I'm trying to use Office365(outlook) API to read emails.
sending a GET request to https://graph.microsoft.com/v1.0/me/messages with the accesstoken in Request Header will get me the inbox.
Access token expires after some time and i want to get the access token dynamically now.
Can you please suggest and help me a way to get the accesstoken dynamically?
Related
Is there any possible way to generate access Token so that when anyone
tries to retrieve data from the API they must pass the token as header
to get access to that
I have been searching for it but it every website is showing this->
$user = Auth::user();
$success['token'] = $user->createToken('MyApp')-> accessToken;
There won't be any user for this purpose, When the other website will hit this api with valid header it will atomatically send all the data to that device .....
can anyone help me with this any help would be highly appreciated ....
Why dont you create a database called token and store multiple token strings.
Then, whenever, a request hits the server it checks for that token is present or not in the https header.
This way you can create multiple tokens and share it with your API partners. However, this is always public so you might want to add security features on it.
Since you dont have users, there will not be a two way handshake such that you will have to keep sending same token on all requests
So my proposal would be use of API Secret keys.
Steps:
Store api keys in database tables
Send API keys in http headder
As soon as the request hits the server check if token is present in the header
IF token is present check if the token matches database records
By the way without a user the api token is not that secured.
I'm working on the Flutter app which is using APIs to get the data from the server. The flutter app is public and anyone can use without login to the application. And all working fine.
My question: is there is any way to identify where the API request comes from. Because anyone can use this API to get data and this may lead flooding the server.
If it is possible to find out from where the request is coming from, then I can process the request that is ONLY from my Flutter application.
Is it possible?
Use https as protocol and add an api key and client secret to your app.
Then protect your api with e.g. http basic auth or OAuth.
https://laravel.com/docs/7.x/authentication#stateless-http-basic-authentication
https://laravel.com/docs/7.x/passport
when the first request comes in to the server, issue a token, for example
(psuedo code)
//here stringContainingData can be a json string having details about the client and the connection
token = MyHashingFunctionUsingAPassword(stringContainingData,MyStrongPassword);
after sending back the token, next api access should contain the token with every request if not reject, if the token exists, do this
stringContainingData = MyDeHashingFunction(token,MyStrongPassword)
//verify data
mappedToken = stringToMap(stringContainingData);
if(mappedToken.containsKey('keyThatShouldBePresent') //acknowledge request
else //reject request
to reject further flooding, set max requests/second from a single IP
I have created a Laravel 5.4 App, which is a REST based API for serving out data about our inventory to customers.
I have implemented Passport based Authentication, and My customers create a 'Personal Access Tokens' and use that in their client requests. All of this is working fine.
I now need to meter the usage of the API to figure out which user, and which token (by Name) is making the request.
I am able to get the User by using $request->session();, but how do I get the name of the Token that is making the request?
Laravel passport searches for valid tokens in 2 locations:
the bearer token
a cookie
When boiled down, you could use this method to find the token you seek:
$token = $request->bearerToken() ?? $request->cookie(Passport::cookie());
I have configured Go with OAuth against Google. I am then using the access token to do requests against gmail api, contacts api, drive api etc etc. These need the string that is the actual access token, as opposed to the object *oauth2.Token.
Everything works while the access token is valid. Once its not valid, I can't access the data. This makes sense as I need to use the refresh token to get a new access token, before doing the queries against the services.
My understanding is the *http.Client that you create from the OAuth token will do the refresh for a new access token if its necessary, automatically.
However what I am not sure about is how to get the latest access token out of the client to then use as part of the GET request against Google APIs to auth the service.
So to summarize:
//generate client
//get accessToken.AccessToken from client
//do HTTP GET request to get a users image from contact api (or something)
//pass as either a GET parameter, or as a header the access token
If the client handles refreshing the token, then I need to use the client to get the access token so its valid.
How do you do that? I've looked into using config.TokenSource(ctx, tok) and then i can call TokenSource on that, but that doesn't need the client and therefore the token is not refreshed as far as I can tell.
The following function in the "golang.org/x/oauth2" package auto-refreshes the token as necessary.
func (*oauth2.Config).Client(ctx context.Context, t *oauth2.Token) *http.Client
https://pkg.go.dev/golang.org/x/oauth2#Config.Client
I am using MobileServiceClient for authentication, my provider is Microsoft and Google. After success login in response I am getting auth Token and Sid. But I want more detail. I am using this service for Xamarin forms. Is there any way to get more detail of login user like email, username, verified_email, family_name etc?
Yes. Send a request to the /.auth/me endpoint with the X-ZUMO-AUTH header set to the ZUMO token. You will get back a JSON blob that contains all the claims plus the identity provider token. You can use these to get the information you need if it is available.