don't give me this link https://developer.here.com/documentation/authentication/dev_guide/topics/using-postman.html guide in this link in not working with postman
my postman version
my valid Credentials.propeties
here.access.key.id = V0qAiqfSzIFVv5dPjZ3XmQ
here.access.key.secret=XualuioK9BU9gxw5xjN3oViSRb6HPgTiWsWG5bBWL5G7kr5nsJpoWpCsli5ISQnQ8JlrX2mScSOdDqJAnKvIGA
here.token.endpoint.url = https://account.api.here.com/oauth2/token
same as in guide my Authorization
Headers
Body
Response from server
Console detailed log about request
On the Authorization tab I see you have checked "Add empty parameters to signature" and unchecked "Encode the parameters in the Authorization header".
your Auth tab
Only "Encode the parameters in the Authorization header" should be checked.
Let me know if that fixes it. I also verified this still works with the latest version of Postman v7.34.0 .
Disclosure: I'm a product manager at HERE Technologies
Related
I am trying to make a POST request using Postman. The credentials that I have is just an API key and not username and password.
Now in Postman as soon as I select "Basic Auth" it prompts for username and password. So I left these fields as blank and went to Headers to give my own Authorization key-value which leaves me with two "Authorization" fields as shown in the screenshot and I get invalid authentication response.
The authorization works fine using CUrl command in CLI. Is there a workaround for this?
Just keep the Authorization setting to 'No Auth' and manually add in your Authorization Request Header into the Headers tab, like you have done so in the image.
If you don’t use anything from the Authorization tab, then you won’t see this 'extra' header and the request should work the same as you would if you used cURL.
More about Postman Authorization can be found here: https://www.getpostman.com/docs/v6/postman/sending_api_requests/authorization
I couldn't find a way to set "Auth Type" when I tried to create api in api-publisher.
Then I have to add Authentication to request header, but for some reason I don't want to set the auth header for my request.
And I found something in APIM Documention that said I should set "Auth Type" to "None", but I could not see this selection in api-creating page (APIM 2.0).
Will be appreciated if there are any help..thanks!!
In manage tab, resources are listed like this.
Here, Application & Application User is the default auth type. Click on it and select none.
I am using Siteminder for Authentication, once it is successfully Authenticated by Siteminder, it will return us the cookies (which will be used for Authorization) as header param.
I'm trying to add these cookies with the WLResourceRequest API for Authorization but my code doesn't seem to send any cookie and giving me "Authorization Failure"
Code used to add cookie using WLClient
WLClient.getInstance().addGlobalHeader("Cookie", cookies);
I even tried to add the cookie before WLResourceRequest call,
request.addHeader("Cookie", cookies);
I can see the cookies has been added to the header but when I try to use that header param for Authorization, it is getting failed
Consider adding the Cookie as a header to your WLResourceRequest itself.
Please refer to the API documentation here.
Look for the setHeader() method.
I was trying to write an UWP App in c++ (Visual Studio) for OAuth in to Google Drive API.
I referred the notes from this project under Github -
https://github.com/googlesamples/oauth-apps-for-windows/blob/master/OAuthUniversalApp/README.md
I was able to get the Authorization code from Google. But when I used the Authorization code to request for Authorization token then it is throwing me an error 404.
My Authorization token request URI looks like this -
https://googleapis.com/oauth2/v4/token?code=XXXXXXX#&client_id=ZZZZZZ&client_secret=YYYYYY&redirect_uri=uwapp.testgoogleoauth:/oauth2redirect&grant_type=authorization_code
Going by the notes mentioned in the link, I created the client ID using iOS application type. But I didnt get the client secret key at that step. I had to explicitly generate the client secret key again for the iOS application type.
Is there any issue which you see in the request URI being sent for the Authorization token request? What should be the value of client_secret to be used if the type of client has been selected as iOS in google console?
Thanks,
/vikas
Is there any issue which you see in the request URI being sent for the Authorization token request?
In you request URI you are using https://googleapis.com/oauth2/v4/token. However to make the token request, the correct token endpoint should be:
https://www.googleapis.com/oauth2/v4/token
And this is the reason why you get 404 (Not Found) error.
What should be the value of client_secret to be used if the type of client has been selected as iOS in google console?
In Handling the response and exchanging the code, we can find that
client_secret The client secret you obtained from the API Console (not applicable for clients registered as Android, iOS or Chrome applications).
So for iOS clients, there is no need to use client_secret. And as UWP is similar to iOS, we can also ignore this field in UWP.
The complete authorization token request might look like the following:
POST /oauth2/v4/token HTTP/1.1
Host: www.googleapis.com
Content-Type: application/x-www-form-urlencoded
code=XXXXXX&
client_id=ZZZZZZ&
redirect_uri=uwapp.testgoogleoauth:/oauth2redirect&
grant_type=authorization_code
I want to implement a custom code for token generation or you can think of removing OAuth2 from the WSO2 implementation and incorporating my specific APIs for token management. Is this possible? If yes, then please guide me how to achieve the same.
If you need to customize it fully, It means that you need to completely remove the OAuth2. There there is no worth of it. But; if you just need to customize some behaviors of the OAuth2, It can be done easily. There are several extension points for it. One main extension is that customization of OAuth2 grant types. You can find details from here and some sample for it. It may helps to do some major customization of the OAuth2 flow. Hope it would help for you.
When you send an API request to the backend, you pass a token in the Authorization header of the request. The API Gateway uses this token to authorize access, and then drops it from the outgoing message. If you wish to use a different (or a custom generated) authorization token than the application generated access token, you can use it as a token exchange mechanism in mediation logic of the API. In this tutorial, we explain how to pass a custom authorization token that is different to the authorization token generated for the application.
Add the following sequence content in to a file and save it as XML file.
Log in to the API Publisher, create a new REST API
Navigate to the Runtime Configurations tab, enable the Message Mediation in Request flow. Engage the In sequence that you created earlier and click Save .
If the API is not in PUBLISHED state, go to Lifecycle tab, click REDPLOY to re-publish the API.
Go Developer Portal, subscribe and obtain a token to invoke the published API.
Install any REST client in your machine. We use cURL here.
Go to the command line, and invoke the API using the following cURL command.
In this command, you pass the token that the backend expects, i.e., 1234, in the Custom header with the authorization token that the system generates in the Authorization header.
curl -H "Authorization: Bearer " -H "Custom: Bearer 1234"
NOTE
is the token that you got in step 20.
appears on the API's Overview page in the API Developer Portal. Copy the HTTP endpoint. If you select the HTTPs endpoint, be sure to run the cURL command with the -k option.
Note the response that you get in the command line. According to the sample backend used in this tutorial, you get the response as "Request Received."
FOR MORE EXPLANATION, PLEASE VISIT THIS LINK
[LINK] : https://medium.com/#PrakhashS/passing-access-token-to-oauth2-protected-backends-wso2-api-manager-7d0671a0afca