I am trying to get a Token from Postman to access my Forge app and try out some code. I have followed the documentation but Postmen will not get a Token. After doing some research it seems there are disagreements on how the request should be formatted.
The official ADESK documentation says use authorization code grant, but some users have said only use Implicit Grant. I have tried both but no Token has been generated. I have all the fields matching the documentation but no token generated. Anything i am missing?
You can try using this as a reference on how to use Postman to get a 3 legged token and get the Authorization flow prompt https://forge.autodesk.com/blog/3-legged-authentication-postman
Related
I am trying to get ID token and Refresh token along with access token from Azure AD app via Postman by using below parameters:
GET
https://login.microsoftonline.com/mytenant_id/oauth2/v2.0/token
client_id='myclient_id'
&client_secret='myclient_secret'
&grant_type=authorization_code
&scope=https://graph.microsoft.com/.default
&redirect_uri=https://jwt.ms
I am able to get the access token, but not sure why I am not getting ID token and Refresh token along with it.
Atfirst, I tried with client_credentials flow, but I came to know I have to use auth code flow or OpenID Connect in order to get those tokens.
So I shifted to auth code flow. But still I'm getting access token only:(
I have also enabled the below options in the Portal
What else settings are needed to get the tokens? Any suggestions would be appreciated.
Edited:
I have given below API permissions:
Please note that, getting ID token and Refresh token along with access token depends on the scope/API permissions you grant to the application as mentioned in this MsDoc.
I tried to reproduce the same in my environment and added scopes like below:
After adding the openid and offline_access in the scope, I got all tokens successfully like below:
We are migrating our existing Javascript Google login to new Google OAuth library, as specified in the deprecation notice here - https://developers.googleblog.com/2021/08/gsi-jsweb-deprecation.html
We are following this guide, and our javascript code looks as follows:
const client = google.accounts.oauth2.initTokenClient({
client_id: <our-client-id>,
scope: 'https://www.googleapis.com/auth/userinfo.email \
https://www.googleapis.com/auth/userinfo.profile',
callback: (tokenResponse: any) => {
if (tokenResponse && tokenResponse.access_token) {
if (google.accounts.oauth2.hasGrantedAllScopes(tokenResponse,
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile')) {
console.log(tokenResponse.access_token );
.. further auth logic
}
}
}
});
client.requestAccessToken();
Everything works fine in a sense that I am able to retrieve the token from Google, except that it looks like the JWT token generated by the new library is invalid. To be more precise, it does not match the JWT token specification - the token doesn't consist of 3 parts (header/payload/signature) and it's too short (meaning that it probably doesn't carry all the data it should). It also doesn't pass the validation in https://jwt.io/
Let me show you an example.
Token generated by the previous version of the library:
eyJhbGciOiJSUzI1NiIsImtpZCI6Ijg2MTY0OWU0NTAzMTUzODNmNmI5ZDUxMGI3Y2Q0ZTkyMjZjM2NkODgiLCJ0eXAiOiJKV1QifQ.eyJpc3MiOiJhY2NvdW50cy<...>1MWMifQ.OgOOhbTTbLYzcxNhNdvozf1<...>4bRLT3DILyWeO1FX64WaabGRjCR2amQ
Token generated by the new library:
ya29.A0ARrdaM_hHsX50Qim6c1NudaZvv6qMpMkbNxW-ltOh49s6U4JKZNvPJV3d0TAE_rqqvkvVG2983ryewiufhdsklKGiH-vEdIs7u2389iwek-dcgkY1SE-b21g0932oiweKT-ZKTJvmHAY
The issue is, therefore, that the new version of the library doesn't return proper JWT token (as described above). We cannot use this new token for anything, since we cannot verify it's integrity (who issued it, whether token secret matches our app id, when the token expires, etc...).
I also try to test this using the Google's own OAuth debug endpoint, but it also complaints that the second token is invalid:
https://oauth2.googleapis.com/tokeninfo?id_token=ya29.A0ARrdaM_hHsX50Qim6c1NudaZvv....
Note: Since JWT bears some private data, I stripped the base64 encoded part of the first token (the part after the first dot and before the second dot), same as the 3rd part (after the second dot). Since I cannot understand the last token, I also replaced some characters in there, but it should not affect the demonstration of this problem.
Has anybody encountered anything like this? We have an existing set of projects that need to be migrated to new JS library but it appears that it simply doesn't work. I tried creating a new project from scratch just to see if the issue is somehow only affecting old projects, but no success - the same broken token is returned by Google OAuth when using the new method.
Google OAuth Access Tokens are not JWTs. They are opaque binary values meaning you cannot directly extract information from the token. Google, however, can look up the token in its systems.
You can verify a Google OAuth Access Token by calling this endpoint:
curl -H 'Authorization: Bearer $ACCESS_TOKEN' https://www.googleapis.com/oauth2/v3/tokeninfo
Additional information for tokens created from user identities:
curl -H 'Authorization: Bearer $ACCESS_TOKEN' https://www.googleapis.com/oauth2/v3/userinfo
If the token is invalid, the request will fail.
The returned information will be JSON describing the token.
I'm following this tutorial here to attempt to authenticate using Token Based Authentication with Netsuite:
through postman using Netsuite's Postman environment, but I continue to receive "401 Invalid login attempt".
When I check the Login Audit Trail, I see that there is no role being assigned to my authentication attempts -- it's just blank. To me, this indicates that the token is not properly assigned to the User/Role, but I've walked through the directions several times and everything appears to be setup properly.
I've seen other similar posts about this, but those seem to boil down to the Netsuite Account ID formatting. However, my Netsuite Account ID is all numbers, so I don't think this is a factor.
This should work fine assuming you have created an integration and an access token. Configure Oauth 1.0 in postman with the following fields filled out correctly:
signature method (should be HMAC-256)
consumer key (from the integration you created in netsuite)
consumer secret (from the integration you created in netsuite)
access token (from the access token created in netsuite)
token secret (from the access token created in netsuite)
realm (your account id, if using a sandbox, make sure the realm looks like 1234567_SB1, with an _ and not a -)
You won't be able to complete TBA using postman because using netsuite TBA requires a callback URL that netsuite will redirect you to with the necessary credentials (access token and & token secret).
I'm having this exact same issue. I have custom code written in Salesforce APEX that is connecting to NetSuite just fine. We also have a Workato integration that is connecting to NetSuite just fine.
No matter what I do in Postman, I get a 401 Invalid Login response. I'm losing my mind...
I finally got this to work for me. Postman had a request header of "Connection"="keep-alive". Once I removed that it worked fine! Wow.. I've been trying to get this to work for weeks, looking at it every few days for an hour or two. What a frustrating error message "Invalid Login".
I want to create application Which will share post in company page.
I have Permissions in linkedin :
Using documentation im trying to get Token. but i have error :
{
"error": "access_denied",
"error_description": "This application is not allowed to create application tokens"
}
https://learn.microsoft.com/en-us/linkedin/shared/authentication/client-credentials-flow?context=linkedin/context
*** Real credentials was Replaced by xxxxx
Use this Postman Collection for the LinkedIn Oauth 2.0 API. And follow these steps in this article
All the permissions you have are 3-legged permission and you are trying to get token using 2-legged process.
Please follow below workflow to create access/bearer token using 3-legged flow:
https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin/context
If your application needs access to information from a member's LinkedIn profile, use the Authorization Code Flow to request permission from the member.
PS: Company page post also requires Authorization Code Flow.
You can use Postman Collections here to view some examples and use cases.
An update documentation for Postman Oauth 3 is here
Follow these steps in this article
https://www.linkedin.com/oauth/v2/authorization?
client_id=yyyyy
&redirect_uri=xxxx
&scope=r_liteprofile%20r_emailaddress%20w_member_social
&response_type=zzzzz
I was trying to fetch the access token from my Identity server hosted in my local/remote. it showing error as request body should have client secret/client assertion.
Here's a full tutorial I wrote. Hope this helps.
https://medium.com/#rotter.axel/automatically-sign-in-to-identity-server-4-with-postman-and-test-net-core-controller-methods-bc5d8feb199e