I am trying to get the permanent access_token and access_token_secret from Mangento 1.9.
I have consumer_key and consumer_secret and have configured the required permission by following this link http://devdocs.magento.com/guides/m1x/api/rest/permission_settings/permission_settings.html
I have successfully generated the temporary access_token and access_token_secret. But while trying to generate the oauth_verifier I am getting:
An error occurred. Your authorization request is invalid.
How can I solve this problem?
You can generate permanent access token and and token secrete using Postman.
Follow the link.
How to use POSTMAN rest client with magento REST api with Oauth. How to get Token and Token Secret?
1) Create rest api consumer (Collect temporary consumer key and screte key from here)
2) Creat web -> admin role, given all the resource permision
3)Create magento admin user role->linked it with the Rest role
username-username
password-password
For getting the permenant access key and token
4)Oauth initiate GET request in postman will return temporary
oauth_token=---------------- oauth_token_secret=------------------
oauth_callback_confirmed=true
5)then o-auth authorize with parameter as a token(from the last request) simple GET request
6)The login form will open ->filled with the consumer role credentials and made a POST request
7)click on authorize will give the following in responce
"oauth_token": ----------------,
"oauth_verifier": ----------------
8)making request with all the parameters will give
permenant token and secrete key:
oauth_token=----------------
oauth_token_secret=----------------
will have to use this tokens in headers while requesting resources.
In Postman in oauth1.0 filling all the tokens(select auto add params to header and params and keep empty parameter)
and url http://yourhost/app/api/rest/customers
will return all the customer
Related
I am trying to get new access token from my refresh token for google drive api. In my google playground it works but when I want to create the same request in postman or my code it doesn't work and I always get error "Invalid grand type". I don't know to find what is problem.
google developers playground
postman headers and body
You need to understand that there is three steps to the Oauth2 dance.
step one is requesting access of the user and getting the authorization code.
HTTP GET https://accounts.google.com/o/oauth2/auth?client_id={clientid}.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://www.googleapis.com/auth/analytics.readonly&response_type=code
Note &response_type=code tells the server you want an authorization code returned.
step two is to exchange that code for an access token and refresh token.
POST https://accounts.google.com/o/oauth2/token
code=4/X9lG6uWd8-MMJPElWggHZRzyFKtp.QubAT_P-GEwePvB8fYmgkJzntDnaiAI&client_id={ClientId}.apps.googleusercontent.com&client_secret={ClientSecret}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code
Note the part where it says &grant_type=authorization_code. this tells the server you are giving them an authorization code.
3 the final step is refreshing your access token.
POST https://accounts.google.com/o/oauth2/token
client_id={ClientId}.apps.googleusercontent.com&client_secret={ClientSecret}&refresh_token=1/ffYmfI0sjR54Ft9oupubLzrJhD1hZS5tWQcyAvNECCA&grant_type=refresh_token
Note &grant_type=refresh_token you are telling the server you are sending them a refresh token.
You appear to be sending a refresh token with the wrong grant type.
I have a video on how to set up postman to use google oauth2
How to set up Oauth2 in PostMan.
Google 3 Legged OAuth2 Flow
Note: Due to a recent change with Making Google OAuth interactions safer by using more secure OAuth flows redirect uri of urn:ietf:wg:oauth:2.0:oob is going to stop working soon.
I get now the Access Token from Lumen-API-JWT (Backend) but the question is how can i work with that in the laravel-8-Client (frontend) project
Any Idea ?
In generally when we working with HTTP API or call need to authentication the user, Server will return the Access Token (JWT or whatever). Every API Request you need to bind that access token along with the header. Ex. Authorization: Bearer {{access_token}}.
When you fail to bind the access token server will return unauthenticated HTTP status code with the relevant message.
Please refer below links,
https://www.loginradius.com/blog/async/everything-you-want-to-know-about-authorization-headers
While Creation of an OAUTH token i came across different methods to create Access Token and Refresh Token, while Access Token has life of 30 mins and Refresh Token has lifespan of 100 days, there is no way to regenerate refresh token without providing credentials again i.e Username and Password.
Is there any way to regenerate refresh token without using credentials?
below are the attached resources the i read:
OAuth 2.0 with Service Now
Below are the steps we can generate access_token and refresh_token
https://developer.servicenow.com/blog.do?p=/post/inbound-oauth-auth-code-grant-flow-part-1/
create an endpoint for client access
https://docs.servicenow.com/bundle/paris-platform-administration/page/administer/security/task/t_CreateEndpointforExternalClients.html
Request parameters to get access_token and refresh_token
https://docs.servicenow.com/bundle/paris-platform-administration/page/administer/security/reference/r_OAuthAPIRequestParameters.html
these are the response we are getting
https://docs.servicenow.com/bundle/paris-platform-administration/page/administer/security/reference/r_OAuthAPIResponseParameters.html
There is not concept of regenerate token we can only do it buy increasing the token expiration time.
I believe you do not need username and password, just client ID and client secret is req'd to get the new access token
enter image description here
So I'm trying to use the Home Graph API by calling the API endpoint
https://homegraph.googleapis.com/v1/devices:requestSync
It is a HTTP POST request and it needs an ACCESS_TOKEN and service account key.
Getting the service account key is easily done as per Google's documentation. The issue is getting the ACCESS_TOKEN.
As per this documentation by Google, I need to get ACCESS_TOKEN created using the following scope of permissions
https://www.googleapis.com/auth/homegraph
I opened OAuth 2.0 Playground to request a developer temporary ACCESS_TOKEN for testing. I wrote all the necessary urls and in scope I wrote this-
scope is written to be authorized
Now after this, I am navigated to my Authorization URL (ie, Google's sign in page). I login with email id and password.
If credentials are correct and scope mentioned is valid then I should have been redirected to OAuth playground page with authorization code which I would have exchanged for access token and refresh token.
But, what actually happens is after I enter my credentials, I get following error and I am never redirected to Oauth Playground page-
Authorization Error
Error 400: invalid_scope
Some requested scopes cannot be shown: [https://www.googleapis.com/auth/homegraph]
Request Details
access_type=offline
o2v=2
response_type=code
redirect_uri=https://developers.google.com/oauthplayground
prompt=consent
client_id=xxxxxxxxx.apps.googleusercontent.com
scope=https://www.googleapis.com/auth/homegraph**
I searched a lot online too, but couldn't find the actual reason.
So due to this issue with scope, I am not able to get ACCESS_TOKEN.
I have followed Google's documentation and the scope was mentioned there.
This is the pic from oauth 2.0 playground settings- OAuth 2.0 configuration
The issue is that you, a user, should not be getting and sending an access token. The service account should be getting and sending an access token. This is to make sure your service is authorized to talk to the Home Graph API.
You indicated you logged into the OAuth playground with "userid and password". But service accounts don't have passwords.
If you are using one of Google's libraries, it will take care of getting the access token for you, and this is the easiest way to do so. If you are just testing and need an access token, you can use something like oauth2l to get the access token based on the service account credentials.
I had implemented the REST approach to call HomeGraph Report State as below.
We need to follow the below steps:
Create a service account for your project and safely store the json file
Using the service account JSON, get the access token from Google
Using Oauth 2.0 token as Bearer authorization, invoke Report State API
Step 1:
This is straightforward. Please follow the steps in the below link
https://developers.google.com/assistant/smarthome/develop/report-state#expandable-1
Step 2:
Refer below code to get the Access token using service account json
GoogleCredentials credentials = GoogleCredentials
.fromStream(Helper.class.getClassLoader().getResourceAsStream("smart-home-key.json"))
.createScoped("https://www.googleapis.com/auth/homegraph");
credentials.refreshIfExpired();
AccessToken token = credentials.getAccessToken();
return token.getTokenValue();
Step 3:
Invoke Report State API
curl -X POST -H "Authorization: Bearer [[Access token from Step 2]]"
-H "Content-Type: application/json"
-d #request-body.json
"https://homegraph.googleapis.com/v1/devices:reportStateAndNotification"
Reference Links :
https://developers.google.com/assistant/smarthome/develop/report-state#http-post
https://cloud.google.com/endpoints/docs/openapi/service-account-authentication
https://developers.google.com/identity/protocols/oauth2/service-account#httprest_1
https://developers.google.com/assistant/smarthome/develop/report-state#expandable-1
I am trying to get refresh token when authorizing the user.
This is the url that is being used for authorization.
request
https://...../oauth2/authorize?response_type=token&client_id=test-client&scope=all&redirect_uri=https%3A%2F%2Flocalhost:7002%2F...%2Foauth
redirect url with token and etc :
https://localhost:7002/..../oauth#access_token=b3961289-713c-41c9-9341-253286cbcc52&token_type=bearer&expires_in=300&scope=all
but there isn't any refresh token with this. I tried this with token endpont and it has the refresh token like this
request
curl --data 'grant_type=password&username=....&password=...' --basic --user 'test-client:client-secret' 'https://....../oauth2/token'
response
{
"scope":"all",
"access_token":"5a90edb7-5ded-451a-9d9b-d3bd879ac336",
"token_type":"bearer",
"expires_in":300,
"refresh_token":"ec0c94db-5e81-4229-a815-9c2d80086995"
}
Is there anyway that I can get refresh token in authorization endpoint. ? Or
can I use existing token to get refresh token ?
This got to long for a comment
It kind of depends upon the authentication server how it works. Some servers only return a refresh token the first time the user authenticates.
To get a Refresh Token, you must include the offline_access scope when you initiate an authentication request through the authorize endpoint.
For example, if you are using Authorization Code Grant, the authentication request would look like the following:
https://__AUTH0_NAMESPACE__/authorize?
audience={API_AUDIENCE}&
scope=offline_access&
response_type=code&
client_id=__AUTH0_CLIENT_ID__&
redirect_uri=__AUTH0_CALLBACK__&
state={OPAQUE_VALUE}
This is the only way to obtain a refresh token so no you cant use another token to request get a refresh token.
Implicit client
In the implicit grant flow, the client is requesting access to a resource by way of a "User Agent", aka browser with the user sitting there. So a client wants to grab something, but needs the user to enter permissions for it. If the authentication server provided a refresh token, then the client could skip asking the user for permission in the future and grant itself access forever (essentially refreshing its token whenever it wants without user permission). This is forbidden in the flow because the "untrusted" client should only have access by way of having the user enter their credentials (thus only when the resource owner allows it).
You can't get a refresh token when using the Implicit grant.
I presume your application is a Single Page App? i.e. html/JavaScript running in a user's browser. This is the main use case for the Implicit grant nowadays.
If it's not a SPA (e.g. native, mobile or web application) you should be able to use a different grant type which will give you a refresh token. e.g. Authorisation Code Grant or Authorisation Code with PKCE Grant.