How can I set header method POST via postman for a csrf token? I am using postman Version 4.10.7. I am getting the error
ForbiddenError: invalid csrf token
on postman but in the normal test via view on browser it is working.
Related
I am using the gmail API and I'm trying to do a POST request for the watch user endpoint ( https://developers.google.com/gmail/api/reference/rest/v1/users/watch ).
I'm doing it on postman by usnig this URL which I need and inside of headers I add the auth and it's code.
POST REQUEST TO
https://www.googleapis.com/gmail/v1/users/me/watch
Headers:
Authorization: Bearer secretcode
By sending this request, I'm getting an error of 401 which says "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential.
Trying to generate the JWT access token after clicking "send". However the following error occurs:
Postman logs:
Environmental Variables:
The URL looks as to be in the correct format.
Any idea on how to fix this?
I authenticate using OAuth 2.0 authorization code workflow successfully and get redirected back to Postman. Here is more information on the Azure DevOps REST API I am trying to do.
In the console, I get an error: request URL is empty
I do not see the authorization code in the response for me to parse, but if I expand the error message and look in the Request Body > code, my authorization code is there!
I am able to use the authorization code to successfully obtain an Access Token as well.
Steps to reproduce error:
I set all of the values in the OAuth 2.0 form
I click Get New Access Token
I get redirected to my browser to accept
I get a successful authentication & get redirected back to Postman
I get the Authorization code in the request body of a console error (I also get the auth code in the URL after authenticating)
On step #5, I expect to get redirected back to Postman successfully with the authorization code in the body of the message.
EDIT: The solution below works for the Azure API with a scope of https://graph.microsoft.com. If the scope is https://app.vssps.visualstudio.com (which is what I'm using), the solution will not work oddly enough.
Please try my steps to get access token with OAuth 2.0 in Postman.
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Callback URL: the Redirect URI in Application > Authentication. It is required. Don't select Authorize using browser.
Auth URL: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize
Access Token URL: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
For more information, you could refer to the blog which uses oauth2 v1.0.
I am trying to get the refereh_token, access_token using Google Auth Exchange Code, went through the documentation but it doesn't work, I am using a react-google-login for Auth and getting the code in response and i am passing the code
https://accounts.google.com/o/oauth2/token but its giving error
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
i have tried lots of ways
code=4%2FKxoYTS-jeq5-d6Lv7YvSz9ZrK0pJ_5lZsMExzNC1M0o&redirect_uri=https%3A%2F%2Fdevelopers.google.com%2Foauthplayground&client_id=407408718192.apps.googleusercontent.com&client_secret=************&scope=&grant_type=authorization_code
frontend is reactjs and backend is nodejs..
To get the ACCESS token using referesh token you have to call a api which will give you a new access token
call a POST APi https://www.googleapis.com/oauth2/v4/token
pass the body as x-www-form-urlencoded i.e
Header as
Content-Type : application/x-www-form-urlencoded
Body
client_secret : 'xxxxxxxxxxxxdxxxxxSSd'<YourClientSecret>
grant_type : refresh_token'
refresh_token : '1/DDPkddk514451xxxxxxxx' <YourRefreshToken>
client_id : 'xxxxxxxxxxxxxxx' <YourClientID>
for more reference you can read this https://developers.google.com/identity/protocols/OAuth2WebServer
I'm using Ember.js and Node. I already have json web token based authentication set up and am now trying to use LinkedIn's REST API to get information for my user profiles.
I'm able to redirect my users to the LinkedIn authorization code endpoint (Step 2 in this guide: https://developer.linkedin.com/docs/oauth2), but I'm getting stuck on Step 3 (Exchange Authorization Code for Access Token). When I make the POST request with the correct parameters, I get a 401 unauthorized_client error no matter how I try and make the request.
I'm making the request directly from my Node server, and using the request module. I've tried including the params as query params, and as part of the body. I've tried adjusting the headers and the url encoding but nothing seems to change the 401 error.
This is the call I need to be making according to the guide:
POST /uas/oauth2/accessToken HTTP/1.1
Host: www.linkedin.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=987654321&redirect_uri=https%3A%2F%2Fwww.myapp.com%2Fauth%2Flinkedin&client_id=123456789&client_secret=shhdonottell
This should not happen if you are POSTing the correct parameters. You can rather try it with an alternative way. With the authorization code you received in Step 2, use request based service like POSTMAN and try getting the response again. If you get it using that it means there has been some error while you are making the request.
Make sure to properly provide the headers.
Even after the POSTMAN service if you get an unauthorized response, confirm your client_id and client_secret.
Please note that for 2-legged authentication, the grant_type should always be "client_credentials". Also, you only need to supply the client_id and client_secret as parameters, nothing more. See the sample in the LinkedIn documentation. It looks like you try to do a 3-legged authentication request.