I am using dotnetopenauth and working with google api. My problem is to get authorization code from my saved refresh token. If i can get that code then i can get accesstoken. i want to get that code not accesstoken directly. I was unable to find any method or url of end point which can return me authorization code from my refresh token. Thanx in advance
I think you have the OAuth 2 flow confused. Authorization codes do not come from refresh tokens. It's the other way around: you get refresh tokens in exchange for a one-time-use of your authorization code. Access tokens are obtained in any of three ways
In exchange for a refresh token.
In the initial exchange for the authorization code that returns both a refresh token and an access token.
OR, if you're using the implicit grant type instead of the authorization code flow, you get the access token in the url #fragment in response to the user's authorization redirect, but this only applies to JavaScript executing on the browser since fragments are not sent to web servers.
Related
i register on https://bridgedataoutput.com/ for using bridge data api. as per documents
https://bridgedataoutput.com/docs/platform/API/zg-data#Zestimates
require access token. how I get access token ?
after login , I get detail of Client id, Client Secret and Server Token. i try server token but give me authorization error.
I try to do get request on this below API link
https://api.bridgedataoutput.com/api/v2/zestimates_v2/zestimates?access_token=P7cbhWXt2PLOGOHbctzuOJ1qF2mJYSSF7cI1IrUabGdt3u2IGMiFzu5XLCNk&address=%22123%20Main%20Street%22
Response
{"success":false,"status":403,"bundle":{"name":"AuthenticationError","message":"Invalid access_token format"}}
I had the same issue, and Bridge support said to use the Server Token as the access token. It needs to go in the URL, not as a header when I tried it. Here's an example.
https://api.bridgedataoutput.com/api/v2/OData/[DATASET_ID]/[RESOURCE]?access_token=[SERVER_TOKEN]
Zillow Public Records, Zestimates and Econimic Data does need additional approval. Please confirm in https://bridgedataoutput.com/data/feeds.
I have a code that authenticate using Azure AD
I'm using openIdConnect Lib to authenticate with azure AD.
The scenario as below:
user open the URL of the app.
the app redirect user to Azure AD to authenticate
get the id token & access token
then AzureActiveDirectoryAuthMiddleware get the context and continue the scenario
this scenario is happenning from the UI, i need to know if i need to pass step number 3 (id token & access token) from postman and the middleware will continue the flow, how i can do this flow?
because my app will be used from UI and from postman
Using c# owin
if you want to check/test the middleware(some REST endpoint) functionality using the tokens through Postman, then copy the AccessToken and open Postman, set the Authorization type as Bearer and add the AccessToken as BearerToken and test the REST call.
Please make sure that the token added should start with Bearer (example - Bearer xyzabc)
I have an identity server implementation that works perfectively with jwt tokens and two different clients that access it.
Mr Console authenticates using client_credentials
Ms Website authenticates using pkce
In both cases when using jwt tokens I can get the claims with only one issue. The size of the token is getting out of hand and we'd like to use reference tokens instead.
I changed the token type from Jwt to Reference and can now get the claims for Ms Website by calling the user info endpoint and passing in the reference token. Great!
The problem I have is that I cannot seem to get the claims for Mr Console.
I cannot call the user info endpoint because it expects a user and throws an error "Token contains no sub claim" - which it wouldn't as I'm using client credentials.
I cannot call the introspective endpoint as it appears to only be available to internal apis and fails with the error "API unauthorized to call introspection endpoint".
How can I get the claims from within my client console application when provided with a reference token and not a jwt? Is there a way?
Thanks
Because you are using the client credentials flow you have no user claims available.
However you have Client claims that you can use instead, have you considered to use those instead of userclaims?
I'm trying to get a bearer authentication token from a browser web page.
I'm using selenium and previously I could login to our URL and the bearer token was displayed in a form field. Now it has changed and the token is hidden. How can I extract that token and store into a variable?
This was my previous code (i know it's not great but I am not a developer by any means)..
IWebElement tokenField = getDriver().FindElement(By.XPath("/html/body/div[2]/div[2]/div[2]"));
string token = tokenField.Text;
restClient.Authenticator = new OAuth2AuthorizationRequestHeaderAuthenticator(token, "Bearer");
request.AddHeader("Accept", "application/json");
Any help would be appreciated. I am very new to OAuth2 and just security in general.
Usually you won't be able to find sensitive data like auth token displayed in the FE.
If the token is hidden and you cannot take it from FE or DOM, you can login using API calls and from there to get the token which can be used in the further requests.
If you're working within a development team, you can ask a dev to guide you with this and provide login url and other necessary stuff.
I've been trying to consume an authorized ASP.NET Odata Web API by using an Odata client. I do know how to set the header with the token for the client, but where should the token be kept for re-use?. Because the Authorization header has to be set with each request, not just once. To be more precise, this is what I am down to:
Get user's credentials, pass them back to the API.
Get token.
Set the header for the Odata client with the token value.
I am struggling with the actions to be taken between 2nd and 3rd step: Where should the token be kept, so you could keep setting the Odata client Header with it?
This is how I set the authorization header value.
EDIT: In regards to the comment, I might've not clearly specified the issue. The problem arises, because controllers will be created for every request and will be garbage collected "sometime after" the request has completed. So, the token value will be gone.
have a look here, they are storing it in a cookie. If you do not want to expose the actual token on the client side, store it somewhere near your e.g. user profile / session, or store the token with a generated id in a lookup-table and save the id to a cookie.
this is another approach using ASP.NET Identity and ApplicationCookies