Using the plugin, dropbox media importer in a wordpress app. I add the client key and secret after creating a personal dropbox app with full dropbox permission, I attempt to authorize the request but it returns an error that says invalided client_id or secret. When I try to do the curl request with the client_id & secret I get the same response.
Request:
curl -X POST https://api.dropboxapi.com/2/auth/token/from_oauth1 \
--header "Authorization: Basic <REDACTED>" \
--header "Content-Type: application/json" \
--data "{\"oauth1_token\": \"qievr8hamyg6ndck\",\"oauth1_token_secret\": \"qomoftv0472git7\"}"
Response:
{"error_summary": "invalid_oauth1_token_info/", "error": {".tag": "invalid_oauth1_token_info"}
The /2/auth/token/from_oauth1 endpoint you're attempting to use is only for exchanging existing OAuth 1 access tokens (e.g., as previously retrieved for use with the now-retired Dropbox API v1) for OAuth 2 access tokens.
If you're just integrating now, you wouldn't have any OAuth 1 access tokens, and so shouldn't be using this endpoint. (Accordingly, it's indicating that the oauth1_token and oauth1_token_secret values you're supplying are incorrect; the ones you're using are just copied from the documentation, but you would need to supply your real values.)
Instead, you should implement the Dropbox OAuth 2 app authorization flow. You can find more information in the documentation and guide.
Related
I'm trying to use the Linkedin standardized data APIs. But its not clear how to permission myself to this via the Developer Portal.
https://learn.microsoft.com/en-us/linkedin/shared/references/v2/standardized-data/titles#get_all
curl -X GET https://api.linkedin.com/v2/titles -H 'Authorization: Bearer BEARER_TOKEN'
Returns:
{"serviceErrorCode":100,"message":"Not enough permissions to access: GET /titles","status":403}
Whereas
curl -X GET https://api.linkedin.com/v2/me -H 'Authorization: Bearer BEARER_TOKEN'
Returns
HTTP/1.1 200 OK
With Payload
Looks like LinkedIn needs to enable the client_credentials flow but not obvious where to request this: linkedin "this application is not allowed to create application tokens" ?
Normally we are able to play around with REST APIs related to application, since the application has method to let us create a JWT Token for authentication.
But we are unable to create an application, don’t understand where and we can get the token to authorize us to let us create an application.
Let me tell step by step how to do that
Open the file {AMS_INSTALL_DIR}/webapps/root/WEB-INF/web.xml and change the following line
<filter-class>io.antmedia.console.rest.AuthenticationFilter</filter-class>
with this one
<filter-class>io.antmedia.console.rest.JWTServerFilter</filter-class>
Open the file {AMS_INSTALL_DIR}/conf/red5.properties and change the following lines
server.jwtServerControlEnabled=false
server.jwtServerSecretKey=
with these ones. You can use any 32 character alphanumeric key.
server.jwtServerControlEnabled=false
server.jwtServerSecretKey=WRITE_YOUR_32_CHARACTER_SECRET_KEY
For our sample we use cizvvh7f6ys0w3x0s1gzg6c2qzpk0gb9 as secret key
Restart the service
sudo service antmedia restart
Generate JWT Token. There are plenty of libraries that you can do programmatically. The easiest way for now is using JWT Debugger. So our generated token is eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.tA6sZwz_MvD9Nocf3Xv_DXhJaeTNgfsHPlg3RHEoZRk
Make the call to Create Application as follows
curl -X POST -H "Content-Type: application/json" -H "Authorization:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.tA6sZwz_MvD9Nocf3Xv_DXhJaeTNgfsHPlg3RHEoZRk" "https://ovh36.antmedia.io:5443/rest/v2/applications/testapp"
The result should be something like {"success":true,"message":null,"dataId":null,"errorId":0}
The app should be generated in a couple of seconds. You can get the list of the applications with the following command
curl -X GET -H "Content-Type: application/json" -H "Authorization:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.e30.tA6sZwz_MvD9Nocf3Xv_DXhJaeTNgfsHPlg3RHEoZRk" "https://ovh36.antmedia.io:5443/rest/v2/applications"
References:
Web Panel REST Methods
Web Panel REST Methods JWT Documentation
I have created an application in the developer portal in WSO2 and am trying to generate a token using this curl command:
curl -v -X POST -H "Authorization: Basic <base64encoded clientId:clientSecrect>" -k -d "grant_type=password&username=alex&password=alex123&scope=somescope" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
But I get the below response:
180{"error_description":"A valid OAuth client could not be found for client_id: ClientId","error":"invalid_client"}
I have tried also the following command :
curl -v -X POST -H "Authorization: Basic <base64encoded clientId:clientSecrect>" -k -d "grant_type=client_credentials&client_id=&client_secret=" -H "Content-Type:application/x-www-form-urlencoded" https://localhost:9443/oauth2/token
But with no success, I can generate the token from the devportal no problem but while executing it does not recognize the client for some reason. Could someone tell me what might be the problem for this.
You are missing the client id and secret in the Authorization header. You need to base64 encode client id and secret.
curl -k -X POST https://localhost:9443/oauth2/token -d "grant_type=password&username=Username&password=Password" -H "Authorization: Basic Base64(clientid:client_secret)"
curl -k -X POST https://localhost:9443/oauth2/token -d "grant_type=password&username=admin&password=admin" -H "Authorization: Basic VjhZRVdfUldISURZb0hJSU5yOTczVEhqYnBnYTpyVGg4N1VhUERPdGFlN25GUFFLc1pCR2FJdm9h"
So I kinda half solved it because it is still not giving me the desired behavior. In carbon port 9444 I added a user and assigned it roles to the application that I want the token and when executed the curl i got the token did the same thing for carbon but with port 9443 and it still displays as
180{"error_description":"A valid OAuth client could not be found for client_id: ClientId","error":"invalid_client"}
Is there a reason for this?
The following are the complete steps on registering an application in devportal, generating the client credentials, generating the access token, and using the access token to invoke the API calls. Please note that all these steps are achieved via the wso2am-3.2.0 devportal REST API calls.
WSO2 REST APIs are protected using OAuth2 and access control is achieved through scopes. Before you start invoking the API, you need to obtain an access token with the required scopes. This guide will walk you through the steps that you will need to follow to obtain an access token. First, you need to obtain the consumer key/secret key pair by calling the dynamic client registration (DCR) endpoint. You can add your preferred grant types to the payload. A Sample payload is shown below.
{
"callbackUrl":"www.google.lk",
"clientName":"rest_api_devportal",
"owner":"admin",
"grantType":"client_credentials password refresh_token",
"saasApp":true
}
Create a file (payload.json) with the above sample payload, and use the cURL shown below to invoke the DCR endpoint. The authorization header of this should contain the base64 encoded admin username and password. Format of the request
curl -X POST -H "Authorization: Basic Base64(admin_username:admin_password)" -H "Content-Type: application/json" -d #payload.json https://<host>:<servlet_port>/client-registration/v0.17/register
Following is a sample response after invoking the above curl.
{
"clientId": "fOCi4vNJ59PpHucC2CAYfYuADdMa",
"clientName": "rest_api_store",
"callBackURL": "www.google.lk",
"clientSecret": "a4FwHlq0iCIKVs2MPIIDnepZnYMa",
"isSaasApplication": true,
"appOwner": "admin",
"jsonString": "{\"grant_types\":\"client_credentials password refresh_token\",\"redirect_uris\":\"www.google.lk\",\"client_name\":\"rest_api_devportal\"}",
"jsonAppAttribute": "{}",
"tokenType": null
}
Next, you must use the above client id and the secret to obtain the access token. We will be using the password grant type for this, you can use any grant type you desire. You also need to add the proper scope when getting the access token. All possible scopes for devportal REST API can be viewed in the OAuth2 Security section of this document and the scope for each resource is given in the authorization section of resource documentation. Following is the format of the request if you are using the password grant type.
curl -k -d "grant_type=password&username=<admin_username>&password=<admin_password>&scope=<scopes separated by space>" -H "Authorization: Basic base64(cliet_id:client_secret)" https://<host>:<gateway_port>/token
Shown below is a sample response to the above request.
{
"access_token": "e79bda48-3406-3178-acce-f6e4dbdcbb12",
"refresh_token": "a757795d-e69f-38b8-bd85-9aded677a97c",
"scope": "apim:subscribe apim:api_key",
"token_type": "Bearer",
"expires_in": 3600
}
Now you have a valid access token, which you can use to invoke an API. Navigate through the API descriptions to find the required API, obtain an access token as described above and invoke the API with the authentication header. If you use a different authentication mechanism, this process may change.
For further details please refer https://apim.docs.wso2.com/en/3.2.0/develop/product-apis/devportal-apis/devportal-v1/devportal-v1/#section/Authentication
I am getting 400 error message as shown in image below, when I try out the Translation API using Try it out link http://docs.microsofttranslator.com/text-translate.html
I am using the Access Key generated from Azure Portal for Cognitive Services Free trial.
MS Azure Portal Link
I have read on MS support blogs and I tried all the suggestions mentioned in them. But everytime, I get the 400 Status error as shown below.
Can someone please help me to resolve this issue??
You need to get an access token first (docs here) by doing a POST request:
curl --header 'Ocp-Apim-Subscription-Key: <YOUR-API-KEY>' --data "" 'https://api.cognitive.microsoft.com/sts/v1.0/issueToken'
And then use that token in the Authorization header. (appId has been deprecated).
curl -X GET --header 'Accept: application/xml' --header 'Authorization: Bearer <YOUR-TOKEN>' 'https://api.microsofttranslator.com/v2/http.svc/Translate?&text=this%20is%20my%20name&from=en&to=af'
You can use Microsoft Translator API in 2 ways (see the docs):
in 1 step: invoke (GET) https://api.microsofttranslator.com/V2/Http.svc/Translate?text=Neoliberismo&from=it&to=en, passing Ocp-Apim-Subscription-Key: your_subscription_key as request header
in 2 steps, with OAuth:
invoke (POST) https://api.cognitive.microsoft.com/sts/v1.0/issueToken, passing Subscription-Key=your_subscription_key as query parameter or better passing Ocp-Apim-Subscription-Key: your_subscription_key as request header
you'll get a token that expires after 10 minutes
invoke (GET) https://api.microsofttranslator.com/V2/Http.svc/Translate?text=Neoliberismo&from=it&to=en, passing Authorization: Bearer the_token as request header
I am working on integrating OAuth2 to a REST API and I would like to know how am I supposed to send the access_token parameter for the requests.
Example:
My server accepts two routes:
POST /write
GET /read
For /write, am I supposed to put the access_token in the POST?
curl http://api.localhost/write -d 'access_token=[ACCESS_TOKEN]'
For /read, am I supposed to put it in the GET?
curl http://api.localhost/read?access_token=[ACCESS_TOKEN]
Or in both cases, is it supposed to be sent through POST?
Thanks,
Gasim
With OAuth, the token is generally passed in the request headers. You may wish to try something similar to the following, for both POST or GET:
POST: curl http://api.localhost/write -H 'Authorization: Bearer ACCESS_TOKEN'
GET: curl http://api.localhost/read -H 'Authorization: Bearer ACCESS_TOKEN'
The value part of the Authorization key/value pair can vary by REST service provider. With Github, for instance, the header key/value pair looks like this:
curl -H "Authorization: token your_token" https://api.github.com/repos/user/repo
You may need to consult the webservice provider docs for details.