I use the standard go library golang.org/x/oauth2 to acquire an OAuth2 token from Microsoft users.
This is the oauth2 config I use:
return oauth2.Config{
ClientID: clientID,
ClientSecret: clientSecret,
Endpoint: microsoft.AzureADEndpoint("common"),
Scopes: []string{
"https://graph.microsoft.com/.default",
},
}
This is how I get the redirect URL:
oauth2Config.AuthCodeURL(state, oauth2.ApprovalForce, oauth2.AccessTypeOffline)
And this is how I exchange the code acquired in my oauth2 callback to the oauth2 token:
oauth2Config.Exchange(ctx, code)
I use the same code for integrating with github, google cloud platform, bitbucket and digitalocean. It has been working fine for me and it does work with Microsoft but sometimes I randomly get one of the following errors:
AADSTS90013 Invalid input received from the user
or
AADSTS900144: The request body must contain the following parameter: 'grant_type'.
And I don't understand what might be the reason. The first error potentially could be caused by some JS bugs in the Microsoft consent screen. The second error makes no sense – oauth2 lib sets grant_type value correctly, I search for this error and it says the issue could be in the incorrect encoding which should be x-www-form-urlencoded but I've looked up oauth2 library and confirmed that's exactly what it does.
Or maybe there's a timeout for a repeated acquisition of a token under the same user.
UPD: I get these errors during the exchange of a code to a token
UPD2: I started to get oauth2 errors randomly with other providers, such as DigitalOcean, the errors also happens during the code to a token exchange. Errors like this:
ERROR STACKTRACE: oauth2: cannot fetch token: 400 Bad Request
Response: {"error":"bad_request","error_description":"invalid semicolon separator in query"}{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed."}
could not get auth token
I've looked up values in my oauth2 config, it's all correct, the values however are not url encoded (I assume oauth2 lib handles this).
I've recently upgraded my go to 1.17.6
UPD3: I've noticed that my oauth2 configs both for DigitalOcean and Microsoft didn't have AuthStyle specified, so I've set it manually to oauth2.AuthStyleInParams. But this still didn't resolve the issue. After a few repeated attempts with DigitalOcean it started to randomly return the following error:
Response: {"error":"bad_request","error_description":"invalid semicolon separator in query"}{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed."}
which I don't even think is a valid error, there's no semicolon symbol neither in the request URL nor the body
UPD4. It may sound stupid but when I restart my app (I run-debug it via GoLand) DigitalOcean oauth works just fine until I connect a Microsoft account via oauth2 (which also works fine), but then if I connect (reconnect) DigitalOcean account again then it just stops working ¯_(ツ)_/¯
UPD5. Below is the debug watch of doTokenRoundTrip function inside oauth2 library. The token exchange request returns 400 bad request
The request body:
client_id=[redacter]&client_secret=[redacted]&code=e50e6dc91ec6b855becdef7a32cc4e28684851ccf385b2f6bb667ed6ec1172df&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fv1%2Fdigitalocean%2Foauth2%2Fcallback
The URL and the body both looks good to me. However this returns the following error:
Response: {"error":"bad_request","error_description":"invalid URL escape "%\x9b\x06""}{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed."}
UPD6. Exchange request headers:
The issue caused by the extra headers. Normally it should be only Content-Type: application/x-www-form-urlencoded header but as you can see above there are extra headers including Content-Encoding: gzip which probably causes the issues. These headers added after I connect Microsoft account via oauth2, more specifically is because I use microsoft graph sdk (github.com/microsoftgraph/msgraph-sdk-go) after acquiring the token. This SDK implements RoundTripper interface that eventually adds extra headers.
Submitted the issue to graph sdk https://github.com/microsoftgraph/msgraph-sdk-go/issues/91
I think second error refers to the grant_type missing in the config
grant_type:authorization_code,
code: {code you got from the authorization step},
client_secret: ****
Other way of accessing the OAuth 2.0 Token, Please refer this Document
TL;DR: It seems to me that the problem is in the "redirect_state" query parameter in the redirect_uri. Instagram fails oauth2 requests with any query params.
I tried both drf-social-oauth2 and django-rest-framework-social-oauth2 python packages, with the same result.
I receive a 400-response from Instagram API:
400 Client Error: Bad Request for url: https://api.instagram.com/oauth/access_token
Reproducing the process from the console I get more details. A body of the response is:
{"error_type": "OAuthException", "code": 400, "error_message": "Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request"}
Steps to reproduce the behaviour:
Set "Valid OAuth Redirect URIs" in an "Instagram Basic Display" app.
https://api.mydomain.com/auth/complete/instagram/
https://api.mydomain.com/auth/complete/instagram
Redirect my client to the URL:
https://api.instagram.com/oauth/authorize
?client_id=<my_client_id>
&redirect_uri=https://api.mydomain.com/auth/complete/instagram/?redirect_state=<value>
&scope=user_profile,user_media
&response_type=code
When the client is redirected, copy code from the URL.
Then I reproduce the libraries' request:
curl -X POST \
https://api.instagram.com/oauth/access_token \
-F client_id=<my_client_id> \
-F client_secret=<my_app_secret> \
-F grant_type=authorization_code \
-F redirect_uri="https://api.mydomain.com/auth/complete/instagram/?redirect_state=<value>" \
-F code=<code_copied_from_clients_url>
Receive 400-response:
{"error_type": "OAuthException", "code": 400, "error_message": "Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request"}
In my Instagram profile (https://www.instagram.com/accounts/manage_access/) I see successfully added my Instagram business app.
Expected behaviour
At step 5 I expect to receive an access_token and a user_id:
{"access_token": "<access_token>", "user_id": <user_id>}
And it works this way, only in case I remove test=test from the both: auth URL from the 2nd step and the 4th step.
Additional context
I use python 3.9.7 with:
Django==3.2.10
social-auth-app-django==5.0.0
social-auth-core==4.1.0
django-oauth-toolkit==1.6.1
My Facebook/Instagram app didn't published ("App Mode: Development"). But my Instagram accounts (which I use for testing) is added as a Tester into the Facebook/Instagram app.
I even tried to put test instead of redirect_state query parameter, and it doesn't work too.
My app settings:
I'm not sure that the problem is in the library. Maybe in my Instagram business app configuration. But I don't have any clue to get how to fix it.
I'm trying to do a simple PUT in the Postman Mac app to a Laravel 5.3 update web route.
Every time I do, I'm given a TokenMismatchException error.
I've tried:
Putting the token value in _token in the PUT body.
Putting the token headers as X-CSRF-TOKEN.
I've tried the Postman Interceptor with the proxy on so that it auto-gathers the correct cookies and token when I submit the form I'm simulating on my dev site.
I've tried a combination of all three of these.
None of this works.
Postman is normally a very valuable tool but Laravel seems to be defeating it (and me) at the moment.
What am I missing here?
I think you are missing sending token in 'Authorization' header for the request in postman in this format:
Authorization: Bearer {token here}
I have attached the screenshot here as well.
I am able to get authorization token, but getting error at access Token, These are the steps I am doing now,
1.Obtain the code:
https://{host}/oauth2/endpoint/connectionsProvider/authorize?response_type=code&client_id=sample_application&redirect_uri=http://{host}
I got back something like:
http://{host}/?code=XMQPNpxCxkRCfIXMFbWiTQVD4PcM11
2.Try to get access token using: POST method:
POST https://{host}/oauth2/endpoint/connectionsProvider/token?grant_type=authorization_code&redirect_uri=http://{host}&client_id=sample_application&client_secret=pIEaHOQ6odz0Vr9fKTmiS0NgQF2uGAUDl2i9ZHS38qE7TGZD2nn3RcSl2bEI
With payload data as: code=XMQPNpxCxkRCfIXMFbWiTQVD4PcM11
In the 2nd steps only I am getting error.
Please advice me.
-WillSteel
Resolved the issue the problem was the header we were sending was MediaType.APPLICATION_JSON but the token end point api expects MediaType.APPLICATION_FORM_URLENCODED, so by changing the header the oauth flow worked.
Trying to generate API documentation via laravel-apidoc-generator, and get the following error:
I tried to use actAsUserId and header options and got the same error.
I have the same problem, and still have, but you can try to send authorization token via headers, and if that doesn't work, try to send the token as Query String Parameter. Neither of those work for me...