Getting the OAuth Token from FedEx to use for Track API - postman

I'm trying to get the OAuth Token to get auth access to some of the FedEx APIs ( like Track API for tracking shipments ), but I get a
401 (NOT.AUTHORIZED.ERROR -> "The given client credentials were not valid. Please modify your request and try again") error.
(At the moment, I'm using Postman to try and test the APIs.)
Here is the url I'm using, found provided by FedEx:
https://apis-sandbox.fedex.com/oauth/token
I've followed ( to my understanding ) how the body and headers should be set:
Headers: Content-Type: application/x-www-form-urlencoded
Body: x-www-form-urlencoded (Postman option):
grant_type: client_crendentials
client_id: ***PROJECT_API_KEY
client_secret: ***PROJECT_SECRET KEY
After sending, I only get the error message above. I checked / doubled-checked my API keys, but I can't seem to get it to go through.
Any ideas?
postman settings:
POST - URL https://apis-sandbox.fedex.com/oauth/token
Headers - Content-Type: application/x-www-form-urlencoded
Body - x-www-form-urlencoded:
grant_type: client_credentials
client_id: *******
client_secret: *******
(information gotten from https://developer.fedex.com/api/en-us/catalog/authorization/v1/docs.html)

The sandbox API credentials are not immediately usable when creating a new account. It took >1 hour for me to get a registration complete email from FedEx after which the sandbox credentials became valid.

Related

KeyCloak /userinfo not returning user info, returns what appears to be a token

Here is the flow I am attempting in postman.
Get access token
{{server}}/auth/realms/{{realm}}/protocol/openid-connect/token
I get the access token. I then run the next query
{{server}}/auth/realms/{{realm}}/protocol/openid-connect/userinfo
I put these in the headers
Content-Type: application/x-www-form-urlencoded
Authorization: Bearer {{access_token}}
I get a random string in return
eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJnN0FHMmJXMmhmQzBLTHJ0S1NUV2V4eTBGWVhsYklybXVEdnF0aDF2MFpNIn0.eyJzdWIiOiIxOGI0OTJhMy0wOGFlLTQ2NjQtODBjNi1iZGQ5Nzk2ODdiMzQiLCJhdWQiOiJibGluZHNwb3QtYXV0aCIsImlzcyI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9hdXRoL3JlYWxtcy9CbGluZHNwb3QifQ.UNyZ2AifgqK9NAiSVwWMFT4_EEleMBztodPHu19NrzIt0DUteK4gfYlgAf-Yfk6w3ue3TyjpD93HFlM-1AG2bHgIyIxI01IbEB2ew9b8xgLiexLrQkgQHIWWWFxSOqQCBo0VPgY3yi0ib3sqeBAcxpvfOhtvQuEH0lHdPFXh8DTJQL18Q3TAhTRpknpwIQ5mpjhaeIW2HXpExrPp6-35r2riPifS_nFNaTqPTSWAFHBiqFEa2_PnQcC6f09jGQYYGkjHnetuAdcmxmhskb59YYlqvRpvezi-Af9IHNhCDad0zomMJK5ajIYUcaXWpAuQZMhPp1OvTB79Olc-YUUOIg
to get the user infos you have to make a get Request using this endpoint:{{keycloak_url}}/auth/realms/{{realm}}/protocol/openid-connect/userinfo,
in Authorization : bearen token
Userinfo specification doesn't specify Content-Type: application/x-www-form-urlencoded header - see https://openid.net/specs/openid-connect-core-1_0.html#UserInfoRequest
So use standard GET request {{server}}/auth/realms/{{realm}}/protocol/openid-connect/userinfo with Authorization: Bearer {{access_token}} header only.
To get userInfo as JSON response, make sure "User Info Signed Response Algorithm" is set to "unsigned" in your client settings in Keycloak.

get auth token using dj-rest-auth when user logged in

Previously I was using django-rest-auth package and I was getting the auth token when user log in in response response.data.key and this auth token or key was working fine with the api calls as authentication auth
Previously for django-rest-auth:
"/rest-auth/login/"
was getting the response.data.key as auth token and that was working
I have stored in the cookie for later use
.get("/rest-auth/user/", {
headers: {
"Content-Type": "application/json",
Authorization: "Token " + response.data.key + "",
},
})
It was working to get info on user and also was working when used in other api calls by setting it in
Authorization: "Token " + response.data.key + ""
But now, I'm using dj-rest-auth package instead of django-rest-auth and shifted my urls to
/dj-rest-auth/login
and I'm not getting any key or auth token that I can use for authorization in header.
.get("/dj-rest-auth/user/", {
headers: {
"Content-Type": "application/json",
Authorization: "Token " + response.data.? + "",
},
})
It's not working because now I'm getting access_token , refresh_token and user info. I tried to use access_token and refresh_token for authorization in header but it's not working because I'm not getting key or auth token in response when user log in
Note: django-rest-auth is no more maintained and dj-rest-auth is forked from the previous one and have more functions (this is the reason why I'm switching)
How to get auth token or key by using dj-rest-auth package so that I can use it in the header of API calls for authorization?
Check that you don't have an REST_USE_JWT = True in your settings. That setting will enable JWT authentication scheme instead of a (default) token-based.
In django-rest-auth you get the key from a GET request, but according to dj-rest-auth's documentation, you get the token key as a response when you make a post request to /dj-rest-auth/login/.
When you make a POST request to /dj-rest-auth/login/, you can access the key at response.data. But now you need to store it so you can use it in your get requests.
I recommend checking out this question's answers to learn more about storing tokens. How you choose to do this will depend on how to the frontend of your application is built, as the javascript needs access to the token key.
I know I'm late to answer this, but hopefully I can help someone other folks who find this.

Postman - Not able to send request with client_credentials grant_type

I am trying to get an accessToken from Microsoft Graph API using Postman tool. I am trying it in Authorization tab with Type=oauth2.0, so that I can use this accessToken for subsequent Get,Post requests.
Everything works fine, if the grant_type is "Authorization Code". But when the grant_type is client_credentials, postman throws the below error
error getting access token from client_credentials flow. Could not
send request
I have looked at the Network tab in DeveloperTools, it does not submit Client_Id, Client_Secret for client_credentials flow.
Question: How can I get Postman work for client_credentials grant_type scenario?
Am I missing any step here? Please guide me..
Thanks
I'm late to the party on this, but hopefully if someone else looks for this, they can find it, since we ran into the same issue.
The previous two answers (https://stackoverflow.com/a/65708126/6772160 and https://stackoverflow.com/a/50270148/6772160) guided us in the right direction, but we still had to translate this to work properly in Postman:
As Mahmoud mentioned, you can send in the client_id and the client_secret as basic auth:
Basic Auth
The main part is handling the grant_type as client_credentials though. To do that, we input:
grant_type=client_credentials in the Body of the request.
Click Body > select x-www-form-urlencoded > key = grant_type and value = client_credentials.
The Body tab should look like this when completed:
Body Tab
Hopefully that helps!
Try providing the following details:
Request Type: POST
URL: https://XXXXXXXXXXXXXXXXXXXXXXXX/token?grant_type=client_credentials
Authorization: Basic [client_id]:[client_secret]
Content-Type: application/x-www-form-urlencoded
The output should look like:
{
"access_token": "90778b6abce64fc124892ce66f7a8ecd",
"token_type": "Bearer",
"expires_in": 60,
"scope": ""
}
Note: Provide [client_id]:[client_secret] as BASE64Encoded.
You should send it as a raw or x-www-form-urlencoded data as in the following example:
Important header >>>> Content-Type: application/x-www-form-urlencoded
var data = "grant_type=client_credentials";
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function() {
if(this.readyState === 4) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://########/oauth/v2/token");
xhr.setRequestHeader("Authorization", "Basic ###############");
xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
xhr.send(data);

How to authenticate request in Django-rest-auth?

I am trying to integrate django-rest-auth package in my web application. So far i am able to register users, send password reset email and login using the API provided by django-rest-auth package.
Now when i send a login request, it returns "token" upon successful authentication.
How do i send authentication token in further requests? For example, i am trying to fetch user using GET /rest-auth/user but it is giving me a response Authentication credentials not provided. I have tried passing token via HTTP Basic Authentication (base64 encode token as username and leave password as empty). I am still not able to work.
Anyone knows how i am supposed to pass this token in requests?
If you want to use the Token Authentication you have to set the Authorization HTTP header. From the docs:
For clients to authenticate, the token key should be included in the Authorization HTTP header. The key should be prefixed by the string literal "Token", with whitespace separating the two strings. For example:
Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b
In an ajax call you can a header like this:
$.ajax({
type: 'POST',
url: url,
beforeSend: function (request)
{
request.setRequestHeader("Authorization", "Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b");
},
});
HI
You need to send token in headers
$.ajax({
type:"POST",
beforeSend: function (request)
{
request.setRequestHeader("Authority", 'Bearer 33a95862173cc0565fe502eb062b2e7c67e23a3a');
},
and in django code use
user = request.user
if user:
return "User token verified"
elif :
return "User token not verified"
in django automaticaly find token in headers and using token fetch user data.

How to test web service with authentication using JMeter

I'm using Apache JMeter 2.11 to test a web service with authentication. For the sample request I'm using View Results Tree as a listener and a SOAP/XML-RPC Request with the following syntax to my parameters:
URL: http://www.domain.com:####/dir/dir/webservice.asmx
SOAPAction: http://www.domain.com/action
What I have tried
1) Adding an HTTP Header Manager using
Name: Authorization:
Value: Basic [Base64 code encoded in ASCII, UTF-8, with or without domain in the user name] as explained here
With result: Response headers: HTTP/1.1 401 Unauthorized
2) Adding an HTTP Authorization Manager using
Base URL: http://www.domain.com:####
Username: [USERNAME]
Password: [PASSWORD]
Domain: [DOMAIN]
Realm: [NULL]
Mechanism: [BASIC_DIGEST/KERBEROS] as explained here
With result: Response headers: HTTP/1.1 401 Unauthorized
I also tried enabling Keep Alive in the request as suggested here
What am I doing wrong?
First you need to know the auth type, is it basic ? Digest ? Kerberos or other ?
Second, don't use SOAP/XML-RPC Request, use Http Request,
See Templates > Webservice in jmeter menu, it creates a sample test plan for Soap testing.
Add then your authentication with the correct Auth Manager using HttpClient 4 as sampler implementation and check.