I'm very new to auth0 and authenticating and facing a problem for two days with authenticating a user to our api. How i understand to get an access token is:
A user click on a sign in button on our app.
The user will be redirected to the auth0 hosted login screen.
When the user has correctly signed in on any social platform or registered account then the user will be redirected to my call back URL.
When the user is on the callback url then the user will receive an access token.
Please correct me if im wrong. Now i left out with a few questions.
Im using laravel with auth0 and used the example files of the page: Auth0 Laravel quicktart. So the login is working but when i vardump the user, i get all the user's info but my accessToken is null.
But when i save the accessToken in a session on the callback url, the accessToken look like this: tha63vkb0nnbr6vc. Isnt the length way too short for an access token? I don't understand why i get null when i dump the user but on a callback url it show a short length of string.
Maybe i got it totally wrong and this isnt the access token to use it for my api. On the other note, when i try to receive a token with postman i get an error: "error_description": "Invalid authorization code". my postman look like this: Screenshot of my postman. The code value ive sent is Crk_ri8mKcKX7IcX (the red bordered string in the image).
The value is the code parameter i took from the redirect url. And my redirect url look like this: example.com/public/callback?code=Crk_ri8mKcKX7IcX&state=5-ym0uFBxpiiBqcK_ivb2QIYxsIzAEMX#. Is this the right way to do it? i did exactly how it was indicated in the Auth0 Authorization Code API] at the auth0 athorization token api but it still doesnt work.
Maybe i get this error because the user already authorized so i cant do it twice but if so, why is my access token so short and it doenst work?
I'm very new to this so please excuse me if i got it all wrong. Also my post is maybe to long to put my codes in here but my codes is exactly the same as the aformentoined Auth0 Laravel quicktart example
I would really appreciate it if someone can help me ive been struggling for 2 days now.
Thanks alot for taking your time and reading my post!!
Related
I wanted to create a simple Instagram access token generator that can be used by any user. Something like this:
http://instagram.pixelunion.net/
Now I am able to create a simple access token generator like that using some cURL in php and this
https://www.instagram.com/developer/authentication/
Though the issue is, this access token generator works for the user whose app credentials are used in php and who are included as sandbox user to this client, for all other users it is showing this.
{"code": 403, "error_type": "OAuthForbiddenException", "error_message": "You are not a sandbox user of this client"}
Can anyone say what should I do for a generic access token generator
Screenshot of my app:
Looks like you are not a sandbox user, thats the reason it is failing, use the account used to create developer account to login and that should work.
The example website you have posted is reviewed and live, so any user can login. You are in sandbox mode.
ok, I am able to achieve what I desired.
The reason for it was the app needed to be submitted for review. Though at first it got rejected, as it requires a video url showing what this app really want to achieve and how it is doing that. So, I created a video corresponding to all work and submitted again, it got approved and finally the code work as expected.
Here is an output of that:
http://webkul.com/instatoken/
If anyone feels to ask anything about it, they can ask it here.
I have used following use case for permission review:
I'm using OAuth2. Since it's a two step verification, shouldn't it give me an error when I try to make the following request? I haven't specified the client secret, but it still is sending back an access token that works to use.
http://localhost/oauth/authorize/?response_type=token&client_id=myclientid&redirect_uri=http%3A%2F%2Flocalhost%2Fmyredirecturi.php
I understand that I first need to ask for a request token, and then trade that in for an access token, but every time I make this request I get back an access token that works..? Although, I get an error message if I specify the wrong client id.
Looks like I forgot to disable the allowed implicit grant type. :) Works now.
I am using an OAuth plugin for cakephp (thomseddon/cakephp-oauth-server) which am having some issues with at them moment.
I want to be able to allow access to my cakephp Rest with two calls
provision - This just adds in a Client id into my table
auth - using grant_type password I send over grant_type, username, password and client_id and return a access token.
Both these actions seem to be in working order and I am getting an access token back the problem is after I gain access I am still being kicked out by cakephp and redirected to the login page when I try an access one of the rest actions.
For example once I have an access key I send up a request to http://customer-server-2.dev/api/documents.json?access_token=xxxxxxxxxxxxxxxx
At this point I should have access because the access token is correct and works fine - but I don't I get redirected to the login in page.
If anyone can help me with this I would be eternally grateful.
There might be two problems
Your access token may be expired.Get a new access token and check
Check your scope when you are getting access token
I'm making a script that gets my latest played song from Spotify. I seem to need authentication. I've registerd my app and am making a curl to Spotify
https://accounts.spotify.com/authorize?client_id=MYCLIENTID&response_type=code&scope=playlist-read-private&show_dialog=true&redirect_uri=http%3A%2F%2Fwww.stevenliemberg.nl%2Fspotify%2F%3Faction%3DrequestAcces
I do get a login screen, but when I try to login with Facebook I get a generic text saying 'the developer has done something wrong' that ends up in a recursive loop. Once you click ok, the error comes back.
When I try to login via the form with my userID (I can't use email addresses to log on, as I get an error on typing #) it says something's "gone wrong".
The return uri is registered to my app. Does anyone have an idea what's going on? Is it my account or my code?
I'm not sure why you are curling the authorize endpoint, it's meant for your application to direct your users there.
I assume that your web server on http://www.stevenliemberg.nl has an endpoint at /spotify/, handling the query parameter action=requestAcces. (typo?) I also assume that this exact redirect URI is registered for your client ID in https://developer.spotify.com/my-applications/. It's of course important that you don't direct them back at the authorization URL after this, as that would create a redirection loop.
It's correct that if you don't use Facebook to log in, you only provide a username. If you originally registered through Facebook, I believe you can find your username by going to https://www.spotify.com/us/account/overview/.
I am implementing the hybrid sign in flow got login with Google+. What I want to achieve is this:
One a user has authorized the app, the next time he comes back on the website, I want to log him in automatically.
In hybrid flow, google automatically logs the user in and displays a welcome back message (javascript sdk) along with returning access token. But this process requries one ajax call to be sent to gogole api.
I want to make this call through the backend itself using Google's PHP client library. Since the app has been authorized already, it should simply return the access token as it does when using javascript sdk. But I am not able to figure out how to achieve this using client library. Can anyone please help me out?
In your call parameters set access_type: 'offline', then need to get a new token using the refresh_token that is provided ONCE at the FIRST time of authorisation. You will have to store that refresh_token somewhere in your database and pair it up with the user's already expired access token ID or somehow and make another call for a valid access token.
For the time being you can set approval_prompt: 'force' but that's merely a development trick not a real solution.
More is explained here refresh token with google api client php