Using the following header as specified in the facebook developers site, an access token is received
Step 1:
https://www.facebook.com/dialog/oauth?client_id=...
&scope=publish_stream
&redirect_uri=https://apps.facebook.com/example/
Step2:
https://graph.facebook.com/oauth/access_token? client_id=.....&redirect_uri=https://apps.facebook.com/example/&client_secret=....
&scope=publish_stream
&code=AQALNcjIpXfqYiegdhqlpJYRa1XXwIhPdxnyehE-bf3PjNUYk2dKQlVDG3vy4xgmR4gwbe7t7qoOwfR2gpAk4vY4PeBga6w2BvM_rTDHzUfQ73koPMMlrXdGqeSPyNds9Wy3ccWufrMzjQpmo52xYPD4QZuvNnvObIY3ICxu5XxOG4HgV-OFR_JLsTD8ThXoFH5LpJlM76ynthcOz2TovbTq#=
After step 2 an access token is received .
Can this access token be used in oauth signature header? when used inoauth signature header its returning " use a valid access token"
Facebook is not expecting oauth signature header.
Related
Im trying to get a 3-Legged Token with Authorization Code Grant:
https://forge.autodesk.com/en/docs/oauth/v2/tutorials/get-3-legged-token/#step-3-exchange-the-authorization-code-for-an-access-token
I managed to get my token in the URL like the tutorial says in step 2:
Redirected URL to get the Token
Its also no problem to extract it out of the URL.
But my problem is, that when I step back to my index.html of my application the token is not valid anymore.(I think it refresh already)
How can I step to my application after getting the token?
URL of my App
Thanks!
In our application we have a angular frontend app which has Autodesk login for BIM 360 document. After user is logged in frontend we are retrieving 3 legged authorization code from Autodesk and pass it to C# backend where we are using the code to get the access_token and refresh token.
We are using this to get the authorization code -
https://developer.api.autodesk.com/authentication/v1/authorize?response_type=code&client_id={client_Id}&redirect_uri={callbakcurl}&scope=data:read
Using this to get access_token from the code -
https://developer.api.autodesk.com/authentication/v1/gettoken
We are getting the below error -
{
"developerMessage": "The authorization code/refresh token is expired or invalid/redirect_uri must have the same value as in the authorization request.",
"errorCode": "AUTH-004",
"more info": "https://forge.autodesk.com/en/docs/oauth/v2/developers_guide/error_handling/"
}
We make sure that our redirect_url is correct/same to get the authorization code and get the access_token.
Can anyone help me with how long this authorization code is valid for?
A couple of things to check:
As #KingJ mentioned already, make sure that your redirect URL is url-encoded; same for the scopes, I believe the : symbol (and spaces if there are multiple scopes) should also be encoded
Note that the code you obtain from the first HTTP call is only valid for a very short amount of time (units of seconds); you should make the second HTTP call as soon as you have the code available, otherwise it'll expire
What is the body of the 2nd request? Are you setting all the params marked as required in the docs?
I'm trying to create a bucket with the POST buckets endpoint. However, I cannot seem to do this: When attempting to do so with a Three-legged token, I receive the error:
"Only 2 legged service tokens are allowed to access this api."
But when I use a two-legged token (with the same scopes):
"Token does not have the privilege for this request."
What am I doing wrong? I'm using NodeJS with the Request library.
You might want to check your Token have the correct scopes in this case you need bucket:create as part of your token scopes.
More about it here. https://forge.autodesk.com/en/docs/oauth/v2/developers_guide/scopes/
I try to bind to an Exchange Webservice (EWS) using a bearer token retrieved from Outlook through the Office-js platform (using the EWS java API library). I'm getting the following in the HTTP response from Exchange though
x-ms-diagnostics: 2000003;reason="The hostname component of the audience claim value is invalid. Expected 'exchange2013.xxxxxx.com'. Actual 'webmail.xxxxxx.com'.";error_category="invalid_resource"
When I ask Outlook what the EWS url is via:
Office.context.mailbox.ewsUrl
I get the exchange2013.xxxxxx.com address. The token I retrieve via
Office.context.mailbox.getCallbackTokenAsync()
contains the webmail.xxxxxx.com address (this is visible when I Base64 decode the token string). What exactly is going wrong here? How come the EWS URL and token domain are different?
I have an "access_token" by requesting "https://www.box.com/api/oauth2/token".
By Using this "access_token" , I need to get the folders and files from box.com.
For this , I am making a request like:
https://www.box.com/api/2.0/folders/0?access_token=" + access_token1
But I am getting Null as response.
Some times, I am getting "In-sufficient Permission" error message. i.e 403 error.
But , if send the same request via browser i am getting all the folders and files.
Where Exactly I am getting problem?
If you post related code, would be useful for me?
Thanks
Sarath.T
Access tokens are sent as part of the authorization header, not as a GET query string parameter. The authorization header looks like this:
Authorization: Bearer
Check out the "Using Your Access Token with API V2" section on http://developers.box.com/oauth/