Why do I get the following error message?
{"error":{"message":"Error validating login secret. Since your application has a login secret in addition to a secret key, you must use the login secret and not the secret key with OAuth.","type":"OAuthException"}}
$url='https://graph.facebook.com/oauth/access_token?client_id='.$APPID.'&redirect_uri='.$RDURL.'&client_secret='.$APPSECRET.'&code='.$_GET['code'];
I think in the settings page of your application on Facebook, you have enabled this option:
'Forces use of login secret for OAuth call and for auth.login'
Try disabling it and see if it helps. If it doesn't though, try replacing the $APPSECRET with a 'login secret' if you have any.
Related
I have a userpool in cognito which uses Google as the identity provider.
Now, using Amplify, we do a FederatedSign with provider as 'Google' as shown below.
Auth.federatedSignIn({ provider: "Google" });.
This gives me back the access token, id token. But the refresh token is empty.
This is for the oauth responseType:'token' configuration.
I have seen elsewhere that we need to change the grant type to 'code' i.e responseType: 'code' in order to get the refresh token.
But in this scenario, I am getting 'code = some-value' in the callback url and not the access token and refresh token.
What am I missing here?
My aim is to be able to get the refresh token - and using this Amplify would refresh the session once the access token in invalid.
You need to change oauth.responseType in your config to 'code' instead of 'token'. I'm getting an error when I do that and I'm not sure why, but this is what I found you need to do.
I am using parseCognitoWebResponse and had the same problem.
Within your User Pool go to App Clients. Check your Cognito App Client and make sure no client secret is generated. If it is filled in recreate an App Client without generating a Client Secret
Change the response_type to code
window.location.href = `https://${yourCognitoDomain}?response_type=code&client_id=${yourClientId}&redirect_uri=${cognitoRedirectUrl}`
I am applying cognito into django and try to write a registered user api I used warrant library and are faulty.
boto3.setup_default_session(region_name='ap-southeast-2')
user_cognito = Cognito('your-user-pool-id','your-client-id')
user_cognito.register(user['username'], user['password'])
print(user_cognito)
my error is:
NotAuthorizedException at /api/register_user
An error occurred (NotAuthorizedException) when calling the SignUp operation: Unable to verify secret hash for client 'your-client-id'
please help me
You need to create an app without client secret.
It seems that currently, AWS Cognito doesn't handle client secret as it should. In your user pool try to create a new app without generating a client secret. Then use that app to signup a new user or to confirm registration. It worked for me.
When I'm running the first-time log in API using username and password will get the client id and secret. using o/token api I will get the access token, o/token params are as follows:
grant_type=password username={{emailid}} password={{password}} client_id={{client id}} client_secret={{client secret}}
Is it possible to get the access token without using username and password in o/token/ api? using the only client_id and client secret can I get access token and refresh token???
Finally got solution!!!!!!
We have to use oauth2 client_credentials grant type instead of password type. For more info check this out - https://www.rfc-editor.org/rfc/rfc6749#section-4.4
I a trying to deploy WSO2 API manager (APIM) with a custom valid certificate and to use the option to encrypt in the DB token and secret user information.
I can use my certificate all right, its green even in chrome and everything will work: token emission, api consomption with a token and token revocation. But, as soon as I try to use the option to encrypt tokens I get an error when trying to use the token. Token expired. If I push the logging to DEBUG level, nothing unusual happens but for the token being considered expired and APIM returns expired credentials.
Any one know how to use this options ? And yes, I have tried to set that option from the get go to make sure is active before any user, api, tenant or anything else is created on the server. If I deactivate it, every thing works normally for subscription taken after deactivation.
Thank you.
I have created Trial account in GoToMeeting and I want to use restful api services. For this I need Oauth Token which I am trying to generate using the following URL:
https://developer.citrixonline.com/authentication-and-authorization
But when I enter the Username and Password, it shows an error of Invalid Credentials. But using the same credentilas I can login to https://developer.citrixonline.com without any error.
You need to use Gotomeeting credentials, not developer portal credentials.