I'm having trouble getting the tokens back from Reddit's Oauth. I'm running a node.js backend with a React front end. What I get back from Reddit when I try to exchange the code for a bearer token using node-fetch, all I get is just a this below:
"url": "https://www.reddit.com/api/v1/access_token",
"status": 200,
"statusText": "OK",
...
There's more there but there's no field in the body or anywhere else that holds the access token or refresh token.
Could someone help me out? Thanks!
that appears to be a deprecated endpoint, i dont see anywhere on https://www.reddit.com/dev/api
try using passport: https://github.com/slotos/passport-reddit. it will work.
Related
I have followed the tutorials for adapting passport authentication strategies to Loopback 4, and have successfully gotten passport-http to work. But, when trying to get passport-ldapauth to work with loopback 4, I am consistently getting the following error Http response (using postman):
{
"error": {
"statusCode": 401,
"name": "UnauthorizedError",
"message": {
"message": "Missing credentials"
}
}
}
I have confirmed the online LDAP test server works with my setup (used a plain Express app with passport-ldapauth, with total success). Using the same LDAP config in Loopback 4, however, produces the above error.
My test Loopback app is here: https://replit.com/#woff2/CarefulGreenBits
It seems to me that I am doing something wrong with passing the verifyFn in to the AuthenticationStragegy.
Can anyone see what I am doing wrong? I have been at this for three or four days now!
It would be of great benefit to the community to solve this. I have seen many people online wanting the same auth method to work in Loopback over the past week.
UPDATE: I've narrowed it down to the request body not being processed. Whether the request body contains the username/password pair or not, the same 'Missing credentials' error results.
I found out that the username/password tuple must be passed as params on the http request. This information was contained in source-code comments of the passport-ldapauth package. Note however that when using passport-ldapauth with Express framework, passing the tuple in the request body does work.
I am trying to get new access tokens before they expire using reconnect api endpoint, but the api call to https://appcenter.intuit.com/api/v1/Connection/Reconnect is being redirected to https://quickbooks.intuit.com/learn-support/en-us/do-more-with-quickbooks/third-party-app-security-requirements-updating-soon/01/428295, rather the expected response. Am i missing something here? Appreciate the help.
According to Intuit's documentation, you're using the wrong URL:
https://developer.intuit.com/app/developer/qbo/docs/develop/authentication-and-authorization/oauth-2.0#refresh-the-token
Did you try using the correct URL?
From the docs:
To refresh an access token, your application sends an HTTPS POST request to
Intuit’s authorization server
(https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer)
that includes the following parameters:
I am trying to send an auth header along with an axios POST request from inside a Vue application. I currently am getting a 401 from my back end with an auth header that works when I do a curl.
I've tried splitting it up into variables and putting it in but that did not work and resulted in the same error (401).
This is just the axios code I am trying to get to work. I have checked with console.log and all values I am trying to send exist, though I don't know how to check the axios headers before sending.
axios.defaults.headers.common["Authorization"] = JWTtoken;
axios.post(updateURL, {
token: result.token
});
The backend code can't be changed easily for testing so need to figure out why not sending from the front end
I'd like it to send the correct header along with my request so I don't get a 401 status code.
I think you need this..
axios.defaults.headers.common["Authorization"] = "Bearer " + JWTtoken;
axios.post(updateURL, {
token: result.token
});
Notice that I add Bearer in the Authorization. It is how JWT was meant to be used according to their introduction.
However, if the answer is wrong. Help us by providing more information about your response in Developer Console as #RuChernChong suggest. Any error logs would be helpful as well.
Another way by using Axios globals to set for example X-Auth-Token encoding from JWT.io directly like this:
axios.defaults.headers.common["X-Auth-Token"] = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c";
I have a node.js server which authenticates using google-passport-oauth2. My server-side code looks like that from the documentation:
app.get('/auth/google',
passport.authenticate('google', { scope:
[ 'https://www.googleapis.com/auth/plus.login',
, 'https://www.googleapis.com/auth/plus.profile.emails.read' ] }
));
app.get( '/auth/google/callback',
passport.authenticate( 'google', {
successRedirect: '/auth/google/success',
failureRedirect: '/auth/google/failure'
}));
I figure that /auth/google redirects to google's login, and when permissions are recieved, the google profile and token are sent to the callback /auth/google/callback.
Now I am making an android app which wants to authenticate with this API. I'm using the directions for integrating Google Sign-In to do the authentication on google's end. Now my android app has the profile and token and wants to verify it with my server.
I've tried doing this with passport-google-token and passport-google-id-token (not sure the difference...), but it didn't work for whatever reason. Now I'm looking at other possibilities, like a Google Client API library for node.js, but it seems bulky. Then there's the tokeninfo endpoint, which involves an extra request and more latency. Or maybe I should look at express-jwt?
And suddenly, I wonder... couldn't I just pass the token from my android app to the server at auth/google/callback? That would make things a little simpler. I think this must be a pipe dream, because I haven't found any information about doing it. But if it's possible, how should I format the token/profile data in the request so the passport.authenticate() method recognizes it? (JSON, form data, headers)
If this can't be done, I'm taking suggestions for well-documented token verification libraries for node...
I still don't know about reusing the google-passport-oauth2 route, but I did figure out how to validate Google's idToken using passport-google-id-token.
The documentation says:
The post request to this route should include a JSON object with the
key id_token set to the one the client received from Google (e.g.
after successful Google+ sign-in).
But it only works if it's sent as a query string (GET or POST works).
https://localhost:8888/auth/googletoken?id_token=xxxxxxxxxx
I have a feeling this is not the most secure method, but I'll have to deal with that later.
EDIT: It turns out, the token is useless without the client ID (in your app), so it's OK to send it by querystring.
EDIT 2: One of the google-id-token devs has reminded me that the JSON will only be received if body-parser has been installed.
I got the authorization code from
https://home.nest.com/login/oauth2?client_id=CLIENT_ID&state=FOO.
I want to get the access_token, but something wrong!
https://api.home.nest.com/oauth2/access_token?code=AUTHORIZATION_CODE&client_id=STRING&client_secret=STRING&grant_type=authorization_code
Result:
url: "/oauth2/access_token?code=xxx&client_id=xxx&client_secret=xxx&grant_type=authorization_code",
message: "404 Not Found"
You need to POST your request. Also, the authorization code expires when used once, so you may need to get another.