I'm trying to authenticate against an App Service that I have defined in Azure Active Directory. When accessing it, I first get the access token and the continue with the rest of the OAuth procedure.
The problem, however, is that I can only get the token when posting the request via Postman. When I try to call the same URL, with the same data using an HTTP action in flow, it fails:
{
"error": "invalid_client",
"error_description": "AADSTS70002: Error validating credentials. AADSTS50012: Invalid client secret is provided.\r\nTrace ID: 67250fbf-ad20-47f1-b3a3-dbce1e813600\r\nCorrelation ID: f9eaaa13-cee3-4f5c-a96a-6846c4392dd9\r\nTimestamp: 2018-01-17 12:21:51Z",
"error_codes": [
70002,
50012
],
"timestamp": "2018-01-17 12:21:51Z",
"trace_id": "67250fbf-ad20-47f1-b3a3-dbce1e813600",
"correlation_id": "f9eaaa13-cee3-4f5c-a96a-6846c4392dd9"
}
This is how it is set up in Flow:
When executed in Postman it works just fine:
I cannot figure out why this doesn't work when running the request from within a Flow. Am I missing something in the HTTP action card configuration?
Kind regards,
Peter
I found the reason for this not working. I had to fully URL encode the value for client_secret.
/Peter
Related
I'm getting this response (with 401 error code) after using the new refreshed access token:
{'serviceErrorCode': 65601, 'code': 'REVOKED_ACCESS_TOKEN', 'message': 'The token used in the request has been revoked by the user'}
I followed this guide to refresh the access token:
https://learn.microsoft.com/en-us/linkedin/shared/authentication/programmatic-refresh-tokens?view=li-lms-2022-07#step-2-exchanging-a-refresh-token-for-a-new-access-token
Although it works after several seconds. It seems like the issue is from the LinkedIn-Ads API side. Is there an exact time to wait after generating the access token?
We are getting 200 success while hitting endpoints like create signup URL, create enterprise, create enrollment token etc. through API Explorer or Postman. But while we are trying to hit the "create web token" endpoint we are getting 400 error.
We are implementing Google Android Management API. Finally, we are proceeding for implementing iframe which required the web token as it's carrier. But we are failing to do so.
For your reference:
enrollmentTokens.create endpoint Link below:
https://developers.google.com/android/management/reference/rest/v1/enterprises.enrollmentTokens/create
In the API explorer we are providing
parent = enterprises/LC00x1u8p0 and selecting Google OAuth 2.0 credentials.
With this much information API Explorer giving 200 success message.
enterprises.webTokens.create endpoint Link below:
https://developers.google.com/android/management/reference/rest/v1/enterprises.webTokens/create
In the API explorer we are providing
parent = enterprises/LC00x1u8p0 and selecting Google OAuth 2.0 credentials.
With this the same information API Explorer giving 400 error. I have posted the error message and unable to understand where is the error coming.
Is our console cloud project need any special supplement for giving access to web token? or what exactly is the lacking that giving this 400 error?
We are failing to understand the error message. Please check the below response.
{
"error": {
"code": 400,
"message": "domain: \"gdata.CoreErrorDomain\"\ncode: \"INVALID_VALUE\"\nargument: \"tokenSpec.parent\"\ndebug_info: \"code: INVALID_VALUE\\nhttp status: 400\\narguments: [tokenSpec.parent]\\nvalue: \\ncause: com.google.wireless.android.vending.enterprise.common.exceptions.InvalidParameterException: EnterpriseException{httpStatus=400, code=gdata.CoreErrorDomain.INVALID_VALUE, arguments=[tokenSpec.parent]}\\n\\tat com.google.wireless.android.vending.enterprise.common.exceptions.InvalidParameterException$Builder.build(InvalidParameterException.java:60)\\n\\tat com.google.wireless.android.vending.enterprise.business.EmbeddedUiServiceImpl.validate(EmbeddedUiServiceImpl.java:173)\\n\\tat com.google.wireless.android.vending.enterprise.business.EmbeddedUiServiceImpl.createWebToken(EmbeddedUiServiceImpl.java:123)\\n\\tat com.google.wireless.android.vending.enterprise.actions.mdmapi.EnterpriseActions$CreateWebTokenAction.execute(EnterpriseActions.java:360)\\n\\tat com.google.apps.framework.request.impl.InterceptorInvocation$Rpc.beforeProceed(InterceptorInvocation.java:147)\\n\\tat com.google.apps.framework.request.impl.InterceptorInvocation.proceed(InterceptorInvocation.java:158)\\n\\tat com.google.apps.framework.request.impl.RpcDispatcher.proceed(RpcDispatcher.java:136)\\n\\tat com.google.apps.framework.request.impl.RpcDispatcher.proceed(RpcDispatcher.java:42)\\n\\tat com.google.apps.framework.request.impl.AbstractDispatcher.doExecuteChainInternal(AbstractDispatcher.java:503)\\n\\tat com.google.apps.framework.request.impl.AbstractDispatcher.doExecuteChain(AbstractDispatcher.java:497)\\n\\tat com.google.apps.framework.request.impl.AbstractDispatcher.execute(AbstractDispatcher.java:331)\\n\\tat com.google.apps.framework.request.impl.AbstractDispatcher.executeAsync(AbstractDispatcher.java:254)\\n\\tat com.google.apps.framework.request.impl.RpcDispatcher.handleRpc(RpcDispatcher.java:126)\\n\\tat com.google.apps.framework.request.impl.RpcScopedHandlerFactoryImpl.run(RpcScopedHandlerFactoryImpl.java:276)\\n\\tat com.google.apps.framework.request.impl.RpcScopedHandlerFactoryImpl$2.handleRequest(RpcScopedHandlerFactoryImpl.java:126)\\n\\tat com.google.net.rpc3.impl.server.RpcServerInterceptor2Util$RpcApplicationHandlerAdaptor.handleRequest(RpcServerInterceptor2Util.java:82)\\n\\tat com.google.net.rpc3.impl.server.RpcServerInternalContext.runRpcInApplicationWithCancellation(RpcServerInternalContext.java:672)\\n\\tat com.google.net.rpc3.impl.server.RpcServerInternalContext.lambda$runRpcInApplication$0(RpcServerInternalContext.java:637)\\n\\tat io.grpc.Context.run(Context.java:536)\\n\\tat com.google.net.rpc3.impl.server.RpcServerInternalContext.runRpcInApplication(RpcServerInternalContext.java:637)\\n\\tat com.google.net.rpc3.impl.server.RpcServerChannel$4.apply(RpcServerChannel.java:1026)\\n\\tat com.google.net.rpc3.impl.server.RpcServerChannel$4.apply(RpcServerChannel.java:996)\\n\\tat com.google.common.util.concurrent.AbstractTransformFuture$TransformFuture.doTransform(AbstractTransformFuture.java:253)\\n\\tat com.google.common.util.concurrent.AbstractTransformFuture$TransformFuture.doTransform(AbstractTransformFuture.java:243)\\n\\tat com.google.common.util.concurrent.AbstractTransformFuture.run(AbstractTransformFuture.java:124)\\n\\tat com.google.common.context.ContextRunnable.runInContext(ContextRunnable.java:89)\\n\\tat com.google.common.context.ContextRunnable$1.run(ContextRunnable.java:78)\\n\\tat io.grpc.Context.run(Context.java:536)\\n\\tat com.google.tracing.GenericContextCallback.runInInheritedContext(GenericContextCallback.java:75)\\n\\tat com.google.common.context.ContextRunnable.run(ContextRunnable.java:74)\\n\\tat java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)\\n\\tat java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)\\n\\tat com.google.apps.framework.server.AbstractThreadPoolModule$InitializingThreadFactory.lambda$newThread$0(AbstractThreadPoolModule.java:416)\\n\\tat java.base/java.lang.Thread.run(Unknown Source)\\n\\n\"\n",
"status": "INVALID_ARGUMENT"
}
}
Thanks you very much for your attention. Any help to fix the issue is appreciable.
You need to supply the Request body of the enterprises.webTokens.create method. The request body contains an instance of WebToken.
Request body:
{
"parentFrameUrl": "<the URL of the page that will be hosting the iFrame>",
"enabledFeatures": [
"PLAY_SEARCH",
"PRIVATE_APPS",
"WEB_APPS",
"STORE_BUILDER"
],
"permissions": [
"APPROVE_APPS"
]
}
If successful, the response body contains a newly created instance of WebToken containing the value you need to embed the iFrame on the hosting page.
So I am trying to get an authorization token from MSFT.
I am using the HTTP Request object as an action.
I set the method to POST, provide URI, set a Content_Type in the Header, and add a grant type to the body.
Screenshot of LogicApps HTTP Setup
When I run my logic app I receive the following error:
"error": "invalid_request",
"error_description": "AADSTS900144: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: ef137edb-87d4-43e2-88b7-d119b2c00500\r\nCorrelation ID: 4ea88c05-7f28-4e3f-bb31-052c3baac198\r\nTimestamp: 2020-05-22 17:33:21Z",
"error_codes": [
900144
So the error says I am missing 'grant_type' but I have it in the body.
Can anyone point me in a direction to get this resolved?
The Body in this case is not a JSON object, it's a Form encode. Here's a screen shot where I do this same task:
You'll need to pass the client_id and client_secret as well.
The problem is as stated above. If I try to subscribe to a push notification via the url: https://iid.googleapis.com/iid/v1/{token}/rel/topics/{topic}, I always get the following response: {"error":"InvalidToken"}
I have tried using both GET and POST methods but still the same response.
I have checked if the Token is a valid token by using the following url: https://iid.googleapis.com/iid/info/{token} which return the correct data like this:
{
"application": "com.chrome.windows",
"subtype": "wp:http://localhost/#2A58747F-DEF7-4C55-8073-126B2D168-V2",
"authorizedEntity": "856365479457",
"platform": "WEBPUSH"
}
If my token is valid, then why I am getting the error invalid token?
I believe you are hitting a GET request with topic subscribe, try POST with the same parameters.
Or you are hitting incorrect url: Hitting an url without ../rel/.. also produces the same error.
Error
Solution
I have installed Laravel Passport per the documentation and I have modified all areas of my code that is required.
I am working on setting up Password Grant Tokens so that users will be able to get an API token when logging in with their username and password for the site. I am hitting an issue though when it comes to the grant_type.
For some reason Laravel is complaining about an invalid grant type.
{
"error": "unsupported_grant_type",
"message": "The authorization grant type is not supported by the authorization server.",
"hint": "Check the `grant_type` parameter"
}
These are the fields that I am posting to /oauth/token
client_id = 4
client_secret = SMiYE7XqDNtXKQnmkYmFnXxfAaV83vRhnJ9zwCtZ
username = jcrawford#domain.com
password = **************
grant_type = password
scope = *
I have run php artisan passport:install and I have also tried running php artisan passport:client --password
Both commands worked and both created the client and secrets, however, I cannot seem to get past the error about the grant_type.
Any suggestions on what I should look at to get this solved so that Password Grant Tokens will work for me?
It appears that you must send the parameters as form data and not in the headers like I was doing... Rookie Mistake!
I'm using Postman and I have put all parameters in Params. Postman shows the following response
{
"error": "unsupported_grant_type",
"message": "The authorization grant type is not supported by the authorization server.",
"hint": "Check the `grant_type` parameter"
}
Now I put all parameters in Body and then press the Send button, It's working well.
For me the problem was that i wasnt using Request $request, i was using RegisterRequest $request which i had created.
Initial URL
https://restfulapi.test/oauth/authorize?client_id=3&redirect_url=http://restfulapi.test?response_type=code
Solution
https://restfulapi.test/oauth/authorize?client_id=3&redirect_url=http://restfulapi.test&response_type=code
I had to replace the question mark before response_type with the &
Reading the Laravel documentation saved me a lot of stress. The oauth\token is used to retrieve token using the grant type specified, the route will return a JSON response containing access_token, refresh_token, and expires_in attributes. The expires_in attribute contains the number of seconds until the access token expires (ref) You are meant to
Install passport
Publish the service providers and migrations and migrate.
Setup a route for login/register to create an account and login.
In your User model, add HasApiTokens from use Laravel\Passport\HasApiTokens;
In your response in your login method, add the token as part of the response.
Test your response on postman