {
var jsonData = pm.response.json();
pm.environment.set('oauth_token', jsonData.token);
});
After this you can add Authorization Bearer with value {{oauth_token}} to an endpoint that is using OAuth token.
If you wish to learn more about Postman variables this is a great post variables
To recap:
Send username and password to the auth endpoint
Store oauth token in Postman variable returned from step 1
Use your new token as Postman variable using {{VARIABLE_NAME}} notation
I would advise to use Guzzle Library
$http = new \GuzzleHttp\Client;
$response = $http->request('POST', 'http://quotible.web3box.com/oauth/token', [
'headers' => [
//you headers here
],
'form_params'=>[
//your browser based parameters here
]
]);
I am trying to retrieve the contents of my calendar using the Outlook REST API, but I am getting weird error responses.
The code is based on the example code supplied by Microsoft in https://github.com/microsoftgraph/php-connect-rest-sample
I have created an application and specified it want access to calendar.read and changed the scope in the testcode, Constants::SCOPE, to include this scope.
After succesfully retrieving a token I can verify that the application requests and sets the correct privileges. After that I try to retrieve the events in my calendar as described at the documentation: https://msdn.microsoft.com/en-us/office/office365/api/calendar-rest-operations#get-series-master-and-single-events-rest
I use the Advanced REST client add-on for Chrome to create a GET request with the following specs:
Url: https://outlook.office.com/api/v2.0/me/events
Headers:
Authorization: Bearer [token]
Prefer: outlook.timezone=Europe/Berlin
The response I get is a 401 status code with the following content for the X-Ms-Diagnostics header:
2000010;reason="ErrorCode: 'PP_E_RPS_CERT_NOT_FOUND'. Message: 'Certificate cannot be found. Certificate required for the operation cannot be found.%0d%0a Internal error: spRPSTicket->ProcessToken failed. Failed to call CRPSDataCryptImpl::UnpackData:Certificate cannot be found. Certificate required for the operation cannot be found.%0d%0a Internal error: Failed to decrypt data. :Failed to get session key. RecipientId=293577. spCache->GetCacheItem returns error.:Cert Name: (null). SKI: d6c3dacffd2b3fba2fb3d6c2b0fcd78680a3acd1...'";error_category="invalid_msa_ticket"
The Www-Authenticate header specifies 'error="invalid_token"' while the token was just received.
Any idea what I am doing wrong?
I think another thing you might be able to check out is the scope when you request the v2 endpoint. for V2 endpoint, the scope is different between Graph API and outlook api. you need to specify scope as "https://outlook.office.com/calendars.read" instead of Graph scope.
I hope it will help.
Basically, the message means that the token you're trying to use is not valid for the operation.
I went through this. This is how I've solved:
I use the suggested scopes here (I was creating an event): https://msdn.microsoft.com/office/office365/APi/calendar-rest-operations#create-events
To get the authorization code I used this URL schema:
https://login.live.com/oauth20_authorize.srf?client_id=[YourClientID]&scope=[ScopeYouNeed]&response_type=code&redirect_uri=[YourRedirectURI]
Then I get the refresh & the access token. And now it's working!
You need to just change the URL from https://outlook.office.com/api/v2.0/me/events to https://graph.microsoft.com/v1.0/me/events
I'm trying to create test users for my Facebook application. They announced this functionality in this blog post in November (http://developers.facebook.com/blog/post/429) and it is documented here (http://developers.facebook.com/docs/test_users/). I could not find the answer to this elsewhere...
According to the documentation, "You can create a test user associated with a particular application using the Graph API with the application access token." This links to the section "Autenticating as an Application" and describes this CURL script:
curl -F grant_type=client_credentials \
-F client_id=your_app_id \
-F client_secret=your_app_secret \
https://graph.facebook.com/oauth/access_token
So far, so good. I ran this and get the following:
access_token=1182...18|nTI...r5Q
So now I want to POST this token to the graph api test user URL:
POST /1182...18/accounts/test-users?installed=true&permissions=read_stream&access_token=1182...18|nTI...r5Q
When I do this (both using the Facebook PHP SDK and just typing it into the browser) I get:
{
"error": {
"type": "OAuthException",
"message": "Invalid OAuth access token."
}
}
So the questions are:
Why am I getting this error message?
Am I using the wrong access token (despite Facebook explicitly telling me to use this one?)
Do I need to parse the access token somehow?
Thank you for your help.
Here is some working code that will allow you to create a test user with the PHP SDK.
Ensure your access token is properly urlencoded when passing back to facebook.
I was getting this error until I removed some parameters from example code I saw floating around. Here is an example in python using requests that I finally managed to get working:
# Get the access token
resp = requests.get(
'https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id={app_id}&client_secret={app_secret}'.format(
app_id=APP_ID, # Your app id (found in admin console)
app_secret=APP_SECRET # Your app secret (found in admin console)
)
)
# Parse the token
token = resp.content.split('=')[-1]
# Create the user
data = {'access_token': str(token)}
resp = requests.post(
'https://graph.facebook.com/{app_id}/accounts/test-users?installed=true'.format(
app_id=APP_ID
),
data=data
)
print resp.content