I am trying to follow Revolut's tutorial for authenticating to their API and I'm stuck at requesting a reusable access token.
So far I've managed to:
1. Create public/private keys
2. Upload public key
3. Sign a jwt with the generated client_id
4. Get an authorisation code
But I am blocked at using the above for requesting a reusable access token.
As per this page, I'm supposed to create a POST request on https://b2b.revolut.com/api/1.0/auth/token with the following body:
{
"grant_type": "authorization_code",
"client_id": my_client_id,
"code": my_authorisation_code,
"client_assertion_type": "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
"client_assertion": my_jwt
}
Which I've done in Insomnia but I keep getting this error:
{
"error": "invalid_client",
"error_description": "client_id is missing"
}
Looking on SO for an answer I stumbled upon this answer, but I get this error all the time, even after I change the client_id.
Turns out the body should not be a JSON, it should have been url encoded, like this:
grant_type=authorization_code&client_id=client_id&code=code&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion=jwt
Related
How do I generate a bearer token for my personal identity, like the Microsoft web page does here when you click Try it and log in with your personal credentials?
For example, I would like to generate the bearer token programmatically in a pre-request script in Postman.
UPDATE: The below error happens in Postman if you don't remove "Bearer " from the token. See #BrunoLucasAzure answer.
Also, I have tried to copy the bearer token manually from the Microsoft "Try It" page into Postman as suggested by this answer and I get a 401:
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "The access token is invalid."
}
}
Before you say it, I realize that I would want a Service Principal for productionalized usage, but I shouldn't need one to explore the APIs via my own tool (e.g. Postman).
How did you set your postman?
if you login into the "try" you should get this:
copy #1 and #2 like this. Dont copy the word bearer, only the token and under authorization select bearer token
I want to use the Invoke Device Module API from Azure, where I want to send a payload using the API, which will be responsible for sending message from cloud to the module. I am following this article "https://learn.microsoft.com/en-us/rest/api/iothub/digitaltwinmodel/service/invokedevicemodulemethod"
I am using postman to execute this API, but I am getting the following response.
I have added 2 headers in postman 1] Authorization in this I have added a bearerToken and 2] content-type as application/json. I am giving a payload in the body section. Please let me know what could be wrong here, or if I need to configure it in some different way.
There is a double slash in URL http://azure-devices.net//twins. Can you please try with correct http://azure-devices.net/twins/
I figured out how it is done.
All we need to do is use the SAS Token in the authorization header instead of bearerToken and use the following body.
{
"methodName": "name_of_your_method",
"responseTimeoutInSeconds": 60,
"payload": {
"command": "your_message"}
}
The API URL is the following POST method
"https://fully-qualified-iothubname.azure-devices.net/twins/{deviceId}/modules/{moduleId}/methods?api-version=2019-07-01-preview"
Use the following command to generate SAS Token and FYI SAS Token expires after 1 hour of generation:
az iot hub generate-sas-token -n Ageye
This works perfectly fine and gives the following response:
{
"status": 200,
"payload": {
"status": "ok"
}
}
I tried to generate access token through api but I am unable to get code I tried to generate through the apis
Unable to generate access token
GET https://account-d.docusign.com/oauth/auth? response_type=code &scope=signature &client_id={CLIENT_ID} &state=a39fh23hnf23 &redirect_uri={REDIRECT_URI}
POST https://account-d.docusign.com/oauth/token
Content-Type: application/x-www-form-urlencoded Authorization: Basic
BASE64_COMBINATION_OF_INTEGRATOR_AND_SECRET_KEYS
grant_type=authorization_code&authorization_code=YOUR_AUTHORIZATION_CODE
But I received the following response
{
"error": "invalid_grant"
}
Could be any of a number of issues. Did you receive back an authorization_code? Did you use the authorization_code in less than two minutes (it's time limited).
There are other potential issues too. Google for "docusign invalid_grant"
Did you properly create and encode the BASIC authorization field?
For the best results I recommend that you use an OAuth Authorization Code Grant client library. They exist for most every web stack / language.
I keep getting a AuthenticationFailed error with a InvalidAuthenticationTokenAudience inner error when attempting to query the /environments endpoint.
I have already created an app in the Azure Active Directory, given it access in the time series insights management portal and I can already get an Oauth 2.0 Access token from the auth URL.
I have tried giving the token url the 'https://api.timeseries.azure.com/' resource/audience/scope but the API keeps returning the same error message:
{
"error": {
"code": "AuthenticationFailed",
"message": "Server failed to authenticate the request. The token has been obtained from wrong audience or resource.",
"innerError": {
"code": "InvalidAuthenticationTokenAudience",
"message": "The access token has been obtained from wrong audience or resource '00000002-0000-0000-c000-000000000000'. It should
exactly match (including forward slash) with one of the allowed
audiences 'https://api.timeseries.azure.com/'."
}
} }
I'm using Postman with the Oauth 2.0 authentication type, the client credentials Grant Type and send as basic Auth Header option for the token request.
Has anyone tried this with success?
Update 01:
The decoded (using JWT as suggested in comments) payload portion of one of the tokens shows the that the aud field is 00000002-0000-0000-c000-000000000000. Which is definitely wrong.
Based on the exception, it indicates that the resource is not matching https://api.timeseries.azure.com/ when acquire the access token.
So please make sure that the resource is https://api.timeseries.azure.com/, for more information please refer to the screenshot.
Get access token
I test Get environments API, it works correctly for me.
GET https://api.timeseries.azure.com/environments?api-version=2016-12-12
Newbie trying to figure out how to get a Node.js application to authenticate and query Google BigQuery, trying to adapt this CodeLab tutorial from Java. What step might i be missing?
First I create this Oauth2 URL using my clientid:
https://accounts.google.com/o/oauth2/auth?
client_id=1047877053699-den6kbs4v3f2bft6clonsirkj1pc7t6j.apps.googleusercontent.com
&scope=https://www.googleapis.com/auth/bigquery
&redirect_uri=http://localhost:3000/oauth2callback
&access_type=offline
&response_type=code
This successfully reaches Google, which prompts
A third party service is requesting permission to access your Google Account.
Agreeing that generates a second prompt:
Nodejs_Test is requesting permission to:
View and manage your data in Google BigQuery
Agreeing to that, the callback URL is called, with a parameter accessToken.
I think the following url should list tables in my BigQuery project/dataset:
https://www.googleapis.com/bigquery/v2/projects/1047877053699/datasets/visits&accessToken=4%2FC196NizZwlNgWSt5oNqQwendmLNW.0vgUrlGJ6kMRshQV0ieZDApig3NfcgI
But calling with or without the accessToken returns the following message that "Login Required".
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
I know you can't repeat the code because of permissions, expired tokens, etc. But I wonder what step I might be missing conceptually.
Have you tried sending the accesstoken as an authorization header rather than as a url parameter?
as in
https://www.googleapis.com/bigquery/v2/projects/1047877053699/datasets/visits
Authorization: OAuth Your-access-token-here-not-urlencoded
FYI - looks like you originally used the parameter accessToken in the URL. It should instead by access_token, which looks like it works fine. Of course, Jordan's suggestion of using a Header is better if you're able to do it though-- it's more secure as it's unlikely to get logged in access logs, proxy server logs, etc.