I am trying to get a sample public_token or access_token for plaid in sandbox mode. I need the access_token for api's like auth and institutions.
I ran the demo here, by choosing a bank and entering the credentials as
user_good and pass_good. When I inspected the page I did get a public_token in response. But I am unable to exchange this for an access_token, with the client_id and secret I got from singing up in the dashboard. I keep getting the error INVALID_TOKEN. How do I get the access_token ?
The public_token you get by inspecting the page of the demo app, is for the client_id and secret of that demo app. It wont work with your client_id and secret.
You need to run the demo app locally, with your client_id and secret. Look at this - https://github.com/plaid/quickstart/tree/master/node
Follow the readme file to run the demo locally, but with your client_id and secret and then inspect the page like you did above. The public_token you get this time will work with your client_id and secret :)
Related
I am developing a NextJS application using next-auth with Google Oauth 2 as its authentication provider. The production build is running on Heroku. When attempting to sign in on my production build, Google OAuth is giving me "Error 400: redirect_uri_mismatch". Normally this would be an easy fix, except the exact uri is already registered in Cloud Console.
.
I have also tried added many different permutations of my uri, but this did not help.
This issue not solved by 11485271 or 69151061.
Error in question:
Error 400: redirect_uri_mismatch
You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy.
If you're the app developer, register the redirect URI in the Google Cloud Console.
Request Details
If you’re the app developer, make sure that these request details comply with Google policies.
redirect_uri: https://middcourses2.herokuapp.com/api/auth/callback/google
And here is a link to the list of authorized domains in GCP.
Solved! So for some reason, Google changed my Client ID and Client Secret after I already set up those env variables. Once I noticed the change and inputted the new values it worked fine.
For me, clientID was not the issue, but this was due to a trailing slash( / ).
redirect_uri must be an EXACT MATCH on the developers console.
In the Google Cloud console, I had http://localhost:8080 under the redirect URIs in the list while my code was sending http://localhost:8080/ while making the oAuth call.
Using v3 Pinterest Analytics API
Trying to exchange an authorization code for an access token and I'm getting the following error:
{"error":{"message":"None","oauth_error_code":"invalid_grant"},"code":283,"data":null,"message":"The authorization grant is invalid","endpoint_name":"oauth_access_token","status":"failure"}
In following these instructions:
https://developers.pinterest.com/docs/redoc/#section/User-Authorization/Exchange-the-code-for-an-access-token
I successfully obtained an authorization code. Now I want to exchange it for an access_token. I submit the following curl:
curl -X PUT \
--url https://api.pinterest.com/v3/oauth/access_token/ \
--data "code=1234authcode&redirect_uri=https://myURL.com/&grant_type=authorization_code&client_id=123appId&client_secret=123secret"
The redirect_uri is the same as that which was registered. The app secret and app Id are accurate as per this notification we received today:
Your App ID has been enabled. You can now see your app secret in our Developer App Portal and start building.
I have tried various incarnations of the curl thinking I've botched the args I'm passing in and that's still a possibility, so any help there would be appreciated, however, I'm wondering if my app Id and secret are bad or truly invalid somehow. We've only just received them. Any ideas or theories welcome.
Thanks for your time.
Sorry to answer my own question, but it turns out that the auth code was bad. After fetching a new authorization code I was able to obtain an access_token using the approach shown above. What was initially confusing is that I literally got the original auth code moments before using it so I didn't doubt it's validity as much as I should have I guess.
So I'm trying to use the Home Graph API by calling the API endpoint
https://homegraph.googleapis.com/v1/devices:requestSync
It is a HTTP POST request and it needs an ACCESS_TOKEN and service account key.
Getting the service account key is easily done as per Google's documentation. The issue is getting the ACCESS_TOKEN.
As per this documentation by Google, I need to get ACCESS_TOKEN created using the following scope of permissions
https://www.googleapis.com/auth/homegraph
I opened OAuth 2.0 Playground to request a developer temporary ACCESS_TOKEN for testing. I wrote all the necessary urls and in scope I wrote this-
scope is written to be authorized
Now after this, I am navigated to my Authorization URL (ie, Google's sign in page). I login with email id and password.
If credentials are correct and scope mentioned is valid then I should have been redirected to OAuth playground page with authorization code which I would have exchanged for access token and refresh token.
But, what actually happens is after I enter my credentials, I get following error and I am never redirected to Oauth Playground page-
Authorization Error
Error 400: invalid_scope
Some requested scopes cannot be shown: [https://www.googleapis.com/auth/homegraph]
Request Details
access_type=offline
o2v=2
response_type=code
redirect_uri=https://developers.google.com/oauthplayground
prompt=consent
client_id=xxxxxxxxx.apps.googleusercontent.com
scope=https://www.googleapis.com/auth/homegraph**
I searched a lot online too, but couldn't find the actual reason.
So due to this issue with scope, I am not able to get ACCESS_TOKEN.
I have followed Google's documentation and the scope was mentioned there.
This is the pic from oauth 2.0 playground settings- OAuth 2.0 configuration
The issue is that you, a user, should not be getting and sending an access token. The service account should be getting and sending an access token. This is to make sure your service is authorized to talk to the Home Graph API.
You indicated you logged into the OAuth playground with "userid and password". But service accounts don't have passwords.
If you are using one of Google's libraries, it will take care of getting the access token for you, and this is the easiest way to do so. If you are just testing and need an access token, you can use something like oauth2l to get the access token based on the service account credentials.
I had implemented the REST approach to call HomeGraph Report State as below.
We need to follow the below steps:
Create a service account for your project and safely store the json file
Using the service account JSON, get the access token from Google
Using Oauth 2.0 token as Bearer authorization, invoke Report State API
Step 1:
This is straightforward. Please follow the steps in the below link
https://developers.google.com/assistant/smarthome/develop/report-state#expandable-1
Step 2:
Refer below code to get the Access token using service account json
GoogleCredentials credentials = GoogleCredentials
.fromStream(Helper.class.getClassLoader().getResourceAsStream("smart-home-key.json"))
.createScoped("https://www.googleapis.com/auth/homegraph");
credentials.refreshIfExpired();
AccessToken token = credentials.getAccessToken();
return token.getTokenValue();
Step 3:
Invoke Report State API
curl -X POST -H "Authorization: Bearer [[Access token from Step 2]]"
-H "Content-Type: application/json"
-d #request-body.json
"https://homegraph.googleapis.com/v1/devices:reportStateAndNotification"
Reference Links :
https://developers.google.com/assistant/smarthome/develop/report-state#http-post
https://cloud.google.com/endpoints/docs/openapi/service-account-authentication
https://developers.google.com/identity/protocols/oauth2/service-account#httprest_1
https://developers.google.com/assistant/smarthome/develop/report-state#expandable-1
We are using Zohocrm api v2 for getting currently logged in user. It works fine for most of the logins.
But we are getting 403 for one of the user account.
URL https://www.zohoapis.com/crm/v2/users?type=CurrentUser
HEADERS {Authorization=Zoho-oauthtoken 1000.786ecda99xxxx}
Response
{"code":"NO_PERMISSION","details":{"permissions":["Crm_Implied_Api_Access"]},"message":"permission
denied","status":"error"}
Response Code 403
Note: From the same zoho team other 2 users were able to login.
Please suggest.
Just adding the steps with which I tried in Postman. It works for me.
If at all any of the steps are different from yours, you could try these steps instead.
Add the client to get client secret
Generate auth token giving client id and secret (and scopes)
After this step, oauth permission request page will be shown, asking user to confirm access to Accounts User Profile and CRM users info. Both have to be accepted.
Use the latest generated token in postman
Execute API GET
Correct me if I'm wrong or someone can give me a guide about this. I'm working on an Ionic app with Laravel as a backend REST API.
A User can log in with credentials (email, password) or with Facebook.
Of course I wanna protect some states in the App as usual, and searching and reading in the web came across with JWT.
The thing is I'm little confused about how Facebook Oauth and JWT are working together.
So, here's what I'm trying to do:
If a user logs in with FB, get the id, nickname, email and creates a user with this information, also insert into a table this credentials from facebook so when it logs again check if the user already exists.
Then, this new user gets access to the app via JWT from the server, am I right??
Or how the auth token from facebook causes problem with the jwt token?? Or it will not??
Am I doing too much to resolve maybe a little problem?? Or is just the tip of the solution??
Thanx for your support.
The tokens shouldn't conflict. The process should be the "same" in both cases - the jwt is generated from an user instance/model.
How you create/get this instance is not important - from credentials, facebook token, cookie or what ever you like.
The jwt just includes an unique identifier - the id.