Zoho desk invalid oauth - zoho

I am testing out Zoho desk API. I have set up a dummy client in zoho console dashboard and using the self client option to generate a oauth_token. However when I try to use it, it always return an error code 401 with error code "INVALID_OAUTH".
I have checked for characters, and using it before even one minute of generation. Can somebody please help me with this?
{
url = "https://desk.zoho.in/api/v1/organizations"
payload = ""
headers = {
'Authorization': "Zoho-oauthtoken 1000.XXXXXabdbd925112
4ff.44d3eccd1e1a03bd25db1016f0f13322"
}
}
Response
{
"errorCode": "INVALID_OAUTH",
"message": "The OAuth Token you provided is invalid."
}

Related

Xbox Live Authentication Request Returns Code "400 Bad Request" When Using Access Token Obtained Using MSAL (Swift)

I am trying to authenticate with Xbox Live using an access token obtained using the MSAL authentication library for Swift.
All I am getting as a response is Response Code 400, instead of the expected JSON response containing an Xbox Live token.
I am sending the following request:
{
"Properties": {
"AuthMethod": "RPS",
"SiteName": "user.auth.xboxlive.com",
"RpsTicket": "d=(access token)"
},
"RelyingParty": "http://auth.xboxlive.com",
"TokenType": "JWT"
}
It is a POST request to https://user.auth.xboxlive.com/user/authenticate
It has these headers: Content-Type: application/json and Accept: application/json.
I am using the Swift MSAL library: https://github.com/AzureAD/microsoft-authentication-library-for-objc
My code for getting the access token looks like this:
let MSConfig = MSALPublicClientApplicationConfig(clientId: AppGlobals.clientID)
let MSApplication = try? MSALPublicClientApplication(configuration: MSConfig)
let MSScopes = ["User.Read"]
let MSWebviewParameters = MSALWebviewParameters()
let MSInteractiveParameters = MSALInteractiveTokenParameters(scopes: MSScopes, webviewParameters: MSWebviewParameters)
MSApplication?.acquireToken(with: MSInteractiveParameters, completionBlock: { (result, error) in
guard let MSAuthResult = result, error == nil else {
print("Error while authing: \(error!.localizedDescription)")
return
}
let receivedMSAccessToken = MSAuthResult.accessToken
let receivedMSAccountIdentifier = MSAuthResult.account.identifier
})
The code for obtaining an access token works as expected, and I get an access token once I log in using Microsoft. I am then using the access token obtained on line let receivedMSAccessToken = MSAuthResult.accessToken as the access token on the request line "RpsTicket": "d=(access token)". However, I am still getting error 400 (Bad Request).
What can I do to fix this?

Use token received from JavaScript client to create a social connection on the server

I have a webpage using PHP/JavaScript that can successfully do the Google Signin process on the client side. I would like to then forward the obtained token to the backend which uses Spring-Social to create a social connection and be able to call on the APIs to which the app has been authorized.
I managed to do exactly this with both Facebook (OAUTH2) and Twitter (OAUTH1) both working flawlessly but for Google I always get a 401 response when trying to create the connection.
The code in the server is like this:
AccessGrant accessGrant = new AccessGrant(accessToken);
connection = ((OAuth2ConnectionFactory<?>) connectionFactory).createConnection(accessGrant);
The code in the client something like this:
function onSignIn(googleUser) {
var profile = googleUser.getBasicProfile();
console.log('ID: ' + profile.getId());
console.log('Name: ' + profile.getName());
console.log('Email: ' + profile.getEmail());
var access_token = googleUser.getAuthResponse().id_token;
var xhr = new XMLHttpRequest();
xhr.open('POST', 'http://localhost/signin/google');
xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
xhr.onload = function() {
console.log('Signed in as: ' + xhr.responseText);
console.log('access_token=' + access_token);
};
xhr.send('access_token=' + access_token);
}
Most of the latter is copied from the Google documentation on how to authenticate with a backend server found here: https://developers.google.com/identity/sign-in/web/backend-auth
I've traced the calls inside spring-social-google and they lead to a REST call to https://www.googleapis.com/oauth2/v2/userinfo which is the one that replies 401 and the following JSON:
{
"error": {
"errors": [{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}],
"code": 401,
"message": "Invalid Credentials"
}
}
I've tried to call on this same REST API myself and I also get the same response, so it does not seem to be an issue of spring-social-google not sending the token properly as I've read on some other posts.
I believe that the issue is somehow related to the fact that the JavaScript API is giving me an "id_token" and the REST API is expecting an "access_token". However, I am not finding a way to obtain the access token as something separate from the id_token and the Google documentation does send the id_token to the backend. There is an "access_token" property alongside the used "id_token" property in googleUser.getAuthResponse() but it is coming back undefined.
This doc is of course not aimed at spring-social so I am not saying it is incorrect, I am just left wondering what is the proper way to achieve this.
Is spring-social at fault by not being able to deal with the id_token?
Am I at fault not seeing some clear way to get the access_token?
Anyway, I feel like I am somehow close but still the solution seems well out of grasp.
Thank you!
Well, I found it. It seems that writing the whole thing down really tripped something in my brain...
The issue is in fact that the id_token cannot take the place of the access_token. To my taste, Google documentation could be a little more explicit about this in the example they show but they do end up explaining it in the actual client reference at https://developers.google.com/identity/sign-in/web/reference
The key is the boolean parameter to getAuthResponse() which is optional and defaults to false. From the doc:
includeAuthorizationData Optional: A boolean that specifies whether
to always return an access token and scopes. By default, the access
token and requested scopes are not returned when fetch_basic_profile
is true (the default value) and no additional scopes are requested.
By setting this to true in my JS the access_token field which was previously undefined was populated and with this token one can access the /oauth2/v2/userinfo endpoint and spring-social-google can correctly create a connection just like the other providers.
I hope this helps someone else at least.

Calling rest server from mobile app

Following on from https://lists.hyperledger.org/g/composer/message/91
I have adapted the methodology described by Caroline Church in my IOS app.
Again I can authenticate with google but still get a 401 authorization error when POSTing.
I have added the withCredentials parameter to the http header in my POST request.
does the rest server pass back the token in cookie ? I don't receive anything back from the rest server.
where does the withCredentials get the credentials from ?
COMPOSER_PROVIDERS as follows
COMPOSER_PROVIDERS='{
"google": {
"provider": "google",
"module": "passport-google-oauth2",
"clientID": "93505970627.apps.googleusercontent.com",
"clientSecret": "",
"authPath": "/auth/google",
"callbackURL": "/auth/google/callback",
"scope": "https://www.googleapis.com/auth/plus.login",
"successRedirect": "myAuth://",
"failureRedirect": "/"
}
}'
the successRedirect points back to my App. After successfully authenticating I return to the App.
Got this working now. The App first authenticates with google then exchanges the authorization code with the rest server.
The Rest server COMPOSER_PROVIDERS needs to be changed to relate back to the app.
clientID is the apps ID in google,
callbackURL and successRedirect are reversed_clientID://
The App calls http://localhost:3000/auth/google/callback with the authorization code as a parameter.
this call will fail, but an access_token cookie is written back containing the access token required for the rest server.
The user id of the logged in user is not passed back, when exchanging the code for a token with google we get back a JWT with the details of the logged in user. We need this back from the rest server as well as the token. Is there any way to get this ?
changing the COMPOSER_PROVIDERS means that the explorer interface to the Rest server no longer works.
func getRestToken(code: String) {
let tokenURL = "http://localhost:3000/auth/google/callback?code=" + code
let url = URL(string:tokenURL);
var request = URLRequest(url: url!);
request.httpMethod = "GET";
request.setValue("localhost:3000", forHTTPHeaderField: "Host");
request.setValue("text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8", forHTTPHeaderField: "Accept");
request.setValue("1", forHTTPHeaderField: "Upgrade-Insecure-Requests");
request.httpShouldHandleCookies = true;
request.httpShouldUsePipelining = true;
let session = URLSession.init(configuration: .default);
session.configuration.httpCookieAcceptPolicy = .always;
session.configuration.httpShouldSetCookies=true;
session.configuration.httpCookieStorage = HTTPCookieStorage.shared;
let task = session.dataTask(with: request) { (data, response, error) in
var authCookie: HTTPCookie? = nil;
let sharedCookieStorage = HTTPCookieStorage.shared.cookies;
// test for access_token
for cookie in sharedCookieStorage! {
if cookie.name == "access_token"
{
print(“Received access token”)
}
}
guard error == nil else {
print("HTTP request failed \(error?.localizedDescription ?? "ERROR")")
return
}
guard let response = response as? HTTPURLResponse else {
print("Non-HTTP response")
return
}
guard let data = data else {
print("HTTP response data is empty")
return
}
if response.statusCode != 200 {
// server replied with an error
let responseText: String? = String(data: data, encoding: String.Encoding.utf8)
if response.statusCode == 401 {
// "401 Unauthorized" generally indicates there is an issue with the authorization
print("Error 401");
} else {
print("HTTP: \(response.statusCode), Response: \(responseText ?? "RESPONSE_TEXT")")
}
return
}
}
task.resume()
}
have you authorised the redirect URI in your Google OAUTH2 configuration ?
This determines where the API server redirects the user, after the user completes the authorization flow. The value must exactly match one of the redirect_uri values listed for your project in the API Console. Note that the http or https scheme, case, and trailing slash ('/') must all match.
This is an example of an Angular 5 successfully using it Angular 5, httpclient ignores set cookie in post in particular the answer at the bottom
Scope controls the set of resources and operations that an access token permits. During the access-token request, your application sends one or more values in the scope parameter.
see https://developers.google.com/identity/protocols/OAuth2
The withCredentials option is set, in order to create a cookie, to pass the authentication token, to the REST server.
Finally this resource may help you https://hackernoon.com/adding-oauth2-to-mobile-android-and-ios-clients-using-the-appauth-sdk-f8562f90ecff

How to get data from API google?

I have access_token and now to try get fata from Google API using this sample:
https://developers.google.com/android-publisher/api-ref/edits/details/get
I try to get data executing query to this URL:
https://www.googleapis.com/androidpublisher/v2/applications/packageName/edits/editId
$curl = new Curl();
$curl->get('https://www.googleapis.com/androidpublisher/v1/applications/com.shazam.android&access_token='.$_SESSION['access_token']["access_token"]);
Where $_SESSION['access_token']["access_token"] is access_token
As a result I get message: Error: 404: HTTP/1.1 404 Not Found
How to get information from API?
This is full URL request, it does not work:
https://www.googleapis.com/androidpublisher/v2/applications/com.shazam.android/edits/1?access_token=ya29.Ci-5Azg5JoBiESM5cEzM3TQrP3SXHAFirFg0f-Fj83PxtrtINWQDe2L-3f5wP7oAtQ
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientPermissions",
"message": "Insufficient Permission"
}
],
"code": 403,
"message": "Insufficient Permission"
}
}
Full code is:
// Create the client object and set the authorization configuration
// from the client_secretes.json you downloaded from the developer console.
$client = new Google_Client();
$client->setAuthConfig(__DIR__ . '/client_secrets.json');
$client->addScope(Google_Service_Analytics::ANALYTICS_READONLY);
// If the user has already authorized this app then get an access token
// else redirect to ask the user to authorize access to Google Analytics.
if (isset($_SESSION['access_token']) && $_SESSION['access_token']) {
// Set the access token on the client.
$client->setAccessToken($_SESSION['access_token']);
$curl = new Curl();
$curl->get('https://www.googleapis.com/androidpublisher/v1/applications/com.shazam.android/edits/1/&access_token='.$_SESSION['access_token']["access_token"]);
if ($curl->error) {
echo 'Error: ' . $curl->errorCode . ': ' . $curl->errorMessage . "\n";
} else {
echo 'Response:' . "\n";
var_dump($curl->response);
}
// Create an authorized analytics service object.
//$analytics = new Google_Service_Analytics($client);
// Get the first view (profile) id for the authorized user.
//$profile = getFirstProfileId($analytics);
// Get the results from the Core Reporting API and print the results.
//$results = getResults($analytics, $profile);
//printResults($results);
} else {
$redirect_uri = 'http://localhost/play/oauth2callback.php';
header('Location: ' . $redirect_uri);
}
After getting access_token I try to make Curl request:
$curl = new Curl();
$curl->get('https://www.googleapis.com/androidpublisher/v1/applications/com.shazam.android/edits/1/&access_token='.$_SESSION['access_token']["access_token"]);
Well, another possible caused of error 403 or Insufficient Permission is that the scope that you are using is incorrect or you have not requested the scopes you need when you retrieved your access token. So try to double check the scope that you are using and enable all the API in the Dev Console that you are using.
You can check which scopes you have requested by passing your access_token to this endpoint:
https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=ACCESS_TOKEN
For more information, check the solution in these related SO question if it can help you.
Permission issue Google Play
Google API 'Insufficient Permission'?

YouTube Retrieve a Refresh Token?

I am sending a delete request to the youtube api but I am receiving a 401 error (unauthorized). I'm not sure why. My key is set properly, I am able to access the analytics of the youtube channel. This is my code that fires on a button click
jQuery.ajax({
type: 'DELETE',
// must set api key
url: 'https://www.googleapis.com/youtube/v3/videos?id='+ thisUniqueID + '&key={<?php echo $oAuth2Key; ?>}',
});
I've used alert to check that my auth key is set properly (shown below).
alert('<?php echo $oAuth2Key; ?>');
and I can see in the returned address with the error that the url is proper. What could be the issue?
It looks like I need a refresh token. This is straight out of the docs: The API will return an HTTP 401 response code (Unauthorized) if you submit a request to access a protected resource with an expired access token. The following section explains how to refresh an access token.
Is there an easy way to retrieve a refresh token at the same time that I send a delete request? If not is there an easy way to retrieve one with out the need for the client id/client secret etc.
I somehow have gotten a key for analytics, but when I go to delete a video the key is not valid.
I would suggest you to use Data API v3 instead.
Yes, you can do AJAX calls. Here's the videos->delete call.
DELETE https://www.googleapis.com/youtube/v3/videos?id=VIDEO_ID&key={YOUR_API_KEY}
You find the documentation for using authorization at:
https://developers.google.com/youtube/v3/guides/authentication
You use the API key for access to public data !
Since you want to delete a video, you must use the access_token. An access_token is valid for a short time (1 hour). You can get a new one by using your refresh_token to request another one.
Store a refresh_token since it is valid until it gets revoked.
BTW.
Maybe use client.js, to handle the authorization for your requests ?
For JS, by adding:
<script src="https://apis.google.com/js/client.js?onload=googleApiClientReady"></script>
The general documentation is at:
https://developers.google.com/api-client-library/javascript/start/start-js
An code example for YouTube is at:
https://developers.google.com/youtube/v3/code_samples/javascript
For reference of the video delete method see:
https://developers.google.com/youtube/v3/docs/#videos
The listed methods are: insert, list, delete, update , rate and getRating.
The delete method might be (This is NOT tested with a valid videoID):
var requestOptions = {
id: '012345678901', // replace VIDEOID
part: 'id'
};
var request = gapi.client.youtube.videos.delete (requestOptions);
request.execute(function(response) {
console.log("RESPONSE: " + response);
});
The response using a non-existing videoId is:
[
{
"error": {
"code": -32500,
"message": "Video not found",
"data": [
{
"domain": "youtube.video",
"reason": "videoNotFound",
"message": "Video not found",
"locationType": "parameter",
"location": "id"
}
]
},
"id": "gapiRpc"
}
]

Resources