I'm trying to connect to an API of a website using Token Authorization in Postman.
So the URL that I'm trying to connect is a GET URL that goes like this:
https://seller.digikala.com/api/v1/profile/
And then at Postman, I set the Authorization type to BearerToken and copied and pasted the token.
And Headers is also set to Content-Type of application/json:
But I don't know why I get this error:
{
"status": 401,
"message": "Invalid token!"
}
I also test the token at the jwt.io website and it says: Invalid Signature!
So the question is, does the website provide me a wrong and invalid token (because I just copy and paste it and no chance of entering an incorrect token)?
What are the other ways for authorizing this token and how can I get the proper response?
BearerToken is not always JWT
BearerToken is a type of Authorization Header, you can pass to an http endpoint.
BearerTokens can have multiple token_type, like:
jwt,
api_token,
...
the BearerToken is not always jwt, it can have multiple algorithm.
the 12|xxx format is like api_token
Note: one of the signs if you want to know the token is jwt, if its
format is url encoded string with 2 dots, (xxx.yyy.zzz) its a chance
that it would be JWT token
Validating JWT
in the jwt.io you should provide the digikala.com public key to validate the signature.
It said invalid token, because you haven't provide, digikala
public key
but as decoder showed up, the token you have provided is a jwt token with payload data of :
{
"token_id" : 970,
"payload" : null
}
TD;DR
I guess you can access if you login again and try new token
Related
I've setup oidc-provider for pkce (v7x). When I do the following:
request a code from /auth with response_type='code'
Used the code to get token form /token with grant_type=authorization_code
Receive token as shown:
{
access_token: "a8DM82TgXF-cjlzH8yOjuK6_OF9h_JaYJjSPrAdCRG0"
expires_in: 86400
id_token: "eyJhbGci....FQg"
scope: "openid"
token_type: "Bearer"
}
How can I get node-oidc-provider to return a JWT access_token with claims?
You shall use the Resource Indicators feature (oidc-provider docs) and request an access token for a particular resource server, in the resource indicators feature the configuration getResourceServerInfo is for validating the resource indicator provided (or defaulted to) in the authorization request. The return value from this getResourceServerInfo helper also defines the access token format (accessTokenFormat property), when the value is jwt the resulting Access Token is, well, a JWT following the JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens.
I have completed my most of the project but now I am stuck with a new problem. I have to extract the access token from the request which will be in header in Authentication Basic. This is confusing as first I used a simple GET method and was sending the access token in the request itself and extracting that with the use of #RequestParam. I have asked a similar question before but that was for the simple request from the request itself and now I have to do that from the header.
#GetMapping("/persons")
public String loadPersons(#RequestParam("access_token") String access_token) throws ParseException{
String decode_token = pd.testDecodeJWT(access_token);
String token = pd.jsondata(decode_token);
........................ More Code........................
I want to get that token from the request in Authentication Basic format.
I have tried some YouTube tutorials but as I have already done my project almost completely, I want to make minimum changes to it so that no further errors pop up.
Thanks in Advance
To get the value from the HTTP header , you can use #RequestHeader("headerValue") .
But what your question confuse me is that you are using Basic Authentication or JWT ? Basic Authentication is only about username and password and is nothing to do with the access token. It requires a HTTP header with the format :
Authorization: Basic <credentials>
where <credentials> is Base64Encode(username:password).
On the other hand , if you use access token formatted in JWT , the common practise is use Bearer in the "Authorization" header :
Authorization: Bearer <JWT>
So whatever you use , my advice is to use #RequestHeader("Authorization") to get value of the Authorization header first .Then decode the value according to your actual authentication mechanisms:
#GetMapping("/persons")
public String loadPersons(#RequestHeader("Authorization") String authHeader) throws ParseException{
//decode authHeader
}
I complete Login With Token Generate Like This
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0L2x1bWVuL2F1dGgvbG9naW4iLCJpYXQiOjE0NzUwNjAwMzMsImV4cCI6MTQ3NTA2MzYzMywibmJmIjoxNDc1MDYwMDMzLCJqdGkiOiIwOTFjYWNhZGRlODQ1NjNhMzc4M2JkM2EwNDdkZmM3YSIsInN1YiI6M30.VjXTSkzrmzTQSTZvp3VxlWacL8VHyM8XBUa5db8GOOI"
But When i Run api with jwt.auth middleware it give response
{
"message": "Token not provided"
}
How I can solve it
Are you sure you are providing the token in the headers properly as specified in the JWT documentation?
You need to send the Authorization header followed by Bearer TOKEN.
So the final result in your case would be:
Authorization : Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOi8vbG9jYWxob3N0L2x1bWVuL2F1dGgvbG9naW4iLCJpYXQiOjE0NzUwNjAwMzMsImV4cCI6MTQ3NTA2MzYzMywibmJmIjoxNDc1MDYwMDMzLCJqdGkiOiIwOTFjYWNhZGRlODQ1NjNhMzc4M2JkM2EwNDdkZmM3YSIsInN1YiI6M30.VjXTSkzrmzTQSTZvp3VxlWacL8VHyM8XBUa5db8GOOI
I have a Google App Engine endpoints projects which is protected by Oauth2. I saw some request has failed due to Invalid token.
Request URL: https://example.appspot.com/_ah/api/mm/v1/list?filter=q%3Dtest&alt=json
Method: example.resource.list
Error Code: 401
Reason: required
Message: Invalid token.
I could log out the token from the HEADER of the request.
The token I get is access token, format like, ya29.vwGg-....
When I tried with
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=
to find out token information, like issue_to, client_id, extra.
It returns back with
{
error: "invalid_token",
error_description: "Invalid Value"
}
I have tested with
https://developers.google.com/oauthplayground
the url returns back the same error if the token has been expired.
My guess for the reason my request has failed is the token used has expired.
But not 100% sure.
Is there way to find token info about expired access token?
Or maybe more widely,
is there any way to find more info about invalid access token, like why it is invalid or anything else?
I remove google account and add google account, then login works.
Google's guide for Google Sign-In for Android on how to Authenticate with a backend server.
A simple way is to check the token, XYZ123 is your token
https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=XYZ123
There are many ways to get token information. Generally token will be invalid for various reasons so of the important reasons are Invalid Signature and Token expired. You can use https://jwt.io to decode your token and get the info. Your error description clearly tells the reason about why your token is considered invalid. Try deep diving into the code and see why it says invalid value.
i am passing following header information using "rest client" plugin of firefox to the url "localhost/magento/api/rest/customers",
i am pass following header information:
Consumer key :olnnqgwm7gm75rtbft8w1wac4kp4vwig
Consumer secret:u9v6bdlpuopdlryc6vx0yjnslkj4vllo
Access token : null
Access token secret : null
i will give following response:
<magento_api>
<messages>
<error>
<data_item>
<code>401</code>
<message>
oauth_problem=parameter_absent&oauth_parameters_absent=oauth_token
</message>
</data_item>
</error>
</messages>
</magento_api>
so here i want to get Access token and Access token secret how to get it?
Access token : null
Access token secret : null
This is mandatory for getting the details of customer through REST Api. You have to configure the authentication process as defined here, please go through the article and you will get your answer.
Getting an Unauthorized Request Token
URI localhost/magento/oauth/initiate
Method: POST
Return: Sample Response: oauth_token=4cqw0r7vo0s5goyyqnjb72sqj3vxwr0h&oauth_token_secret=rig3x3j5a9z5j6d4ubjwyf9f1l21itrr&oauth_callback_confirmed=true
2.User Authorization
Uri: localhost/magento/oauth/authorize
Method: Get
Sample Response: /callback?oauth_token=tz2kmxyf3lagl3o95xnox9ia15k6mpt3&oauth_verifier=cbwwh03alr5huiz5c76wi4l21zf05eb0
NOTE:The second step of authentication. Without the user authorization in this step, it is impossible for your application to
obtain an Access Token.
3.Getting an Access Token
Uri: localhost/magento/oauth/token
Method: POST
Sample Response: oauth_token=0lnuajnuzeei2o8xcddii5us77xnb6v0&oauth_token_secret=1c6d2hycnir5ygf39fycs6zhtaagx8pd
If you complete all the above steps you will get the Access token and secret which can be used for getting customer response