My LogicApp A will call Salesforce API. Before calling the API, it should call the Salesforce Token endpoint with grant_type=password to fetch the access_token. The token will be valid for 1 hour. Next time my Logic App A is called by consumer, it will first check the cache for the token and if received will fetch the token from cache and then invoke Salesforce with the Authorization Bearer <access_token>. If not found in cache, it will call the Salesforce OAuth Access Token endpoint and get the token and again store into cache and subsequently passed on to the next API call. Is there any lead to how to do this in Logic Apps ?
Related
I am trying to get new access token from my refresh token for google drive api. In my google playground it works but when I want to create the same request in postman or my code it doesn't work and I always get error "Invalid grand type". I don't know to find what is problem.
google developers playground
postman headers and body
You need to understand that there is three steps to the Oauth2 dance.
step one is requesting access of the user and getting the authorization code.
HTTP GET https://accounts.google.com/o/oauth2/auth?client_id={clientid}.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code
Note &response_type=code tells the server you want an authorization code returned.
step two is to exchange that code for an access token and refresh token.
POST https://accounts.google.com/o/oauth2/token
code=4/X9lG6uWd8-MMJPElWggHZRzyFKtp.QubAT_P-GEwePvB8fYmgkJzntDnaiAI&client_id={ClientId}.apps.googleusercontent.com&client_secret={ClientSecret}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code
Note the part where it says &grant_type=authorization_code. this tells the server you are giving them an authorization code.
3 the final step is refreshing your access token.
POST https://accounts.google.com/o/oauth2/token
client_id={ClientId}.apps.googleusercontent.com&client_secret={ClientSecret}&refresh_token=1/ffYmfI0sjR54Ft9oupubLzrJhD1hZS5tWQcyAvNECCA&grant_type=refresh_token
Note &grant_type=refresh_token you are telling the server you are sending them a refresh token.
You appear to be sending a refresh token with the wrong grant type.
I have a video on how to set up postman to use google oauth2
How to set up Oauth2 in PostMan.
Google 3 Legged OAuth2 Flow
Note: Due to a recent change with Making Google OAuth interactions safer by using more secure OAuth flows redirect uri of urn:ietf:wg:oauth:2.0:oob is going to stop working soon.
I am using Trustpilot API and I need to handle a scenario when refresh token expires. I did not find the response in API documentation.
If the API indicates that your token is expired, the scenario is covered. How you handle this is the scope of you application and not the API.
I have three applications: REST API with Resource Server, Authorization Server and javascript client on VueJs that should use REST Api. Problem in using access token that I get after authorization. First I decided to use local storage or cookie for storing access token, but as I read It's not secure. It's recommended to use cookie with httpOnly, but I can't to access from js. Addition token in url params as well not right way. So what I should to do for using my Rest Api? I'm using Authorization Code grant flow.
When you have a Javascript client, the client itself should act as an OAuth2 client.
Meaning, the server is not what gets the token. The client, the javascript application in the browser, will fetch the token from the authorization server.
You achieve this by using a grant type called implicit.
In this grant type, there is no client_secret, but you must have a valid client_id. You will also not receive a refresh token. But you can receive access tokens and id_token (if you have an OIDC server).
Your question hints at you doing a server side grant (authorization_code,password,etc) and then sending that token to the javascript client. This would be incorrect.
For a great description of OAuth2, we have published this video: https://www.youtube.com/watch?v=u4BHKcZ2rxk
Your JavaScript application would do this:
Do I have a valid token? No
Start implicit grant
Receive token from authorization server
Store token in memory var token = ....
Use the token to invoke API endpoints on the server
Repeat step 5 until token is no longer valid
Go back to step 1
Next step for you is to watch the video and learn more about implicit grant type
As you already guessed, going down the road of getting a token on the server and then sending it to a non secure client exposes your applications in ways you probably do not want.
I am using the OAuth capability in Azure Bot service to access the Microsoft Graph.
I have the need to communicate with the SharePoint Online REST endpoint. Typically, I would request and cache a refresh token from AAD, then use that refresh token to acquire a second access token, specifying the sharepoint.com address as the resource.
When using the OAuth connections in the Azure Bot service, I can get an access token by calling the GetUserToken method of the dialog context. However, I cannot get the refresh token from the bot service.
Q: Is the refresh token exposed as part of the BotBuilder library, or in some other fashion?
You must include the offline_access scope on your OAuth Bot configuration and on bots API permission within your Azure bot registration (Go to AAD - Application Registration (Preview) - API Permission).
Otherwise the bot service will not be able to refresh the token when it expired after 60 minutes by default.
For more information's on scopes see here.
Further explanation:
Without the offline_access scope included in the token request, the refresh token is not submitted and only an access token is provided. With the scope included, a refresh token will be provided to the caller which (in this case the bot service) can use to acquire a fresh token at any point until the refresh token itself expires.
I want to get an API token for a specific user using openshift rest api. I have a web application which can be used by any user in my organization. I want to be able to authenticate the user in my application using an internal oauth service, after authentication, i want to authorize the user to be able to call openshift rest apis.
I have found 2 APIs, /authorize and /token which get called up to generate api tokens which can be sent as Bearer 'Token' in the REST APIs headers. But not able to find a way to call them. I have been facing CORS errors calling these APIs using AJAX request.
https://openshift-master.bruxelles.sodigital.io/oauth/authorize?client_id=openshift-browser-client&response_type=code
This url is internal to my organisation which authenticates the employees if not authenticated, and then displays a token on the web page. I want to be able to get that token.