A client wants me to integrate his News from LinkedIn to his TYPO3 site.
Yes, I am one of more admins of the company page on linkedin, the app is verified by the client.
I have client_id and client_secret
When i do the request to get an accessToken, something like:
https://www.linkedin.com/oauth/v2/accessToken?grant_type=client_credentials&client_id=&client_secret=
the answer is
error "access_denied"
error_description "This application is not allowed to create application tokens"
I have no clue, what the necessary permissions are and where to set them.
Neither the linkedin backend nor the developers shows up with any proper link.
I know, this question has been asked before, but its about the permissions.
Please set me on the rail...
You are trying to use the 2-legged OAuth process which is by "client credentials" unfortunately that process is not available by default to all applications which is probably why you are receiving that message.
This is mentioned in the first paragraph of the documentation of the 2-legged OAuth process.
Your application cannot access these APIs by default
https://learn.microsoft.com/en-us/linkedin/shared/authentication/client-credentials-flow?context=linkedin/context
Your application needs access to enterprise linkedin products that can perform API requests that are not member specific in order to be able to use that process.
By default the application only have access to the 3-legged process which involve a GET https://www.linkedin.com/oauth/v2/authorization before making a request to get access tokens.
More information about the 3-legged process can be found here
https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin/context
I use the .net Packages CodeHelper.API.LinkedIn
.NET
using CodeHelper.API.LinkedIn;
LinkedInHelper _helper = new() {AccessToken = "{ACCESSTOKEN}" };
string _id = await _helper.GetAuthorID();
CURL
curl -H "Authorization: Bearer "
"https://api.linkedin.com/v2/me?projection=(id)"
More Information
CodeHelper.API.LinkedIn
Nuegt Pakcage
Related
I am trying to access https://api-crt.cert.havail.sabre.com/v3/auth/token from the postman with valid base64 encoded Authorization header.
What is the valid value for username? Isn't it same which I used for registration. Document showing it as EPR in form 'user-group-domain'. Please help
I am getting an error.
{
"error": "invalid_client",
"error_description": "Credentials are missing or the syntax is not correct"
}
Go to: https://developer.sabre.com/user/{YOUR_USER}/applications
There you'll see YOUR_USER's application
Your user is what you have below Client ID and the password is below Client Secret. On that you have: Base64(Base64(Client ID):Base64(Client Secret)) (this is generic, to show how it should be coded.
This will only work on CERT environment.
It may be obvious what I am going to talk about, but you must have a SABER GDS authorized user to use this service.
If you do not have an authorized web user you will not be able to make the service work.
Ask Sabre or the agency that you represent this user to access, because without this credential correctly released you will not be able to make any REST / SOAP services work.
You can download the postman functionality package from the link below:
https://github.com/SabreDevStudio/postman-collections
https://developer.sabre.com/product-catalog?f%5B0%5D=product_type%3Aapi_reference
I currently have a web application that uses Azure AD to authenticate a user. This generates a JWT token which is then sent to my .NET Core Web API, which authenticates and authorizes successfully. The relevant parts of the JWT token that is sent across looks like this when put into jwt.ms (if you need more on this let me know and I can update this):
"aud": "api://<api-clientid>",
"appid": "<webapp-clientid>",
"hasgroups": "true",
"oid": "<userid">,
"tid": "<tenantid>"
I need to get to the groups that the user is a part of, and as the user is part of more than 6 groups, I need to make a call to the Graph API in order to return all groups for the user. This is documented in the description of the access tokens here, which states I should make a call to https://graph.microsoft.com/v1.0/users/{userID}/getMemberObjects.
I have tried using Postman to create a token to authenticate with the Graph API through the on-behalf-of flow, but I get the below error (removed irrelevant parts):
{
"error": "invalid_grant",
"error_description": "AADSTS65001: The user or administrator has not consented to use the application with ID '<api-clientId>' named '<api-displayName>'. Send an interactive authorization request for this user and resource...",
"error_codes": [
65001
],
"suberror": "consent_required",
...
}
I've tried following the web API that calls web APIs guide which seems to do exactly what I want to, using the Microsoft.Identity.Web. When I have tried this, I run into a similar issue with a MicrosoftIdentityWebChallengeUserException saying that I require more consent from the user. I tried changing the audience of the token to be for https://graph.microsoft.com/ but this then fails the authorisation to my web API, and I cannot have multiple endpoints in the audience of the JWT. I also tried using ITokenAcquisition as described here, but this did not work either, with a similar error to Postman.
Finally, I tried following this sample which also appears to do what I require, where I made sure my web API and my web client were set up in the same way that they do. The only change I had to make was a small change to the manifest of the API to include the client application Id in the "knownClientApplications", but this doesn't seem to have made any difference.
I feel like I'm missing something simple here, where either my web application needs to know that my web API might need permission to the Graph API, or I'm missing more configuration on my Azure AD. Any help would be greatly appreciated, and if more information is needed I'll provide as much as I can!
The error message says that admin has didn't consent the application.
Login to Azure AD as Global Administrator and Grant admin consent API permission via App registrations -> API Permissions -> Add a permission -> My APIs -> A -> Application permissions to fix this issue.To fix this issue.
I am attempting to use the LinkedIn V2 Profile API to aid in signups for my website.
I have properly implemented the "Sign in with LinkedIn" button on my website, set up the OAuth 2.0 callback, and my server properly swaps the OAuth 2.0 Access Code for the user's Access Token.
To do this, I am using the Python linkedin_v2 library linked here.
I am then attempting to grab the user's profile, and obtain their first name, last name, and email, to store in my database as a method of signup. I have confirmed that my application requests r_emailaddress, r_liteprofile, and r_member_social accesses.
To obtain their profile, I have attempted the following methods:
Using the Python Library linked above to create an application with the users access token and request the profile as follows:
application = linkedin.LinkedInApplication(token=accessToken)
profile = application.get_profile()
Unfortunately, this method only returns the user's first name, last name, and id, even when I include selectors=['email-address'] as a parameter to the get_profile() function, as specified by the library documentation.
Sending a GET request using the Python requests library https://api.linkedin.com/v2/people/(id:{person ID}) with headers that include Authentication: Bearer {user access token}.
Unfortunately, this method results in a 403 (forbidden) error.
I am curious of the following things:
Why do I obtain a 403 when querying the Profile API using the request library, when the same access token works to query the API through the Python linkedin_v2 library?
Does anyone know of how to use the python_linkedin_v2 library to obtain an email address with the profile?
Does anyone know of a better library to use in order to accomplish my goal of obtaining profile information regarding users whom are logging into my product using linkedin?
Do I need any additional permissions in order to access my users' emails from LinkedIn?
Thank you so much for your help, and I look forward to discussing potential solutions with all of you.
-Rob
Im getting some 403 errors in some HERE position requests. Looks like that the servers are not synchronized.
My Account was created 2 weeks ago.
{"error":{"code":403,"description":"These credentials do not authorize access. Please contact your customer representative or submit a request here https://developer.here.com/contact-us to upgrade your account. You can also get valid credentials by registering for a free trial license on https://developer.here.com.","message":"Forbidden"}}
First, generate apiKey and bearer token in your here account. For the apiKey go to your profile, create a new app and then you can generate it under Credentials -> API Keys.
For the bearer token, you first need to create oauth tokens (under Credentials -> OAuth), download the credentials.properties file, then use their CLI to generate the bearer token. Before you can use the CLI, you need to install it and then set it up.
I'm on a mac, so for me this installed it:
$ brew install heremaps/olp-cli/olp
Follow instructions on their page for whatever OS you have. Now you are ready to generate the bearer token. Make sure you are in the same directory where you downloaded the credentials.properties file earlier:
$ olp credentials import default credentials.properties
Generate the token:
$ olp api token get
Now you have everything to do a call to their API (replace HERE_API_URL with the one you want. They have many different ones for various use-cases):
GET
https://{HERE_API_URL}?apiKey={YOUR_API_KEY} -H 'Authorization: Bearer {YOUR_TOKEN}'
Note: Do not use app_code and app_id. These have been deprecated.
I had the same issue when I had only one API key created. Once I created a second API key, the issue went away.
Make sure you have two API keys generated, even if you only use one. The documentation suggests setting two keys but it never mentions it's required.
we used to have a working augmented system to login facebook and get&manage advertisement data. then we need to change the facebook account password of the user we used for login automatically in php. and old access token we used in PHP to login facebook is now not working.
I have tried to create a new access token with Graph API Explorer but I've got this error: appsecret_proof validation. then when i commented out this check and continue then I have recieved this error (line breaks added):
{"error":
{"message":
"(#294) Managing advertisements requires the extended permission \
ads_management and an application that is whitelisted to \
access the Ads API",
"type":"OAuthException",
"code":294
}
}
I almost don't know anything about facebook api how to use it.
Could you give me a detailed explanation of how i can create and access token with the ads_management right?
As Max points out, the Facebook documentation is the best source for detailed explanations of how to get access tokens and the ads_management extended permission. The Facebook Ads API guide overview provides the specific details you request including the link to the application form for receiving Ads API app approval.
The Ads API is a restricted platform which may only be accessed by whitelisted Apps.