I am using the gmail API and I'm trying to do a POST request for the watch user endpoint ( https://developers.google.com/gmail/api/reference/rest/v1/users/watch ).
I'm doing it on postman by usnig this URL which I need and inside of headers I add the auth and it's code.
POST REQUEST TO
https://www.googleapis.com/gmail/v1/users/me/watch
Headers:
Authorization: Bearer secretcode
By sending this request, I'm getting an error of 401 which says "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential.
Related
I am requesting below endpoint url to get access token by passing client id, secret ,scope and grant type(x-www-form-urlencoded) and I can able to get the access token with Postman.
But When I'm requesting the same post request from APIM url, setting the below end point as backend url im getting 404 error.
Could you please suggest is there anything, we need to include in policies in APIM or any changes in the request ?
EndPoint url :
https://login.microsoftonline.com/***tenantID****/oauth2/v2.0/token
Error in APIM test result:
Apim POST request:
From last couple of weeks we have few clients complaining that our app is auto revoking Office365 oauth every 1 hour. This is the typical behiviour as access token have validity of 1 hour, so our app is designed to auto refresh the access token using refresh token captured during oauth.
This seems to be not working for atleast few customers from last few weeks. Below exception is thrown back by Office365 token api - https://login.windows.net/common/oauth2/token
{"error":"invalid_grant","error_description":"AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: 7f80c2c3-41bc-41bd-8304-b56969c83a00\r\nCorrelation ID: 5a08714a-1e7d-4f32-814d-146bc721e8ab\r\nTimestamp: 2020-10-12 05:42:11Z","error_codes":[9002313],"timestamp":"2020-10-12 05:42:11Z","trace_id":"7f80c2c3-41bc-41bd-8304-b56969c83a00","correlation_id":"5a08714a-1e7d-4f32-814d-146bc721e8ab","error_uri":"https://login.windows.net/error?code=9002313"}
Here, the error code '9002313' states there is some issue related to auth parameters especially 'client_id' of our azure app. (reference)
Below data is sent to fetch new access token
client_id (related to azure app)
client_secret (related to azure app)
grant_type = 'refresh_token'
refresh_token
Edit 1: Update token endpoint to v2.0
Request URI
POST https://login.microsoftonline.com/common/oauth2/v2.0/token
Request Body
client_id=<client-id> &scope=https://outlook.office365.com/Calendars.ReadWrite https://outlook.office365.com/Contacts.ReadWrite https://outlook.office365.com/Mail.ReadWrite &refresh_token=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq... &grant_type=refresh_token &client_secret=<client-secret>
Reponse Body
{"error":"invalid_grant","error_description":"AADSTS9002313: Invalid request. Request is malformed or invalid.\r\nTrace ID: 4447c69e-09d6-4a00-8dfe-735106d71200\r\nCorrelation ID: 1820e135-a511-4516-99d9-b6cebb342eb2\r\nTimestamp: 2020-10-13 03:39:37Z","error_codes":[9002313],"timestamp":"2020-10-13 03:39:37Z","trace_id":"4447c69e-09d6-4a00-8dfe-735106d71200","correlation_id":"1820e135-a511-4516-99d9-b6cebb342eb2","error_uri":"https://login.microsoftonline.com/error?code=9002313"}
Your authority is old and you missed the scope in the request body(if use the v2.0 endpoint), if you want to get a new access token for O365 with the refresh token, use the sample request below.
Request url:
POST https://login.microsoftonline.com/common/oauth2/v2.0/token
Request body:
client_id=<client-id>
&scope=https://outlook.office365.com/.default
&refresh_token=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq...
&grant_type=refresh_token
&client_secret=<client-secret>
For more details, refer to the doc - Refresh the access token.
Update:
I test it for you, it works on my side. Make sure you also get the refresh token with the v2.0 endpoint, see here.
The permissions for my app:
Test to get a new access token in the postman after getting the refresh token.
I am trying to get the refereh_token, access_token using Google Auth Exchange Code, went through the documentation but it doesn't work, I am using a react-google-login for Auth and getting the code in response and i am passing the code
https://accounts.google.com/o/oauth2/token but its giving error
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
i have tried lots of ways
code=4%2FKxoYTS-jeq5-d6Lv7YvSz9ZrK0pJ_5lZsMExzNC1M0o&redirect_uri=https%3A%2F%2Fdevelopers.google.com%2Foauthplayground&client_id=407408718192.apps.googleusercontent.com&client_secret=************&scope=&grant_type=authorization_code
frontend is reactjs and backend is nodejs..
To get the ACCESS token using referesh token you have to call a api which will give you a new access token
call a POST APi https://www.googleapis.com/oauth2/v4/token
pass the body as x-www-form-urlencoded i.e
Header as
Content-Type : application/x-www-form-urlencoded
Body
client_secret : 'xxxxxxxxxxxxdxxxxxSSd'<YourClientSecret>
grant_type : refresh_token'
refresh_token : '1/DDPkddk514451xxxxxxxx' <YourRefreshToken>
client_id : 'xxxxxxxxxxxxxxx' <YourClientID>
for more reference you can read this https://developers.google.com/identity/protocols/OAuth2WebServer
How can I set header method POST via postman for a csrf token? I am using postman Version 4.10.7. I am getting the error
ForbiddenError: invalid csrf token
on postman but in the normal test via view on browser it is working.
I'm having issues with using tokens to access my Azure Web API. I followed this documentation from Microsoft.
I can successfully request an access token by doing a POST request to the authorization token endpoint:
https://login.microsoftonline.com/{Tenant ID}/oauth2/token
My POST body:
client_id:( Web API client ID )
client_secret:( Web API client Secret )
grant_type:password
username:userName
password:*******
resource:sharepoint.com
I'm using POSTMAN to test my calls and when I try to access my API using that returned token from above, I get a 401 unauthorized.
Was a configuration issue inside my WebConfig file.