I am using emberjs and i could get this response from https://www.googleapis.com/oauth2/v4/token
{
"access_token": "snip",
"token_type": "Bearer",
"expires_in": 3600,
"id_token": "snip"
}
but i am never getting refresh token not even on first authentication. I am stuck with it for hours can anyone help me
My request params
code:4/6_Rm706y9Y4vAFSiR6BAF6GXEIQgG8IKkk_8JHSC7sU
redirect_uri:http://localhost:8080/app
client_id:****************
client_secret:****************
scope: null
grant_type:authorization_code
access_type:offline
approval_prompt:force
Related
I have a problem with the connection SP-API through Postman. I am trying to do this via IAM role (which has an inline policy) and I got LWA + wrote all required data right(client_id, refresh_token, client_secret, access_key)
{
"errors": [
{
"message": "Access to requested resource is denied.",
"code": "Unauthorized",
"details": ""
}
]
}
Do you mean for the request:
POST https://api.amazon.com/auth/o2/token
?
For what request are you trying this ?
Cause if its to get the refresh token,
u gotta:
No params
No auth
No added headers
Yes body
Go to body, select "x-www-form-urlencoded"
at the key & values you write (key :: value)
grant_type :: refresh_token
refresh_token :: Atzr|IwE.... (the refresh token u got when u clicked on "Authorize" on your app)
client_id :: amzn1.application-oa2-client.ed752....
client_secret :: a2953b4......
As result you should get:
{
"access_token": "Atza|IwEBIKJpxfB....",
"refresh_token": "Atzr|IwEBIM9QsQUPTJ....",
"token_type": "bearer",
"expires_in": 3600
}
"access_token" is what you need when you do requests
usually by adding it in the headers as "x-amz-access-token"
Also i'm not sure about this cause i forgot but if you have the IAM Role attached to your app, you have to use STS Credentials
If you have the IAM user attached, you can use LWA
I have created project in google console
Enable the Dialogflow API
Created OAuth v2 credential
Using this credentials i called access token api to generate token
https://accounts.google.com/o/oauth2/v2/auth?
scope=https://www.googleapis.com/auth/dialogflow&
access_type=offline&
include_granted_scopes=true&
response_type=code&
state=state_parameter_passthrough_value&
redirect_uri=http://localhost&
client_id= **i placed client id here**
I received access token and passed it to Dialog flow API
https://dialogflow.googleapis.com/v2/projects/**PROJECT-ID**/agent/sessions/123456:detectIntent
Header
Content-Type : application/json; charset=utf-8
Authorization : Bearer **ACCESS_TOKEN**
Body
{
"query_input": {
"text": {
"text": "I know french",
"language_code": "en-US"
}
}
}
Still i am getting this error
"error":{"code": 401, "message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",…}
i am not able to identify where i went wrong
Please help thanks in advance
The code that i was passing in api was the OAuth Code(Thanks John Hanley)
API to generate Access token from OAuth Code
Post : https://oauth2.googleapis.com/token
Content-Type: application/x-www-form-urlencoded
{
"code":"OAuth Code",
"client_id":"Client ID",
"client_secret":"Client Secret",
"redirect_uri":"http://localhost",
"grant_type":"authorization_code"
}
In response you receive this
Response
{
"access_token": "Token",
"expires_in": 3599,
"refresh_token": "Refresh Token",
"scope": "https://www.googleapis.com/auth/dialogflow",
"token_type": "Bearer"
}
Pass this access token in header of google API
I am using django rest framework with django-oauth-toolkit. When i request access token on my localhost it gives me the access token as shown below
~/django_app$ curl -X POST -d "grant_type=password&username=<Your-username>&password=<your-password>" -u"<client-id>:<client-secret>" http://localhost:8000/o/token/
{"access_token": "8u92BMmeZxvto244CE0eNHdLYWhWSa", "expires_in": 36000, "refresh_token": "faW06KKK71ZN74bx32KchMXGn8yjpV", "scope": "read write", "token_type": "Bearer"}
But when i request the access token from the same project hosted on live server, it give me error as invalid_client.
~/django_app$ curl -X POST -d "grant_type=password&username=<Your-username>&password=<your-password>" -u"<client-id>:<client-secret>" http://<your-domain>/o/token/
{
"error": "invalid_client"
}
I am not able to understand where is the problem coming from. I have searched a lot and didn't find the right answer. Please advise me what to do to get rid of this error.
I found the solution for this, instead of grant_type=password i have used grant_type=client_credentials then i got the access token. You can see the curl command below.
curl -X POST -d "grant_type=client_credentials&client_id=<your-client id>client_secret=<your-client secret>" http://your-domain/o/token/
{"scope": "read write", "token_type": "Bearer", "expires_in": 36000, "access_token": "ITx5KCjupsdbvbKvNQFyqZDEw6svSHSfdgjh"}
OR
If you want to do it with grant-type=password then here is command for that:
curl -X POST -d "grant_type=password&username=<your-username>&password=<your-password>&client_id=<your-client id>&client_secret=<your-client secret>" http://your-domain/o/token/
{"access_token": "0BVfgujhdglxC7OHFh0we7gprlfr1Xk", "scope": "read write", "token_type": "Bearer", "expires_in": 36000, "refresh_token": "AwffMPzNXvghlkjhs8dpXk7gbhhjhljlldfE2nI"}
I referred this https://developer.amazon.com/de/docs/adm/request-access-token.html as my application was on AWS.
Get token from django-oauth-toolkit in JavaScript:
async function getToken () {
let res = await fetch("https://<your_domain>/o/token/", {
body: new URLSearchParams({
grant_type: 'password',
username: '<user_name>',
password: '<user_pass>',
client_id: '<client_app_id>',
client_secret: '<client_pass>'
}),
headers: {
"Content-Type": "application/x-www-form-urlencoded"
},
method: "POST"
})
return res.json();
}
console.log(await getToken());
Your client application authorisation grant type should be: "Resource owner password-based"
P.S. I've failed to get token via "Content-Type": "application/json", not sure why (django-oauth-toolkit documentation says nothing about that).
curl
-X POST -d
"grant_type=password&username=&password=" -u":"
http://localhost:8000/o/token/
I get the access token:
{ "access_token": "bWT0hgV6nXdvwIXuk7SREtZYWGWJOp",
"expires_in": 36000,
"token_type": "Bearer",
"scope": "read write groups",
"refresh_token": "5DUMuBWIHdBMFyGDKeJidCR6gD0Ftc" }
I want to change "expires_in" parameter to 2000.
It seems you generate token in your application. Focus on the method generates token. There should be some setting like
payload = {
"iss": "example.com",
"iat": int(time.time()),
"exp": int(time.time()) + 2000,
"aud": "www.example.com",
"sub": account['_id'],
"username": username,
"scopes": ['open']
}
, you just need to set the exp 2000s after now.
If you use an third party application, you can try to find configuration about expiration, or lifetime of token. If there's no UI configuration, there should be some configuration files to set this. Even worse, you can try to find "exp" in source code and set the value manually.
I made a django OAuth server using Django OAuth Toolkit.
I've setup the code right and when I use CURL in the following way:
curl -X POST -d "grant_type=password&username=geethpw&password=abcabcabc" -u"wHsGgpsHZyw8ghnWbEPZC8f4AZLgJIPmoo50oNWp:ZQcXeQWnae0gmX0SMi6Xn6puBnhiphR2M80UC6ugmffbrUd66awhbguYgxtQ1ufahJZehj4RlGjYu06fHkVgO15TURttSozj27nshl0AhFfCVzUKqTDubBimTSsK4yDS" http://localhost:8000/o/token/
I get a response:
{"access_token": "glzwHLQNvUNQSOU5kFAoopgJxiNHcW", "token_type": "Bearer", "expires_in": 36000, "refresh_token": "5k6jvCd2UxaRUGHKONC2SqDukitG5Y", "scope": "read write groups"}Geeths-MacBook-Pro:~ geethwijewickrama$
Geeths-MacBook-Pro:~ geethwijewickrama$
which is expected.
But When I try postman to do the samething, I always get:
{
"error": "unsupported_grant_type"
}
My headers are:
Content-Type:application/x-www-form-urlencoded
If I remove this header I get:
{
"error": "invalid_client"
}
How can I test my APIs in postman?
Your postman body should be something like:
grant_type: <grant_type>
client_id: <client_id>
client_secret: <client_secret>
username: <username>
password: <password>
Try Bulkedit with these, hope this helps (Hope you have registered the app to obtain client_id and client_secret)
Get token from django-oauth-toolkit from JS:
async function getToken () {
let res = await fetch("https://<your_domain>/o/token/", {
body: new URLSearchParams({
grant_type: 'password',
username: '<user_name>',
password: '<user_pass>',
client_id: '<client_app_id>',
client_secret: '<client_pass>'
}),
headers: {
"Content-Type": "application/x-www-form-urlencoded"
},
method: "POST"
})
return res.json();
}
console.log(await getToken());
Your client application authorisation grant type should be: "Resource owner password-based"
P.S. I've failed to get token via "Content-Type": "application/json", not sure why (django-oauth-toolkit documentation says nothing about that).