eBay errorId 1100: "Insufficient permissions to fulfill the request" - html

I've requested OAuth token with scopes:
https://api.ebay.com/oauth/api_scope/sell.account.readonly and
https://api.ebay.com/oauth/api_scope/sell.account
I generate a new OAuth Application Token for production and attempt to run getPrivileges as such:
curl -H "Authorization: Bearer myOAuthToken" https://api.ebay.com/oauth/api_scope/sell.account
Output is error message:
{"errors":[{
"errorId":1100,
"domain":"ACCESS",
"category":"REQUEST",
"message":"Access denied",
"longMessage":"Insufficient permissions to fulfill the request."
}]}
...but I expect a status return "200 OK". I know this curl call works when doing something like
curl -H "Authorization: Bearer myOAuthToken" https://api.ebay.com/buy/browse/v1/item_summary/search?q=myQuery
so the only thing I can think of is the scopes, but unless I'm mistaken the scopes are appropriate for the getPrivileges call. Am I missing something?

As found in this post there is a special clause that this call requires a token that was specifically generated through the authorization code grant flow. Instead of generating an OAuth straight from my User Tokens page, I walked through the grant flow and generated a token and it works.

Related

How to get an authorization token from JuPyter hub using its REST APIs?

I want to start a notebook server as described here. I learnt that I need to get an auth token from this and so wanted to get the same, I have to use the api as described here. It always states "Method not allowed, 405". I am unable to figure out what is the right way to do this.
I tried the following post requests:
http://MY_JHUB_ON_K8S_SERVER.com/authorizations/token
with the body of JSON/Application:
{
"username": "aviral",
"password": "aviral",
}
The headers are:
[{"key":"Content-Type","name":"Content-Type","value":"application/json","description":"","type":"text"}]
In Postman, I had tried basic auth as well as no auth. In the basic auth, I pasted the username and password, while when there was no auth, I put the same in the json body
I expect to get the token so that I can start a server. Right now, regardless of the permutation and combination, I am getting 405.
This seems to be possible using the oath api endpoint but I wasn't successful.
Instead I run this command on the jupyterhub server to generate a token
jupyterhub token myusername
and then calls should work properly using the rest api:
curl --insecure 'https://myjupyterhubserver:8443/hub/api/users' \
-H 'Authorization: Token mygeneratedtoken'

Getting a 3-Legged Token with Authorization Code Grant

I am currently trying to complete this step by step tutorial which is based on Getting a 3-Legged Token with Authorization Code Grant
here is my cURL code:
curl -v "https://developer.api.autodesk.com/authentication/v1/gettoken"
-X POST
-H "Content-Type:application/x-www-form-urlencoded"
-d "client_id=****&
client_secret=****&
grant_type=authorization_code&
code=1O4F-z9gXRtGlBymcGoD3bV3Ws2cqqjeN78PpgGn&
redirect_uri=http://localhost:3000/api/forge/callback/oauth"
here is the error I am stuck with:
{"developerMessage":"The authorization code/refresh token is expired or
invalid/redirect_uri must have the same value as in the authorization
request.","userMessage":"","errorCode":"AUTH-004","more
info":"http://developer.api.autodesk.com/documentation/v1/errors/AUTH-004"}*
Connection #0 to host developer.api.autodesk.com left intact
Note:
I have double checked that the URI is the same as my callback URL on the forge application.
The spacing on the cURL code is simply for visual reasons, this is not how it is ran within my command line.
I think what's going on is that the code you get after the user logs in has an extremely short expiration time. After all, the POST /authentication/v1/gettoken endpoint is meant to be called immediately after the user logs in.
Btw. I went through the same steps, and since it took me a while to create a Postman request with the code I received, I ended up with the same error as you. Then, when I requested another code and immediately re-sent the Postman request, it succeeded.

Apps Script Execution API showing error with devMode: true

Trying to use Execution API for one of my project with devMode: true, but getting the following error. But it works flawlessly when I make devMode: false.
NOTE: I am owner and using the API from same account (so it should work ideally)
I have deployed the script as api executable with access as "Anyone"
I have enabled the "Apps Script API" in the developer console
Both the oauth and apps script share the same project
{
"error": {
"code": 404,
"message": "Requested entity was not found.",
"status": "NOT_FOUND"
}
}
I had also experienced the same situation. So can you confirm the following points again?
Save the apps script using the save button again.
Save the apps script as a new version.
Whether the client ID and client secret are retrieved from the project that Apps Script API is used.
Whether the access token is retrieved from these client ID and client secret.
Whether the scope inclues https://www.googleapis.com/auth/drive, https://www.googleapis.com/auth/drive.scripts and https://www.googleapis.com/auth/script.external_request.
After I confirmed above again, I always test using a following curl command. When you use this curl command, please input your access token, function name and script ID.
curl -X POST -L \
-H "Authorization: Bearer ### access token ###" \
-H "Content-Type: application/json" \
-d "{function: '### function name ###',devMode: true}" \
"https://script.googleapis.com/v1/scripts/### script ID ###:run"
In my environment, the error in your question was solved. I don't know whether these can solve your problem. If this was not useful for you, I'm sorry.

Oauth2 and Spring-Security: Fail on authentication using Oauth2 and spring-security

I want to use Oauth2 and Spring-security with rest web service. I am new for this, i am trying to create configuration with the help of some websites. Still, i clearly not understand how and what is the flow for oauth authenticate for rest service. i am using latest dependencies Click on the link for see my configurations. I am using database for store clients information and tokens. when i trying to access the token, using follwoing url with post request and post body:
http://localhost:8080/empirecl-api/oauth/token
grant_type=password&username=a#a.com&password=password&client_id=my-client-with-secret&client_secret=ak_secret
The basic authentication pop-up box will appear. I am using chrome rest postman client. I have user table in my database where i store, username and password, when i enter those username and password, the authentication fail, If i use i my client_id and client_secret as a username and password, the authentication is fail. When i cancel the pop of basic authentication following json is return:
{
"error": "unauthorized",
"error_description": "No client with requested id: a#a.com"
}
I am unable to figure out what will happen.
When i trying to access following url with get reqquest:
http://localhost:8080/empirecl-api/oauth/authorize?grant_type=password&username=a#a.com&password=password
The following error will return:
{
"error": {
"error": "invalid_client",
"error_description": "Bad client credentials"
}
}
When i check the error in console, of eclipse, the follwoing error is display:
AuthorizationEndpoint:436 - Handling ClientRegistrationException error: No client with requested id: null
How i resolve this problem and how to use Oauth with my rest api. I also want to secure my all rest url with Oauth.
There are a couple of things wrong here.
You are using the wrong endpoint - the request should be to the token endpoint, not the authorization endpoint.
It should be a POST request - you shouldn't be passing the parameters in the URL
You are confusing when the user has to authenticate and when the client does - the server was looking for Basic credentials from the client but you were entering the username.
See the oauth2 spec section on using the resource owner password grant.
The client needs to authenticate and, as porterhead points out, you can do this using Basic authentication. The spec does also allow passing of the client id and secret as post parameters, but prefers Basic authentication.
You should probably make sure you understand a bit more about how OAuth2 works, and perhaps expand your question to explain why you want to use it and why you've chosen this particular grant type.
You need to pass your client username and password as a Base64 encoded Authorization header.
Try using curl. Here is an example:
curl -v -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Basic MzUzYjMwMmM0NDU3NGY1NjUwNDU2ODdlNTM0ZTdkNmE6Mjg2OTI0Njk3ZTYxNWE2NzJhNjQ2YTQ5MzU0NTY0NmM=" \
'http://localhost:8080/empirecl-api/oauth/token?grant_type=password&username=a#a.com&password=password'
I have a working example described here

Using an authentication token obtained from v1 API in a V2 API request

As I couldn't find how to authenticate with the V2 API with my Box credential I tried to use the authentication token from a V1 API with a V2 request.
I discovered something weird and I'd like to know if something is wrong.
The documentation of the header to authenticate a V2 request described it like this for a curl command):
curl -k -L https://api.box.com/2.0/files/5053864602/content -H "Authorization: Bearer AUTH_TOKEN"
With curl I couldn't get anything, not even an error message.
However I tried this request with Postman and in the response I could see that the token was invalid.
In this forum I found that the header could have a different form including the api_key so I tried the following:
curl -k -L https://api.box.com/2.0/files/5053864602/content -H "Authorization: BoxAuth api_key=API_KEY&auth_token=AUTH_TOKEN"
and this request works as I could get the content of the file like with a V1 API call.
Could someone from BOX explains what's going on? I suspect that I'm not the only one having this problem...
The Box API now supports OAuth 2, which has a completely revised authentication flow. You can find the instructions on how to use OAuth 2.0 with Box here: http://developers.box.com/oauth/
V1-style auth is still also supported in the V2 API, though it will eventually be deprecated. However, if you're starting to build against the Box API now, you should use OAuth 2 in order to avoid having to do double work and port over in the future.
There are several differences between V1-style auth and OAuth 2.0, but notably in OAuth 2.0 you don't have to sign API requests with your API key (which is now called a 'client id' with OAuth 2.0), only the access_token you get through the auth process.
You can read more about our implementation of OAuth 2 in my previous link, and also about the spec in general here.