I could use some help..
I am trying to connect to a MS Dynamics CRM (2016) on-premise database. it is facing the internet (IFD) and uses adfs 3.0 to authenticate users.
Now, when I try to connect to the api using the webbrouwser, a smal log-in form appears that lets me enter my username and password. When I submit these credentials, the browser opens a page with nice json code, however, when I try the following code in R
library(httr)
result <- GET(
"https://xrm.company.nl/Company/api/data/v8.2/some=query",
config = authenticate(
user = "MyUsername",
password = "MyPassword",
type = "ntlm"
)
)
I get text/html content that builds a POST form. This form is already filled out for me, but it relies on some js script to auto submit. There's also is a warning message available in the html that says that script is disabled combined with a handy (but unreachable) submit button.
When I extract the html from the content content(result, as = "text"), put it in an html file and open it in my browser, the json results sow up.
But I don't know how to enable script, or how to click submit using R.
Anybody any ideas for a workaround for these issues, or on how to authenticate correctly to adfs using R?
You will to request a SAML bearer access token. See this post on the Magnatism blog: Dynamics 365 Online ADFS Authenticate with User Credentials
In a nut shell you need to do the following...
Get User Realm by Sending HTTP GET Request to User Realm Endpoint
Get SAML Access Token by Sending HTTP POST Request to ADFS Service Endpoint
Extract XML content Between the Element, Remove Any Indenting then Encode to Base 64 String
Get SAML Bearer Access Token by Sending HTTP POST Request to Token Endpoint
Set the Authorization Header of the HTTP Request
Related
A client wants me to integrate his News from LinkedIn to his TYPO3 site.
Yes, I am one of more admins of the company page on linkedin, the app is verified by the client.
I have client_id and client_secret
When i do the request to get an accessToken, something like:
https://www.linkedin.com/oauth/v2/accessToken?grant_type=client_credentials&client_id=&client_secret=
the answer is
error "access_denied"
error_description "This application is not allowed to create application tokens"
I have no clue, what the necessary permissions are and where to set them.
Neither the linkedin backend nor the developers shows up with any proper link.
I know, this question has been asked before, but its about the permissions.
Please set me on the rail...
You are trying to use the 2-legged OAuth process which is by "client credentials" unfortunately that process is not available by default to all applications which is probably why you are receiving that message.
This is mentioned in the first paragraph of the documentation of the 2-legged OAuth process.
Your application cannot access these APIs by default
https://learn.microsoft.com/en-us/linkedin/shared/authentication/client-credentials-flow?context=linkedin/context
Your application needs access to enterprise linkedin products that can perform API requests that are not member specific in order to be able to use that process.
By default the application only have access to the 3-legged process which involve a GET https://www.linkedin.com/oauth/v2/authorization before making a request to get access tokens.
More information about the 3-legged process can be found here
https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin/context
I use the .net Packages CodeHelper.API.LinkedIn
.NET
using CodeHelper.API.LinkedIn;
LinkedInHelper _helper = new() {AccessToken = "{ACCESSTOKEN}" };
string _id = await _helper.GetAuthorID();
CURL
curl -H "Authorization: Bearer "
"https://api.linkedin.com/v2/me?projection=(id)"
More Information
CodeHelper.API.LinkedIn
Nuegt Pakcage
I am trying to access a site that need login credentials and solving a recaptcha v2, I am using python requests library to do that.
I am using the anticaptcha api to solve the captcha, and I now have the "g-recaptcha-response", but when I get to the login request, using regular browser and network tab in the DevTools, I see the login request has payload with 2 extra tokens (beside other static data like username and password,..)
these tokens are:
__RequestVerificationToken
RecaptchaToken
__RequestVerificationToken (1yvl3JbNqqll88O3pg7-Qdn8_QC8hcQdUIyCLaAno7xNCg2ql-rycdgC75Xz1AKRlghiuOzE_XZOrJiBTUz25cLOf1M1)
RecaptchaToken (03AOLTBLT9huh3hlzUWneKS-LDVRr0U4_4N8OvsV2dAY6L-DduwTXTdHGFEaLJKzqyNW6w3SAFoKo_hQWq2qecRTsca0IrTYR0pExziAh4eWsDjCj-NdhwBnaVQwo97QaE6q0aKZAIMNx6efET9869Jv_x75KRZX9esLxVY0VT_Zo93ha-iX_4B7h1Si9aicVi59ldaCrCTCClb7SkAw7fYnf_0s1_uY1BfpkcylvHgoGeGXLUdJ91kn_wV0b2USCRkeFb8m9AAS5Cy6avDllc4cmZ8oDH5c9KedQ1kv3Tt03K0-q_4V3BRy0zPV25L6h7qt4PTqT9kRRIQfMI_AvoNbn78kD8mXAJNA)
what are those extra tokens? how I get them?
I searched in all process loaded while solving the captcha in the browser, no mention for these values or even the arguments names.
I want to implement an Actions for Google app that links to user account in a Firebase project and query's their data. I have a website that is set up using Firebase UI that logs them in and redirects them to a dummy page that basically just says "You have been logged in." I cannot see any documentation anywhere that shows how to return this auth token to google so the assistant can use it to query things on their account. Does anybody know how to accomplish this? I am using this documentation https://developers.google.com/actions/identity/google-sign-in-oauth?creation=no. This is the specific text I am not understanding.
"Your service creates an access token and returns it to Google by redirecting the user's browser back to Google with the access token attached to the request."
This basically means that, instead of returning a new page, you issue an HTTP redirect to a URL that they have sent you as part of the request. You will need to add some parameters to this URL that include the auth info, and this is how Google will get the information - via the redirect handled by the user's browser.
They provide some details further down in step 4 on that page, which reads
Send an HTTP response that redirects the user's browser to the URL
specified by the redirect_uri parameter. Include all of the following
parameters in the URL fragment:
access_token: the access token you just generated
token_type: the string bearer
state: the unmodified state value from the original request
The following is an example of the resulting URL:
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID#access_token=ACCESS_TOKEN&token_type=bearer&state=STATE_STRING
Currently I have both Facebook and LinkedIn Oauth2 flow working fine. Because in some cases I don't want the user to redirect to another page, I use the Facebook JS SDK that works fine, retrieving the access token and sending it to the server where I retrieve user data with REST calls.
Unfortunately, I'm not having success in doing the same with the LinkedIn JS SDK. The official documentation isn't helpful at all in that regard: https://developer.linkedin.com/docs/getting-started-js-sdk.
I retrieve user data in the server because it's easy to forge fake data in the client side and send it to the server, so a client side solution for that is not an option.
If I try to use the token that I get in js in the REST API I get Invalid access token. (401)
There are several opened questions that doesn't have any response (or a helpful response) here in SO:
2015-08-03 - No response:
Javascript: Linkedin Access TOken
2016-05-29 - No response:
can I get access token through LinknedIn JS SDK?
2016-08-31 - No helpful response (data is retrieved in the front-end):
How to Get Access Token Using LinkedIn API JavaScript SDK
2017-06-30 - No helpful response:
LinkedIn OAuth token with Javascript SDK
In the below question, there is a comment that says what I'm already guessing:
[...] Honestly I think the JS API is completely useless like this
because if you can't verify/use the token server-side you basically
cannot trust any of the information.
2015-07-22 - No helpful response (data is retrieved in the front-end):
get linkedin Access Token with JavaScript SDK
There's some information about exchanging the Javascript API tokens with a REST API OAuth token, but in the references I've found the links are broken (and it would be impractical to do this, depending on the complexity, instead of using the token directly, like in the Facebook JS SDK):
http://developer.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens
https://developer-programs.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens
So, I would like to know if there is some way to login with LinkedIn using the JS SDK and retrieve the user data in the back-end using REST calls (like I do in the Oauth2 flow), hopefully with official docs.
I've had the same problem and the only way I found to use the JS token was to add the header oauth_token instead of an Authorization Bearer header:
POST https://api.linkedin.com/v1/people/~:(id,firstName,lastName,picture-url,email-address)?format=json
Headers {
'oauth_token': JS_TOKEN
}
The JS_TOKEN I'm reading on frontend from IN.ENV.auth.oauth_token.
I've been struggling with the same issue for some time, this is the way I solved it (not using the JS SDK):
Step 1: you send your user to the LinkedIn login page, in the redirect_uri param use an endpoint to handle all the logic related to LinkedIn.
Step 2: When the user finishes login in, Linkedin is going to send a GET request to that endpoint, this request will have an "Authorization Token", this token is just a temporal token and it won't allow you to get your user's data.
Step 3: Use the Authorization Token you just received and send a post request to Linkedin
Step 4: Linkedin will send you back an Access Token (this is the one you are looking for), now you can request all the information you want
Step 5: Redirect your user back to your web app.
The structure of the request as well of the anchor tag params are available here: https://developer.linkedin.com/docs/oauth2
I am working with the functionality to integrate ADFS login page with my application.
Flow
User will try to visit page. Here system will try to authenticate user.
System will redirect user to ADFS login page.
User will enter login information. If user is authenticated then user will be redirected back to the application with authorized token information.
I am facing difficulties to read the token information when the page is redirected back.
I tried
I am able to redirect page to ADFS login page and also can redirect back to my system if the user is authenticated using below url format:
https://adfs-domain-name/adfs/ls
Please find the below code snippet which I am using after getting back the page to read token information.
ClaimsPrincipal claimsPrincipal = Thread.CurrentPrincipal as ClaimsPrincipal;
bool IsAuthenticated = claimsPrincipal.Identity.IsAuthenticated;
int ClaimCount = claimsPrincipal.Claims.Count();
Here I am getting IsAuthenticated as false and ClaimCount as 0 result.
Is there anything incorrect in my code or way to connect ADFS login page ?
Can anyone help me to fix this ?
Please let me know if you have any concern or query or if I am missing something.
In short, I would recommend following this tutorial:
https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/development/enabling-openid-connect-with-ad-fs-2016
I followed the steps in there and got it to work (using OAuth2 / OpenID connect). There are some other interesting resources on that site, too.
Some more pointers:
1) For using OAuth2 the login URL on the ADFS server should be something like:
https://adfs.contoso.com/adfs/oauth2/authorize?[parameters]
The URL parameters are nicely documented here:
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-code
2) You can then use the ADAL libraries for the frontend and backend code. In essence, the frontend code will put together the aforementioned login URL and keep the token in the browser's session storage to be sent with each request. The backend library will verify and decode the tokens (into ClaimsPrincipal) for you. You can find the appropriate library components here:
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-libraries
Ah, yeah, I know these components and docs describe Azure AD (ADFS in the cloud), but what they run there is essentially the same as ADFS 4.0 on Windows Server 2016.