How can I obtain a Spotify access token for my own user, but from Postman ?
I want to use Postman to fetch the access token from Spotify (without a preceeding manual log in).
If that's complicated, I would accept to manually log in first,
before fetching the token from Postman.
Details:
To get an access token (to be used further in my own Postman requests),
I manually have to get one, while logged in on the Spotify Developer website.
Therefore, I would like to obtain it directy from Postman,
where I could immediately use it further in other requests/tests.
How could this be achieved ?
I did define an app on Spotify (so I have the client_id and client_secret).
I also have tried sending the cURL suggested in this Client Credentials Flow (one of the Authorization flows). Unsuccessfully:
curl -X "POST"
-H "Authorization: Basic ZjM4ZjAw...WY0MzE="
-d grant_type=client_credentials
https://accounts.spotify.com/api/token
Postman actually has all the various types of Spotify auth requests nicely packaged up in an exportable set of requests.
Came across it while researching the same issue and came across their blog post on using PKCE instead of implicit OAuth2 flows.
Related
I am able to verify a facebook access token from users by querying this endpoint
https://graph.facebook.com/debug_token?input_token=&access_token=
This means that I have to either request an app access token every-time I need to verify a request or get a long lived token and remember to renew it when it expires. Can I do something like this instead?
https://graph.facebook.com/debug_token?input_token=token&app_id=appid|appsecret. I have tried this but it does not work. Any suggestion would be welcome.
It turns out there are two types of app access token. The one I was interested in was the long lived token which does not expire until the app secret is changed. It is generated by issuing a server call to facebook graph endpoint like this.
curl -X GET "https://graph.facebook.com/oauth/access_token?client_id=appid&client_secret=appsecret&grant_type=client_credentials".
The response will be in this format: appid|apptoken.
Using that unique combination, you can query any endpoint requiring auth like this.
https://graph.facebook.com/debug_token?input_token=usertoken&access_token=appid|apptoken
I am using the Rest Framework SimpleJWT for token authentication.
In postman I add the Bearer token in the Authorization tab and the API works fine.
When I try to use the API on a browser I do not have an option to pass the Bearer token. I am not sure how to pass the bearer token so the API works in the browser as well.
How can I pass the bearer token in headers.
Let me know if anymore info required, I am able to add all the code here.
You cannot add bearer token to url patterns. Url patterns are added just to match the urls.
The API won't work in the browser if you have implemented authentication.
You can test your APIs via postman (which you have already done) or implement these APIs in your frontend app.
if you want test your API on browser there is an easy way for it You can use ModHeader extension that is available for Chrome and Firefox enter image description here
I'm trying to make a request from my reactjs app existing on "localhost:3000" to my django living in "localhost:8000"
I was expecting some authentication token in header to passed along with the request, but it's not the case. The request seems to be stripped and the token is nowhere to be found. Unless I pass the token in the url as a parameter (which exposes the token that can be decoded. I don't like it), I can't seem to be able to get the token in any way.
so my questions:
is this CORS issue? My understanding is that CORS usually deals with javascripts only, and Django already has the middleware to deal with this.
I'm currently using a GET as method. Does using a POST help in this case? How would the reactjs script be written? Currently it's just a href attached to a NavItem
and ultimately:
How do I pass the token from reactjs to django?
We can perform the implicit grant on the front-end and then configure the Django API in Auth0 and specify its identifier in the audience parameter. This would grant you an access token which you could then use against your API. Your API would then verify the token and check the audience is correct. (This has a good overview of the process https://auth0.com/docs/api-auth/grant/implicit and then with the API https://auth0.com/docs/architecture-scenarios/spa-api)
Basically what we can do is when Auth0 authenticates the user it redirects the user to the app with an access token, and optionally an id token, in the hash fragment of the URI. We can extract that and use the token to call the API on behalf of the user.
So, after we have [created the API in Auth0][3, [defined the endpoints]3, and secured the endpoints we can call the API (by sending the access token in an Authorization header using the Bearer scheme).
If you have any Auth0 specific question please feel free to join over in community.auth0.com you may have better luck finding help/solutions.
The 403 error is telling you that the request is not being processed because something is stopping from process that request 403: The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated
As you said probably because the CORS, try to follow the guide bellow of how to install Django-cors
https://github.com/mbrochh/django-graphql-apollo-react-demo#add-jwt-authentication-to-django
I want to implement a custom code for token generation or you can think of removing OAuth2 from the WSO2 implementation and incorporating my specific APIs for token management. Is this possible? If yes, then please guide me how to achieve the same.
If you need to customize it fully, It means that you need to completely remove the OAuth2. There there is no worth of it. But; if you just need to customize some behaviors of the OAuth2, It can be done easily. There are several extension points for it. One main extension is that customization of OAuth2 grant types. You can find details from here and some sample for it. It may helps to do some major customization of the OAuth2 flow. Hope it would help for you.
When you send an API request to the backend, you pass a token in the Authorization header of the request. The API Gateway uses this token to authorize access, and then drops it from the outgoing message. If you wish to use a different (or a custom generated) authorization token than the application generated access token, you can use it as a token exchange mechanism in mediation logic of the API. In this tutorial, we explain how to pass a custom authorization token that is different to the authorization token generated for the application.
Add the following sequence content in to a file and save it as XML file.
Log in to the API Publisher, create a new REST API
Navigate to the Runtime Configurations tab, enable the Message Mediation in Request flow. Engage the In sequence that you created earlier and click Save .
If the API is not in PUBLISHED state, go to Lifecycle tab, click REDPLOY to re-publish the API.
Go Developer Portal, subscribe and obtain a token to invoke the published API.
Install any REST client in your machine. We use cURL here.
Go to the command line, and invoke the API using the following cURL command.
In this command, you pass the token that the backend expects, i.e., 1234, in the Custom header with the authorization token that the system generates in the Authorization header.
curl -H "Authorization: Bearer " -H "Custom: Bearer 1234"
NOTE
is the token that you got in step 20.
appears on the API's Overview page in the API Developer Portal. Copy the HTTP endpoint. If you select the HTTPs endpoint, be sure to run the cURL command with the -k option.
Note the response that you get in the command line. According to the sample backend used in this tutorial, you get the response as "Request Received."
FOR MORE EXPLANATION, PLEASE VISIT THIS LINK
[LINK] : https://medium.com/#PrakhashS/passing-access-token-to-oauth2-protected-backends-wso2-api-manager-7d0671a0afca
I want to develop a Django application to send message thr google c2dm server to andriod device.it uses OAuth2 to authorization.
first i got the credentials and store it in the storage as storage and then i want to get the credentials from
storage and send this credentials together other params and headers to c2dm api.
i could get the credentials for scope https://android.apis.google.com/c2dm and store it in storage.
please some one guide me,how can i make the request with credentials and send to https://android.clients.google.com/c2dm/send to deliver.
Thanks in advance,
I suppose you've been able to perform step 2 Exchange authorization code for tokens on Google OAuth 2.0 Playground. Then you should have acquired a refresh token and an access token (if you didn't receive a refresh token, verify that you have checked Force approval prompt and selected offline for Access type in the OAuth 2.0 Configuration.
The access token will expire after some time (usually 1 hour), but the refresh token does not. The refresh token (together with the OAuth Client ID and the OAuth Client secret) can be used to obtain a new access token:
curl --data-urlencode "client_id=OAuthClientID"
--data-urlencode "client_secret=OAuthClientSecret"
--data-urlencode "refresh_token=RefreshToken"
-d "grant_type=refresh_token" "https://accounts.google.com/o/oauth2/token"
(Replace OAuthClientID, OAuthClientSecret, RefreshToken). For futher reading refer to: Using OAuth 2.0 for Web Server Applications - Offline Access
Now you can use this access token and the registration ID of the device to send messages to that device using C2DM:
curl -k -H "Authorization: Bearer AccessToken"
--data-urlencode "registration_id=RegistrationID"
--data-urlencode "collapse_key=0"
--data-urlencode "data.message=YourMessage"
"https://android.apis.google.com/c2dm/send"
(Replace AccessToken, RegistrationID and YourMessage)