I'm trying to use the Linkedin standardized data APIs. But its not clear how to permission myself to this via the Developer Portal.
https://learn.microsoft.com/en-us/linkedin/shared/references/v2/standardized-data/titles#get_all
curl -X GET https://api.linkedin.com/v2/titles -H 'Authorization: Bearer BEARER_TOKEN'
Returns:
{"serviceErrorCode":100,"message":"Not enough permissions to access: GET /titles","status":403}
Whereas
curl -X GET https://api.linkedin.com/v2/me -H 'Authorization: Bearer BEARER_TOKEN'
Returns
HTTP/1.1 200 OK
With Payload
Looks like LinkedIn needs to enable the client_credentials flow but not obvious where to request this: linkedin "this application is not allowed to create application tokens" ?
Related
I have created an application in the developer portal in WSO2 and am trying to generate a token using this curl command:
curl -v -X POST -H "Authorization: Basic <base64encoded clientId:clientSecrect>" -k -d "grant_type=password&username=alex&password=alex123&scope=somescope" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
But I get the below response:
180{"error_description":"A valid OAuth client could not be found for client_id: ClientId","error":"invalid_client"}
I have tried also the following command :
curl -v -X POST -H "Authorization: Basic <base64encoded clientId:clientSecrect>" -k -d "grant_type=client_credentials&client_id=&client_secret=" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
But with no success, I can generate the token from the devportal no problem but while executing it does not recognize the client for some reason. Could someone tell me what might be the problem for this.
You are missing the client id and secret in the Authorization header. You need to base64 encode client id and secret.
curl -k -X POST https://localhost:9443/oauth2/token -d "grant_type=password&username=Username&password=Password" -H "Authorization: Basic Base64(clientid:client_secret)"
curl -k -X POST https://localhost:9443/oauth2/token -d "grant_type=password&username=admin&password=admin" -H "Authorization: Basic VjhZRVdfUldISURZb0hJSU5yOTczVEhqYnBnYTpyVGg4N1VhUERPdGFlN25GUFFLc1pCR2FJdm9h"
So I kinda half solved it because it is still not giving me the desired behavior. In carbon port 9444 I added a user and assigned it roles to the application that I want the token and when executed the curl i got the token did the same thing for carbon but with port 9443 and it still displays as
180{"error_description":"A valid OAuth client could not be found for client_id: ClientId","error":"invalid_client"}
Is there a reason for this?
The following are the complete steps on registering an application in devportal, generating the client credentials, generating the access token, and using the access token to invoke the API calls. Please note that all these steps are achieved via the wso2am-3.2.0 devportal REST API calls.
WSO2 REST APIs are protected using OAuth2 and access control is achieved through scopes. Before you start invoking the API, you need to obtain an access token with the required scopes. This guide will walk you through the steps that you will need to follow to obtain an access token. First, you need to obtain the consumer key/secret key pair by calling the dynamic client registration (DCR) endpoint. You can add your preferred grant types to the payload. A Sample payload is shown below.
{
"callbackUrl":"www.google.lk",
"clientName":"rest_api_devportal",
"owner":"admin",
"grantType":"client_credentials password refresh_token",
"saasApp":true
}
Create a file (payload.json) with the above sample payload, and use the cURL shown below to invoke the DCR endpoint. The authorization header of this should contain the base64 encoded admin username and password. Format of the request
curl -X POST -H "Authorization: Basic Base64(admin_username:admin_password)" -H "Content-Type: application/json" -d #payload.json https://<host>:<servlet_port>/client-registration/v0.17/register
Following is a sample response after invoking the above curl.
{
"clientId": "fOCi4vNJ59PpHucC2CAYfYuADdMa",
"clientName": "rest_api_store",
"callBackURL": "www.google.lk",
"clientSecret": "a4FwHlq0iCIKVs2MPIIDnepZnYMa",
"isSaasApplication": true,
"appOwner": "admin",
"jsonString": "{\"grant_types\":\"client_credentials password refresh_token\",\"redirect_uris\":\"www.google.lk\",\"client_name\":\"rest_api_devportal\"}",
"jsonAppAttribute": "{}",
"tokenType": null
}
Next, you must use the above client id and the secret to obtain the access token. We will be using the password grant type for this, you can use any grant type you desire. You also need to add the proper scope when getting the access token. All possible scopes for devportal REST API can be viewed in the OAuth2 Security section of this document and the scope for each resource is given in the authorization section of resource documentation. Following is the format of the request if you are using the password grant type.
curl -k -d "grant_type=password&username=<admin_username>&password=<admin_password>&scope=<scopes separated by space>" -H "Authorization: Basic base64(cliet_id:client_secret)" https://<host>:<gateway_port>/token
Shown below is a sample response to the above request.
{
"access_token": "e79bda48-3406-3178-acce-f6e4dbdcbb12",
"refresh_token": "a757795d-e69f-38b8-bd85-9aded677a97c",
"scope": "apim:subscribe apim:api_key",
"token_type": "Bearer",
"expires_in": 3600
}
Now you have a valid access token, which you can use to invoke an API. Navigate through the API descriptions to find the required API, obtain an access token as described above and invoke the API with the authentication header. If you use a different authentication mechanism, this process may change.
For further details please refer https://apim.docs.wso2.com/en/3.2.0/develop/product-apis/devportal-apis/devportal-v1/devportal-v1/#section/Authentication
Using the plugin, dropbox media importer in a wordpress app. I add the client key and secret after creating a personal dropbox app with full dropbox permission, I attempt to authorize the request but it returns an error that says invalided client_id or secret. When I try to do the curl request with the client_id & secret I get the same response.
Request:
curl -X POST https://api.dropboxapi.com/2/auth/token/from_oauth1 \
--header "Authorization: Basic <REDACTED>" \
--header "Content-Type: application/json" \
--data "{\"oauth1_token\": \"qievr8hamyg6ndck\",\"oauth1_token_secret\": \"qomoftv0472git7\"}"
Response:
{"error_summary": "invalid_oauth1_token_info/", "error": {".tag": "invalid_oauth1_token_info"}
The /2/auth/token/from_oauth1 endpoint you're attempting to use is only for exchanging existing OAuth 1 access tokens (e.g., as previously retrieved for use with the now-retired Dropbox API v1) for OAuth 2 access tokens.
If you're just integrating now, you wouldn't have any OAuth 1 access tokens, and so shouldn't be using this endpoint. (Accordingly, it's indicating that the oauth1_token and oauth1_token_secret values you're supplying are incorrect; the ones you're using are just copied from the documentation, but you would need to supply your real values.)
Instead, you should implement the Dropbox OAuth 2 app authorization flow. You can find more information in the documentation and guide.
I am getting 400 error message as shown in image below, when I try out the Translation API using Try it out link http://docs.microsofttranslator.com/text-translate.html
I am using the Access Key generated from Azure Portal for Cognitive Services Free trial.
MS Azure Portal Link
I have read on MS support blogs and I tried all the suggestions mentioned in them. But everytime, I get the 400 Status error as shown below.
Can someone please help me to resolve this issue??
You need to get an access token first (docs here) by doing a POST request:
curl --header 'Ocp-Apim-Subscription-Key: <YOUR-API-KEY>' --data "" 'https://api.cognitive.microsoft.com/sts/v1.0/issueToken'
And then use that token in the Authorization header. (appId has been deprecated).
curl -X GET --header 'Accept: application/xml' --header 'Authorization: Bearer <YOUR-TOKEN>' 'https://api.microsofttranslator.com/v2/http.svc/Translate?&text=this%20is%20my%20name&from=en&to=af'
You can use Microsoft Translator API in 2 ways (see the docs):
in 1 step: invoke (GET) https://api.microsofttranslator.com/V2/Http.svc/Translate?text=Neoliberismo&from=it&to=en, passing Ocp-Apim-Subscription-Key: your_subscription_key as request header
in 2 steps, with OAuth:
invoke (POST) https://api.cognitive.microsoft.com/sts/v1.0/issueToken, passing Subscription-Key=your_subscription_key as query parameter or better passing Ocp-Apim-Subscription-Key: your_subscription_key as request header
you'll get a token that expires after 10 minutes
invoke (GET) https://api.microsofttranslator.com/V2/Http.svc/Translate?text=Neoliberismo&from=it&to=en, passing Authorization: Bearer the_token as request header
I am working on integrating OAuth2 to a REST API and I would like to know how am I supposed to send the access_token parameter for the requests.
Example:
My server accepts two routes:
POST /write
GET /read
For /write, am I supposed to put the access_token in the POST?
curl http://api.localhost/write -d 'access_token=[ACCESS_TOKEN]'
For /read, am I supposed to put it in the GET?
curl http://api.localhost/read?access_token=[ACCESS_TOKEN]
Or in both cases, is it supposed to be sent through POST?
Thanks,
Gasim
With OAuth, the token is generally passed in the request headers. You may wish to try something similar to the following, for both POST or GET:
POST: curl http://api.localhost/write -H 'Authorization: Bearer ACCESS_TOKEN'
GET: curl http://api.localhost/read -H 'Authorization: Bearer ACCESS_TOKEN'
The value part of the Authorization key/value pair can vary by REST service provider. With Github, for instance, the header key/value pair looks like this:
curl -H "Authorization: token your_token" https://api.github.com/repos/user/repo
You may need to consult the webservice provider docs for details.
I am trying to use curl to send a POST request with json.
I use Live HTTP Headers and get the url to send the request to. However it comes back "request denied. you do not have permission to access this page?"
How do I find the correct url?
from Live Http headers, i can see the json data {"var1":"val1","var2":"val2",...}
so i use the following curl command:
curl -H "Accept: application/json" -H "Content-type: application/json" -o output.html -L "http://domain.com/theurl" -d '{"var1":"val1","var2":"val2",...}'
There may be other parts of the request you observed using Live HTTP Headers that allowed your browser to access that URL, such as a cookie value that indicated your session information or user credentials. If Live HTTP Headers has the ability to view those headers and/or cookies, you could grab them and include them in your curl request using additional -H 'Header: value' arguments.
HTTP Authentication may also be used, in which case you should pass your username and password to curl with --user name:password.