I currently am using the Microsoft Office 365 API to get information about Mailbox Usage and Activity. I am attempting to switch over to the Graph API, and am having some trouble.
When I use the current API, I give an 'auth' field in my header so I avoid posting for a bearer token before sending a GET request.
When I attempt the same in the Graph API I get the following error: "CompactToken parsing failed with error code: -2147184105"
After doing some research, I'm unsure if it is even possible to access the Graph API without posting for a bearer token. I would like to access it by still using the authorization credentials in a 'auth' field. Please let me know of any input/help you can provide!
If I follow correctly, you're looking to obtain a bearer token without going through a separate "POST" to convert the authorization code into an access (bearer) token? This is supported by the v2 Endpoint (and Microsoft Graph) using the Implicit Grant.
I wrote an article on this a while back that might be helpful getting you started - v2 Endpoint and Implicit Grant
Related
I have followed multiple threads but unable to resolve the issue. With the following endpoint:
https://demo.docusign.net/restapi/v2/login_information
getting 200 and accountId, but when I try to POST with following:
/restapi/v2/accounts/{accountId}/envelopes
I get the following error:
401 - One or both of Username and Password are invalid
You need to obtain a valid access token using OAuth either Auth Code Grant, or JWT. You are either attempting to use an expired token, no token at all, or you are using an older authentication mechanism no longer supported. Please use official documentation by DocuSign.
Note these URLs are for old v2 API, need to use v2.1 API
Recommend you try the Python Quickstart as it configures all you need to make API calls for you.
I'm trying to use the API below to get access to a key vault.
https://learn.microsoft.com/en-us/rest/api/keyvault/keyvault/vaults/get
When I try to run this API in Alteryx, it asks for a authorization header.
I'm not sure what information I need to provide in this authorization header in order to get access to the specific key vault.
Can someone please share some knowledge on this?
enter image description here
Thanks
Azure Key Vault describes its request authentication in the Authentication section of this Authentication, requests and responses documentation:
Access tokens must be sent to the service using the HTTP Authorization header:
PUT /keys/MYKEY?api-version=<api_version> HTTP/1.1
Authorization: Bearer <access_token>
The access token is a token string that can be obtained via OAuth2 authentication. An easy way to obtain access tokens for Azure resources in Python is with the azure-identity library, which can be used with the azure-mgmt-keyvault library to make the request you're describing here.
If you'd like to use plain REST requests instead, access tokens are described thoroughly in this Microsoft identity platform access tokens documentation.
Disclaimer: I work with the Azure SDK for Python.
I cannot figure out that how can I get a GET request and authorize them using token-based authorization where I have only consumer and token keys with their secrets.
Search for token based authentication for restlets.
e.g.
Looking for example Python code for Netsuite API using OAuth?
The concept remains the same - you need to add the authentication data to the header when you make the GET request.
I am developing an app that creates a public Spotify playlist for a user who has given proper authorization to do so.
I am using Flask and Python requests library to accomplish this, but after I've sent a few consecutive POST requests to get an access token from Spotify (using authorization code obtained from previous logic), it begins to fail. I am referring to Step 4 of Authorization Code Flow from this link: https://developer.spotify.com/web-api/authorization-guide/#authorization_code_flow
I know the authorization code is valid, because it doesn't fail for the first few times I run the request (maybe 5-10 times).
When I print the response from the POST I get the following:
{'error_description': 'Authorization code expired', 'error': 'invalid_grant'}
I assume I am not using the authorization code fast enough to get an access token (after repeatedly failing on code logic before the access token POST request, I guess?) but how am I supposed to reset and refresh the authorization code so I can keep making requests repeatedly? Any info on how long I am disabled and generally good programming practice to avoid this scenario?
When you use the authorization code to get your access token, you will also get a refresh token back in the same message. Use that refresh token to request new access tokens, when the access tokens expire.
How to use the refresh token is written on the same page you linked to, just a bit further down: https://developer.spotify.com/web-api/authorization-guide/#request-access-token-from-refresh-token
I agree that this is not the easiest to understand, but there are good reasons for all these things. It is also a standard called OAuth2, which many websites use to let users authorize apps to access their data, so it is useful in a lot of places.
In this specific case: "why do I need a refresh token to get an access token, I already have an authorization code to get an access token?", it is because the authorization code has leaked to the outside because it was returned to you via the user's browser.
An authorization code is obtained when the user grants permission for the third-party application (the Client). As per OAuth's 2.0 specification the authorization code must be used once and it's recommended that it have a maximum lifetime of 10 minutes to mitigate security flaws.
Read more about authorization code here:
https://www.rfc-editor.org/rfc/rfc6749#section-4.1.2
On the other hand, instead of boring the user to go through all the OAuth 2.0 dance again (to authenticate and to grant permissions), the server side of Client application can use Refresh Tokens to ask for a new token when it's expired.
More about refresh tokens can be found at section 10.4 of OAuth 2.0 spec.
https://www.rfc-editor.org/rfc/rfc6749#section-10.4
So I am working with the foursquare venue-push api. I have set-up https on my dev server, the auth token seems to be correct. I am getting a 403 Forbidden error which means
403 Forbidden:
The requested information cannot be viewed by the acting user, for
example, because they are not friends with the user whose data they
are trying to read.
Also according to docs: Although authentication succeeded, the acting
user is not allowed to see this information due to privacy
restrictions.
Now the twist is that I am following everything according to Foursquare realtime API.
I am the manager of a venue and I have authenticated the app. The error says that the auth_token is correct but I am not authorized to see the contents.
Now my questions is that how is the POST response by foursquare api trying to figure my identity?
I do get a POST on my dev server.
I have also tried to follow the flow given in this question
I have also tried: venue giving authorization to the app, but it still gives me the same error.
Any help would be appreciated.
PS: I am working on the django framework and the venue endpoint api is working perfectly.
Found the answer. It was a django thing. needed to exempt csrf, since django requires csrf.