We Keep Coding

Missing grant_type parameter in postman

I am using Brightspace API.
I am using the post method and the URL is https://auth.brightspace.com/core/connect/token
Reference link here
I have all the below details
Auth URL,
Access Token URL,
Client Id,
Client Secret,
Scope,
Grant Type, I have selected the Authorization code option.
In header, Content-Type is also application/json
Now, When I clicked on send button then I am getting an error
{
"error": "invalid_request",
"error_description": "Missing \"grant_type\" parameter"
}
Any idea I am getting this error?

You can't directly call POST method for response type "Code"
due to after POST call, Keycloak (IdP Server) redirect to registered URL (redirect_uri) for Login activity.
Luckily, In the Postman can do it by "Get New Token" in OAuto 2.0 mode.
I have no D2L Brightspace account's client ID /secret so I can't demo how to that but I captured image from It's video tutorial.
You can do it with your client ID /secret.
Steps
Set environment variable set in Postman (click right the top area's icon)
clientid, clientsecret with your values and oauth2scope(content:.)
Start "Get New Token"
select "Authorization" tab, select "OAuth 2.0" type, "Request Headers" and click the "Get New Access Token" in Request ( in Collection also possible)
Set the fields for each parameter
Enter 3 URLS from 1~3
Enter 3 environment variable with {{ variable name here }} from 4~6
Click the "Request Token" it will get access token.
more detail information in here, video and Postman collection

Spotify Web API Authorization not giving correct response

I'm trying to implement Authorization from the Spotify Web API.
I'm using Postman to review the requests. At the first step of the Authorization process, I don't get the desired response.
I'm using GET https://accounts.spotify.com/authorize endpoint with 3 parameters:
client_id, response_type and redirect_uri , but so far I get the following response:
{
"phoneFeatureEnabled": false,
"user": false,
"BON": [
"0",
"0",
220165699
]
}
MY callback redirect uri should have code appended to it and is contain the params - status and code, but all I'm getting is this:

Make sure you are passing the redirect_uri to the request as that is required. It looks like in your screenshot it is blank but you may have commented it out for security reasons. If you are passing it through and it is the same url setup in the Spotify developer portal, try the same url in your browser and it should redirect you to a Spotify Authorization page.
Under Authorization Code Flow it lists all required parameters here: https://developer.spotify.com/documentation/general/guides/authorization-guide/

Laravel API call failed. PostMan overrides Authorization header with Basic Auth

Hi am trying to call an API from Postman.
The framework used is : Laravel
The website has browser authentication (using .htacess)
And The API has user authentication (Laravel Passport) (user must be logged in)
Now,
I need to call an API and include both the headers, i.e.
I added Basic Auth with username/pwd as browser credentials
Basic Auth : username/pwd
And in Headers I added
Authorization : Bearer oauthtoken
(where oauthtoken is the key retreived from an API call https://servername/auth and Basic Auth : username/pwd)
Now when I send the API call,
The Authorization Header changes to :
Authorization : Basic some_key
And thus I get Unauthorized in response.
Is there some way I can send browser creds and user auth header together?

Your OAuth token retrieved after authentication is not the same as the token attached by Postman for Basic Authentication.
If you wish to use your OAuth token in request I recommend looking at Postman variables and store that token in there.
Here is an article that helped me build my Postman collection using JWT
But some of the script in there is out of date.
I would start by creating an environment (local) in which you add a key to store the token (oauth_token) with value empty.
In the auth endpoint while in Postman you can check the Tests tab in which you can place a script to update the oauth token:
pm.test("Logged in successfully", function () {
var jsonData = pm.response.json();
pm.environment.set('oauth_token', jsonData.token);
});
After this you can add Authorization Bearer with value {{oauth_token}} to an endpoint that is using OAuth token.
If you wish to learn more about Postman variables this is a great post variables
To recap:
Send username and password to the auth endpoint
Store oauth token in Postman variable returned from step 1
Use your new token as Postman variable using {{VARIABLE_NAME}} notation

I would advise to use Guzzle Library
$http = new \GuzzleHttp\Client;
$response = $http->request('POST', 'http://quotible.web3box.com/oauth/token', [
'headers' => [
//you headers here
],
'form_params'=>[
//your browser based parameters here
]
]);

CakePHP REST + AngularJS - How to send Access Denied response in JSON?

I am new to CakePHP and am using version 2.7.5.
I followed the tutorial to create a basic REST service.
I now secured them using the basic auth tutorial.
Now, I have an AngularJS app over this REST service but need a way to prompt users to login or say their account does not have access to that resource.
Right now, when the REST call is made, and they do not have access, the response is a redirect HTML page to "/" or to logon. But I want the response in JSON with a message that says "access denied" or "session is up please logon.." etc.
I know it's the flash variable in cakephp but i am using AngularJS.
So my question is, where do I code in cakephp to send json response instead of HTML page redirect if a user does not have access to a certain rest url after logging in?

You can just return a response header back to the request with the correct status code(401).
if(!$authorized){
return header('HTTP/1.0 401 Unauthorized');
}
You can catch the error code in your request method, for example an ajax request
.error(status){
switch(status.code)
{
case 401:
//Unauthorized
break;
}
}

Yahoo OAuth 2.0 - could not retrieve Access Token

I'm trying to implement Yahoo OAuth 2.0 to import contacts to my application. I'm using PHP, and this guide (Server-side Apps part) :
https://developer.yahoo.com/oauth2/guide
I have created my app, authorize access and receive my code
"authorization code is appended to the redirect_uri, shown below as
code=abcdef"
I've successfully arrive at step 4.
https://developer.yahoo.com/oauth2/guide/#step-4-exchange-authorization-code-for-access-token
Here, I cannot get a response for https://api.login.yahoo.com/oauth2/get_token and receive my Access Token.
I'm using https://github.com/saurabhsahni/php-yahoo-oauth2/blob/master/YahooOAuth2.class.php class.
Here is my code :
include_once("/libraries/Yahoo/YahooOAuth2.class.php");
// step 1, step2, step3
// Successfully received authorization code and stored in my session
[...]
//my Client ID (Consumer Key)
$cc_key = 'x3485sdfsfsdfsdfsdf[..]';
//Client Secret (Consumer Secret)
$cc_secret = '3423423fddssdfsdf';
//my authorization code receive
$code = $_GET['code'];
define("CONSUMER_KEY",'$cc_key');
define("CONSUMER_SECRET",$cc_secret);
$redirect_uri="http://dev.example.com/user/register-step4";
$token=$oauth2client->get_access_token(CONSUMER_KEY,CONSUMER_SECRET,$redirect_uri,$code);
I'm getting 401 error:
"Received error: 401 Raw response:{"error":"invalid_grant"}"
From yahoo api errors:
401 invalid_grant : An invalid or expired token was provided.
This is not true, because my authorize code should be good, because I just received exactly like in the specifications.
Related problems:
https://developer.yahoo.com/forum/Messenger-IM-SDK/not-getting-response-for-https-api-login-yahoo-com-oauth-v2-get-request-token/1310023528000-09714556-4cd3-38c5-b799-d29e8d5f9bcb/