I want to create an API request in Postman that creates a category in Moodle.
The following are the steps which I did in Moodle :
Enabled Web service
Created an External service and added core_course_create_categories function.
Enabled REST protocol
Created Token.
This is my POST URL:
http://localhost/test/moodle/webservice/rest/server.php?username=admin&password=Password#1&service=mycustomservice&name=CustomCategory&parent=1&idnumber=CSTM1&description=Desc
Under Authorization tab, I have selected Bearer Token and added the Token from Moodle web service.
When I send the request, I am getting invalidtoken Invalid token - token not found error.
Can anyone please suggest a solution for this
Moodle version: 3.4.8 and Postman version 7.6.0
Thanks in advance.
You can not call API by GET Method.
In postman you have to call the API using POST method.
pass your token in form-data as wstoken.
call your function as wsfunction.
Check my Screenshot below.
Related
I am trying to access to an API that uses OAuth2 authentication with the Refresh Token grant.
So, to request this API, I need a Client Id, a Client Secret and a Refresh Token.
Using https://console.cloud.google.com/apis/credentials, I created a new OAuth 2.0 Client ID, which gives me a Client Id and a Client Secret.
But I struggle generating a Refresh Token.
By looking at this article, it looks like I need to execute the following POST query :
curl -X POST -d "code=[CODE]&client_id=[CLIENT_ID]&client_secret=[CLIENT_SECRET]&redirect_uri=[REDIRECT_URI]&grant_type=authorization_code" https://oauth2.googleapis.com/token
To retrieve the CODE parameter, I need to do another call to this URL : https://accounts.google.com/o/oauth2/v2/auth?scope=[SCOPE]&access_type=offline&include_granted_scopes=true&response_type=code&redirect_uri=[REDIRECT_URI]&client_id=[CLIENT_ID]
This call opens the Google login page.
However, I don't know how to log in with an OAuth 2.0 Client ID. I don't have an email linked to these credentials.
Am I following the correct steps to retrieve a Refresh Token in my use case, and if so, what am I missing here ?
I am using the Rest Framework SimpleJWT for token authentication.
In postman I add the Bearer token in the Authorization tab and the API works fine.
When I try to use the API on a browser I do not have an option to pass the Bearer token. I am not sure how to pass the bearer token so the API works in the browser as well.
How can I pass the bearer token in headers.
Let me know if anymore info required, I am able to add all the code here.
You cannot add bearer token to url patterns. Url patterns are added just to match the urls.
The API won't work in the browser if you have implemented authentication.
You can test your APIs via postman (which you have already done) or implement these APIs in your frontend app.
if you want test your API on browser there is an easy way for it You can use ModHeader extension that is available for Chrome and Firefox enter image description here
I'm trying to send a POST request to a REST service via AWS API Gateway.
The content-type of the request should be 'application/x-www-form-urlencoded'. It's an authentication service that I'm trying to access. I'm sending 'username' and 'password' in my request body.
When I send the the request via Postman, it works ( It's giving me the proper response ).
But I want to create an API from the API Gateway to access this endpoint.
When I create a POST method in the API Gateway and try to test it without specifying any content-type, the back-end server tells me to send the request by using the content-type 'application/x-www-form-urlencoded'.
Then when I try to put the content-type in 'Mapping Template' section in the 'Integration Request' of the API, the request doesn't even hit the backend. There's an error ( a JSON response ) comes when I test it, saying 'Unsupported Media Type'.
Does anyone out here knows any workaround for this?
I found the solution.
In order to access a POST service using the content-type ‘application/x-www-form-urlencoded’ in API Gateway, make sure you are doing the following in the API console.
Make sure you have enabled the ‘Use HTTP Proxy integration’ as the following in the ‘Integration Request’ section.
When you test the request, make sure you are putting the content type ‘application/x-www-form-urlencoded’ inside the Header’s box as in the following.
And the request body should be like the following as well.
username=user#wellcomww.com.au&password=123456
I'm trying to make a request from my reactjs app existing on "localhost:3000" to my django living in "localhost:8000"
I was expecting some authentication token in header to passed along with the request, but it's not the case. The request seems to be stripped and the token is nowhere to be found. Unless I pass the token in the url as a parameter (which exposes the token that can be decoded. I don't like it), I can't seem to be able to get the token in any way.
so my questions:
is this CORS issue? My understanding is that CORS usually deals with javascripts only, and Django already has the middleware to deal with this.
I'm currently using a GET as method. Does using a POST help in this case? How would the reactjs script be written? Currently it's just a href attached to a NavItem
and ultimately:
How do I pass the token from reactjs to django?
We can perform the implicit grant on the front-end and then configure the Django API in Auth0 and specify its identifier in the audience parameter. This would grant you an access token which you could then use against your API. Your API would then verify the token and check the audience is correct. (This has a good overview of the process https://auth0.com/docs/api-auth/grant/implicit and then with the API https://auth0.com/docs/architecture-scenarios/spa-api)
Basically what we can do is when Auth0 authenticates the user it redirects the user to the app with an access token, and optionally an id token, in the hash fragment of the URI. We can extract that and use the token to call the API on behalf of the user.
So, after we have [created the API in Auth0][3, [defined the endpoints]3, and secured the endpoints we can call the API (by sending the access token in an Authorization header using the Bearer scheme).
If you have any Auth0 specific question please feel free to join over in community.auth0.com you may have better luck finding help/solutions.
The 403 error is telling you that the request is not being processed because something is stopping from process that request 403: The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated
As you said probably because the CORS, try to follow the guide bellow of how to install Django-cors
https://github.com/mbrochh/django-graphql-apollo-react-demo#add-jwt-authentication-to-django
I was trying to write an UWP App in c++ (Visual Studio) for OAuth in to Google Drive API.
I referred the notes from this project under Github -
https://github.com/googlesamples/oauth-apps-for-windows/blob/master/OAuthUniversalApp/README.md
I was able to get the Authorization code from Google. But when I used the Authorization code to request for Authorization token then it is throwing me an error 404.
My Authorization token request URI looks like this -
https://googleapis.com/oauth2/v4/token?code=XXXXXXX#&client_id=ZZZZZZ&client_secret=YYYYYY&redirect_uri=uwapp.testgoogleoauth:/oauth2redirect&grant_type=authorization_code
Going by the notes mentioned in the link, I created the client ID using iOS application type. But I didnt get the client secret key at that step. I had to explicitly generate the client secret key again for the iOS application type.
Is there any issue which you see in the request URI being sent for the Authorization token request? What should be the value of client_secret to be used if the type of client has been selected as iOS in google console?
Thanks,
/vikas
Is there any issue which you see in the request URI being sent for the Authorization token request?
In you request URI you are using https://googleapis.com/oauth2/v4/token. However to make the token request, the correct token endpoint should be:
https://www.googleapis.com/oauth2/v4/token
And this is the reason why you get 404 (Not Found) error.
What should be the value of client_secret to be used if the type of client has been selected as iOS in google console?
In Handling the response and exchanging the code, we can find that
client_secret The client secret you obtained from the API Console (not applicable for clients registered as Android, iOS or Chrome applications).
So for iOS clients, there is no need to use client_secret. And as UWP is similar to iOS, we can also ignore this field in UWP.
The complete authorization token request might look like the following:
POST /oauth2/v4/token HTTP/1.1
Host: www.googleapis.com
Content-Type: application/x-www-form-urlencoded
code=XXXXXX&
client_id=ZZZZZZ&
redirect_uri=uwapp.testgoogleoauth:/oauth2redirect&
grant_type=authorization_code