I'm currently running into an OAuth token endpoint failure using the AspNet.Security.OAuth.Discord library during login after Discord has authenticated me and returned to my ASP.NET site. The code for authentication is detailed below, with full error logs and relevant controller, with all this running in a docker container. Any help would be greatly appreciated!
The exact error is AspNet.Security.OAuth.Discord.DiscordAuthenticationHandler[4]: Error from RemoteAuthentication: OAuth token endpoint failure: Status: BadRequest. This occurs after visiting http://.../login, which returns to the default /signin-discord URL of the library, with an expected parameter of code in /signin-discord?code=.....
Authentication Scheme when creating WebApplication:
MVC Controller:
Error Logs:
Seemingly fixed by putting app.UseAuthentication(); below app.UseRouting(); and above app.UseAuthorization(); and app.UseEndpoints();
Related
I am trying to run a simple report on GA4 by using Google Analytics Data API Python client with a regular user credentials:
request = RunReportRequest(
property=f"properties/11111",
dimensions=[Dimension(name=f['name']) for f in report_definition['dimensions']],
metrics=[Metric(name=f['expression']) for f in report_definition['metrics']],
date_ranges=[DateRange(start_date=date, end_date=date)],
)
response = client.run_report(request)
And the client is BetaAnalyticsDataClient as also mentioned in the documentation:
credentials = Credentials(
token=None,
refresh_token=config['refresh_token'],
client_id=config['client_id'],
client_secret=config['client_secret'],
token_uri="https://accounts.google.com/o/oauth2/token",
scopes=["https://www.googleapis.com/auth/analytics.readonly"]
)
client = BetaAnalyticsDataClient(credentials=credentials)
It is not a Service Account so I am using google.oauth2.credentials.Credentials class as same in other Google APIs.
However, this operation is throwing an exception during the run_report function:
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "Getting metadata from plugin failed with error: ('invalid_grant: Bad Request', {'error': 'invalid_grant', 'error_description': 'Bad Request'})"
debug_error_string = "UNKNOWN:Error received from peer analyticsdata.googleapis.com:443 {created_time:"2023-01-14T14:12:10.907813+03:00", grpc_status:14, grpc_message:"Getting metadata from plugin failed with error: (\'invalid_grant: Bad Request\', {\'error\': \'invalid_grant\', \'error_description\': \'Bad Request\'})"}"
>
And when I try to use my access token in the credentials:
credentials = Credentials(
token=config["token"],
refresh_token=config['refresh_token'],
client_id=config['client_id'],
client_secret=config['client_secret'],
token_uri="https://accounts.google.com/o/oauth2/token",
scopes=["https://www.googleapis.com/auth/analytics.readonly"]
)
This time I am getting following error:
google.api_core.exceptions.Unauthenticated: 401 Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
I am sure that my credentials is correct since I am using same account in my other repos.
Also, note that, I tried same operation with a service account and it does not give any error. However, for this purpose, I need to use a regular developer account since the OAuth flow is on a frontend project.
What are the suggestions on that issue? Is it possible to use a developer account in here and if yes, how?
I was able to fix the issue. The app just needs a sign-out sign-in (or refreshing the access token).
I am trying to use TweetInvi (4.0.3) to register a webhook:
var twitterCreditials = Auth.SetUserCredentials(twitterOptions.APIkey, twitterOptions.APISecretKey, twitterOptions.AccessToken, twitterOptions.AccessTokenSecret);
Webhooks.RegisterWebhookAsync("mydevenv", HttpUtility.UrlEncode("https://.../webhooks/twitter"), twitterCreditials);
But I get the following exception in response:
URL : https://api.twitter.com/1.1/account_activity/all/mydevenv/webhooks.json?url=https%3a%2f%2f...%2fwebhooks%2ftwitter
Code : 401
Error documentation description : Unauthorized - Authentication credentials were missing or incorrect.
Error message : https://api.twitter.com/1.1/account_activity/all/mydevenv/webhooks.json?url=https%3a%2f%2f...%2fwebhooks%2ftwitter web request failed.
Could not authenticate you. (32)
I've checked and double checked that my credentials are correct and I've followed the instructions here to create a dev environment. I've tried regenerating all my credentials for my Twitter app, but to no avail.
The error message suggests there is something wrong with my credentials, but I cannot see what.
I can see a log message when my webhook callback endpoint is called and it is not getting called.
I've also tried with version 5-beta of Tweetinvi:
var userClient = new TwitterClient("...", "...", "...", "...");
await userClient.AccountActivity.CreateAccountActivityWebhookAsync("mydevenv", "https://.../webhooks/twitter");
But this gives me a 400 for what appears to be the same call to the Twitter API as version 4.
There must be something simple I've missed?
You have to update user setup in your twitter project and set new permission to read/write .
Go to developer portl -> project -> setting -> User authentication settings -> select read/write permission
I have a web service with basic auth (via custom database check in code) that returns HTTP 401 + SOAP FAULT message when user credentials are wrong. This works in my local IIS 7 but not in Azure...
When I move it to Azure, via App Service, and I insert bad credentials, I always get the following message:
HTTP 401
"You do not have permission to view this directory or page.".
But I want my custom error message in SOAP Fault format!
After hours of research I have found that if my code returns a response with HTTP 401 status, Azure translate this to the end-user like the message above, ignoring my custom error message.
I made another example with a "hello world" SOAP endpoint:
[WebMethod]
public string HelloWorld()
{
HttpContext.Current.Response.StatusCode = 401;
return "Hello world";
}
In my local IIS I got HTTP 401 "Hello world", but when I deploy this to Azure I got the same "Yout do not have permissions..."
¿How can I disable/avoid/dodge Azure 401 message transformation and return my own custom error message (SOAP FAULT)?
Note: I've already tried to disable authentication in Azure app service, enabling with "allow anonymous requests", etc.
Solution
The problem was in IIS. Adding the following line to my web.config works.
<httpErrors existingResponse="PassThrough" />
More info: https://stackoverflow.com/a/47307706/3763467
I will keep the same title/tags for other people facing the same problem and thinks the problem is in Azure.
It sounds like your web.config file might be setup to have custom errors turned on.
Can you please check your web.config file and set customer errors to on?
<customErrors="off" />
Recently I created an application for the LinkedIn API (Status is Development).
I managed to do requests to the old v1 version of the API, for example 'https://api.linkedin.com/v1/people/~' and '/v1/people/~/shares'. But when I try to use the new version, v2, of the API I encounter some problems.
Problem 1: When I try to request 'https://api.linkedin.com/v2/me' I get the following error:
{
"serviceErrorCode": 100,
"message": "Not enough permissions to access: GET /me",
"status": 403
}
From what I understand to fix this problem I should use the 'r_liteprofile' scope when requesting a access token. But this leads to my next problem.
Problem 2: When I request the oauth endpoint (https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id={id}&redirect_uri={redirect_uri}&state={state}&scope=r_liteprofile) I get the following error:
error=unauthorized_scope_error&error_description=Scope "r_liteprofile" is not authorized for your application
So I figured I need to select these scopes in the Application settings. But that leads to my third and final problem.
Problem 3: I am unable to select the required application permissions at 'https://www.linkedin.com/developer' for my application.
My Default Application Permissions
How do I manage to use the new (v2) API version?
Thanks!
For moving first you check :
you have to check Linkedin - Myapp - Default Application Permissions
You have r_liteprofile permission or not ( for calling this 'https://api.linkedin.com/v2/me)
in V2 you can use : r_liteprofile for firstName,lastName,profilePicture,id r_emailaddress for getting emailAddress
Check this : https://learn.microsoft.com/en-us/linkedin/consumer/integrations/self-serve/migration-faq?context=linkedin/consumer/context
I'm trying to authenticate against an App Service that I have defined in Azure Active Directory. When accessing it, I first get the access token and the continue with the rest of the OAuth procedure.
The problem, however, is that I can only get the token when posting the request via Postman. When I try to call the same URL, with the same data using an HTTP action in flow, it fails:
{
"error": "invalid_client",
"error_description": "AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.\r\nTrace ID: 67250fbf-ad20-47f1-b3a3-dbce1e813600\r\nCorrelation ID: f9eaaa13-cee3-4f5c-a96a-6846c4392dd9\r\nTimestamp: 2018-01-17 12:21:51Z",
"error_codes": [
70002,
50012
],
"timestamp": "2018-01-17 12:21:51Z",
"trace_id": "67250fbf-ad20-47f1-b3a3-dbce1e813600",
"correlation_id": "f9eaaa13-cee3-4f5c-a96a-6846c4392dd9"
}
This is how it is set up in Flow:
When executed in Postman it works just fine:
I cannot figure out why this doesn't work when running the request from within a Flow. Am I missing something in the HTTP action card configuration?
Kind regards,
Peter
I found the reason for this not working. I had to fully URL encode the value for client_secret.
/Peter