Is it possible to post as a page (which I'm an admin of) without authenticating myself in a browser? I have seen that, for example, Facebook Python SDK allows you to interact with Facebook API but it needs to get an authorization via a browser. Instead, I'd like to do that automatically.
I have created an APP so I have an APP_ID, an USER_TOKEN and using 'https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id=' + CLIENT_ID + '&client_secret=' + CLIENT_SECRET I got an Oauth Access Token but I can't find a way to achieve complete automation in posting a message to my page, so how can I accomplish that?
I just read about Authentication for Devices but I'm still not sure that it's what I want.
Thanks!
Related
What I'm trying to do is create a seamless transition where you login to cognito and one way or another you get redirected to your API Gateway resource that requires cognito token authorization automatically.
my understanding of how to solve this problem:
you login to cognito and are redirected to a public API Gateway endpoint that is a lambda function. The lambda function takes the code that cognito passed as a header and uses that to generate a token. Next I want it to redirect to my website that requires cognito authentication and be logged in.
I'm not even quite sure if this approach is the appropriate one to take but I'm struggling to find resources out there explaining how you go about this.
one more questions that might help me understand the problem better:
Are headers held by your current session when you redirect to another link? I ask this because I thought (or atleast this is what I've seen in the youtube tutorials I've watched) that authentication is essentially JUST a header. If you have a valid header token="long random key" then you're authenticated. You want this header to stay in your session when you hop around your website right?
Can you redirect to a different url from lambda and hold onto your headers? Cause this is essentially what I'm trying to do.
Also I highlight the word automatically because every single youtube video I've seen shows them saying oh just change the word code in the login url to token like this: "https://domain123.auth.us-west-2.amazoncognito.com/login?client_id=19shq1tf1n1&response_type=token&scope=aws.cognito.signin.user.admin+email+openid+phone+profile&redirect_uri=https://actuallywebsiteIwanttogoto.com"
but then the problem is that it gives the access_token in the hash of the url when you login successfully. These people showing how to use cognito are manually extracting the access_token from the url and calling a get request on there demo website with the access_token as a header manually. I wanna know how to automate this!!!
I used to query my financial data through Power Query in Power BI. Recently I've switched to doing it through a python script running on Google Cloud functions, triggered by Cloud Scheduler. (is this the best way?) It saves a csv file to GCStorage.
The party that provides the data I'm after is switching to oAuth 2.0 using either implicit or authorization code flow. I believe this means that somewhere in this flow a browser is opened where username and password must be entered. Also I need to give a redirect uri to this party, I'm not sure how to implement this in my current setup.
Anyone have an idea? More info about the API can be found here. https://accounting.twinfield.com/webservices/documentation/#/ApiReference/Authentication/OpenIdConnect
Usually the Authorization Code flow would be the way to go in your kind of application.
You will send a authentication request to their API(redirecting the user). They will authenticate the User and redirect the user back to your application, using the redirect URI you provided.
You can get an access token or ID token from their token endpoint using the code, your client id and your client secret.
I am sure this is an answered question somewhere, but I could not find a solution for me (if you know a duplicate feel free to mark it).
My goal is to query a RESTful API. To do that I need to authenticate. The only way available for me for this API is via web-browser.
Basically, I am loading URL which redirects to another URL. In the second URL, there is a form where I need to input username and password to authenticate. Currently, I input the credentials manually via a web browser.
My question is: Can I do this programmatically such that I don't have to manually input the credentials via a web browser?
Note: the webpage is not verified.
Attempt 1
I tried the following commands, but none worked:
curl -k -u username:password https://myurl:port
It did not return anything.
Attempt 2
BASE_URL = 'https://myurl:port'
username = 'username'
password = 'password'
r = requests.get(BASE_URL, auth=(username, password), verify=False)
print(r.status_code, r.reason)
it prints <Response [200]> but it does not authenticate. This is because when I try to query an API endpoint - it says I am unauthorized. When I input the credentials manually in the browser - then the endpoint query works.
Attempt 3
Finally, I thought (but did not do) I need some way to read the login page and input credentials by getting the html elements and then clicking log in (with selenium for example), but this seems too rough and error-prone. Maybe there is a more elegant way.
Any ideas of how I can do this?
Basically, I am loading URL which redirects to another URL. In the
second URL, there is a form where I need to input username and
password to authenticate
From your description it sounds like you are accessing an API using OAuth2 with the authorization code grant flow ?...which by design requires the user (=resource owner) to authorise (via the form) your app (=client) to access his/her data provided by the API (=resource server). in this case, using basic auth (Attempt 1 and 2) will not help you as the API expects a token, not username/password. you'd probably need a refresh token that does not expire and would allow your client to request a fresh access token each time it wants to access the API...
It all depends on the authentication mechanism used by your API...I'd first figure out if your API is indeed using OAuth2, and if so, learn about authentication flows (e.g. https://www.udemy.com/course/learn-oauth-2/) ...client credentials flow is probably what you'd want if the API allows for it...
update: Attempt 3 might be worth a try, i've never done it though. you might be able to send the credentials by submitting the corresponding form data via python requests...then that should in theory provide you with an authorization code which you can use to get a token...
Thanks for showing us your attempts.
If the attempt 2 returns 200 status code. It means it does work which means that basic auth works. Simple solution is to just pass auth=(username, password) to all of your api calls.
Or you can use requests.Session() to authenticate once and keep the session provided that server supports session authentication.
Hope this helps.
I am trying to download a file from a SharePoint Online data library via REST API which uses a multi-factor ADFS authentication, so far I found these posts (Post1, Post2) which talk about sending a SAML request to STS to receive a security token from https://login.microsoftonline.com/extSTS.srf, I have found multiple examples online which uses the same method to authenticate their requests. However, when I send the SAML request to the above Microsoft URL, I receive the error below.
AADSTS50126: Error validating credentials due to invalid username or password.
I have appropriate access to the SharePoint data library as I was able to get a valid response to an API request (to check available lists and not for authentication) when using a browser with authenticated session. Any idea on what I might be doing wrong or even if authentication is possible for MFA secured SharePoint library.
There is no official word in any Microsoft Documentation to confirm this. But MFA account + AAD token is not compatible.
You have to use a service account (username/password) without MFA enabled for it. This will work when you invoke the SPO web api using the service account for getting tokens.
When you have a browser session in open state, the token will be available in cookies & you will be able to access the library without issue. The same applies to POSTMAN or SOAP-UI testing.
Because MFA needs user interaction, this is not possible. Refer this github issue: Trouble spo login with an account with multi-factor authentication
We do "Application User" concept in Dynamics CRM for the same approach. Read more
I am writing a script to automate the process of regularly upload specific files to Box.
After reading the BOX API, I know I have to use client-id and client-secret to get an authentication url which open in browser, then I login in by username and password, click allow, then I get redirect to a url I provided with Auth Code attached to the end of this redirect url.
problem now is, I am writing a script not an web or mobile app. Therefore, I have to avoid these UI web html manual login.
Is there a way??? I can get this authentication url by code in python using BOX's python SDK.Then I can open a browser in python by webbrowser module then I can type in username/password. Then I get redirected. Maybe I can use some special redirect url to send auth code back to my code? I don't know how to do that.
Please help!
You should use JWT authentication.
Unlike the standard OAuth 2 flow, JWT will allow you to use your own identity
provider to bypass the application auth and redirect. Building with JWT will allow
you to hide the Box process behind the scenes.
Authenticate with JWT