When I call GoogleAnalytics REST_API using python it returns the following error message
oauth2client.client.HttpAccessTokenRefreshError: invalid_grant:
Invalid JWT: Token must be a short-lived token (60 minutes) and in a
reasonable timeframe. Check your iat and exp values in the JWT claim.
I also ref this link: oauth2client.client.HttpAccessTokenRefreshError: invalid_grant: Invalid JWT
but the problem not solved any solution?
I have found that this type of error can appear in at least a couple of situations, one most likely related to the clock (I suggest to investigate this thoroughly because it is usually the problem) and the other due to a generic message related to credentials (https://github.com/docker/for-mac/issues/2076):
The time of the machine that runs containers drifts from system time, and doesn't appear to reset itself properly. Stopping and restarting (i.e. Docker for Mac) should be fixed the issue, alternatively try outputting your token information to detect any difference in time between it and that of your machine;
if you are using a credential file that was deleted on my project, so just create another credential file;
Related
I am extremely new to UiPath. I have inherited a project from an experienced UiPath developer. I am trying to find the username and password he uses to login to a specific app. Because the project is not working when executing in the development environment, it is possible the password has expired. I am on the machine he used to develop the project, but logged in under my name. I have found the process that does the "Get Credential". I am using a message box to show the username at this point. When I run the process The "Get Credential" activity returns the error "you are not authenticated Error Code:0" I have researched the error and found several answers as to why it is happening, but not what to do to either fix my problem or get around the problem. The UiPath.systems.Activites version used is 21.4.1. I am aware of the concept of the CredentialStores, but can't seem to find the one used for this project. Where would I find the name of the credential store used? How do I find the username? I need to test the change I made for a user request.
I am going to close this question as I have determined the correct password for what I needed to do. I have no need to get into the credential stores for a password.
Credential stores and password were not the actual issue with the error I was receiving. The error "Loading asset PreAuth_Citrix_FolderName failed:
You are not authenticated! Error code: 0" by referencing the word authenticated, I assumed it had to do with passwords. As I did more research I found the issue to be the new security certificate installed on our web server. While orchestrator recognized the new cert, the Identity Server was not updated with the new thumbprint. I found the information I need at this link https://forum.uipath.com/t/get-asset-you-are-not-authenticated-error-code-0/343910. Once I updated the Identity Server thumbprint, I no longer received the error and my jobs ran. (not successful, but at least they ran past this error!)
I'm in the process of rebuilding an existing web app, that uses JWTs to manage authentication. I'm still new to JWTs, so I'm learning about how they should work, while, at the same time, trying to understand why the web app's current implementation is the way it is.
The current version's flow is as follows:
When a user successfully logs in or registers, a user object is returned along with a JWT property. This JWT is included in subsequent API calls as an Authorization header.
Every ten minutes, a get request is made to API endpoint /refresh-token.
If successful, the response body contains a success message, and the response header contains an updated Authorization header.
All subsequent ten-minute timed get requests to /refresh-token use the original JWT that was returned in step 1, and so on.
From what I've read so far, this doesn't correlate with any recommended approaches.
Is it safe enough to replicate this flow in the newer version, or is this something I'm better off not replicating?
Edit: I'm working solely on the front-end - the API isn't being updated for a while, so I'm limited to what it currently returns.
I believe this article summarizes the current state of the art: https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/. You usually have two tokens. Access token which is short lived and an refresh token, which lives longer. This way you don't need to call the auth server every x minutes, but you can do it on demand.
I don't know if you need to deal with blacklisting too? I believe blacklisting is easier when you have a separation of access token and refresh token (only refresh token needs to be blacklisted). But I believe you could deal with this problem too, probably in a bit more sophisticated manner.
Having said that. What you have is not wrong. It's hard for me to point out any flaws in the way you are doing besides of what has been pointed out above.
I have a UWP app using the ADAL authentication library and the default token cache. When I log on the token appears to be saved and refreshed and I don't need to log in again, even if I close and reopen the app or restart the device, unless I manually clear the token cache. This is the same for other users when testing with different accounts, devices and networks.
However some end users are seeing different behaviour where they are being asked to log in repeatedly, even when the app hasn't even been closed which suggests the token is not being refreshed automatically. What I haven't been able to work out is what the difference is. Has anyone else encountered this and know what might cause the difference in behaviour?
I have generated the JWT Token for DocuSign through the https://jwt.io .The signature is verified.
Now to obtain the Access token I am using following Command in Curl,on Windows Command line tool.Rrefering the Document https://developers.docusign.com/esign-rest-api/guides/authentication/oauth2-jsonwebtoken.I am getting "invalid Grant".What is the problem with my request?I know my token is correct because the token verifies the signature.
curl --data "grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=YOUR_JSON_WEB_TOKEN" --request POST https://account-d.docusign.com/oauth/token
invalid_grant is the the publicly facing version of several errors rolled together. If you've hit your limit of troubleshooting, I'd recommend opening a case with DocuSign Support, and provide your Demo Account ID, UserID, Integrator Key and the value of an x-DocuSign-TraceToken of a failing assertion. The plaintext version of your assertion would be helpful as well.
Here's a few things to check:
aud value - must be exactly account-d.docusign.com (for demo) or account.docusign.com for prod. Including https:// or any other value will fail.
sub value - must be an active userID (in GUID format) in the appropriate environment.
iss value - must be a valid client ID
Private Key used for signing - must be associated with the Client ID in the correct environment. If you're using a key generated in Production but the assertion is directed to account-d.docusign.com it will fail. In some cases it can take a few minutes for a newly generated keypair to be valid in the Account Server, so if you've just generated that key, wait a bit and try again.
Timestamps used - Your exp value must not have passed, and if you are using an nbf value, it must be in the past. Confirm your computer's clock is correctly configured - if it's dramatically off, your application could be generating invalid assertions because of that.
The pro-tip is to use a library to generate the JWT and convert it to an Access Token.
See the JWT examples for code examples in many languages. The examples use either a JWT method from a DocuSign SDK or a lower level JWT library.
C# .NET Core https://github.com/docusign/eg-01-csharp-jwt-core
C# .NET Framework https://github.com/docusign/eg-01-csharp-jwt-framework
PHP https://github.com/docusign/eg-01-php-jwt
Java https://github.com/docusign/eg-01-java-jwt
Node.js https://github.com/docusign/eg-01-node-jwt
Python. https://github.com/docusign/eg-01-python-jwt
Ruby https://github.com/docusign/eg-01-ruby-jwt
See the repositories’ Readme files for installation and configuration instructions.
So i'm running into a problem I suspect I shouldn't be having and having tried several things i'm seemingly at an impasse.
I am trying to integrate LinkedIn login with Stormpath and it seems the accounts get created and technically the user is logged in, the application does return one of two errors:
"Token is invalid" or "Invalid state token provided."
I checked my id and secret several times and the authorized callback urls etc but I'm not sure where else to actually check, some help would be appreciated.
To try further I did in fact clone https://github.com/stormpath/stormpath-express-react-example and run it, and everything else works fine but again LinkedIn login on this app doesn't work so I suspect its not my code (maybe, after years of coding I'm never really comfortable saying its not my code, but there you have it).
I have attached the screenshot of things in case my now very tired eyes are missing something. Can someone point me to my mistake please?
For reference, Omar and I looked through this problem and realized that his server was not running ntp, and the clock was running fast.
This meant that the signed token request generated by Stormpath's Express integration was sent to Stormpath's REST API with a different valid time interval than expected, and thus failed validation.
We fixed it by installing ntp and syncing the server's time.