I am trying to call Microsoft graph Api via Postman to get users. Before calling the query, it is asking for token.
So I first generated token by giving parameters like below:
https://login.microsoftonline.com/mytenantid/oauth2/v2.0/token
client_id='myclientid'
&scope=https://graph.microsoft.com/user.read
&grant_type=client_credentials
&client_secret='appclientsecret'
This generated the access token successfully. But when I am using this token to call Microsoft Graph Api it is giving me the below error:
{
"error": {
"code": "InvalidAuthenticationToken",
"message": "CompactToken parsing failed with error code: 80049217",
"innerError": {
"date": "2022-05-15T14:08:00",
"request-id": "d0199a29-7223-47e9-add6-20d47ae9d5af",
"client-request-id": "d0199a29-7223-47e9-add6-20d47ae9d5af"
}
}
}
Can anyone help me to solve this error.
Please check if you have generated the token by giving below API permissions:
After generating the token, decode the token via JSON Web Tokens - jwt.io and check the aud claim like below:
I tried in my environment and was able to call Microsoft graph api via Postman successfully like below:
In authorization tag select type as bearer token and enter the access token value in token field.
Related
I want to use the Speech-to-text API for an application made in nocode.
I get this error message:
There was a problem setting up your call.
Raw response for API
401 status code
{
"Mistake": {
"code": 401,
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie, or other valid authentication credentials. See https://developers.google.com/identity/sign- in/web/devconsole-project.",
"status": "NOT AUTHENTICATED"
Thanks in advance
I may be able to transcribe an audio file to text.
I'm trying to enable account linking on my google action using oAuth2 code grant flow.
Unfortunately my linking fails in the last step. I think that I'm not returning the result of my /token endpoint correctly back to google.
I can see this response of a 400 error in my console after getting redirect to my actions page (/authorize worked fine):
Request URL: https://oauthintegrations.clients6.google.com/v1/token:getForService?key=api-key-removed-by-me&alt=json
{
"error": {
"code": 400,
"message": "\u003ceye3 title='/OpenIdConsumerService.ValidateOpenId, INVALID_ARGUMENT'/\u003e APPLICATION_ERROR;apps_auth/OpenIdConsumerService.ValidateOpenId;com.google.identity.accountlinking.error.FederatedProtocolException: \u003ceye3 title='INVALID_ARGUMENT'/\u003e OpenAuth::INPUT_ERROR: ;AppErrorCode=13;StartTimeMs=1602166359350;tcp;Deadline(sec)=59.962523136;ResFormat=UNCOMPRESSED;Originator=traffic-prod;Tag=\u0002cloud_project_number\u0003744920882961\u0002IncomingMethod\u0003/OAuthIntegrationsService.GetTokenForService\u0002cidc\u00032;ServerTimeSec=1.00669508;LogBytes=256;Non-FailFast;EffSecLevel=privacy_and_integrity;ReqFormat=UNCOMPRESSED;ReqID=2d3a46fa4ab8370e;GlobalID=c34268105821e185;Server=[2002:ab3:7310::]:4155",
"status": "INVALID_ARGUMENT"
}
}
This is the body I send back to google for /token (I guess this results in the error above):
{
"access_token":"jwt-token-here",
"expires_in":"1602162256000",
"refresh_token":"refresh-token-here",
"refresh_token_expires_in":"31535999",
"token_type":"Bearer",
"scope":"read"
}
Is the structure of the body correct? I think it's because of the jwt-token but when I decode it manualy everything looks fine.
Any help appreciated!
Thank you
Unfortunately my linking fails in the last step. I think that I'm not returning the result of my /token endpoint correctly back to google.
Just a quick note that your access/refresh tokens are opaque to Google. You are handing over these credentials for Google to pass back to you in future requests. What these tokens mean, and how they are determined to be valid, is up to your OAuth server implementation.
See the OAuth account linking guide for more details.
This is the body I send back to google for /token
The fields scope and refresh_token_expires_in are not parameters Google expects in your token exchange responses, so this is likely where the INVALID_ARGUMENT error is coming from. A basic token response to Google should looking something like this:
{
"access_token":"jwt-token-here",
"expires_in":"1602162256000",
"token_type":"Bearer",
}
The expires_in field refers to the access token and when Google should use the refresh token to request a new access token.
If you want to expire or rotate your refresh tokens, you can do that as well. However, you can't tell Google when a refresh token will "expire". To rotate refresh tokens, you have to pass back the new token the next time Google requests a new access token, such as:
{
"access_token":"jwt-token-here",
"expires_in":"1602162256000",
"refresh_token":"updated-refresh-token-here",
"token_type":"Bearer",
}
See the OAuth implementation guide for more details on the fields in the requests and responses.
I can RingOut successfully requesting:
https://platform.ringcentral.com/restapi/v1.0/account/~/extension/~/ring-out
But when I want to add the extension id I get a CMN-102 error (Resource for parameter [extensionId] is not found) see request example below:
https://platform.ringcentral.com/restapi/v1.0/account/~/extension/279580017/ring-out
I'm pretty certain I have the correct id as I'm grabbing the extensionId from the request below successfully:
https://platform.ringcentral.com/restapi/v1.0/account/~/extension
If anyone has run into this or can point out any potential pitfalls I would very much appreciate some pointers.
From your post and the error you are receiving, I'm assuming you are attempting to perform a RingOut with an extensionId that did not authorize your app. Attempting to do this will result in the error you received. Here's more information on this.
RingOut ExtensionId Scope
The RingOut API only supports using extensionId path parameter for the authorizing user extension. Because of this, all you ever need to call is the following endpoint for RingOut:
POST /restapi/v1.0/account/~/extension/~/ring-out
If you want to use the explicit extensionId, it needs to be the extensionId returned in the following endpoint:
GET /restapi/v1.0/account/~/extension/~
If you call the endpoint with a path extensionId parameter that did not authorize the access token being used, then you will receive the:
Non-Matching ExtensionId Error
If you attempt to perform a RingOut with a path extensionId value that is not the authorizing user, you will receive a HTTP status 404 error with the following body:
HTTP/1.1 404 Not Found
{
"errorCode": "CMN-102",
"message": "Resource for parameter [extensionId] is not found",
"errors": [
{
"errorCode": "CMN-102",
"message": "Resource for parameter [extensionId] is not found",
"parameterName": "extensionId"
}
],
"parameterName": "extensionId"
}
How to Perform RingOut for Many Users
To perform RingOut for many users at this time, you will need to do either of the following:
each user will have to perform an authorization with your app, either through a login pop-up via OAuth 2.0 authorization code or implicit grant.
alternately, you can ask them for their passwords to perform OAuth 2.0 password grant authorization.
A number of OAuth 2.0 demo apps are available on our GitHub accounts:
https://ringcentral.github.io/tutorials/
https://github.com/ringcentral/ringcentral-demos-oauth
Enhancement Request
If you would like the ability to RingOut to any user without an active session, let us know and we can consider it as a feature enhancement. The best way is to login to our Community with your RingCentral account and post a request here:
https://devcommunity.ringcentral.com/ringcentraldev
I am trying to use the QuickBooks REST API by carrying out a test API call. I am adding my own application token and consumer token, however receiving the following error:
{
"Fault": {
"Error": [
{
"Message": "message=Exception authenticating OAuth; errorCode=003200; statusCode=401",
"code": "3200"
}
],
"type": "AUTHENTICATION"
},
"requestId": "999c6895a5cf42a1aeaacc43bf600cca",
"time": "2015-06-08T19:57:10.669Z"
}
The OAuth string is in the following format: Authorization : OAuth oauth_token="************",oauth_nonce="39316429-ad1d-4aa2-9ba7-d59e380878b3",oauth_consumer_key="************",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1433794011",oauth_version="1.0",oauth_signature="KIC7BXeSXVqw6C%2Fcgcb0Dlq2R40%3D"
I am substituting the "oauth_token" and "oauth_consumer_key" values with the App Token and OAuth Consumer Key values from the QuickBooks developer section, as shown below:
From what I have looked up online, the key values are expired, but that does not seem likely as I am simply copy-pasting them from that page on QuickBooks developers section.
What am I doing wrong?
EDIT: I also tried loading values from this page, after submitting my app token, however I am receiving the same exact error:
I am substituting the "oauth_token" ... with the App Token
This is incorrect. This isn't how OAuth works.
You need to go through the OAuth connection process (e.g. click the "Connect to QuickBooks" button) to get your OAuth token.
The App Token is not the same thing as the OAuth token. They are two totally independent separate values.
If you post what programming language you're using, you'll probably get more details relevant to what you're actually building in.
I am trying to request the authtoken for my app via the Facebook API Graph Exlorer following the facebooks instructions. When I do a get call with a URL with the following form:
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&grant_type=client_credentials
I get the following error:
{
"error": {
"message": "Invalid callback",
"type": "OAuthException",
"code": 1
}
}
Suggestions on how I might go about obtaining the access token for my app would be greatly appreciated!
If I try to obtain the access code programmatically running the following code:
FB.api('/oauth/access_token?client_id={APP_ID}&client_secret={APP_SECRET}&grant_type=client_credentials', function(response) {
alert(JSON.stringify(response));
});
I get the following error:
{"error":"load-error: unknown"}
You cannot execute this command using the Facebook Graph API explorer.
Typing it directly into the browser returns the access token as desired.