How do i get access token from wix - velo

I am working on a wix website, so i need to access wix store API.
I need access token so be passed with the response
I have tried doing that with this https://dev.wix.com/api/rest/getting-started/authentication, but i am getting "invalid auth code"
{
"grant_type": "authorization_code",
"client_id": "***********",
"client_secret": "********",
"code": "*******"
}

Related

Creating a new user from postman in Strapi v4

I need to create a new user using postman
I use the address: http://localhost:1337/api/users, make a POST request to it with the following data:
{
"data": {
"username": "Rafael",
"email": "rafael#rafael.com",
"password": "1234",
"confirmed": false,
"blocked": false
}
}
But I get
{
"data": null,
"error": {
"status": 500,
"name": "InternalServerError",
"message": "Internal Server Error"
}
}
And in VS Code I get: error: Forbidden access
What could it be?

Forbidden access 403, can be caused by several things:
You didn't pass API token (jwt) to the request header (Bearer token)
You have to allow the user/admin role to access User collection.
You can find all the config in the Admin Panel Settings menu.
Create and manage API token in Strapi: https://docs.strapi.io/developer-docs/latest/setup-deployment-guides/configurations/optional/api-tokens.html#api-tokens
Configure admin role access: https://docs.strapi.io/user-docs/latest/users-roles-permissions/configuring-administrator-roles.html
Configure end-user role access: https://docs.strapi.io/user-docs/latest/users-roles-permissions/configuring-end-users-roles.html
Hope it helps!

Decoding jwt token returned by the new google identity api

I have created a login button with google identity javascript api https://developers.google.com/identity/gsi/web/guides/display-button#javascript
I have successfully returned a jwt token and decoded it successfully. I have a field in the jwt token called kid and the docs say this is its purpose
the thumbprint for the public key used to verify this token
Will the kid field always be the same for the email i logged in with and can it ever change?
I am looking to extract a field from the jwt that will never change so that i can track users who have logged in on web and on android apps.

Run the id token through Jwt.io The payload data should look something like this.
{
"iss": "accounts.google.com",
"azp": "1046123799103-q2fg15qscp8apoh8fcf490o3d0bk.apps.googleusercontent.com",
"aud": "1046123799103-q2fg15qscp8apoh8fcf490o3d0bk.apps.googleusercontent.com",
"sub": "117200475532672775346",
"email": "XXXXX#gmail.com",
"email_verified": true,
"at_hash": "LqL3dnsD9w-elE-unya7-g",
"iat": 1662038461,
"exp": 1662042061
}
In this example the sub is the users internal id on google.
If i run it though the token info endpoint
https://oauth2.googleapis.com/tokeninfo?id_token=Id_token
I get the same sub claim
{
"iss": "accounts.google.com",
"azp": "1046123799103-q2fg15qscp8apoh8fcf490o3d0bk.apps.googleusercontent.com",
"aud": "1046123799103-q2fg15qscp8apoh8fcf490o3d0bk.apps.googleusercontent.com",
"sub": "117200475532672775346",
"email": "XXXX#gmail.com",
"email_verified": "true",
"at_hash": "M_28bzozJTabf3e8Q1yyeQ",
"iat": "1662045590",
"exp": "1662049190",
"alg": "RS256",
"kid": "402f305b70581329ff289b5b3a67283806eca893",
"typ": "JWT"
}
Sub claim is normally used for account linking between the internal user system of a site and the external third party logins.

you can use base64url_decode function to decode your jwt like that, I had the similar problem that I've solve like that in symfony 5.3:
$jwt = $request->request->get('credential');
$match=explode('.',$jwt);
function base64url_decode($base64url)
{
$base64 = strtr($base64url, '-_', '+/');
$plainText = base64_decode($base64);
return ($plainText);
}
$payload=base64url_decode($match[1]);
$payloadObject=json_decode($payload);
$verif = $payloadObject->email_verified;
$email = $payloadObject->email;
...etc

InvalidAudienceForResource exception with Exchange.Callback.V2 token in Outlook for iOS

I have an Outlook add-in with ReadWriteMailbox permissions that calls Office.context.mailbox.getCallbackTokenAsync({isRest: true}) to get what is generally a valid auth token:
{
"oid": "oid",
"puid": "puid",
"smtp": "xxx",
"upn": "xxx",
"clientappid": "3382ce5c-ed22-4195-aeca-c5b67384706f",
"ver": "Exchange.Callback.V2",
"appid": "00000002-0000-0ff1-ce00-000000000000",
"deploymentid": "https://outlook.office365.com/",
"tid": "tid",
"acr": "1",
"appidacr": "0",
"scp": "Mail.ReadWrite Mail.Send Calendars.ReadWrite Contacts.ReadWrite",
"nbf": 1588259750,
"exp": 1588260650,
"iss": "https://outlook.office365.com/",
"aud": "a_vanity_url",
"happ": "API"
}
In Outlook for iOS, I am now seeing this exception in a handful of environments:
{
"readyState": 4,
"responseText": "omitted_for_redundancy",
"responseJSON": {
"error": {
"code": "InvalidAudienceForResource",
"message": "The audience claim value is invalid for current resource.
Audience claim is 'a_vanity_url',
request url is 'https://outlook.office365.com/api/v2.0/me/messages/a_message_id'
and resource type is 'Exchange'.",
"innerError": {
"requestId": "requestId",
"date": "2020-04-30T15:15:51"
}
}
},
"status": 401,
"statusText": "Unauthorized"
}
The common theme seems to be whenever an MDM/MAM is configured (usually Intune), and it's happening across all managed devices on the tenant, and continues to fail until a device is unregistered and its Outlook accounts are removed and re-added.
Is there something I can do differently when I request an auth token to prevent this failure? Or is there a device management setting that Outlook for iOS requires to run add-ins?

Thank you for reporting and it seems like it is not an addin issue. Can you please raise a support case with Intune by going to Link, navigate to "Troubleshooting + Support". The corresponding team will address the issue.

The workaround here is just to use the vanity domain returned in the JWT's audience claim as the API URL base instead of the value returned by Office.context.mailbox.restUrl.

Why Am I Getting Authorization Failed for Pinterest App?

I just ran the command below on my newly created app and get Authorization Failed message. I ran the Token Debugger and the access token is good. How do I fix this?
https://api.pinterest.com/v1/me/pins/?access_token=<ACCESS-TOKEN>&fields=id,creator,note&limit=1
Response:
{
"status": "failure",
"code": 3,
"data": null,
"message": "Authorization failed.",
"endpoint_name": "get_own_pins"
}

You need to include your access token with the api.pinterest.com url
https://api.pinterest.com/v1/me/pins/?
access_token=<YOUR-ACCESS-TOKEN>
&fields=id,note
&limit=1
Replace <YOUR-ACCESS-TOKEN> with your pinterest access token

Is it possible to use JWT Bearer received from MSAL (MS identity platform) to access MS AppCenter API?

I am writting Android app to call MS Appcenter API (https://openapi.appcenter.ms/) and want the users of the app to login with their credential so i can not use pregenerated tokens.
I am able to get JWT token using MSAL android library com.microsoft.identity.client:msal:0.2.2
If I try to call the API "https://api.appcenter.ms/v0.1/user" with Authorization: Bearer ... header I got response {"message":"Fail to verify JWT Token.","statusCode":401,"code":"Unauthorized"}
Neither X-API-Token works with the token (not a surprise)
It is interesting if I lookup JWT token from GoogleChrome dev tools and use it either with curl: curl -X GET "https://api.appcenter.ms/v0.1/user" -H "accept: application/json" -H "Authorization: Bearer ..." or hardcode into my android app I get success response.
So it is definitely possible to use "some" JWT token to access Appcenter API, but it is unclear is it possible to get working JWT token from MSAL and what I should use instead it if it is not possible.
My first suggestion is I have to use the correct "SCOPE" audience, but it is not documented and quick guesses did not help
The way I get JWT token from MSAL (have success to get it)
val SCOPES = arrayOf("email")
val authClientApplication = PublicClientApplication(context, clientId)
authClientApplication.acquireToken(
context,
SCOPES,
object:AuthenticationCallback {
override fun onSuccess(authenticationResult: AuthenticationResult?) {
Log.d(TAG, "Successfully authenticated");
Log.d(TAG, "ID Token: " + authenticationResult?.idToken);
token = authenticationResult?.idToken
}
...
The way I try to use the JWT token (fails with 401 if JWT got from MSAL)
val client = OkHttpClient()
val request = Request
.Builder()
.header("Authorization", "Bearer "+token)
.url("https://api.appcenter.ms/v0.1/user")
.build()
try {
client.newCall(request).enqueue(object: Callback{
...
JWT from MSAL decoded content (not-working):
{
"ver": "2.0",
"iss": "https://login.microsoftonline.com/XXXXXX-6c67-4c5b-b112-36a304b66dad/v2.0",
"sub": "AAAAANNNNNAAAAAAAAAAAAJgzlyDKyV8iUg4I-js52sY",
"aud": "long-numbers-of-azure-app-client-id",
"exp": 1561271401,
"iat": 1561184701,
"nbf": 1561184701,
"name": "My Name",
"preferred_username": "my#email",
"oid": "00000000-0000-0000-cd89-898098098",
"email": "my#email",
"tid": "long-numbers-of-something",
"aio": "BASE64lookingGarbage"
}
JWT from GoogleChrome session decoded content (working):
{
"id": "35980548-0000-4c1d-9d9c-2318dc17a4a1",
"origin": "appcenter",
"iat": 1561184258,
"exp": 1561187858,
"aud": "Bifrost",
"iss": "Heimdall",
"sub": "user"
}

Resources