guys. I have a than error in my NodeJS rest API, and can't resolve this.
My idea is make a github login, this app working like this.
Href to github url returning a temporal code in callback.
Latter, send this temporal code to my REST API and with rest api make a fetch request to other endpoint of the github api, and this endpoint should return access_token=12345 (this access token is a example), for latter send this token to frontend, and convert the token in a JWT token and also send to frontend for latter storage in a localStorage to use it.
My code in NodeJS
router.post("/users/github/:code",function(req,res){
fetch('https://github.com/login/oauth/access_token/', {
method: 'GET',
client_id: 'xxxx',
client_secret: 'xxxx',
code: req.params.code,
accept: 'json',
})
.then(function(res) {
return res.json();
}).then(function(json) {
console.log(json);
});
});
PD: I use node-fetch module for this. https://www.npmjs.com/package/node-fetch
The solution
router.post("/users/github/:code",function(req,res){
fetch('https://github.com/login/oauth/access_token/', {
method: 'POST',
headers: {
Accept: 'application/json',
'Content-Type': 'application/json'
},
body: JSON.stringify({
client_id: 'xxxx',
client_secret: 'xxxx',
code: req.params.code
})
}).then(function(res) {
return res.json();
}).then(function(body) {
res.json(body);
});
});
Related
I am unable to get the clients identiy through discords oauth2. First we do this:
https://discord.com/api/oauth2/authorize?client_id=9999999999999&redirect_uri=http%3A%2F%2Fxxxx.xyz%2F&response_type=code&scope=identify
to get their code. Which seems to work fine.
let options = {
url: 'https://discord.com/api/oauth2/token',
method: 'POST',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: new URLSearchParams({
'client_id': '9999999999999',
'client_secret': 'MYSECRETHERE',
'grant_type': 'authorization_code',
'code': code,
'redirect_uri': 'https://xxxx.xyz/callback',
'scope': 'identify'
}).toString()
};
await fetch("https://discord.com/api/oauth2/token", options)
.then(handleErrors)
.then(response => response.json())
.then(response => {
access_token = response.access_token;
}).catch(function(error) {
console.log(error);
});
What happens here is I get a error 400 instead of the access token. Originally the 'grant_type' was set as client_credientals but I realized that this only grabs the identity of the application owner itself, not others. This worked however. Changing it to authorization_code however does not.
Any suggestions?
Compared to the token exchange example, you are passing scope in the request – that shouldn't be there. Scope is passed only in the initial authorization URL.
I am trying to send a request using axios post with basic authorization. It is working fine with postman but not working when I try to send via code.
axios.post(`my-url`, {
headers: {
'Content-Type': 'application/json',
'Authorization': 'Basic **KEY_HERE**',
},
data: {
'id': 'event_order',
'date': '2021-09-09'
}
}).then(async (response) => {
console.log(response.data)
})
It is returning 401 Unauthorized. But, it works as excepted when I call it via Postman:
Postman Setup Image
Did you add your domain to whitelist in your cors module? If not:
app.use(cors({ origin: "PROTOCOL://DOMAIN:PORT", credentials: true }));
edit: Ok, sorry, I was confused and thought you were sending a frontend axios post request to your own NodeJS server. If possible, could you be more precise. But try passing in your headers/auth as the third argument-- since you're passing in everything in the second argument, the API is not parsing out your headers since its part of the data parameter.
const data = {
'id': 'event_order',
'date': '2021-09-09'
}
axios.post(`my-url`, data, {
headers: {'Content-Type': 'application/json'},
auth: {
username: "YOUR_USERNAME",
password: "YOUR_PASS"
}
})
.then(async (response) => {
console.log(response.data)
})
Also try and post the network errors, if you can.
We are trying to link our website to Wordpresses API using OAuth 2.0. Hoping that a client can authenticate and post to WordPress from our site. We need to receive an access token to do this.
We have successfully connected with Wordpress to receive our access code. We've followed the Wordpress api, and have it working for a single user (with secret key not with OAuth). Things we have tried are adding a headers, changing data to different names examples: params, body
This is a simplified version of the code we have been using
const axios = require('axios');
axios({
method: "POST",
data: {
grant_type: 'authorization_code',
client_id: '12345',
client_secret: 'ABCABC1235412345',
code: 'Abc123',
redirect_uri: 'https://localhost:5000/wordpress/callback_wordpress'
},
url: 'https://public-api.wordpress.com/oauth2/token'
}).then( (response) => {
console.log(response);
}).catch( (error) => {
console.log(error);
});
We expect to receive a jwt access token, but instead are getting this 400 error:
data:
{ error: ‘invalid_client’,
error_description: ‘The required “client_id” parameter is missing.’ } } }
It seems clear that we are missing the client_id, however we have it included in our request. Is there somewhere else we need to include it?
var authOptions = {
url: 'https://public-api.wordpress.com/oauth2/token',
form:
{
grant_type: 'authorization_code',
code: code,
client_id: client_id,
client_secret: client_secret,
redirect_uri: redirect_uri,
},
headers: {
'Authorization': 'Basic ' + (Buffer.from(client_id + ':' + client_secret).toString('base64'))
},
json: true
};
We needed to include a header with that information, and we needed to use the variable 'form' instead of 'data'.
Authorization for Client Credentials Flow
Hi I have read other Questions or not working properly the current response is 400 (Bad Request) what I had
The following is my code (Authorization has converted Base64)
const testAuth = () => {
return () => {
Axios({
url: 'https://accounts.spotify.com/api/token',
method: 'post',
params: {
grant_type: 'client_credentials'
},
headers: {
'Authorization': 'Basic MWM3NGFkOGQyNDgzNDI0Y2E4NGVmYWRlNzI1MzI5YzE6MDBmMGFmNDE1ZTZhNDgxOThiOWRlYzFmNmE2NTk5NDQ=',
'Content-Type': 'application/x-www-form-urlencoded'
},
}).then((respond) => {
console.log(respond);
}).catch((error) => {
console.log(error);
});
};
But things that are working with returned tokens as well as using spotify wep api normally by using Postman to send out the same content . Is my code uncorrent or is there any problem? (Authorization in Postman is the same as above)
Thank everyone, I just realized is an error of cors. However, there are many ways for trying still can't solve the 400.
For eaxmple: Chrome extension access-control-expose-headers
Preflighted Requests image
400 Respond image
I am using React and node.js, and I've used react's fetch to POST some Login credentials to my restAPI in order to receive a webtoken...
fetch('http://localhost:8080/api/login', {
method: 'POST',
headers: {
'Accept': 'application/json',
'Content-Type': 'application/json'
},
body: JSON.stringify({
username: this.state.username_login,
password: this.state.password_login
})
})
.then((response) => response.json())
.then((responseJson) => {
console.log(responseJson); //this is the object containing the token
})
.catch(function(error) {
console.log("request failed");
})
}
so responseJson is the the object containing my web token. The request was successful and now I've passed it to the client. Now, I am thinking of saving it to a cookie.
How can I send this to the server? Should I make a POST request? If so how do I do that once the JSON object is received? If there is a better way, I would like to know.
Cookies are automatically passed along any HTTP request made with fetch