I'm trying to use the sandbox from https://fhir.epic.com/ for Backend Services.
I am following this tutorial : https://fhir.epic.com/Documentation?docId=oauth2§ion=BackendOAuth2Guide :
I already register a new app,
created a JWT (using SSL keys)
tested the JWT on https://jwt.io/ : works fine!
But I cannot POST the JWT to the endpoint to obtain the access token. I should send a POST request to this URL: https://fhir.epic.com/interconnect-fhir-oauth/oauth2/token.
The app is working for 8 months and suddenly stopped working and throwing below error.
{
"error": "invalid_client",
"error_description": null
}
Tried creating new app, created new certs but still no luck.
Related
I have created a Laravel application in which I have implemented Login and register with Facebook and Google using the socialite package and it's been working as expected, however when a user doesn't login with google for a long time the next time they try to login they get the error
Client error: GET https://www.googleapis.com/oauth2/v3/userinfo?prettyPrint=false
resulted in a 401 Unauthorized response: { "error":
"invalid_request", "error_description": "Invalid Credentials" }
why is this the case?
I need to create request for getting data from Google Analytics API in Postman. I managed to generate access token with playground platform but I need permanent refresh token (in playground I can generate only 24h token).
I tried to generate token in Console API:
I've created project
Add analytics API in my project
Generate client ID and secret code
But I don't know which redirect URL using. Default value that was generate in JSON is urn:ietf:wg:oauth:2.0:oob","http://localhost
Than I've generated authorization code with request (from browser):
https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/analytics&redirect_uri=http://localhost&response_type=code&client_id=XXXX
And when I tried to generate access_token with POST request in Postman, sending such keys:
code:XXXXXX
redirect_uri:urn:ietf:wg:oauth:2.0:oob (also tryed http://localhost)
client_id:YYYYY
client_secret:ZZZZZZ
scope:https://www.googleapis.com/auth/analytics
grant_type:authorization_code
And got error
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
How should I set grant for Postman? Could you help me to resolve issue and understand what I do wrong
I managed to resolve my issue. It should be added redirect_url https://www.getpostman.com/oauth2/callback
Following the article https://blog.botframework.com/2017/06/19/Load-Testing-A-Bot/ to test a bot.
Im trying to get an accessToken, but Im getting a 500. The same is happening if I run the Emulator from code. The downloaded emulator works fine.
{
"error": "server_error",
"error_description": "AADSTS70002: Error validating credentials.\r\nTrace ID: 06f655dd-dc88-49ec-a429-1c86fc1a1b00\r\nCorrelation ID: 070d67cc-361f-45ad-a0bb-d07d5d1e73f4\r\nTimestamp: 2017-07-31 00:54:46Z",
"error_codes": [
70002
],
"timestamp": "2017-07-31 00:54:46Z",
"trace_id": "06f655dd-dc88-49ec-a429-1c86fc1a1b00",
"correlation_id": "070d67cc-361f-45ad-a0bb-d07d5d1e73f4"
}
The process to get the access token is to post to https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token with
x-www-form-urlencoded values:
grant_type=client_credentials
client_id= <YOUR MSA APP ID>
client_secret = <YOUR MSA APP SECRET>
scope = <YOUR MSA APP ID>/.default
Note: a locally built version of the Emulator, with a fresh clone, also has the same issue, while the downloaded version connects correctly
The latest master on Emulator is breaking the access token request. You need to checkout the commit 4923221 to make it work.
To get the access token directly with a post request: the post url is https://login.microsoftonline.com/common/oauth2/v2.0/token , and the scope is https://graph.microsoft.com/.default
The rest should be as specified previously
I want to push/pull messages to topic on Google Cloud PubSub service. I need to fetch these messages with AJAX without promoting login/permissions screen to end user (i.e. end user can use this service without login). I have tried to add key={spiKey} in query string, but unable to get data every time get 401 error
{
"error": {
"code": 401,
"message": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"status": "UNAUTHENTICATED"
}
}
Update
I have been able to get a Bearer token using instructions from this thread
Here are the instructions in Postman:
Url: https://login.windows.net/[tenantname].onmicrosoft.com/oauth2/token
Type: POST
Headers: none
Body: form-data
grant_type: client_credentials
client_id: [client-id]
client_secret: [client-secret]
However, if I send the same token in my call to a Web API endpoint, I still get back "Authorization has been denied for this request"
Why is it still not authorizing ?
End Update
I have created an ASP.Net Web API project which is protected using an organizational Azure AD instance. I have set up the tenant id, client id and secret correctly.
The Azure AD instance is the same one backing our Office 365/SharePoint instance and the idea is to create SharePoint Add-Ins which can call the services using the logged in user's context.
I am stuck at testing the API. I can call unauthorized endpoints without any issue. However, when I add the [Authorize] attribute, I always get back this response: "Authorization has been denied for this request."
As I understand it, I need to generate a bearer token and add it to my Postman request in the header (see image). After much Googling, I still have not been able to make this work.
My question is: How do I generate a bearer token for a Web API instance protected by Azure AD.
My configuration code is as below:
public void ConfigureAuth(IAppBuilder app)
{
app.UseWindowsAzureActiveDirectoryBearerAuthentication(
new WindowsAzureActiveDirectoryBearerAuthenticationOptions
{
Tenant = ConfigurationManager.AppSettings["ida:Tenant"],
TokenValidationParameters = new TokenValidationParameters {
ValidAudience = ConfigurationManager.AppSettings["ida:Audience"]
},
});
}
First, you can use POSTMAN to test web api protected by the Bearer token. Here's my postman screenshot:
POSTMAN sending bearer token to web api
Basically: in the request header, specify the key as "Authorization", and value as "Bearer [your token". IF you run into errors, look the headers of the response and you'll see more detailed error info.
Note, most tokens have an expiration period, you can try to verify if your token is valid. e.g. https://jwt.io/