We are trying to access data from D365 API's,
We are flowing the flow like Getting the token by using the Client ID and client secret
We are getting the token, New trying to access other app url's but getting the response are unauthorised
here the thing we are missing is we need validate the user. I am not getting exact api, where we can validate the user and then access the data.
This is the first API, we are calling
https://login.microsoftonline.com/ tenant ID /oauth2/token
passing client_secret, Client_id and grant_type
For that we are getting the token.
with that token we are not able access out D365 API's
But here where we need to login the user ? Any references ?
Related
I am learning to connect to one of our 3rd party's API, and the first step in doing so is to first get an access token to use for additional requests.
To get that access token, I send a POST request that includes an API key in the header, along with the username and password in the body (as JSON). And that successfully returns a token.
But how do I set up that up in a collection? In postman I have options of API token, Basic Auth, Oath2, etc. But I do not see how you set up and include both the API key and user/password.
I've tried different scenario's of just the API Key and Oath2 with credentials, but unsure how you set it up to include both.
My system works as follows;
I have an ASP.Net RESTful API server, which contains a user database.
I also have a Xamarin.Forms application, with a registration and login page.
What I want is to have the ability to authenticate a login using a social IdP, and then, if that user has not been logged in before, register that user in my local database.
I have been reading up on how to implement OAuth 2.0 with OpenID Connect to authenticate my users with a social IdP, however, I cannot seem to wrap my head arround it. From what I've read, I shouldn't use an Access token for authentication, since that i what the ID token is for, however, I have also read that the only intended purpose for an ID token, is the client.
My problem then is, how can I make sure that calls made to my ASP.Net server, has been made by "real person", and how do I determine who makes the call?
Access token will be used determine whether the client application was authorized by a user to access a resource. The concept of ID token comes from OpenID Connect. Main purpose of the ID token is to authenticate the user to the client application (i.e. letting the client application know that the person who authorized the access is a valid person).
To do this, you have to validate the ID token. This can be done using third party libraries such as nimbusds or auth0. You can validate the signature of the token verify the integrity of the token and check the claims included in the token (by comparing them with expected values) to verify the user details. Also, you can add custom claims (any claim that is specific for your application/implementation) to the tokens through your identity provider so that you'll be able to validate those particular claims in order to verify the user.
I just started to use the facebook login app for my website. After login success, I received the response which contains some info like userID, access_token, signedRequest, etc. I need to pass this info to my server side to get user data (email, picture) and add that to my database. If I use ajax call to my server, my server API will be exposed. My question is how can I pass that info to server-side without worrying my server will be exposed?
Note: I'm using ASP.Net.
Thank you!
Pass the Access Token only, and use a server side API call (including appsecret_proof) to get the User ID. Only store the User ID.
More information: https://developers.facebook.com/docs/graph-api/securing-requests
I am using client ID for Android/iOS to authenticate users with Google Sign-In. This is working fine and I receive a code after successful authentication.
Now for some reason I would like to validate this code in the server-side with google and obtain access token. But we do not have any secret key for client ID(s) for Android/iOS. How can I verify the code and get the access token?
I'm working on a Web Application that allows user to connect AdWords account.
1) So once user connected their AW account I am getting token from AW API that includes an access token and a refresh token. So far so good, it's just a typical OAuth2 process.
2) Next time another user connects same AW account, AW would not provide me with a refresh token, assuming I have it stored somewhere, which is expected.
So here is the problem, there doesn't seem to be a way to get user information without the refresh token, meaning I can't identify the user to retrieve the refresh token.
I'm using .NET library (Google.Apis.Analytics.v3) and it doesn't allow me to request customer information without providing the refresh token...
Here is the sample code:
var tokenResponse = await adWordsService.ExchangeCodeForTokenAsync(code, redirectUri);
var adWordsUser = adWordsService.GetAdWordsUser();
var customerService = (CustomerService)adWordsUser.GetService(AdWordsService.v201502.CustomerService);
var customer = customerService.get();
adWordsService is just a wrapper around the API.
so when I execute this line var customer = customerService.get() I get a following error:
ArgumentNullException: Value cannot be null.
Parameter name: AdWords API requires a developer token. If you don't have one, you can refer to the instructions at https://developers.google.com/adwords/api/docs/signingup to get one.
Google.Api.Ads.AdWords.Lib.AdWordsSoapClient.InitForCall(String methodName, Object[] parameters)
Developer token is there and so are all the client IDs.
If I add this line adWordsUser.Config.AuthToken = tokenResponse.AccessToken; before making the call, it complains about the refresh token.
ArgumentNullException: Value cannot be null.
Parameter name: Looks like your application is not configured to use OAuth2 properly. Required OAuth2 parameter RefreshToken is missing. You may run Common\Utils\OAuth2TokenGenerator.cs to generate a default OAuth2 configuration.
Google.Api.Ads.Common.Lib.OAuth2ProviderBase.ValidateOAuth2Parameter(String propertyName, String propertyValue)
So the question is, how does one acquire user information (in this case customerId, according to this article https://developers.google.com/adwords/api/docs/guides/optimizing-oauth2-requests#authenticating_multiple_accounts) during authentication for the purpose of storing the refresh token?
So I just found the problem is in the adWordsService. When the AdWordsUser is created it isn't assigned the updated authentication provider which contains the latest authentication token. Once this authentication provider is added the AdWordsUser doesn't try to refresh the token since the token hasn't expired yet, thus there is no need for the refresh token.