I am using The Chrome App for Postman and I am setting up my Access Tokens using OAUTH2. When I fill out the form, I am using the following:
Auth Url: https://[MY_API_URL]/api/authorize
Access Token URL: https://[MY_API_URL]/api/request/token
Client ID: xxxxxxxxxxx
Client Secret: xxxxxxxxxx
Scope: blank
Grant Type: Authorization Code
The callback url in my outh server is set to "https://www.getpostman.com/oauth2/callback"
When I click Request Token, I am taken to the proper Authentication page. When I submit my credentials, a new Chrome tab opens up with a blank page with the url https://app.getpostman.com/oauth2/callback?code=xxxxxxxxxx
I expect that this is supposed to redirect to the app so it can perform the access token request. from the access token url, but nothing is happening. Is this not the right callback uri?
This is an old question and things have changed since.
Google deprecated Chrome Apps, so Postman had to deprecate their old Chrome App client too, and so the old redirection URL (https://www.postman.com/oauth2/callback) no longer works.
According to this, with the more recent versions of Postman, the new redirection URL is https://oauth.pstmn.io/v1/callback.
You have change your permission type. Use Client Credentials instead of Authorization
I also faced same problem.
Just change Grant Type: Authorization Code to Grant Type: Client Credentials.
It worked for me.
Certainly as mentioned in other comments, for client_credentials it would work but for the Implicit or Authorization Code, I used "https://app.getpostman.com/oauth2/callback" as the callback url and it worked. Also it need to be configured in the application settings in oauth provider.
I've been using this callback url:
https://getpostman.com/oauth2/callbackurl
Related
I'm trying to sync chrome extension and web app login. I'm currently using Next Auth to get the access token for a provider. Any one has experience with it ? I am able to send message from the web app to the extension with the access token, but not sure how I can authenticate the user in the extension.
You can get Google auth token and authenticate the user, it will ask user to choose g-profile & login. Here is code that works for me:
backgroung.js:
chrome.identity.getAuthToken({ 'interactive': true }, function(token) {
console.log("token: " + token);
});
I've changed my approach and turned to what worked earlier. I configured an API gateway to call the Google Cloud Functions and it called them with the appropriate permissions when I passed in an api key. I think it's erroring when trying to call the workflow because I didn't specify a resource. Not sure exactly though... It looks like the API key is working, but the OAuth is failing. My OAuth is configured with a fresh connection since I've made the workflow. It's authenticated on my end, I clicked my account in google and everything. I'm 99.99% sure the OAuth is configured correctly. When I called the GCP function with the API Gateway, I didn't have to use OAuth.
Is OAuth a requirement for the Workflows API? Are there any work arounds?
How to specify the params for the Workflow in the API Gateway config?
Named Credential:
Label GoogleCloudFunction
Name GoogleCloudFunction
URL https://workflowexecutions.googleapis.com
Hide Section - AuthenticationAuthentication
Certificate
Identity Type Named Principal
Authentication Protocol OAuth 2.0
Authentication Provider GoogleCloudAuth
Scope https://www.googleapis.com/auth/cloud-platform
Authentication Status Authenticated
Log from API Gateway:
httpRequest: {
latency: "0.039s"
protocol: "http"
requestMethod: "POST"
requestSize: "1269"
requestUrl: "/create-site-tracker-site?key=HIDDEN"
responseSize: "743"
status: 401
}
insertId: "48330ec2-7114-4270-b465-68ae6308bdc34850908905639612439#a1"
jsonPayload: {
api_key: "HIDDEN"
api_key_state: "VERIFIED"
api_version: "1.0.0"
http_status_code: 401
location: "us-central1"
log_message: "1.create_site_tracker_site_0s5865srg8pbr_apigateway_quick_hangout_329722_cloud_goog.CreateSiteFunction is called"
response_code_detail: "via_upstream"
}
API Config
# openapi2-functions.yaml
swagger: '2.0'
info:
title: create-site-tracker-site with auth
description: Create Site in Site Tracker using JSForce
version: 1.0.0
schemes:
- https
produces:
- application/json
paths:
/create-site-tracker-site:
post:
summary: Create Site
operationId: createSiteFunction
x-google-backend:
address: https://workflowexecutions.googleapis.com/v1/projects/us-central1-quick-hangout-329722/locations/us-central1/workflows/create-site-and-project/executions
security:
- api_key: []
responses:
'200':
description: A successful response
schema:
type: string
securityDefinitions:
# This section configures basic authentication with an API key.
api_key:
type: "apiKey"
name: "key"
in: "query"
Your HTTP request appears to include no "Authorization" header. Without this it is unlikely that you're call will succeed unless your Cloud Functions permit unauthenticated calls.
It's difficult to understand what you're doing because e.g. "works when I test it manually" is imprecise and provides little information about what you did. I assume (!?) you're using gcloud functions call which authenticates for you.
Please add more detail to your question include the commands that you tried and those that succeed and fail and include error messages.
The majority of Google's services are exposed as REST APIs and so you can invoke almost everything using simple HTTP commands.
Current work around is calling the workflow from a google cloud function, and then calling the function via API Gateway and passing a key. Gross but it works
I have a protractor selenium test for an angular2 that I run with protractor conf.js --params.login.username=John --params.login.password=Doe. The test shall try to log in to my backend and fail with access denied.
This is the conf.js:
exports.config = {
framework: 'jasmine2',
seleniumAddress: 'http://localhost:4444/wd/hub',
capabilities: {
'browserName': 'chrome'
},
baseUrl:'http://127.0.0.1:4200',
specs: ['mytest.spec.js'],
useAllAngular2AppRoots: true,
jasmineNodeOpts: {
showColors: true,
defaultTimeoutInterval: 30000
}
}
The webdriver was started with webdriver-manager start. The app loads fine and the test fills out the Auth0 popup as shown below. It then clicks the submit button. However, this leads to the error message below being shown instead of the login happening. If I understand correctly, Auth0 can't reach the auth server (which is not the issue when logging in manually).
The version of auth0 lock is 10.0.
Through browser.pause() I could verify that other non-localhost addresses like stackoverflow.com are accessible.
Any idea where this might come from and how to solve it?
Update:
In the developer console the following message is displayed.
XMLHttpRequest cannot load https://MYDOMAIN.eu.auth0.com/usernamepassword/login.
Response to preflight request doesn't pass access control check:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://127.0.0.1:4200' is therefore not allowed access.
The problem was, that the local url http://127.0.0.1:4200 was not listed in the auth0 dashboard under Allowed Origins (CORS), only http://localhost:4200 which I used for testing manually.
The issue was resolved by adding http://127.0.0.1:4200 to Allowed Origins (CORS) and adding the appropriate callback URLs to Allowed Callback URLs.
With the default configuration, I am unable to make XHRs in my Mithril app if I run its Sails server in localhost. All I get is:
XMLHttpRequest cannot load http://localhost:1337/json/test-realms.json. The 'Access-Control-Allow-Origin' header contains the invalid value ''. Origin 'null' is therefore not allowed access.
If I enable CORS with allRoutes: true, origin: '*' that problem goes away, and instead I get:
DOMException: Failed to execute 'replaceState' on 'History': A history state object with URL 'http://localhost:1337/#!/' cannot be created in a document with origin 'null'.
What exactly is the issue here?
Updates:
I am using sails lift as server.
The web app is loaded via http://test.pink. The domain is set to a LAN IP via the HOSTS file.
No resources are loaded via file:/// or localhost.
Turns out the problem was related to Content Security Policy. I had set sandbox 'allow-scripts' 'allow-forms', which as per this and this would treat the page as an iframe with an unique origin.
Disabling the sandbox policy or adding allow-same-origin suffices to fix it.
I am trying to talk to mysql from my Google Hangout app and the test code works fine from an HTML page, but gets blocked when I run it in the app .XML wrapper in a hangout.
There I get this in the console (I had to replace the URLs due to me being new here) :
<<<<<>>>>>
XMLHttpRequest cannot load XXXXXX MY file URL XXXXX. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https XXXXXX GOOGLE USER CONTENT XXXXX' is therefore not allowed access. ifr?url=app%3A%2F%2F609528936436%2Fhangout&container=hangout&view=default&lang=all&country=ALL&debu…:1
GET XXXXXX MY file URL again only with https XXXXX net::ERR_CONNECTION_REFUSED ifr?url=app%3A%2F%2F609528936436%2Fhangout&container=hangout&view=default&lang=all&country=ALL&debu…:1199
XMLHttpRequest cannot load XXXXXX MY file URL XXXXX. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https XXXXXX GOOGLE USER CONTENT XXXXX' is therefore not allowed access. ifr?url=app%3A%2F%2F609528936436%2Fhangout&container=hangout&view=default&lang=all&country=ALL&debu…:1
<<<<<>>>>>
What am I doing wrong? Thank you!
ANSWER Thanks to Gerwin Sturm:
Your problem seems to be that with the Hangout App running inside of an iframe hosted on Google servers your server refuses to send content to this different domain.
Two possible solution:
1) Set the headers on your server to allow cross-origin request. In your php script you should be able to do this by calling
header("Access-Control-Allow-Origin: *");
2) Use https://hangoutiframer.appspot.com, which allows you to run the hangout app on your own server, preventing CORS problems that way.