I am using OAuth2 for connecting my app with user's salesforce account. I am making authorization request with success and getting following things in response
access_token
instance_url
id
issued_at
signature
scope
token_type: Bearer
When I am trying to fetch salesforce data with following code
Dim binding As sforce.SforceService
binding = New sforce.SforceService()
binding.SessionHeaderValue = New sforce.SessionHeader()
binding.SessionHeaderValue.sessionId = <<access_token>> ' This is obtained by above step
binding.Url = <<id>> ' This is obtained by above step
dgr = binding.describeSObject("case")
I am getting exception
INVALID_SESSION_ID: Invalid Session ID found in SessionHeader: Illegal
Session. Session not found, missing session hash:
dGNP7MWaYz4kTAATqdvCAQk8H5NxD/xw/L+PpuPMpFA= This error usually occurs
after a session expires or a user logs out.
How can I fix it? I am sure I am passing something wrong but can't figure out what.
Related
I am trying to run a simple report on GA4 by using Google Analytics Data API Python client with a regular user credentials:
request = RunReportRequest(
property=f"properties/11111",
dimensions=[Dimension(name=f['name']) for f in report_definition['dimensions']],
metrics=[Metric(name=f['expression']) for f in report_definition['metrics']],
date_ranges=[DateRange(start_date=date, end_date=date)],
)
response = client.run_report(request)
And the client is BetaAnalyticsDataClient as also mentioned in the documentation:
credentials = Credentials(
token=None,
refresh_token=config['refresh_token'],
client_id=config['client_id'],
client_secret=config['client_secret'],
token_uri="https://accounts.google.com/o/oauth2/token",
scopes=["https://www.googleapis.com/auth/analytics.readonly"]
)
client = BetaAnalyticsDataClient(credentials=credentials)
It is not a Service Account so I am using google.oauth2.credentials.Credentials class as same in other Google APIs.
However, this operation is throwing an exception during the run_report function:
grpc._channel._InactiveRpcError: <_InactiveRpcError of RPC that terminated with:
status = StatusCode.UNAVAILABLE
details = "Getting metadata from plugin failed with error: ('invalid_grant: Bad Request', {'error': 'invalid_grant', 'error_description': 'Bad Request'})"
debug_error_string = "UNKNOWN:Error received from peer analyticsdata.googleapis.com:443 {created_time:"2023-01-14T14:12:10.907813+03:00", grpc_status:14, grpc_message:"Getting metadata from plugin failed with error: (\'invalid_grant: Bad Request\', {\'error\': \'invalid_grant\', \'error_description\': \'Bad Request\'})"}"
>
And when I try to use my access token in the credentials:
credentials = Credentials(
token=config["token"],
refresh_token=config['refresh_token'],
client_id=config['client_id'],
client_secret=config['client_secret'],
token_uri="https://accounts.google.com/o/oauth2/token",
scopes=["https://www.googleapis.com/auth/analytics.readonly"]
)
This time I am getting following error:
google.api_core.exceptions.Unauthenticated: 401 Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
I am sure that my credentials is correct since I am using same account in my other repos.
Also, note that, I tried same operation with a service account and it does not give any error. However, for this purpose, I need to use a regular developer account since the OAuth flow is on a frontend project.
What are the suggestions on that issue? Is it possible to use a developer account in here and if yes, how?
I was able to fix the issue. The app just needs a sign-out sign-in (or refreshing the access token).
I am trying to create a simple app (in R) using GroupMe's API, which utilizes OAuth2.0. The documentation can be found here. However, I'm getting stuck on the first step of authentication/token generation for a user. See below for my code and the response I get:
access_key = ****
client_id = ****
gendpoint <- oauth_endpoint(
authorize = glue("https://oauth.groupme.com/oauth/login_dialog?client_id={client_id}"),
access = glue("http://localhost:1410/?access_token={access_key}")
)
gapp <- oauth_app(
"pingme",
key = client_id,
secret = access_key
)
t <- oauth2.0_token(
endpoint = gendpoint,
app = gapp
)
The above code is sufficient to bring in the login page, which presumably allows me to enter my credentials to obtain a token. However, when I enter my credentials, I get the following error message in R:
Authentication complete.
Error in curl::curl_fetch_memory(url, handle = handle) :
Failed to connect to localhost port 1410: Connection refused
So it looks like my authentication/login credentials worked, but somewhere an error prevented me from actually generating the token.
Could someone help me with this? This is my first time using the OAuth2.0 framework so I'm very confused. Thanks in advance!
I am trying to implement a solution of signing in and retrieving data similar to this question. However, when I send my get request, and print the text, I get the following:
{
"errorCode" : "5011",
"errorMessage" : "SSO Request Failed, Session token is null.",
"errorMessageDetail" : null
}
How do I fix this issue?
My code:
with requests.Session() as s:
r1 = s.post(url1,data={'username':'user_name','password':'1234','rememberme':'true','userprofile':'true'})
r2 = s.get(url2, cookies=r1.cookies)
print(r2.text)
I was using the wrong URL
Perhaps, I have run into one of the complex issues listed here: How to login using requests in Python?
Until a month ago I was using the Rfacebook library with no problems. When I load the token I had generated and I want to use some function for example
getUsers("me",fb_oauth) #fb_oauth is my token
it gives me the following error:
Error in callAPI(url = url, token = token) :
Error validating access token: Session has expired on Tuesday, 04-Apr-17 13:24:59 PDT. The current time is Tuesday, 02-May-17 06:33:21 PDT.
To try to solve it I generate a new password in the app and generate a new token and I get the new token correctly:
fb_oauth <- fbOAuth(app_id="12345678", app_secret="xxxx")
Copy and paste into Site URL on Facebook App Settings: http://localhost:1410/
When done, press any key to continue...
Waiting for authentication in browser...
Press Esc/Ctrl + C to abort
Authentication complete.
But when I want to use the same function it gives me error
Error in callAPI(url = url, token = token) :
An access token is required to request this resource.
Also configure the login in the app but it does not work either
Anyone know how to generate the new token with the new 2.9 update?
Regards
As CBroe mentioned, the access token return format has changed and therefore the problem seems to be, that the credentials (including the access token) returned when authorizing with facebook is saved as the field name/key instead of the field value.
So a fix to this would be the following:
fb_oauth <- fbOAuth(app_id, app_secret, extended_permissions = FALSE,legacy_permissions = FALSE)
fb_oauth_credentials <- fromJSON(names(fb_oauth$credentials))
and then to make a request, such as getting a page would be;
fb_page <- getPage(page = "FBUserNameHere",
token = fb_oauth_credentials$access_token)
I'm trying to obtain a token from ADFS to that I can use it with an on-premise Windows Service Bus installation. I may not have ADFS properly configured because I get the following message:
MSIS3127: The specified request failed.
The code to access the token is as follows:
string adrecaSTS = "trust/13/usernamemixed";
WS2007HttpBinding binding = new WS2007HttpBinding();
binding.Security.Message.EstablishSecurityContext = false;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;
binding.Security.Message.ClientCredentialType = MessageCredentialType.UserName;
binding.Security.Mode = SecurityMode.TransportWithMessageCredential; //https
string baseSSLUri = #"https://<myadfs>/adfs/services/";
WSTrustChannelFactory trustChannelFactory = new WSTrustChannelFactory(binding, new EndpointAddress(baseSSLUri + adrecaSTS));
trustChannelFactory.TrustVersion = TrustVersion.WSTrust13;
trustChannelFactory.Credentials.UserName.UserName = "username";
trustChannelFactory.Credentials.UserName.Password = "password";
WSTrustChannel tokenClient = (WSTrustChannel)trustChannelFactory.CreateChannel();
//create a token issuance issuance
RequestSecurityToken rst = new RequestSecurityToken(RequestTypes.Issue);
//call ADFS STS
SecurityToken token = tokenClient.Issue(rst);
The endpoint is enabled on ADFS and my client (laptop on separate domain) trusts the certificate from ADFS.
Do I need to set up some kind of trust or something further? This error message is not particularly helpful.
See here:
https://github.com/thinktecture/Thinktecture.IdentityServer.v2/blob/master/src/Libraries/Thinktecture.IdentityServer.Protocols/WSFederation/HrdController.cs
The ValidateToken method has most of the code - but you first need to extract the InnerXml from the generic token and turn that into a SAML security token (again using a token handler).
Found the issue. I was trying to log on as an administrator account. When I used a regular user it worked.
I also had to modify the RequestSecurityToken to have a KeyType of KeyType.Symmetric
I see that you solved your issue, but here is some additional inforamation to potentially help others that might have the same error message but a different cause.
The AD FS error, "MSIS3127...", can have multiple causes. For us, it was caused by one of our relying party claim rules specifying an AD FS attribute store that didn't exist.
In order to debug the error, we checked the Event Viewer on all of the servers running AD FS, and that's where we found the detailed message that called out the attribute store problem. So, if anyone else gets the same error message, then I suggest checking the Event Viewer on AD FS to see if there are additional logs.
Note that AD FS logs to the Event Viewer under the folder/node of Applications and Services Logs => AD FS => Admin