Using the official python library we get this issue at after a few requests.
The same code works on one request and then breaks in the second request.
requests.exceptions.HTTPError: 401 Client Error: Unauthorized for url: https://api.soundcloud.com/oauth2/token
This happens on our test account. We need this to work as we have an issue with our pro account which we need to replicate on our test account so we can safely work on this.
The error happens on the creation of the client instance - it does not make it to the "print" statement that follows. All the API keys and username/password details stay the same and are correct but continue to fail on some occasions and succeed on others.
client = soundcloud.Client(client_id=SC_CLIENT_ID,
client_secret=SC_CLIENT_SECRET,
username=SC_USERNAME,
password=SC_PASSWORD)
print (client.get('/me').username)
The system we have only uploads/manages data from our own account.
Related
I'm attempting to test REST APIs authenticated by tokens. The process is:
Provide username and password to get a token
Extract the token and save it into a variable in Jmeter (AUTH_TOKEN)
Set the header 'Authorization' with the extracted token value.
Send a request using the token.
This is my test plan:
I could extract tokens successfully. However, sending requests in step 4 is failing because of missing authorization. The View Result Tree shows that the requests contains authorization headers, but the server couldn't find authorization headers. As showed in the figure below, I added 2 headers Authorization and Content-Type and they appeared in the request. The server returned the headers it had actually received, but there wasn't Authorization:
Can anyone help me to fix this issue? Thanks so much.
P/S: the server implements RESTful APIs by Python and Flask framework. I deployed the server with Apache HTTP Server.
==========[UPDATED]========================
The server code is implemented with Flask in Pycharm. Everything is perfect when sending requests from JMeter to the server run with the embedded Flask server. The problem only appears when the server code is deployed with Apache HTTP Server. The configurations of JMeter in the above cases are exactly the same except the port. But if the cause is from Apache server, it doesn't seem reasonable.
==========[UPDATED & SOLVED]========================
I found the reason of my problem here Missing authorization header. Because of deploying the web application with Apache and mod_wsgi, Authorization headers are not passed to the application by default. I have to add this line WSGIPassAuthorization On into my virtual host configuration.
Please check if your api endpoint needs a request body with the "GET /regions" request. In your 2nd screenshot of the "Request" section "GET data:" section is blank. It mostly means that the server is expecting a request body along with your GET request.
My expectation is that your Extract token works incorrectly, i.e. your ${BEARER} variable has a blank line before the actual value as it evidenced by your screenshot.
Double check your ${BEARER} variable value using Debug Sampler and View Results Tree Listener combination: it should not contain blank lines. If it does - review your Extract token configuration and amend it to return solely header value.
It is recommended to use JSON Extractor for getting values from JSON data type.
I am developing an app that creates a public Spotify playlist for a user who has given proper authorization to do so.
I am using Flask and Python requests library to accomplish this, but after I've sent a few consecutive POST requests to get an access token from Spotify (using authorization code obtained from previous logic), it begins to fail. I am referring to Step 4 of Authorization Code Flow from this link: https://developer.spotify.com/web-api/authorization-guide/#authorization_code_flow
I know the authorization code is valid, because it doesn't fail for the first few times I run the request (maybe 5-10 times).
When I print the response from the POST I get the following:
{'error_description': 'Authorization code expired', 'error': 'invalid_grant'}
I assume I am not using the authorization code fast enough to get an access token (after repeatedly failing on code logic before the access token POST request, I guess?) but how am I supposed to reset and refresh the authorization code so I can keep making requests repeatedly? Any info on how long I am disabled and generally good programming practice to avoid this scenario?
When you use the authorization code to get your access token, you will also get a refresh token back in the same message. Use that refresh token to request new access tokens, when the access tokens expire.
How to use the refresh token is written on the same page you linked to, just a bit further down: https://developer.spotify.com/web-api/authorization-guide/#request-access-token-from-refresh-token
I agree that this is not the easiest to understand, but there are good reasons for all these things. It is also a standard called OAuth2, which many websites use to let users authorize apps to access their data, so it is useful in a lot of places.
In this specific case: "why do I need a refresh token to get an access token, I already have an authorization code to get an access token?", it is because the authorization code has leaked to the outside because it was returned to you via the user's browser.
An authorization code is obtained when the user grants permission for the third-party application (the Client). As per OAuth's 2.0 specification the authorization code must be used once and it's recommended that it have a maximum lifetime of 10 minutes to mitigate security flaws.
Read more about authorization code here:
https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2
On the other hand, instead of boring the user to go through all the OAuth 2.0 dance again (to authenticate and to grant permissions), the server side of Client application can use Refresh Tokens to ask for a new token when it's expired.
More about refresh tokens can be found at section 10.4 of OAuth 2.0 spec.
https://www.rfc-editor.org/rfc/rfc6749#section-10.4
I have a script that is using the Live Connect REST APIs to refresh an OAuth 2.0 access token. The script has been working without problems for a couple of years, but recently broke with an apparent change in Live Connect API URLs.
Originally, I used these URLs to perform OAuth authentication:
_https://login.live.com/oauth20_authorize.srf
_https://login.live.com/oauth20_token.srf
Yesterday, when attempting to run the script I received the error:
hostname 'login.live.com' doesn't match u'api.login.live.com'
So, I changed the url to "api.login.live.com" but then received a 404 during the request as _https://api.login.live.com/oauth20_token.srf doesn't seem to exist.
Interestingly, _https://login.live.com/oauth20_token.srf does yield the expected result when accessed via the browser.
Any ideas on what might be going on?
Potentially interesting data:
Browser is Chrome running on Windows 10
Script is written in Python 2.7 using the requests 1.0.4 package
(Note that my reputation doesn't allow for more than 2 links, thus the funky decoration).
Should someone find themselves in a similar situation, the fix was to add the parameter "verify=False" when calling requests.post.
So I am working with the foursquare venue-push api. I have set-up https on my dev server, the auth token seems to be correct. I am getting a 403 Forbidden error which means
403 Forbidden:
The requested information cannot be viewed by the acting user, for
example, because they are not friends with the user whose data they
are trying to read.
Also according to docs: Although authentication succeeded, the acting
user is not allowed to see this information due to privacy
restrictions.
Now the twist is that I am following everything according to Foursquare realtime API.
I am the manager of a venue and I have authenticated the app. The error says that the auth_token is correct but I am not authorized to see the contents.
Now my questions is that how is the POST response by foursquare api trying to figure my identity?
I do get a POST on my dev server.
I have also tried to follow the flow given in this question
I have also tried: venue giving authorization to the app, but it still gives me the same error.
Any help would be appreciated.
PS: I am working on the django framework and the venue endpoint api is working perfectly.
Found the answer. It was a django thing. needed to exempt csrf, since django requires csrf.
After completing the oAuth handshake with Intuit Anywhere (AI), I use the API to get the HTML for the blue dot menu. Sometimes, the expected HTML is returned. Other times, I get this message
This API requires Authorization. 22 2013-01-10T15:32:33.43741Z
Typically, this message is returned when the oAuth token is expired. However, on the occasions when I get it, I can click around in my website for a bit or do a refresh, and the expected HTML is returned. I checked the headers being sent and, in both cases (i.e., when the expected HTML is returned, and an error is returned), the request is exactly the same. I wouldn't be surprised if this was a bug in Intuit's API, but I'm trying to rule out any other possibilities first. Please let me know if you have any thoughts on how to fix this. Thanks.
Update: It seems the problem is occurring only when I do a refresh. This seems to be the case both in Firefox and Safari on OSX. It sounds to be like a Javascript caching issue.
I received this error as well and am posting this as pointer for other who stumble upon this. Error Code 22 (Authentication required) for me meant that the OAuth signature was wrong. This was confusing because I couldn't find this error listed in the Quickbooks documents for reconnect.
I was signing the request as a "POST" request instead of a "GET" request which is what Quickbooks requires for calls to the reconnect endpoint.