drf social-oauth2 access_denied ,Your credentials aren't allowed - python-social-auth

I'm trying to use this package https://github.com/RealmTeam/django-rest-framework-social-oauth2
In Google Example
When I try to request an access_token by
curl -X POST -d "grant_type=convert_token&client_id=<django-oauth-generated-client_id>&client_secret=<django-oauth-generated-client_secret>&backend=google-oauth2&token=<google_token>" http://localhost:8000/auth/convert-token
it's saying
{"error":"access_denied","error_description":"Your credentials aren't allowed"}
What should I put in
django-oauth-generated-client_id and django-oauth-generated-client_secret
is that the thing where you create new application or should I put the google's client and secret ids
I try both but still not working.
Also in
token=<google_token>
I try to put the Authorization code or the access_token in this image but still not working
enter image description here
Can someone help thank you

Related

Azure KeyVault Get Secret API responds with 404 or 401 error

I am trying to get a secret out of Azure Key Vault. It is a very simple Restful API call. For example for all key, it is as simple as this:
GET {vaultBaseUrl}/secrets?api-version=7.0
where vaultBaseUrl is provided in Azure Console as Vault DNS name.
I am using console mode for testing
https://learn.microsoft.com/en-us/rest/api/keyvault/getsecrets/getsecrets#code-try-0
But the return value if always 404.
When I try curl in the Azure console, it gives 401 - Unauthorized.
However I can use the command line to get the secret out.
Is there any secret to making the restful call and curl work to get the secret out? All these situations use the same credentials.
A side questions is, that on the micorosft api testing page there is a 'Request Preview' section with a green Run button, almost as if it is inviting you to run the api, but the link is to learn.microsoft.com and the copy button on the box is disabled. I have never seen so many problems in one place, so I am thinking may be I don't understand something here.
The doc seems not to be correct. If you want to get the secret, you could use the Client credentials flow to get the access token and use it to get the secret.
Follow the steps as below.
1.Register an app in the Azure Active Directory, see this link. Get the application id and key, see this link. Add the service principal in the Access policies in your keyvault with the correct secret permission(just search the name of your AD App then add it).
2.In the postman, send a request to the url
POST https://login.microsoftonline.com/{your tenant id}/oauth2/token?api-version=1.0
Request body and complete sample(client_id and client_secret are the application id and key in step 1):
3.Copy the access_token in step 2, then use it as an Authorization token to call the api:
GET https://yourkeyvault.vault.azure.net/secrets?api-version=7.0
Besides, if you want to use CURL to get the secret, try the one like below. The TOKEN is the same with the access_token in step 2 above.
curl -X GET -H "Authorization: Bearer [TOKEN]" https://yourkeyvault.vault.azure.net/secrets?api-version=7.0
For more details about getting access_token via curl and complete steps, you could refer to this link. Don't forget to change the resource to https://vault.azure.net in the Request the Access Token step.
Pass Bearer token.There will be an Url to generate a token and pass it to authentication then u will donot get the error.

unable to call REST API from browser

My REST API with basic authentication works fine using Rest client (Google Chrome extn).
The same also working fine with below Curl command:
curl --header "Accept:application/json" -i --user user1:user1Pass http://localhost:8080/authenticate
But when testing the same in browser I'm getting 404 not found error. The browser URL: http://user1.user1Pass#localhost:8080/authenticate
Can anyone please help me on this?
You're using a period instead of a colon.
The format of the url should be http://user1: user1Pass#localhost:8080/authenticate
The main point is you need to separate username and password by colon.

How to run Facebook's curl codes?

Im new to php n curl.. Im going to use Facebook's OGP for my facebook app that im using in my website..I created OPG setings for publish my app activities to the users profile.
https://developers.facebook.com/docs/beta/opengraph/tutorial/
After i have setup accouring to the Tutorial(above url) they give me curl code like
curl -F 'access_token=AAACAwq1JHZA0BAA94uB50n7O71B6PmMUsFAydKBKCv1HcdJw9NwK8MZC83vL2YqUXojQ0aXH8EBjTweKHQTr4bZBKlgkOJ0nB5dBDu6A09UbI0lmXZBs' \
-F 'friend=http://samples.ogp.me/205849716166552' \
'https://graph.facebook.com/me/yalumalu:add'
and
curl 'https://graph.facebook.com/me/yalumalu:add?access_token=AAACAwq1JHZA0BAA94uB50n7O71B6PmMUsFAydKBKCv1HcdJw9NwK8MZC83vL2YqUXojQ0aXH8EBjTweKHQTr4bZBKlgkOJ0nB5dBDu6A09UbI0lmXZBs'
I don't know how to run these codes in my site..Tutorial says something else there no curl codes in tutorial that given by facebook.. I tried alot.. Someone please help me to do this..
cURL is a simple way to HTTP GET/POST/DELETE requests.
If you need to achieve similar behaviour in your site you need to choose a language that supports sending these requests.
For example you can use PHP and cURL options as well as the PHP SDK or you can use JavaScript to do the same with the JS SDK

Github v3 API - create a REPO

I’m trying to use the Github v3 API - I already implemented the required OAuth flow and it works well.
Now I’m trying some of the Repos API endpoints (http://developer.github.com/v3/repos/).
So far, I’m able to get a List of my repos using: GET /user/repos
However, when I try to create a repo using POST /user/repos, I get a 404.
Any thoughts what I might be doing wrong?
Joubert
Can you please tell us how exactly you did the HTTP request? The 404 sounds like you were using a wrong path, probably. But to give a reliable answer instead a wild guess, we need to see your request, including how you are sending your token, just mask it with 'xxx' or something.
I'll show you in the meantime an example request, that is working:
curl -XPOST -H 'Authorization: token S3CR3T' https://api.github.com/user/repos -d '{"name":"my-new-repo","description":"my new repo description"}'
You would need to replace the OAuth token of course: S3CR3T
I had the same issue. The reason why you are getting a 404 with your oauth access token is that when you authorize to github you need to also additionally pass the scopes you want. For example, in the header you should see "X-OAuth-Scopes: repo, user", which means this user has read/write access to his profile and repositories. Once you have set the correct scopes you should be able to do POST/PUT requests just fine.
To see whether or not you have the correct permissions. You can do something like the following. Substitute the XXXXXXX with your access token.
curl -I https://api.github.com/user?access_token=XXXXXXXX
For creating repositories as a user you can use an personal access token and basic auth, which can be much simpler when you are fluffing around on the command line and have 2FA enabled.
curl -d '{"name":"test"}' -u githubuser:personaccesstoken https://api.github.com/user/repos
Create a personal access token here https://github.com/settings/tokens and make sure it has the 'repo' scope.
This script lets you read in in the token and project name as variables so you can use it in a script
#!/usr/bin/env bash -u
#
TOKEN=`cat token_file`
PROJECT=myproject
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' -d '{"name": "'"$PROJECT"'"}' https://api.github.com/user/repos?access_token=$TOKEN

Facebook - How can i make API calls on behalf of a user?

Okay.. i got the offline access session key
Can some please tell me how can i update my FB status using the offline access session key i have ?
Looked in the Graph API and PHP SDK but nothing helps
I assume when you say 'offline access session key' you mean the oauth access token.
Take a look at the 'Publishing to Facebook' section here: http://developers.facebook.com/docs/api#publishing
There is even a short example using curl:
curl -F 'access_token=...' \
-F 'body=Hello, Arjun. I like this new API.' \
https://graph.facebook.com/arjun/feed