I am trying to get new access tokens before they expire using reconnect api endpoint, but the api call to https://appcenter.intuit.com/api/v1/Connection/Reconnect is being redirected to https://quickbooks.intuit.com/learn-support/en-us/do-more-with-quickbooks/third-party-app-security-requirements-updating-soon/01/428295, rather the expected response. Am i missing something here? Appreciate the help.
According to Intuit's documentation, you're using the wrong URL:
https://developer.intuit.com/app/developer/qbo/docs/develop/authentication-and-authorization/oauth-2.0#refresh-the-token
Did you try using the correct URL?
From the docs:
To refresh an access token, your application sends an HTTPS POST request to
Intuit’s authorization server
(https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer)
that includes the following parameters:
Related
I am attempting to use postman with imgur api I used the 'open with postman' button at the top of the documentation page and tried to obtain a token with the default populated settings for callback authorization and token url's and I get a popup window with:
{"data":{"error":"redirect_uri_mismatch","request":"/oauth2/authorize","method":"GET"},"success":false,"status":400}
I am hoping this is a simple thing as i am pretty new to api's.
`Further info:
callback url: https://www.getpostman.com/oauth2/callback,
auth url: https://api.imgur.com/oauth2/authorize,
Access Token url: https://api.imgur.com/oauth2/token,
no Scope,
no State ,
Client authentication: send as basic header
`
I've got the same problem but I fixed it.
See if your callback URL in Postman is the same as your Redirect in Imgur (You can always edit it in Imgur) https://imgur.com/account/settings/apps.
Also, make sure that there is no comma at the end in the callback URL in Postman (That was my mistake). Everything else looks fine but just in case I'll show you what I have.
Postman:
Get -> https://api.imgur.com/3/account/me/images
Callback URL: https://www.getpostman.com/oauth2/callback
Auth URL: https://api.imgur.com/oauth2/authorize
Access Token URL: https://api.imgur.com/oauth2/token
Scope, State: Empty
Client Authentication: Send as Basic Auth header
I am trying to use JWT to authenticate a user's email address. I cannot use OAuth because a user will be signing up with their work email and will need to verify using that.
I have added a field to my User model called isVerified. I have used mailgun to send an email to the user when they go to sign up that includes a link to a verification page in the form of http://{client_url}/verification/{userToken} where the userToken is a generated token using JSON web token.... the token is created using only the user's id so there is not a lot of information in the payload.
When the user clicks on this link, they are getting a 404 Not Found error. When I manually shorten the userToken in the url, then it properly connects to the correct React Component...
How do I solve this issue?
UPDATE: I just got rid of all the periods from the JWT token and it is loading like that.... so it seems to not be an issue with the length but with the periods... My react router Route path is "/verification/:userToken" ... how do I get it to not be affected by the periods?
Since this does not trigger your component to be rendered
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VySWQiOjIyLCJpYXQiOjE2MTEwMDY5OTUsImV4cCI6MTYxMTAwODE5NX0.D_-RI_YvE6lyHZFtkMizuHxPs3huIE87D6UKFEywYdg
and this does
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9
I would suspect that it somehow worked because you got rid of the dots.
Make sure the "." in the token prevent the url from matching your "verification/token" route ? I mean react is assuming that
"verification/eyxxxx.eyzzzz"
is not a valid route.
Try calling for example "verification/test.test.test" and see if it renders your component.
I am using Instagram's API which requires OAuth2 have some questions regarding best practice for setup. For more details here: https://www.instagram.com/developer/authentication/
So a user clicks on a login button and I give a redirect href.
Log In
They then receive a popup sign in, and they have the option of signing in or not. They are then redirected and '?code=zzzzzzz'is appended to the url: "http://localhost:8080?code=zzzzzzz"
Then the instructions read:
Now you need to exchange the code you have received in the previous step for an access token. In order to make this exchange, you simply have to POST this code, along with some app identification parameters, to our access_token endpoint.
But how should I do this? I'm using Express on the backend. To serve the frontend I use this line:
var static_path = path.join(__dirname, './../build');
It isn't an API route, so I can't use the normal
app.get('/?code=zzzzzzz', function(req, res) {...}).
So how can I use the code that I received in the params?
You must change your redirect_uri on isntagram to something like:
/auth/instagram/callback
https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=http://localhost:8080/auth/instagram/callback&response_type=code
Then you can get your code with req.query.code from inside the controller.
For posting the code to isntagrams API use "request" library for nodejs
okay.
I think I have failed to understand an elemental part of token based authentication.
I am using node with express and am using jwt to prevent access to my site if you haven't logged in. I can create a token on the login page, and I can send it back to the client and store it in localStorage/cookie. Now if the user wants to navigate to another page they will type in a url and trigger a get request.
How do I access that token from localStorage/cookie and pass it to the server before I load the page as part of the get request. My assumption is that there should be a way of passing the token to the server - intercepting it in the middleware - and loading the page if the token is legit, or redirecting to the login page if the token isn't validated correctly.
On a post request this would be much simpler as you can fetch the token and pass it as part of an ajax call, after the page has loaded.
I have seen references to including the token as part of the request header (authorization bearer). I assume this only works for post, because if you were able to set the header parameter 'globally' then why would you bother storing on the client side in a cookie/localStorage.
So as you can see I am a little confused by the workflow. It seems like I am going against the grain somehow. Any clarity would be much appreciated.
If you are using localStoage in order to store the JWT, then the easiest way to pass it to the server is by retrieving first the token from the localStorage with localStorage.getItem('token') (or whatever your token name is) and then inserting it in the header of the request (either it is GET or POST/PUT/DELETE). Depeding on the library you are using to handle your http requests on the client, there are different ways of doing so. In jQuery for example, you can do the following inside the AJAX request:
$.ajax({
url: API_URL + "/endpoint",
method: "GET",
beforeSend: function(request){
request.setRequestHeader("Authorization", "BEARER " + localStorage.getItem('token'));
}
})
After this, on the server side simply access the parameters by accessing request.header options just as you would normally do. Hope this helps!
I try to use download_url to get file from soundcloud.
I either get 'redirected' or '401 unauthorized', how can I download/stream it to client side?
thanks
If you are getting a 401 response, then you should include your client_id in the request. It might also be that it's a private sound, in which case, you'd also have to include the oauth credentials.
The actual success response is a redirect, since the stream files are accessible from a different server, but only with special time-limited access tokens (included in the redirect response). Basically, just follow the redirect and you'll have your stream.
You are using Wrong Url Structure...
Try This ,Its Working (I tested) :
http://api.soundcloud.com/tracks/773150/download?client_id={Your ID Here}
You Should Use ? Instead Of & before client_id