I am using following API call to generate access token -
https://graph.facebook.com/oauth/access_token?client_id=XXXXXX&client_secret=XXXXXXX&grant_type=client_credentials
as repose from above getting Access token as following : -
162345123675615|GmRvEjertyuiNdlaBc9zuxPjhMA
So, i am using above Access Token with following APi to extend it expiration : -
https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id=xxxxxx&client_secret=xxxxxx&fb_exchange_token=162345123675615|GmRvEjertyuiNdlaBc9zuxPjhMA
getting response from above API call : -
{"error":{"message":"No user access token specified","type":"OAuthException","code":1}}
Can anyone help me on this. Is it possible to extend above type of access tokens generated from following API : -
https://graph.facebook.com/oauth/access_token?client_id=XXXXXX&client_secret=XXXXXXX&grant_type=client_credentials
so ,Is it possible to extend above type of access tokens or to extend access token they need to be of other type.
The access token you are receiving from the first call is the Application access token not the User access token - you can't extend the Application access token !
Related
I am trying to get ID token and Refresh token along with access token from Azure AD app via Postman by using below parameters:
GET
https://login.microsoftonline.com/mytenant_id/oauth2/v2.0/token
client_id='myclient_id'
&client_secret='myclient_secret'
&grant_type=authorization_code
&scope=https://graph.microsoft.com/.default
&redirect_uri=https://jwt.ms
I am able to get the access token, but not sure why I am not getting ID token and Refresh token along with it.
Atfirst, I tried with client_credentials flow, but I came to know I have to use auth code flow or OpenID Connect in order to get those tokens.
So I shifted to auth code flow. But still I'm getting access token only:(
I have also enabled the below options in the Portal
What else settings are needed to get the tokens? Any suggestions would be appreciated.
Edited:
I have given below API permissions:
Please note that, getting ID token and Refresh token along with access token depends on the scope/API permissions you grant to the application as mentioned in this MsDoc.
I tried to reproduce the same in my environment and added scopes like below:
After adding the openid and offline_access in the scope, I got all tokens successfully like below:
I am following this link
Read this paragraph "The API is now available in the API Store and ...."
Am working on window in this paragraph they are saying create Access token "curl" command. But i am unable to do that.
Also am creating access token after subscribe API In "MY Subscription" tab there are two option to create Access token "Production" and "Sandbox" but by using that token API calling giving error.
"
900910
The access token does not allow you to access the requested resource
Access failure for API: /accessPolicy/v1.0.0, version: v1.0.0 with key: e2dc44322fe78bb7bdb6d83519ff863e
"
900910 is a custom error code [1] and according to that you are trying to access a resource with an invalid access token. Basic idea is that, your access token do not have the correct scope which is requested for the resource access. When you are generating the access token, please provide the relevant scope.
[1] - https://docs.wso2.com/display/AM1100/Error+Handling
The error means the token you generated does not have the related scope. This could happen because either the user you try to generate this token does not have relevant roles to generate this token with this scope or your token request does not have the scope parameter defined correctly.
When you do a request to the token endpoint, the response payload contains the scope (if no scope or scope is not valid for this user, it returns scope as 'default'). So you could check whether the requested token has the correct scope.
Finally, I think the curl is not working on windows the same way as it works in linux (something to do with single and double quotes ). So either you will have to change the curl command or use a rest client (such as POSTMAN)
I am trying to access VK Api with scope of stats. manually i am able to generate access token, but that is going to expire in 24 hours. So i wanted to generate access token programatically. i tried in 2 ways mentioned as below.
first way:
import requests
response=requests.get('https://oauth.vk.com/authorize?client_id=myclientid&scope=stats&redirect_uri= myredirecturi& display=page&v=5.53&response_type=token ')
print r.url (my expectation is it should give that redirect url with access token, but that is returning url which i am passing as argument.)
second method:
import vk
session=vk.AuthSession(app_id='myappid', user_login='myusername', user_password='mypassword')
api = vk.API(session)
returning Vkauth error 'redirect_uri' mismatch.
Can anyone suggest how to solve this and how to get access token automatically.
Look at the way of authorizing I described in that post. It's called 'straight auth' which is used by official VK applications for iOS/Android/etc, that token has grant rights and no limit for its lifetime value.
I have made a web app that tries to create a page access token that never expires. It does this because it's all written in PHP, and needs access to the data without asking the user to login repeatedly.
The Facebook docs say this:
To get a longer-lived page access token, exchange the User access token for a long-lived one, as above, and then request the Page access token. The resulting page access token will not have any expiry time.
And so I have written the following PHP:
// get our current access token
$accessToken = $session->getAccessToken();
// make it a long-lived access token
$longLivedAccessToken = $accessToken->extend();
// find the list of pages we have access to
$request = new FacebookRequest($session, "GET", "/me/accounts?fields=name,access_token,perms");
$response = $request->execute()->getGraphObject()->asArray();
// get the first page access token
$pageAccessToken = $response["data"][0]->access_token;
This seems to work: the access token debugger says the token never expires and is valid right now. I can even use this token to do many things.
But my token cannot do some things, and I don't know why.
Where I am hitting the problem is reading the /insights/page_fans_country/lifetime end point.
If I use /mypage/insights/page_fans_country/lifetime I get a response. That is, mypage is the page that was used to generate the permanent access token.
If I use /otherpage/insights/page_fans_country/lifetime I get no data.
As far as I know, this is public data – if I generate a new access token in the Graph API explorer, I get valid data for both requests.
So:
1) Am I requesting the permanent page token correctly?
2) Is this just a limitation of (permanent) page tokens – that they cannot access some public data?
3) If so, is there a correct way of accessing this data using tokens that don't expire?
The use case occurs once user is authenticated and obtain an oAuth2 access token from Wso2 API Manager and we want to obtain username again from this access token.
To obtain access token I've followed normal steps published on: [API Manager] (http://docs.wso2.org/display/AM160/Token+API#TokenAPI-GeneratingaccesstokenswithusercredentialspasswordgranttypeGenerating)
Does WSO2 AM provide any REST method to solve it?
Yes.. There would be two ways that you can obtain user name
APIM would return the user name with the Access token. Here user name would be embedded with the access token. You can find more details from here
You can obtain the user name and user's attribute during access token verification process. Once access token is verified successfully, It would return back with JWT token which contains user's attributes. Then you can extract use name from JWT. You find more details on here. Basically inside the APIM, you can extract JWT token in transport header. But, if you want to retrieve the JWT token for the use of your application, you can send the access token to "OAuth2TokenValidationService" service and validate it and then it return back with JWT. (But "OAuth2TokenValidationService" is a web service.). You can use web service client to invoke this service (such as SOAPUI)