I'm new to SoundCloud and have been following the developers documentation in Authenticating without SoundCloud screen.
However when my application sends the request I recieve a 401 Unauthorized error. In the documentation it specifies to check that the client_id or access_token is not missing and its not.
I can't figure out what is the issue here. I've checked the following:
Register Application - Check
Pass client_id and client_secret - Check
Here is my code that calls to the sound cloud server:
response = (HttpWebResponse)request.GetResponse();
Here are the values of the request object:
AuthenticationLevel MutualAuthRequested
CachePolicy {Level:BypassCache}
ConnectionGroupName null
ContentLength -1
ContentType "application/json"
Credentials null
Headers {Content-Type: application/json}
ImpersonationLevel Delegation
Method "POST"
PreAuthenticate false
Proxy {System.Net.WebRequest.WebProxyWrapper}
RequestUri {https://api.soundcloud.com/oauth2/token?client_id=############&client_secret=###########&grant_type=password&username=#######&password=########}
Timeout 100000
UseDefaultCredentials false
After the call I receive a 401 Unauthorized error, I even tried following Geek Life's blog but received the same error.
Am I missing something here?
I think the problem here is that you are sending the client credentials in the query string of the request. You must send them in the request body instead.
Related
Postman headers I'm using secret keys to generate an access token that I will use to authenticate for an API that I call. The issue is that I'm getting the error:
status code was: 401, expected: 200
WWW-Authenticate: Bearer error="invalid_token", error_description="The audience value is invalid"
This is how I call the API
Given url `https://login.microsoftonline.com/tenant_id/oauth2/token`
And form field grant_type = `client_credentials`
And form field client_id = `value`
And form field client_secret = `value`
When method post
Then status 200
match response.access_token != null
def access_token = response.access_token
print access_token
Given header Authorization = 'Bearer ' + access_token
Given url 'url'
And header accept = `plain/text`
And header 'X-Mimic-User' = `confidential`
When method GET
Then status 200
I'm expecting to the authenticated to the API with the generated access token.
So it appears your error may be related to the Authorization header, although the error description is hard to decipher, possibly scope related? I would list the URL first, not the header, unless you are re-using it, and want to configure the value for subsequent requests. Another way of setting the Bearer token is:
And match response.access_token == '#present'
* def oauthToken = `Bearer ${response.access_token}`
But really the most important thing is for you to check your request, including headers and compare it between Karate and Postman to see what is different.
From what I see in the error description, the first API call made towards your auth provider is returning a 200 with an access token. but the second call you are making to your application server seems to be failing to see the audience value in your access token.
I doubt you are using the same client credentials input (client_id, client_secret) in your postman and karate setup. Make sure they are the same.
I would also confirm if the access token received is having the aud parameter by checking it in https://jwt.io or any other tool you trust to decode your access token JWT. for the sake of experimentation do the same for the access token you got from postman as well.
Ideally, these configurations are very internal to your application and identity team and may not be directly related to karate. The other teams mentioned should be the ones best to guide you.
We are getting an error while trying to trigger a PATCH request via HTTP AZURE Gateway from Power Virtual Agent BOT to S/4 HANA through OData v2 service. The same service works fine when we test it from POSTMAN and through SAP Gateway Client.
The BOT is deployed on MS Teams.
Below are the steps which are configured from BOT perspective:
Trigger a GET request to fetch the CSRF token using below HTTP headers
Authorization: Bearer(tokenvalue)
X-CSRF-Token : Fetch
Set-Cookie : Fetch
The above cookie value is being converted to eliminate '/', spaces and commas. The same has been replaced with %2F, %2b and ; respectively in the encoded format.
Once the CSRF token is fetched, it is stored in a local variable and passed to PATCH request
Authorization : Bearer(tokenvalue)
X-CSRF-Token :
Cookie :
Below is the error we are able to see in Power Automate Flow.
**
"error": {
"code": 403,
"message": "The response is not in a JSON format.",
"innerError": "CSRF token validation failed"
}
}
```**
We are expecting success call for this PATCH request. This is working fine with same user when tested in POSTMAN and native SAP gateway client.
you are using the microsoft on-premise-gateway to connect your odata service.
the on-premise-gateway establishes always a new http connection that expires the X-CSRF-TOKEN
maybe this will be supported in a later version
I am using the gmail API and I'm trying to do a POST request for the watch user endpoint ( https://developers.google.com/gmail/api/reference/rest/v1/users/watch ).
I'm doing it on postman by usnig this URL which I need and inside of headers I add the auth and it's code.
POST REQUEST TO
https://www.googleapis.com/gmail/v1/users/me/watch
Headers:
Authorization: Bearer secretcode
By sending this request, I'm getting an error of 401 which says "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential.
I authenticate using OAuth 2.0 authorization code workflow successfully and get redirected back to Postman. Here is more information on the Azure DevOps REST API I am trying to do.
In the console, I get an error: request URL is empty
I do not see the authorization code in the response for me to parse, but if I expand the error message and look in the Request Body > code, my authorization code is there!
I am able to use the authorization code to successfully obtain an Access Token as well.
Steps to reproduce error:
I set all of the values in the OAuth 2.0 form
I click Get New Access Token
I get redirected to my browser to accept
I get a successful authentication & get redirected back to Postman
I get the Authorization code in the request body of a console error (I also get the auth code in the URL after authenticating)
On step #5, I expect to get redirected back to Postman successfully with the authorization code in the body of the message.
EDIT: The solution below works for the Azure API with a scope of https://graph.microsoft.com. If the scope is https://app.vssps.visualstudio.com (which is what I'm using), the solution will not work oddly enough.
Please try my steps to get access token with OAuth 2.0 in Postman.
POST https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
Callback URL: the Redirect URI in Application > Authentication. It is required. Don't select Authorize using browser.
Auth URL: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize
Access Token URL: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token
For more information, you could refer to the blog which uses oauth2 v1.0.
I'm using Ember.js and Node. I already have json web token based authentication set up and am now trying to use LinkedIn's REST API to get information for my user profiles.
I'm able to redirect my users to the LinkedIn authorization code endpoint (Step 2 in this guide: https://developer.linkedin.com/docs/oauth2), but I'm getting stuck on Step 3 (Exchange Authorization Code for Access Token). When I make the POST request with the correct parameters, I get a 401 unauthorized_client error no matter how I try and make the request.
I'm making the request directly from my Node server, and using the request module. I've tried including the params as query params, and as part of the body. I've tried adjusting the headers and the url encoding but nothing seems to change the 401 error.
This is the call I need to be making according to the guide:
POST /uas/oauth2/accessToken HTTP/1.1
Host: www.linkedin.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code=987654321&redirect_uri=https%3A%2F%2Fwww.myapp.com%2Fauth%2Flinkedin&client_id=123456789&client_secret=shhdonottell
This should not happen if you are POSTing the correct parameters. You can rather try it with an alternative way. With the authorization code you received in Step 2, use request based service like POSTMAN and try getting the response again. If you get it using that it means there has been some error while you are making the request.
Make sure to properly provide the headers.
Even after the POSTMAN service if you get an unauthorized response, confirm your client_id and client_secret.
Please note that for 2-legged authentication, the grant_type should always be "client_credentials". Also, you only need to supply the client_id and client_secret as parameters, nothing more. See the sample in the LinkedIn documentation. It looks like you try to do a 3-legged authentication request.