Getting a 3-Legged Token with Authorization Code Grant - autodesk-forge

I am currently trying to complete this step by step tutorial which is based on Getting a 3-Legged Token with Authorization Code Grant
here is my cURL code:
curl -v "https://developer.api.autodesk.com/authentication/v1/gettoken"
-X POST
-H "Content-Type:application/x-www-form-urlencoded"
-d "client_id=****&
client_secret=****&
grant_type=authorization_code&
code=1O4F-z9gXRtGlBymcGoD3bV3Ws2cqqjeN78PpgGn&
redirect_uri=http://localhost:3000/api/forge/callback/oauth"
here is the error I am stuck with:
{"developerMessage":"The authorization code/refresh token is expired or
invalid/redirect_uri must have the same value as in the authorization
request.","userMessage":"","errorCode":"AUTH-004","more
info":"http://developer.api.autodesk.com/documentation/v1/errors/AUTH-004"}*
Connection #0 to host developer.api.autodesk.com left intact
Note:
I have double checked that the URI is the same as my callback URL on the forge application.
The spacing on the cURL code is simply for visual reasons, this is not how it is ran within my command line.

I think what's going on is that the code you get after the user logs in has an extremely short expiration time. After all, the POST /authentication/v1/gettoken endpoint is meant to be called immediately after the user logs in.
Btw. I went through the same steps, and since it took me a while to create a Postman request with the code I received, I ended up with the same error as you. Then, when I requested another code and immediately re-sent the Postman request, it succeeded.

Related

Autodek Forge Tutorial

I have been working through the Autodesk Forge Sample App tutorial.
WHen I click the button to connect with my account I get this error;
{"developerMessage":"The required parameter(s) redirect_uri not present in the request","errorCode":"AUTH-008","more info":"https://forge.autodesk.com/en/docs/oauth/v2/developers_guide/error_handling/"}
If you get this error, you probably trying a 3 legged oauth flow. And it means that you did not provide the callback url in the request. Since you did not say which tutorial you have been using, let me point you to 2 sources - the Forge documentation tutorial here or the Learn Forge tutorial here
In both case, it is important to have the callback url defined in the application page on the Forge portal - If you are using your local machine, it should be something like http://localhost:3000/mycallback. The learnforge material tells you to define it as (see here):
http://localhost:3000/api/forge/callback/oauth
where the documentation tutorial says to use
http://sampleapp.com/oauth/callback
but here they assume you own the domain sampleapp.com which is probably not true. You need to replace sampleapp.com by your own domain or the localhost:port when developing your webserver on your local machine. Note it is important to use your true domain vs localhost when you'll run the code on your server, and update both your application page and your code to use the same definition. I usually setup 3 applications (dev: with localhost:3001, staging: with myapp-staging.autod3sk.net, and production: with myapp.autod3sk.net) - this is to avoid to have to edits keys all the time and make the application deployment a lot easier.
Now that your application is setup, you need to use that URL in your request as documented in the Oauth API. But all parameters should be URL encoded, otherwise the / character will be misinterpreted by the server. Failing to pass the correct and encoded URL parameter in the request will result in the error you are seeing.
Here is an example:
https://developer.api.autodesk.com/authentication/v1/authorize \
?response_type=code \
&client_id=MYCLIENT_ID \
&redirect_uri=MY_ENCODE_CALLBACKURL \
&scope=REQUIRED_SCOPES
after replacing the placeholders, it should look like this
https://developer.api.autodesk.com/authentication/v1/authorize\
?response_type=code\
&client_id=oz9f...k2d\
&redirect_uri=http%3a%2f%2flocalhost%3a3000%2fapi%2fforge%2fcallback%2foauth\
&scope=data%3aread
Copy this in your browser, and after logging and the consent page, the service should return to your browser with a URL like this:
http://localhost:3000/api/forge/callback/oauth?code=wroM1vFA4E-Aj241-quh_LVjm7UldawnNgYEHQ8I
Because, we do not have a server yet, the browser will error, but you can clearly see the URL returned to you with a code. You know need to copy that code into another request to get the final token. Here, we will use curl, but ideally both request and the callback should be handled by your server code.
curl 'https://developer.api.autodesk.com/authentication/v1/gettoken' \
-X 'POST' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=oz9f...k2d' \
-d 'client_secret=eUr...Q1e' \
-d 'grant_type=authorization_code' \
-d 'code=wroM1vFA4E-Aj241-quh_LVjm7UldawnNgYEHQ8I' \
-d 'redirect_uri=http://localhost:3000/api/forge/callback/oauth'
Ideally, all this needs to be done in your server code, like the learnforge tutorial teach you to do.

eBay errorId 1100: "Insufficient permissions to fulfill the request"

I've requested OAuth token with scopes:
https://api.ebay.com/oauth/api_scope/sell.account.readonly and
https://api.ebay.com/oauth/api_scope/sell.account
I generate a new OAuth Application Token for production and attempt to run getPrivileges as such:
curl -H "Authorization: Bearer myOAuthToken" https://api.ebay.com/oauth/api_scope/sell.account
Output is error message:
{"errors":[{
"errorId":1100,
"domain":"ACCESS",
"category":"REQUEST",
"message":"Access denied",
"longMessage":"Insufficient permissions to fulfill the request."
}]}
...but I expect a status return "200 OK". I know this curl call works when doing something like
curl -H "Authorization: Bearer myOAuthToken" https://api.ebay.com/buy/browse/v1/item_summary/search?q=myQuery
so the only thing I can think of is the scopes, but unless I'm mistaken the scopes are appropriate for the getPrivileges call. Am I missing something?
As found in this post there is a special clause that this call requires a token that was specifically generated through the authorization code grant flow. Instead of generating an OAuth straight from my User Tokens page, I walked through the grant flow and generated a token and it works.

Get activecollab api token from "trial" account, connect with postman

I'm trying to connect to ActiveCollab API trial account with Postman.
I'm stuck at the beginning, because I can't get the required token.
I tried unsuccessfully (got an error) to run the below command in CMD and Powershell:
curl -XPOST -d 'email=mymail#gmail.com&password=myPassword' https://activecollab.com/api/v1/external/login
Error:
curl: no URL specified!
curl: try 'curl --help' for more information
'password' is not recognized as an internal or external command,
operable program or batch file.
then I tried to make the call with postman GET and POST method
url: https://activecollab.com/api/v1/external/login?email=mymail#gmail.com&password=myPassword
with and without parameters, with basic authentication, no authentication and APIkey authentication.....
Also tryed with https://app.activecollab.com/205491/issue-token
with body type json:
{
"username": "mymail#gmail.com",
"password": "maypassword",
}
and with username and password in headers, with no success
Can anybody make or describe how to make a postman call to get the token and an simple example how to get/add project.
Does anybody know if this documentation is up to date?
It's described at this page:
https://developers.activecollab.com/api-documentation/v1/authentication.html
Your correct endpoint would be: https://app.activecollab.com/205491/api/v1/issue-token

How to get an authorization token from JuPyter hub using its REST APIs?

I want to start a notebook server as described here. I learnt that I need to get an auth token from this and so wanted to get the same, I have to use the api as described here. It always states "Method not allowed, 405". I am unable to figure out what is the right way to do this.
I tried the following post requests:
http://MY_JHUB_ON_K8S_SERVER.com/authorizations/token
with the body of JSON/Application:
{
"username": "aviral",
"password": "aviral",
}
The headers are:
[{"key":"Content-Type","name":"Content-Type","value":"application/json","description":"","type":"text"}]
In Postman, I had tried basic auth as well as no auth. In the basic auth, I pasted the username and password, while when there was no auth, I put the same in the json body
I expect to get the token so that I can start a server. Right now, regardless of the permutation and combination, I am getting 405.
This seems to be possible using the oath api endpoint but I wasn't successful.
Instead I run this command on the jupyterhub server to generate a token
jupyterhub token myusername
and then calls should work properly using the rest api:
curl --insecure 'https://myjupyterhubserver:8443/hub/api/users' \
-H 'Authorization: Token mygeneratedtoken'

Oauth2 and Spring-Security: Fail on authentication using Oauth2 and spring-security

I want to use Oauth2 and Spring-security with rest web service. I am new for this, i am trying to create configuration with the help of some websites. Still, i clearly not understand how and what is the flow for oauth authenticate for rest service. i am using latest dependencies Click on the link for see my configurations. I am using database for store clients information and tokens. when i trying to access the token, using follwoing url with post request and post body:
http://localhost:8080/empirecl-api/oauth/token
grant_type=password&username=a#a.com&password=password&client_id=my-client-with-secret&client_secret=ak_secret
The basic authentication pop-up box will appear. I am using chrome rest postman client. I have user table in my database where i store, username and password, when i enter those username and password, the authentication fail, If i use i my client_id and client_secret as a username and password, the authentication is fail. When i cancel the pop of basic authentication following json is return:
{
"error": "unauthorized",
"error_description": "No client with requested id: a#a.com"
}
I am unable to figure out what will happen.
When i trying to access following url with get reqquest:
http://localhost:8080/empirecl-api/oauth/authorize?grant_type=password&username=a#a.com&password=password
The following error will return:
{
"error": {
"error": "invalid_client",
"error_description": "Bad client credentials"
}
}
When i check the error in console, of eclipse, the follwoing error is display:
AuthorizationEndpoint:436 - Handling ClientRegistrationException error: No client with requested id: null
How i resolve this problem and how to use Oauth with my rest api. I also want to secure my all rest url with Oauth.
There are a couple of things wrong here.
You are using the wrong endpoint - the request should be to the token endpoint, not the authorization endpoint.
It should be a POST request - you shouldn't be passing the parameters in the URL
You are confusing when the user has to authenticate and when the client does - the server was looking for Basic credentials from the client but you were entering the username.
See the oauth2 spec section on using the resource owner password grant.
The client needs to authenticate and, as porterhead points out, you can do this using Basic authentication. The spec does also allow passing of the client id and secret as post parameters, but prefers Basic authentication.
You should probably make sure you understand a bit more about how OAuth2 works, and perhaps expand your question to explain why you want to use it and why you've chosen this particular grant type.
You need to pass your client username and password as a Base64 encoded Authorization header.
Try using curl. Here is an example:
curl -v -X POST \
-H "Content-Type: application/json" \
-H "Authorization: Basic MzUzYjMwMmM0NDU3NGY1NjUwNDU2ODdlNTM0ZTdkNmE6Mjg2OTI0Njk3ZTYxNWE2NzJhNjQ2YTQ5MzU0NTY0NmM=" \
'http://localhost:8080/empirecl-api/oauth/token?grant_type=password&username=a#a.com&password=password'
I have a working example described here