How to pass username and password in authorization field? - http

In unrealscript, I'm attempting to connect to server using a TCPLink client I wrote. I can connect to the domain, but when I attempt to access a welcome message I receive a 401 error. What am I doing wrong in my authorization field?
Note: username and password are plain-text string variables filled in by the user
SendText("GET /crud/welcome HTTP/1.0"$chr(13)$chr(10));
SendText("Host: "$TargetHost$chr(13)$chr(10));
SendText("Authorization: "$USERNAME$":"$PASSWORD$chr(13)$chr(10));
SendText("Connection: Close"$chr(13)$chr(10));
SendText(chr(13)$chr(10));

You may want to read RFC 2617.

Related

HTTP Connector in Microsoft Power Automate - Login against Azure AD app registration on behalf of user not working

I hope you are doing fine :)
I have the following problem/problems.
I have created a dummy (robot) user. In Azure AD there is an App Registration with some Power BI delegated permission services.
I want to automate the deletion of a push dataset via a HTTP request.
For this, I need to authenticate against that App Registration from Azure AD. With postman, everything worked perfectly, I got the token as a response.
Then, I tried to make the same request using the HTTP connector in PowerAutomate.
I get the following error
{"error":"invalid_request","error_description":"AADSTS900144: The request body must contain the following parameter: 'grant_type'.\r\nTrace ID: e6d68953-ce1c-4217-856c-ae3aada82e00\r\nCorrelation ID: f50db4d9-d5bb-4396-af11-214717721f43\r\nTimestamp: 2022-10-26 19:12:48Z","error_codes":[900144],"timestamp":"2022-10-26 19:12:48Z","trace_id":"e6d68953-ce1c-4217-856c-ae3aada82e00","correlation_id":"f50db4d9-d5bb-4396-af11-214717721f43","error_uri":"https://login.microsoftonline.com/error?code=900144"}
The connector looks like this->
I have tried other ways as well.
The following error ->
{"error":"invalid_grant","error_description":"AADSTS50126: Error validating credentials due to invalid username or password.\r\nTrace ID: fec65949-0701-4727-af3b-2c2b8eb73a00\r\nCorrelation ID: 42c6c04b-98be-477d-8d36-52a01a473a40\r\nTimestamp: 2022-10-26 19:23:50Z","error_codes":[50126],"timestamp":"2022-10-26 19:23:50Z","trace_id":"fec65949-0701-4727-af3b-2c2b8eb73a00","correlation_id":"42c6c04b-98be-477d-8d36-52a01a473a40","error_uri":"https://login.microsoftonline.com/error?code=50126"}
I get from the the next HTTP connector inputs. I tried creating a query out of the previous json. It says the username or password are invalid but I logged in successfully for a number of times with those exact credentials. That I am sure of.
The dummy inputs in the picture are used to avoid the real ids, username and password.
This worked for me ...
Add a header setting Content-Type to application/x-www-form-urlencoded and add the URL form encoded content string like thus ...
client_id=<CLIENT_ID>c&grant_type=password&username=<USERNAME>&password=<PASSWORD>&scope=User.read
If you're using the password grant type approach, you shouldn't need a client secret, just the client ID.

Missing "emailAddress" in response for some users

My app is using linkedin as oauthd login method. For some of users there is no valid response when I'm trying to fetch email address (https://learn.microsoft.com/en-us/linkedin/shared/references/fields/basic-profile#email-fields)
Request:
GET https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))
Response:
200 {"elements":[]}
^^^ missing email field
200 {"elements":[{"handle":"urn:li:emailAddress:472511033","handle!":{"message":"Downstream service returned an empty response for URN.","status":404}}]}
OK, but failed?
Normal response looks like this:
200 {"elements":[{"handle~":{"emailAddress":"XXX#XXX"},"handle":"urn:li:emailAddress:XXX"}]}
Is there any settings in linkedin profile that blocks requesting emailAddress?
I found in documentation that this is related to new users that was registered using phone.
The API call would return empty response body if the authenticated user was registered via phone number, and never added any primary email address into their LinkedIn account previously. The value of type is case sensitive, and can only be EMAIL in this case.
https://learn.microsoft.com/en-us/linkedin/shared/integrations/people/primary-contact-api#retrieve-email-address

Laravel Passport - Grant Type Not Supported

I have installed Laravel Passport per the documentation and I have modified all areas of my code that is required.
I am working on setting up Password Grant Tokens so that users will be able to get an API token when logging in with their username and password for the site. I am hitting an issue though when it comes to the grant_type.
For some reason Laravel is complaining about an invalid grant type.
{
"error": "unsupported_grant_type",
"message": "The authorization grant type is not supported by the authorization server.",
"hint": "Check the `grant_type` parameter"
}
These are the fields that I am posting to /oauth/token
client_id = 4
client_secret = SMiYE7XqDNtXKQnmkYmFnXxfAaV83vRhnJ9zwCtZ
username = jcrawford#domain.com
password = **************
grant_type = password
scope = *
I have run php artisan passport:install and I have also tried running php artisan passport:client --password
Both commands worked and both created the client and secrets, however, I cannot seem to get past the error about the grant_type.
Any suggestions on what I should look at to get this solved so that Password Grant Tokens will work for me?
It appears that you must send the parameters as form data and not in the headers like I was doing... Rookie Mistake!
I'm using Postman and I have put all parameters in Params. Postman shows the following response
{
"error": "unsupported_grant_type",
"message": "The authorization grant type is not supported by the authorization server.",
"hint": "Check the `grant_type` parameter"
}
Now I put all parameters in Body and then press the Send button, It's working well.
For me the problem was that i wasnt using Request $request, i was using RegisterRequest $request which i had created.
Initial URL
https://restfulapi.test/oauth/authorize?client_id=3&redirect_url=http://restfulapi.test?response_type=code
Solution
https://restfulapi.test/oauth/authorize?client_id=3&redirect_url=http://restfulapi.test&response_type=code
I had to replace the question mark before response_type with the &
Reading the Laravel documentation saved me a lot of stress. The oauth\token is used to retrieve token using the grant type specified, the route will return a JSON response containing access_token, refresh_token, and expires_in attributes. The expires_in attribute contains the number of seconds until the access token expires (ref) You are meant to
Install passport
Publish the service providers and migrations and migrate.
Setup a route for login/register to create an account and login.
In your User model, add HasApiTokens from use Laravel\Passport\HasApiTokens;
In your response in your login method, add the token as part of the response.
Test your response on postman

Email Address Varification Application in ASP.NET

I am getting 555 syntax error in mailfrom
SendData(tcpSocket, string.Format("MAIL From: {0}\r\n", MailFrom));
if (!CheckResponse(tcpSocket, 220))
{
tcpSocket.Close();
return false;
}
is it the problem in my local system because of localhost?
Please help me. I am using this code from below link.
http://www.codeproject.com/Articles/5189/End-to-end-Email-Address-Verification-for-Applicat
Please don't try to implement your own SMTP client, use the one that comes with .NET: System.Net.Mail.SmtpClient.
Many SMTP servers require TLS, for example, which your code does not account for.
Furthermore, for security reasons most mailservers will not reveal if an email address in an RCPT TO line is valid or not. If a system can positively reveal an address exists then it can be used by spam harvesters. Consequently using a dry-run of an SMTP client should only be used to validate an email address (because of the complicated rules regarding valid email addresses). The verification (a separate concept from validation) must be performed manually by requiring the user to respond to an email sent to that address, there is no other way to be sure.

How to check whether an SMTP mailbox is available

I want to check whether an SMTP mailbox is available for a given username and password. I am using the SmtpClient.Send method to send the email, but before sending it I want to check the whether the credentials provided are correct and also to check whether the SMTP server is valid.
How can I do this from C#?
I don't think the API provides the equivalent of an "is valid" type of query. However, when you look at the documentation, it states that an SmtpException will be thrown if the send fails; two of the reasons for failure include what you were looking for
invalid server (i.e. you couldn't connect with the SMTP protocol)
authentication failed (i.e. invalid username and password)
So handling that exception and inspecting it for whether the failure was indeed due to an authentication failure or a server connection failure should provide you with what you need.

Resources