I use Oauth2 authorization to get the token for REST API. I tested the setting in SoapUI and it is working with the Resource Owner Password Credential Grant as shown below.
The setting in the SoapUI testing is working
Now, I want to retrieve the token through R httr library, but I don’t know how to set the resource owner name and password in the R code. Here is my Code
library(httr)
library(jsonlite)
r <- POST("https://XXXXXXX.com/authservice/connect/token",
config = list(),
body = list(
# grant_type = "RESOURCE_OWNER_PASSWORD_CREDENTIALS",
grant_type = "resource_owner_credentials",
resourceOwnerName = "ResourceName",
resourceOwnerPassword = "Resourcepwd",
# resource_Owner_Name = "ResourceName",
# resource_Owner_Password = "Resourcepwd",
# resourceOwner_Name = "ResourceName",
# resourceOwner_Password = "Resourcepwd",
# resource_OwnerName = "ResourceName",
# resource_OwnerPassword = "Resourcepwd",
# resource_Name = "ResourceName",
# resource_Password = "Resourcepwd",
# resource_id = "ResourceName",
# resource_secret = "Resourcepwd",
client_id = "ClientIDname",
client_secret = "Clientpassword",
scope = "xxxGroup"
),
encode = "form"
)
warn_for_status(r)
content(r)
status_code(r)
I got a 400 error ("unsupported_grant_type" and bad request). I am guessing there may be something wrong with the syntax on the resource onwer name and password, so I also tried all the possible combinations that I commented in above code but they all failed.
My question is: are the parameter names for both resource owner name and password pre-defined by the API document, or they are the fixed names defined by R-httr librabry, regardless what token authorization service?
Can someone help to take a look at? Any input is greatly appreciate!
Related
I am trying to test out the Dun and Bradstreet API in R using httr.
I am trying to leverage the oauth2 functionality in httr.
Here is my code:
library(httr)
library(jsonlite)
clientid = redacted
secret = redacted
app <- oauth_app(appname = "Dun", key = clientid, secret = secret)
endpoint <- oauth_endpoint(base_url = "https://login.bisnode.com/sandbox/v1/token.oauth2", authorize="https://login.bisnode.com/sandbox/v1/token.oauth2", access = "https://login.bisnode.com/sandbox/v1/token.oauth2")
token <- oauth2.0_token(endpoint = endpoint, app = app, scope = "credit_data_companies", user_params = list(grant_type = "client_credentials"))
In Rstudio I get this message:
Waiting for authentication in browser... Press Esc/Ctrl + C to abort
In the browser, I get this message:
{"error":"invalid_request","error_description":"grant_type is
missing"}
I am sure this is something simple, but I could not find a solution in any other posts. Thank you!
I'm trying to create authenticate into the Letterboxd API using R and the httr package. The Letterboxd docs give instructions, but I am not sure how to put everything together into a URL.
I know the url is:
url <- "https://api.letterboxd.com/api/v0/auth/token"
And then they want my username and password, presumably as JSON, but what I'll write as a named list since I'm doing this in R:
login_info <- list(
grant_type = "password",
username = "myemail#gmail.com",
password = "extremelysecurepassword"
)
I've tried various calls, using GET(), oauth2.0_token(), oauth_endpoint() functions from the httr package.
I feel like I have all the necessary information and am circling around a solution, but I can't quite nail it.
The docs contain this information:
When generating or refreshing an access token, make a form request to the /auth/token endpoint with Content-Type: application/x-www-form-urlencoded and Accept: application/json headers
(Full text is linked to above)
And I'm not sure how to add that information; in working with APIs through R, I'm used to just sending URLs with UTM parameters, but the inputs they want don't work here using ? and &.
I'm aware of this related post, but it looks like it relies on having a secret token already. And I don't seem to be able to generate a secret token inside of the GUI of Letterboxd.com, which is again what I'm used to doing with authentication. I think I need to feed it those sources of information above in login_info to the url, but I don't quite know how to connect the dots.
How do I authenticate to the Letterboxd API using R?
This runs for me but I get a 401 Unauthorized since you correctly did not supply valid credentials. It looks like there is a python library for this API https://github.com/swizzlevixen/letterboxd if you need hints how to make subsequent requests.
sign_request() is mimicking python library's api.py#L295-L304
sign_request <- function(apisecret, url, method, body = "") {
signing_bytes <- as.raw(c(charToRaw(method), 0, charToRaw(url), 0, charToRaw(body)))
# https://stackoverflow.com/a/31209556/8996878
# https://stackoverflow.com/q/54606193/8996878
digest::hmac(key = apisecret, object = signing_bytes, algo = "sha256", serialize = FALSE)
}
url <- "https://api.letterboxd.com/api/v0/auth/token"
login_info <- list(
grant_type = "password",
username = "myemail#gmail.com",
password = "extremelysecurepassword"
)
apikey <- "mytopsecretapikey"
apisecret <- "YOUR_API_SECRET"
method <- "POST"
params <- list(
apikey = apikey,
nonce = uuid::UUIDgenerate(),
timestamp = round(as.numeric(Sys.time()))
)
# now we need to sign the request
body <- paste(names(login_info), login_info, sep = "=", collapse = "&")
body <- URLencode(body)
body <- gsub("#","%40", body) # something URLencode doesn't do but post does
destination <- httr::parse_url(url)
destination$query <- params
post_url_with_params <- httr::build_url(destination)
signature <- sign_request(apikey, post_url_with_params, method, body)
token_request <- httr::POST(url, httr::add_headers(
"Accept" = "application/json",
"Authorization" = paste0("Signature ", signature)
),
query = params,
body = login_info, encode = "form", httr::verbose()
)
token_body <- httr::content(token_request, type = "application/json")
# look for the value of"access_token"
I have been banging my head over this the whole day. I am trying to access StockTwits API (https://api.stocktwits.com/developers) from an R session. I have earlier accessed the twitter API (via rtweet) without hassles.
I have created an app and got the client id and key (the below are just examples).
app_name = "some.name";
consumer_key = "my_client_id";
consumer_secret = "my_client_key";
uri = "http://iimb.ac.in" # this is my institute's homepage. It doesn't allow locahost OR 127.0.0.1
scope = "read,watch_lists,publish_messages,publish_watch_lists,direct_messages,follow_users,follow_stocks";
base_url = "https://api.stocktwits.com/api/2/oauth"; # see https://api.stocktwits.com/developers/docs/api
The procedure is to create an oauth2.0 app and endpoint. Then call oauth2.0_token.
oa = httr::oauth_app(app_name, key = consumer_key, secret = consumer_secret, redirect_uri = uri);
oe = httr::oauth_endpoint("stocktwits", "authorize", "token", base_url = base_url);
mytoken = httr::oauth2.0_token(oe, oa, user_params = list(resource = base_url), use_oob = F); # use_oob = T doesn't work.
After firing the above, it takes me to the browser for sign-in. I sign-in and it asks me to connect. After that, I am taken back to my URI plus a code, i.e. https://www.iimb.ac.in/?code=295ea3114c3d8680a0ed295d52313d7092dd90ae&state=j9jXzEqri1
Is the code my access token or something else? The oauth2.0_token() call keeps waiting for the code since the callback is not localhost. I didn't seem to get a hang of that.
I then try to access the API using the above code as access token but I am thrown "invalid access token" error. The format is described in https://api.stocktwits.com/developers/docs/api#search-index-docs
Can someone tell me what I have missed? If required I can share my app_name, consumer_key and consumer_secret for replication.
Resolved
I am using the following R code to acquire a token from Reddit API on behalf of a user. However, tokens expire in an hour. To keep access with that app, I need to use a refresh_token parameter that I would receive with a first request, I understand. However, for some reason, I cannot receive a refresh_token using the following code:
#API app settings reddit:
endpoint <- oauth_endpoint(
authorize = "https://www.reddit.com/api/v1/authorize",
access = "https://www.reddit.com/api/v1/access_token"
)
appName <- "xxx"
key <- "xxx"
secret <- "xxx"
app <- oauth_app(appName, key, secret)
# authenticate using OAuth2 [an issue with token]
token <- oauth2.0_token(
endpoint = endpoint,
app=app,
scope = c("read"),
user_params = list(duration = "permanent"),
use_basic_auth = TRUE,
config_init = user_agent("Testing"),
cache = TRUE
)
That's how the resulted token looks like:
print(token$credentials)
$access_token
[1] "xxx"
$token_type
[1] "bearer"
$expires_in
[1] 3600
$scope
[1] "read"
Would anybody please suggest how to improve this request?
The request should include duration = "permanent" attribute in query_authorize_extra field
Here is a corrected request:
token <- oauth2.0_token(
endpoint = endpoint,
app=app,
scope = c("read"),
query_authorize_extra = list(duration = "permanent"),
use_basic_auth = TRUE,
config_init = user_agent("Testing"),
cache = TRUE
)
In one hour, token updates itself automatically ones a get or other type of request sent
I need to authenticate AWS API in R. I tried using aws.signature package to do the same and I am getting 403 response with error Missing Authentication Token . It seems that I am missing some necessary parameters. Looking for assistance to debug the below code or ways to authenticate AWS API in R.
# To create aws signature for authentication for the rest API call
library(aws.signature)
library(httr)
# validate arguments and setup request URL
current <- Sys.time()
d_timestamp <- format(current, "%Y%m%dT%H%M%SZ", tz = "UTC")
hdrs <- list(`Content-Type` = "application/x-www-form-urlencoded",
Host = "jteti5wnje.execute-api.eu-central-1.amazonaws.com",
`x-amz-date` = d_timestamp)
params <- signature_v4_auth(
datetime = d_timestamp,
region = "eu-central-1",
service = "execute-api",
verb = "GET",
action = "iMetaAPI",
query_args = list(),
canonical_headers = hdrs,
request_body = "json",
key = "***************",
secret = "*****************",
session_token = NULL,
query = FALSE,
algorithm = "AWS4-HMAC-SHA256",
verbose = TRUE)
a <- GET("https://jteti5wnje.execute-api.eu-central-1.amazonaws.com/iMetaAPI",
query = params)
rawToChar(a$content)
A few things:
request_body needs to be the actual body. You're doing a GET() so it should just be NULL or "".
The response from signature_v4_auth() is a list but you don't need all of its elements - probably just the hds$Authorization <- params$SignatureHeader element.
The actual errors you're getting is because you haven't passed the headers. You need to pass the headers to GET() with something like: do.call(add_headers, hdrs) so you can do:
a <- GET("https://jteti5wnje.execute-api.eu-central-1.amazonaws.com/iMetaAPI", do.call(add_headers, headers))
That will probably work, or you'll at least get a more informative error.