When I'm running the first-time log in API using username and password will get the client id and secret. using o/token api I will get the access token, o/token params are as follows:
grant_type=password username={{emailid}} password={{password}} client_id={{client id}} client_secret={{client secret}}
Is it possible to get the access token without using username and password in o/token/ api? using the only client_id and client secret can I get access token and refresh token???
Finally got solution!!!!!!
We have to use oauth2 client_credentials grant type instead of password type. For more info check this out - https://www.rfc-editor.org/rfc/rfc6749#section-4.4
Related
I'm using django-oauth-toolkit with djangorestframework where our partner user will register their application and get application credentials (client id and client secret) which then used to get access token that can be used further to get our server resources. Upto now I'm able to convert those form based application registration process and other apis through rest. But while I hit for access_token only access token with expire are coming as response. Refresh token also supposed to come along the access token but it's not. What I'm missing here...
Below is the sample api response for access_token
And the oauth2 settings
FYI: I'm using Client type as "Confidential" and Authorization grant type as "Client Credentials"
Findings: This may be helpful for others
There is no need for refresh token for grant type client credentials.
Further descriptions RFC doc ; grant type client credentials
I trying to revoke all permission on withdrawl user
facebook document said will be conducted by calling Url with 'user access token or app access token
https://graph.facebook.com/me/{user_id}/permissions
but i cant attaching user access token in this request, but i can attach app access token in query params.
so i requested this url with app access token, but response message is
"An active access token must be used to query information about the current user."
Can I really request it with an app access token?
/me/{user_id}/ makes no sense as request path here.
You either use /me, in combination with a user or page token - then that alias will resolve to the actual ID of the entity the token belongs to.
Or you use an app-scoped user ID directly.
If you want to perform any actions on a user account using the app access token, then you must use the second version.
https://graph.facebook.com/{user_id}/permissions?access_token={app_access_token}
We have REST Web API written in .NET CORE, which are used on REACT SPA, we are using OKTA with PKCE.
For our API(s) we have end to end test cases written using postman/newman, the API(s) depend on JWT access token for finding user details.
How can I get access token from OKTA for PKCE flow without user interaction?
I followed this for getting access token but even this one throws a browser window for username/password.
https://developer.okta.com/docs/guides/implement-oauth-for-okta/request-access-token/
Is there a way I can pass username and password in the payload and get access token back?
In essence I am after a flow which lets me fetch access token using resource owner username and password on PKCE flow.
It seems with SPA configuration it isn't possible as per OAuth specifications.
Had to create a native app with PKCE and used "Get Access Token with Resource Owner Password Credentials" API in the postman collection available on OKTA
I have created Trial account in GoToMeeting and I want to use restful api services. For this I need Oauth Token which I am trying to generate using the following URL:
https://developer.citrixonline.com/authentication-and-authorization
But when I enter the Username and Password, it shows an error of Invalid Credentials. But using the same credentilas I can login to https://developer.citrixonline.com without any error.
You need to use Gotomeeting credentials, not developer portal credentials.
The use case occurs once user is authenticated and obtain an oAuth2 access token from Wso2 API Manager and we want to obtain username again from this access token.
To obtain access token I've followed normal steps published on: [API Manager] (http://docs.wso2.org/display/AM160/Token+API#TokenAPI-GeneratingaccesstokenswithusercredentialspasswordgranttypeGenerating)
Does WSO2 AM provide any REST method to solve it?
Yes.. There would be two ways that you can obtain user name
APIM would return the user name with the Access token. Here user name would be embedded with the access token. You can find more details from here
You can obtain the user name and user's attribute during access token verification process. Once access token is verified successfully, It would return back with JWT token which contains user's attributes. Then you can extract use name from JWT. You find more details on here. Basically inside the APIM, you can extract JWT token in transport header. But, if you want to retrieve the JWT token for the use of your application, you can send the access token to "OAuth2TokenValidationService" service and validate it and then it return back with JWT. (But "OAuth2TokenValidationService" is a web service.). You can use web service client to invoke this service (such as SOAPUI)