We're building a site using Ember for a frontend app which interacts with our Django Rest Framework API Backend. For Social Authentication we're using django_rest_auth coupled with django-allauth. The site is mostly all working, except we've run into problems with social authentication. Our local account authentication/registration is working fine.
I've made many projects that use django-allauth, but this is the first time using a restful authentication system. The ember application is able to go and fetch the token from google just fine. The response is something like:
{
authorizationCode: "mYtokEn12345",
provider: "google-oauth2",
redirectUri: "http://localhost:4200/dashboard"
}
I then post the access_token to my endpoint that I've set up according to the django_rest_auth docs. POST /auth/google {access_token:} but I get an error returned from Google that says "Invalid Credentials". How can I get Invalid Credentials after already Authenticating with Google and receiving my token?
After debugging through the code, I found that I was getting that response from https://www.googleapis.com/oauth2/v1/userinfo during the complete_login function in the allauth.socialaccount.providers.google.views.GoogleOAuth2Adapter class.
It's trying to run a GET https://www.googleapis.com/oauth2/v1/userinfo?access_token=mYtokEn12345&alt=json but returning Invalid Credentials.
{
error: {
errors: [
{
domain: "global",
reason: "authError",
message: "Invalid Credentials",
locationType: "header",
location: "Authorization"
}
],
code: 401,
message: "Invalid Credentials"
}
}
I'm pretty stumped on where to go from here. Anyone have some pointers on why this is happening? Any other code/errors I can give to be helpful?
It turned out that we weren't using the correct token. We were using the authorizationCode, which is used in another request to receive the token.
Related
I am trying to access a REST API (Shopware to be specific), which is hosted externally.
When I log in to the frontend in the browser, I first need to enter a set of credentials in the browser authentication pop up. And then the application opens and I need to enter the application credentials.
I assumed the authentication for the API would also be similar.
This is how I see this set up: (sorry for the crude image) Set up pic
So first, I use HTTP Basic auth and pass my browser credentials to the server.
I get the following response:
{
"success": false,
"message": "Invalid or missing auth"
}
But in the Response header I get
Basic realm="<Realm B>", Digest realm="<Realm B>", domain="/", nonce="<nonce>", opaque="<opaque value>", algorithm="MD5", qop="auth"
Does this response mean that both Basic and Digest are supported for Realm B and the client can use any one of these?
I tried to authenticate again with Digest Auth chosen in postman,and using the realm B, nonce, opaque and qop values provided in the previous request.
But I still get a 401 Unauthorized error.
What am I missing? How does this two factor auth work via Postman?
Thanks in advance for your help.
I am using AWS Amplify in my react app to call my API hosted in API Gateway with AWS_IAM authorization. When I set authorization to NONE, everything works fine in my react app.
However, when I set authorization to AWS_IAM and execute my API using API.get() from Amplify like the code below:
const notes = await API.get('notes', '/notes', init);
I get an error message like:
{
"message": "Missing Authentication Token",
"err": "missing auth"
}
So I tried to use aws-api-gateway-cli-test to test my API gateway. Through the script, I was able to get a valid credential, get authenticated and correct response. I have also tried the POSTMAN with my admin credentials and it worked as well.
After doing some research, I saw people referring this to CORS issue. I have double checked my API gateway settings and confirmed that I have enabled CORS. The same issue persists.
Through the debugging feature of aws-amplify, I was able to see the signing process in my Chrome inspector. The signing process was performed properly with some accessKey and secretKey. I pulled those keys out of the inspector into my POSTMAN and tried to get.
These credentials are not valid and I received the following error message:
{
"message": "The security token included in the request is invalid.",
"err:": "default"
}
Update: I forgot to copy session token into POSTMAN. Now with all credentials generated by my app I am able to get correct result from my API in POSTMAN. Just not in my app.
At this point, it is pretty obvious to me that it is an auth problem. However, I have been using aws-amplify for sign-in and get process. Pretty sure the signing process is done by amplifying behind the scenes.
I have spent 3 days on this problem and basically tried everything... Any ideas on why it doesn't work?
P.S. A lot of people have suggested that typos in the invoke URL could lead to this issue. I have double checked and there is no typo. Below is my amplify configure code:
Amplify.configure({
Auth: {
mandatorySignIn: true,
region: config.cognito.REGION,
userPoolId: config.cognito.USER_POOL_ID,
identityPoolId: config.cognito.IDENTITY_POOL_ID,
userPoolWebClientId: config.cognito.APP_CLIENT_ID
},
Storage: {
region: config.s3.REGION,
bucket: config.s3.BUCKET,
identityPoolId: config.cognito.IDENTITY_POOL_ID
},
API: {
endpoints: [
{
name: "notes",
endpoint: config.apiGateway.URL,
region: config.apiGateway.REGION
}
]
}
});
Just resolved my problem - I have had Authorization settings for OPTIONS method to be AWS_IAM under Resources in API Gateway. However when my browser send a request it will send one to OPTIONS first to check for certain headers without the credentials in this request.
Since I set OPTIONS with IAM authorization, the OPTIONS method then checked against IAM with this request without my credentials. This is why I received "Missing Authentication Token".
The problem was this in my case:
import { Auth } from 'aws-amplify';
import { API } from 'aws-amplify';
I know, I now it's banal. This why I should't code when I am exausted.
I can RingOut successfully requesting:
https://platform.ringcentral.com/restapi/v1.0/account/~/extension/~/ring-out
But when I want to add the extension id I get a CMN-102 error (Resource for parameter [extensionId] is not found) see request example below:
https://platform.ringcentral.com/restapi/v1.0/account/~/extension/279580017/ring-out
I'm pretty certain I have the correct id as I'm grabbing the extensionId from the request below successfully:
https://platform.ringcentral.com/restapi/v1.0/account/~/extension
If anyone has run into this or can point out any potential pitfalls I would very much appreciate some pointers.
From your post and the error you are receiving, I'm assuming you are attempting to perform a RingOut with an extensionId that did not authorize your app. Attempting to do this will result in the error you received. Here's more information on this.
RingOut ExtensionId Scope
The RingOut API only supports using extensionId path parameter for the authorizing user extension. Because of this, all you ever need to call is the following endpoint for RingOut:
POST /restapi/v1.0/account/~/extension/~/ring-out
If you want to use the explicit extensionId, it needs to be the extensionId returned in the following endpoint:
GET /restapi/v1.0/account/~/extension/~
If you call the endpoint with a path extensionId parameter that did not authorize the access token being used, then you will receive the:
Non-Matching ExtensionId Error
If you attempt to perform a RingOut with a path extensionId value that is not the authorizing user, you will receive a HTTP status 404 error with the following body:
HTTP/1.1 404 Not Found
{
"errorCode": "CMN-102",
"message": "Resource for parameter [extensionId] is not found",
"errors": [
{
"errorCode": "CMN-102",
"message": "Resource for parameter [extensionId] is not found",
"parameterName": "extensionId"
}
],
"parameterName": "extensionId"
}
How to Perform RingOut for Many Users
To perform RingOut for many users at this time, you will need to do either of the following:
each user will have to perform an authorization with your app, either through a login pop-up via OAuth 2.0 authorization code or implicit grant.
alternately, you can ask them for their passwords to perform OAuth 2.0 password grant authorization.
A number of OAuth 2.0 demo apps are available on our GitHub accounts:
https://ringcentral.github.io/tutorials/
https://github.com/ringcentral/ringcentral-demos-oauth
Enhancement Request
If you would like the ability to RingOut to any user without an active session, let us know and we can consider it as a feature enhancement. The best way is to login to our Community with your RingCentral account and post a request here:
https://devcommunity.ringcentral.com/ringcentraldev
I am trying to use the QuickBooks REST API by carrying out a test API call. I am adding my own application token and consumer token, however receiving the following error:
{
"Fault": {
"Error": [
{
"Message": "message=Exception authenticating OAuth; errorCode=003200; statusCode=401",
"code": "3200"
}
],
"type": "AUTHENTICATION"
},
"requestId": "999c6895a5cf42a1aeaacc43bf600cca",
"time": "2015-06-08T19:57:10.669Z"
}
The OAuth string is in the following format: Authorization : OAuth oauth_token="************",oauth_nonce="39316429-ad1d-4aa2-9ba7-d59e380878b3",oauth_consumer_key="************",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1433794011",oauth_version="1.0",oauth_signature="KIC7BXeSXVqw6C%2Fcgcb0Dlq2R40%3D"
I am substituting the "oauth_token" and "oauth_consumer_key" values with the App Token and OAuth Consumer Key values from the QuickBooks developer section, as shown below:
From what I have looked up online, the key values are expired, but that does not seem likely as I am simply copy-pasting them from that page on QuickBooks developers section.
What am I doing wrong?
EDIT: I also tried loading values from this page, after submitting my app token, however I am receiving the same exact error:
I am substituting the "oauth_token" ... with the App Token
This is incorrect. This isn't how OAuth works.
You need to go through the OAuth connection process (e.g. click the "Connect to QuickBooks" button) to get your OAuth token.
The App Token is not the same thing as the OAuth token. They are two totally independent separate values.
If you post what programming language you're using, you'll probably get more details relevant to what you're actually building in.
I'm trying to post a score from my server.
I have my app set up as a game.
I've got my app access token.
I'm POSTing to https://graph.facebook.com/USER_ID/scores
I have authorized and given publish_stream and publish_actions permissions to my app for the USER_ID (which is me).
However, an error is telling me that I need a user access token for that action, which I don't as Facebook states here: https://developers.facebook.com/docs/score/
Create or update a score for a user
You can post a score or a user by issuing an HTTP POST request to
/USER_ID/scores with the app access_token as long as you have the
publish_actions permission.
I've seen a similar question but it was unanswered: Facebook Graph API Explorer won't POST scores (they've ended up creating a new app, which is not a real solution)
To verify that it's not me who is incorrectly using the API, I went to Graph API explorer and tried it also there with the same access token, no luck:
Funny, that if I follow what it says and try the same with my user access token, it then says: This method must be called with an app access_token.
Is there something that I'm missing or is there a bug with the Graph API?
Thanks,
Can.
It looks like you have everything correct, but there's one relatively little-known case which will produce that error message.
Check the 'App Type' field in the Advanced Settings:
If this is set to 'Native/Desktop' instead of 'Web' in the Advanced settings, it's assumed that your app's binary/native distribution contains the app secret.
In this configuration, API calls made with the app access token are untrusted, effectively the token is completely ignored.
Change the app settings back to 'Web' and you should be able to post or delete Scores and/or Achievements with the App Access Token
If this is the issue, you can quickly verify if with a call to
https://graph.facebook.com/app?fields=migrations&access_token=[APP ACCESS TOKEN HERE]
In 'Web' mode, the response contains the migration settings for the app, something like:
{
"migrations": {
"secure_stream_urls": false,
"expiring_offline_access_tokens": false,
"requires_login_secret": false,
//etc
}
In 'Native/Desktop' mode, the app access token is untrusted, so you can't access the app's private data, and the response is:
{
"error": {
"message": "An unknown error has occurred.",
"type": "OAuthException",
"code": 1
}
}