I am developing a skype Api to show user presence using ucwa with the help of steps outlined at Authentication using Azure AD.
I got the bearer token, but when I Perform a GET on the root resource with the bearer token, it always returns 404, Reason Phrase: not found. If I do not include token, it will return un-authorized. So, seems it authorized, but can not find the resource. what could cause this?
Related
I am able get JWT access token with account id#10540382, which I created for our company e-signature implementation. I done JWT implementation with this account and everything goes well. But now company provided my new account id#11024495. But with this new account I am not getting access token. Token API https://account-d.docusign.com/oauth/token now return "The remote server returned an error: (400) Bad Request."
Can someone from DocuSign help me, what is issue with new account id#11024495?
The reason is missing consent.
Your client will need to provide consent by calling this url from the browser window
https://account-d.docusign.com/oauth/auth?response_type=code&scope=signature+impersonation&client_id=integrator_key&redirect_uri=your_encoded_redirect_url
I am trying to use Microsoft SSO with Azure Active Directory to authenticate users and also authorize API access. But I am stuck with token validation at the time of accessing the API. I get 401 Unauthorized
error with below response header
content-length →0
date →Tue, 28 Jan 2020 04:49:20 GMT
server →Kestrel
www-authenticate →Bearer
What is the cause of this error? I am using postman to hit the API with the token. The token is valid on jwt.io but still I am not able to access the APIs.
Below is the token:
token at jwt.io
Please help! Thanks.
I was running into this problem, where I had to sort out "invalid issuer" and then just got a plan "www-authenticate: Bearer" 401.
To solve it, I had to call app.UseAuthentication() before app.UseAuthorization() in Startup.Configure() for my API app. After that it would go through.
It might be nice if that were mentioned here: https://learn.microsoft.com/en-us/azure/active-directory/develop/scenario-protected-web-api-app-configuration.
My thought is that the application needs to authenticate you before it can tell if you should be authorized or not, so if that's not there it will fail authorization.
I've integrated my application with Azure AD authentication.
While I can successfully login through the same, I want to access the response claims sent by AD post re-direction of my application from AD to homepage.
So, I've followed Microsoft Docs to get the response claims.
i.e., https://app-name.azurewebsites.net/.auth/me
I can see access-token, id-token etc in my response, while I hit the url from my browser.
Now, for my API URLs to get validated, I've to pass access-token in my authorization header.
But, also, I want to validate the passed access token (from API) through Azure service, for which the way is:
POST https://<appname>.azurewebsites.net/.auth/login/aad HTTP/1.1
Content-Type: application/json
{"id_token":"<token>","access_token":"<token>"}
I want to test the same first through postman, but, I get 401 unauthorized.
If you use aad provider, just pass the {"access_token":"<access_token>"} in the body.
See here:
First, login to https://app-name.azurewebsites.net/.auth/me, copy the id_token(not the access_token).
Then in the postman, pass the id_token copied to the {"access_token":"<access_token>"}.
I'm using developer sandbox to make all my api calls.
It's website build with laravel 5.2
All api calls are made with guzzle/guzzle.
I'm trying automate sending pdf contracts (creating envelopes) using docusign api.
I followed steps from Using the Authorization Code Grant
I had no problem with:
Starting the Authentication Code Grant
Handling the Response
Exchanging the Code for a Token
Getting the User’s Account and Base URI Information
After I get userinfo, there is only one account, so I used that accounts base_uri for all subsequent api calls
{base_uri} + "/restapi/v2/accounts/" + {account_id}
In all my subsequent api calls I'm also adding header
Authorization: Bearer eyJ0eX...MrhIddzBAQ
where I'm using access_token that I've got in step Exchanging the Code for a Token
When doing a create envelope api call, or any other api call, using access_token, base_uri and account_id I get
POST https://demo.docusign.net/restapi/v2/accounts/<account_id>/envelopes resulted in a 401 Unauthorized response
What I tried
Test using the access_token in docusign API explorer:
I went to API EXPLORER - create envelope
I used Authenticate using Sandbox Account to authenticate with the access_token that I've got in previous calls to docusign. Same for the account_id.
When I click on SEND REQUEST, I get 401 Unauthorized response again.
When I use Authenticate using Sandbox Account, but this time I click on Get OAuth2 token (that generates new token), and I click on SEND REQUEST, I get success message.
Then I copied this access_token (from Request) into my website to test the api call, and this time it worked. It also worked for all other api calls that I was making to docusign.
So, using access_token that I get after Exchanging the Code for a Token, I get 401 Unauthorized for api calls
When I use access_token that I generated in API explorer, all api calls to docusign work in my website.
What I also tried
Use refresh_token to get new access_token. Still 401
Xdebug, going step by step to make sure that all params/headers are set before api call. They are, and they are the same as api explorer.
Guzzle option debug => true to get more information about the request, and to compare with what's sent in API EXPLORER, and they are basically the same, except the tokens.
Postman to make request to api, (just to eliminate any chance that I have errors in my code), with same behavior:
401 with token that I get from docusign
success when using API EXPLORER generated token
I'm kinda lost on what to do next and how to solve this, I'm sure it's something simple, but I can't seem to locate the problem.
Update
I used Larry K's answer and found that my problem was with the scope value in /oauth/auth call. I changed it to scope=signature%20extended, and everything works perfectly!
When you click the Get OAuth2 token in the API explorer, you are going through the complete Authorization Code Grant flow, including the new token.
Since this works, but the token your app obtained via the OAuth Authorization Code flow doesn't work, this tells me that your app has an issue.
Check:
Logout from DocuSign. Login from your app. Are you transferred to DocuSign to log in correctly? And then redirected to your app?
Are you requesting the "signature" scope in your request? Check spelling and capitalization of the scope name!
When you're redirected to your app, your app receives the authorization code as a query parameter. Do you get it ok?
When you convert your authorization code to a bearer token are you storing the complete bearer token? It is quite long.
When you send your Envelopes::create request, are you including a space between the word Bearer and the token itself?
Are you making your API call to demo.docusign.net (not .com)
If the above doesn't help, then please update your question (you can edit your question itself) with a trace of your request.
I've been able to setup JHipster successfully using both Token and OAuth2 authentication. With both I can login using the default admin/admin account. However, in both cases, I get 401 errors when I want to access any API endpoint, i.e: http://127.0.0.1:8080/api/users
It renders a page with the following message:
Your request cannot be processed
Sorry, an error has occurred.
Status: Unauthorized (Unauthorized)
Message: Access Denied
Am I missing anything obvious?
Are you seeing any the spring security errors in the logs? Your angular session should be passing your recently acquired auth token for the admin user as part of the request to the api. If you want to access the api again outside of angular eg curl/Java client you'll need to request a new token for the user eg https://github.com/reddit/reddit/wiki/OAuth2-Quick-Start-Example