I perform below steps to create an access token. but getting error {"error": "invalid_client"}
go to this link http://<ip_address>:/o/applications/
fill form to register your application
enter below command in CMD
curl -X POST -d "grant_type=password&username=<user_name>&password=" -u"<client_id>:<client_secret>" http://<ip_address>:/o/token/
Also, I installed required libraries for access token help of this https://django-oauth-toolkit.readthedocs.io/en/latest/rest-framework/getting_started.html
Image of error attached below
Error I am getting
you use hashed client secret now, you must use the clear client secret before you save your new application in the web interface
Related
I am trying to get setup so that I can view my Nest equipment on my home automation system. Now with the Google Device Access, I have multiple steps that must be completed. I have created the project in Device Access. I setup the OAuth2 credentials. I enabled the api in the Google Cloud Portal. I "linked" the account / OAuth2 cred to my project to get the "authorization-code".
Now I am failing to "Get an Access Token".
When I try to use Google's Template and fill in the OAuth2-Client-ID, OAuth-Client-Secret and Authorization Code, the copy/paste it into a terminal session, I get: "curl: (3) URL using bad/illegal format or missing URL".
If instead I create my curl statement myself, using the data, I get '{
"error": "invalid_client",
"error_description": "Unauthorized"
}'
How do I get to the next step to get an Access Token?
I just had the same problem. The curl command automatically generated on the Google instruction page https://developers.google.com/nest/device-access/authorize did not work.
From Google (and not working) :-
curl -L -X POST 'https://www.googleapis.com/oauth2/v4/token?
client_id=oauth2-client-id&
client_secret=oauth2-client-secret&
code=authorization-code&
grant_type=authorization_code&
redirect_uri=https://www.google.com'
This did work:-
curl -L -X POST 'https://www.googleapis.com/oauth2/v4/token?' -d 'client_id=oauth2-client-id' -d 'client_secret=oauth2-client-secret' -d 'code=authorization-code' -d 'grant_type=authorization_code' -d 'redirect_uri=https://www.google.com'
Just replace oauth2-client-id, oauth2-client-secret, authorization-code with your values.
If the requested access token is not passed back to you and you get this response instead :-
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
This means the authorisation code has been used or has been passed in a request that failed and you need to regenerate the device authorisation code - the authorisation_code in the curl request - using the same process you followed to get it the first time.
I am trying to track down leaked values for GOOGLE_CLIENT_SECRET and GOOGLE_CLIENT_ID. I run this basic flask app here in docker, link it to localhost, edit /etc/hosts to map that to "myserver.local.com" and access the page. When I click Login on the "This app will attempt to authenticate you through Google OAuth 2.0" screen, I get this error
Authorization Error
Error 401: deleted_client
The OAuth client was deleted
Excluding the possibility of restoring the project within 30 days of deletion, can I take this to mean that the leaked keys do not pose a threat? I cannot find them in our projects, so I cannot just delete them myself.
The client ID contains the project number. The client ID is constructed the following way:
<PROJECT_NUMBER>-<RANDOM_STUFF>.apps.googleusercontent.com
If you have access to the project, you can access the list of credentials by going to the link https://console.cloud.google.com/apis/credentials?project=<PROJECT_NUMBER>.
In there, you can verify if the client ID has been deleted, and if not, delete it yourself.
You can also check if the project is pending deletion by using the same project number in this command (requires gcloud installed and properly authenticated):
curl -H"Authorization: Bearer $(gcloud auth print-access-token)" -H'Accept: application/json' \
'https://cloudresourcemanager.googleapis.com/v1/projects?filter=projectNumber%3A<PROJECT_NUMBER>'
As per the API definition, if the response has the field "lifecycleState":"DELETE_REQUESTED", it means that the project is pending deletion but still recoverable.
All of these steps are contingent to you having access to the project with the credentials. If you don't have that access, you should find somebody who has. If that project was within an organization, someone with permissions at the organization level should have access to all the projects within.
With all that said, the error does look like it means the client was deleted, and there is no way to recover deleted credentials, at least according to the warning message when deleting one:
The biggest danger I see is that the leaked credentials contain the project number, but abusing only a project number is pretty hard.
To ensure that your access token is revoked you can perform any of the following actions:
Tokens: delete --> Delete all access tokens issued by a user for an application.
gcloud auth revoke --> Revokes the user account token on the server:
Programatically revoke access
Change password
You can also track your token with the OAuth Token audit log to see when and by who it was used.
I'm following OAuth2 provider tutorial. After setting up everthing correctly, I'm getting this error.
Invalid Credentials given
What am I doing wrong with request? I checked my username and password but it's 100% valid.
curl -X POST -d "grant_type=password&username=admin&password=j1357924680"
-u"TEAfdIRw5cE664Pd4X31wuD7y08er8Suim3SdZsr:dI65CQwo9glm9LN63twmqDSY2DHR9bbPqlSEIwktaOzMfAS7sSFirzCKi9enogNZmyHjqQeIYIqtwKY6RIUC7Lto22s4vDtB0Y7F5unffLdktHXPyPn7j593IAeHfTDp"
http://localhost:8000/o/token/
(If you want to see its actual source code) https://github.com/jbaek7023/DRFOAuth2
OAuth2 is very complicating
Im using django-oauth2-provider to build a authorization server. When i try to get access_token by using this command:
curl -d "client_id=513204402d4b4f4d62e2&grant_type=authorization_code&response_type=code" http://127.0.0.1:8000/oauth2/access_token
i get an error: invalid_client
I have been created my client with client_type is Confidential
How can i fix it?
If your client is confidential, you must authenticate to issue an access token.
I suppose that it is a password client. You just have to add the client_secret=CLIENT_SECRET_HERE parameter in your POST request or set your client credentials in the authorization header.
Example:
curl -d "client_id=CLIENT_ID_HERE&client_secret=CLIENT_SECRET_HERE&...
or
curl --user CLIENT_ID_HERE:CLIENT_SECRET_HERE -d "...
The authorization code grant type is a two step flow.
You get an authorization code just after the resource owner allowed your client.
You get an access token using the authorization code.
You are trying to send a POST request so I suppose that if you already have an authorization code.
You get an invalid_request because you do not set the code parameter in your curl command:
curl -X POST -d "client_id=CLIENT_ID_HERE&client_secret=CLIENT_SECRET_HERE&grant_type=authorization_code&code=AUTHORIZATION_CODE_HERE&redirect_uri=REDIRECT_URI_HERE" http://127.0.0.1:8000/oauth2/access_token
I'm coding a C++ program,
I tried, using an external command, to launch that :
curl -F 'access_token=XXX' -F 'message=test' http://graph.facebook.com/me/feed
But I receive this error :
{"error":{"message":"An active access token must be used to query information about the current user.","type":"OAuthException","code":2500}}
How should I invite users to accept that my application can access to their facebook wall and post a message on their own wall?