Is there a simpler way to generate a three legged token only using Node js.
I have used the method in the [1]: https://learnforge.autodesk.io/#/oauth/3legged/nodejs, but I am looking for a simpler method, that just gives me the token.
The standard workflow for a 3-legged OAuth token (not just for Forge but for any OAuth 2.0 provider) is typically:
You redirect the user to Autodesk login form
You wait for a callback from the Autodesk login form (assuming the user logged in successfully), and retrieve a temporary code
You exchange the temporary code for an actual access token (and a refresh token)
This process is explained in the docs as well.
Another option that is perhaps a bit simpler is using the "implicit grant" where the step 3 is basically skipped, and the access token is included directly in the callback. The downside of this approach is that you do not receive the refresh token.
Related
we are generated client id and secret id. And also we have got access token using Internal Token.
when running the project we can view Revit file which we are uploaded using forge bucket.
Then again are trying to get all elelments (Building,floor,rooms,equipments etc)in Revit model using API.
using this Link:https://forge.autodesk.com/en/docs/model-derivative/v2/reference/http/urn-metadata-GET/
we have using API in onDocumentLoadSuccess this event.
we are passing url:https://developer.api.autodesk.com/modelderivative/v2/designdata/:urn/metadata
headers :'Authorization': 'Bearer ' + access_token.
In this we are passing urn,access_token parameters also fine.
But we face "Token does not have the privilege for this request" error.(we have already have access token through API.But for the second time we face the error)
How to solve this, please help me on this.
Note that the different endpoints provided by the Forge services require a specific "scope" that the access token must be generated for. For example, according to the GET :urn/metadata docs, this endpoint requires the the access token to be generated with the "data:read" scope.
Also, note that properties of a design processed by the Model Derivative service are actually obtained by a different endpoint - not using GET :urn/metadata, but using GET :urn/metadata/:guid/properties.
I am calling the app script execution API from my web app. I am getting ScriptApp.getOauthToken() and storing it inside sheet. When I open my web app I will get the stored access token and calling the execution API with the help of it.
But the problem is, after some time the token is getting expired and it is saying
authorization is required
when I call execution API.
Is there any way to keep access token alive or refreshing it whenever is needed?
I. You cannot and you should not. At least not natively
There is no native Google Apps Script service method for obtaining and exchanging a refresh token (and you would need one if you want to refresh an expired OAuth 2.0 token) for a bearer token. That said, there is no practical reason in storing the short-lived token obtained via getOauthToken method - if a user authorized your application, you can request a token on the fly each time you need to make a request.
II. If you still want to, use a library
There is an officially endorsed library for Google Apps Script that manages OAuth 2.0 flow for you. When using it, you can obtain a refresh token if you set the offline access to true when issuing the token.
III. If you really want to DIY, you can always make your own flow
It is possible to perform a complete Oauth 2.0 flow (both with and without user interaction) by using only the native tools by building a custom JWT token and exchanging it with Google Identity Platform endpoints. But that means you will have to manage everything:
Build JWT custom token headers and payload, then base64 urlencode them and sign with an appropriate signature and concatenate into a token.
Exchange the custom JWT for a short-lived bearer token, validate it and extract expiration time, then persist the token.
Each time you get the token from storage, check for the expiration time, and reissue the token again using the procedure in point 1 - 2.
Handle token revocation (note that you will not be able to invalidate it from Google's servers, only in your application).
And many more caveats along the way.
Note that the token cannot be "kept alive", it goes against the idea behind the OAuth protocol - the lesser the lifespan of an individual token, the better the security of your application.
I'm the administrator of a Bim360 Docs Hub,and i'm trying to retrieve some data from the forge API. I've already created a test app, and i get a Bim 360 Account Id.
I'm not able to get an authentication bearear token (OAuth), to make simple get requests towards projects.
Where do i get the auth token ?
Thanks
See tutorial here to aquire OAuth tokens and note that you will need different permutations of OAuth scopes (esp. data:read data:write etc.) for different operations, as is specified in the docs of each and every API, see an example here.
You may use a RESTful client like Postman to talk to our APIs and manage the authentication flow and operate on response data with JavaScript as you like so as to build workflows such as to create a new project.
Last but not least before you can access BIM360 APIs make sure you provision access to your app.
I got stock on how to get token. Pls do you have any tutorial on how to get refresh token? Thanks!I currently know how to show a model in a viewer, however, the token will be expire every 2 hours. It is frustrated for me to search online for how to get token. Pls could u help me on this? Thanks!
These two articles should be of help.
About Refresh Token
Landing your Forge OAuth authentication workflow
When requesting an access_token you'll also get back a refresh token that will enable you to get a new access_token without the user having to log in again.
Depending on which programming language and environment you are using you can also use our SDK's to make your life easier.
E.g. in case of Node.js you can just npm install our forge-api package that will have the necessary functions to request an access_token
The steps are:
1) Redirect the user to the Autodesk log-in page (change both the client_id and redirect_uri to match the values that is used by your registered Forge application):
https://developer.api.autodesk.com/authentication/v1/authorize?response_type=code&client_id=xxx&redirect_uri=xxx&scope=data:read
2) Implement in your application the endpoint that you specified for your Forge application's redirect_uri
3) Using the token you got back above request an access_token
https://developer.api.autodesk.com/authentication/v1/gettoken
4) When you need a new access_token you can use the refresh_token that the gettoken endpoint also returned: https://developer.api.autodesk.com/authentication/v1/refreshtoken
I am trying to get data from Box api without using the access token, the folder containing data is a shared folder containing files that can be updated by box admin.I want to use the rest api and get the metadata of changed files and use that in the app.
so far i have not been able to access the data without using the oauth auth_token.
is there any way, that i can access the data without using the auth_token(i.e without making the user to log into the app?)
You cannot access the Box API without an OAuth2 access token. The user must authorize your application, or, if you're working within an enterprise you can use an administrative access token (i.e. a 'service' token) to access the data.
Oauth2 access token is used for authentication and authorization during any Box API call. You need to get access token before making any Box API call. This link provides details about how to get the access token for making API calls.
https://box-content.readme.io/reference#authorize