Good day!
I get a problem.
I try do POST request from Postman, to my site, for auth, and everything alight, i got a response:
{"state": "authorized"}
But if, i do same POST request from my nest.js app to this site, i get an error like a - Maximum number of redirects exceeded.
I tried do this request trough axios, cross-fetch, HttpModule and etc. but every time i get this error...
I tried manually set "max redirect" param on 10, 20, 100, 1000+, and no thing changing... same error.
I try manually set "headers" from postman request, but no thing...
What i do wrong? Why same request from postman, works momentum, but from nest app, i got this problem?
Maybe i must manually set some settings for my request?
In my case, this helps me:
I just added in header of Axios request this:
Cookie: "laravel_session=<TOKEN_FROM_POSTMAN>"
I get this token from header of Postman request. I don't know what is this token... i hope it's permanent generated for my PC or etc. and he may works in future.
Related
I am submitting a request for data from the Binanance API as follows:
https://api.bscscan.com/api
?module=logs
&action=getLogs
&fromblock=24726622
&toBlock=24726632
&address=0x94084b7a8d80b2c3cc0dccd87cb6ae3cc67d364d
&topic0=0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
&apikey=JRYDR6FBWRKY5C8NMZJKFB8GEP1QHFQJQT
However, I can't get any data from this URL. I have double-checked, and I know that the parameters are correct.
Here is an example of using Binanace's API, which works well:
https://api.bscscan.com/api
?module=logs
&action=getLogs
&fromBlock=4993830
&toBlock=4993832
&address=0xe561479bebee0e606c19bb1973fc4761613e3c42
&topic0=0xddf252ad1be2c89b69c2b068fc378daa952ba7f163c4a11628f55a4df523b3ef
&apikey=YourApiKeyToken
Why is that working but mine not working?
I would highly suggest using Postman, which you can use to quickly test requests. I ran your request, with api-key, through Postman and was able to get a 200 response with data. See this screenshot.
Please note I blanked out the api key value. I suggest you do the same in your post unless its fake.
I had to remove the line breaks in the code you pasted. Could this possibly be the issue?
I'm trying to replicate a post request done normally by a website form via postman but the server returns 500 error.
the form website URL that I'm dealing with is here.
what I have done so far is investigate the network request using chrome or safari dev tools, copy the request as cURL, import the cURL in postman and do the request.
what can be the possible reasons for the failure and what are the alternative ways to achieve the same result?
Postman Headers:
Most probably you must have used invalid request body. The browser shows parsed json body and you might have copied incomple request body.
To get full body click view source and copy the full content.
I am confused. I've added headers to a request before and, for some reason, this one does not work as I want it to.
I'm trying to perform a post request to Linkedin following their documentation to get an access_token from an OAuth2 flow. I have the preliminary code to pass to the token endpoint, that is not an issue.
This is the sample request from the docs:
POST /oauth/v2/accessToken HTTP/1.1
Host: www.linkedin.com
Content-Type: application/x-www-form-urlencoded
grant_type=authorization_code&code={authorization_code_from_step2_response}&redirect_uri=hhttps%3A%2F%2Fdev.example.com%2Fauth%2Flinkedin%2Fcallback&client_id={your_client_id}&client_secret={your_client_secret}
I assume the Host header is to avoid CORS issues, but it just isnt being set. When I perform this request, my console gives me this 404:
Given that I know the Header is not 'unsafe', how do I go about setting it in this specific case?
Any help would be greatly appreciated, thank you!
My bad. Remove the Host header from config object and set it directly in the URL. Works just fine. I now have CORS Allow-Origin issues, but that's not related.
I'm following step by step guide on Microsoft's site (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#refresh-the-access-token), everything is working correctly but every time I try to refresh the access token, I get this error: AADSTS70000: Provided grant is invalid or malformed. error_codes: 70000.
I've created a Postman collection for testing, also downloaded the official postman collection from the Microsoft's site, everything is working correctly until the access token does not expire. When it expire, trying to refresh the token always lead to an error and I'm pretty stuck with it. I've double and triple checked correspondence between redirect_url, permission, grant, copy/paste errors, waited for the access_token to expire before trying to refresh... I've done almost 100 tests, and every time I'm stuck at the refresh part!
I start with doing the normal call to Microsoft Login API in my browser, and getting the code in query string from the browser (no problems here) (please note that client_id is URL encoded because, in my test environment, client id is an URL due to the configuration of the Drupal portan we're using, I'm truing to recreate the same behaviour in postman)
https://login.microsoftonline.com/{tenant_guid}/oauth2/v2.0/authorize?client_id={myclient_id_urlencoded}&response_type=code&redirect_uri={redirect_uri_urlencoded}&scope=offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fuser.read&state=12345
Then with the code in query string, i POST to the token endpoint:
POST /{tenant_guid}/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-url-form-urlencoded
cache-control: no-cache
Postman-Token: a0456a8d-6979-491f-b61e-86b5d614c577
client_id={myclient_id_urlencoded}
scope=https%3A%2F%2Fgraph.microsoft.com%2Fuser.read
redirect_uri={redirect_uri_urlencoded}
grant_type=authorization_code
client_secret={client_secret_urlencoded}
code=OAQABAAIAAADCoMpjJXrxTq9VG9te-7FXujKZhF...
I receive back an accesso token (that is working like a charm in accessing https://graph.microsoft.com/v1.0/me for an hour) and a refresh token. I would love to get a new pair of access/refresh token when the original access token expires, using the refresh_token grant_type
POST /tenant_guid/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-url-form-urlencoded
cache-control: no-cache
Postman-Token: 5d71f813-768e-476c-a97f-c109fba3165e
client_id={myclient_id_urlencoded}
scope=https%3A%2F%2Fgraph.microsoft.com%2Fuser.read
redirect_uri={redirect_uri_urlencoded}
grant_type=refresh_token
cclient_secret={client_secret_urlencoded}
refresh_token=OAQABAAAAAADCoMpjJXrxTq9VG9te-7FX8m6YMg-.....
But no matter if I try before access token expiration or after, closing and reopening postman, I always receive that error back. I've done almost 50 tests (always with the full round of login/authorization to use always a fresh refresh token) with no luck.
Seems like I'm missing something really stupid here because I can't imagine that everybody else is behaving correctly... but really can't find a way out!
So I just got mine working! Here are the required parameters I needed:
client_id = your client id
refresh_token = the refresh token here
grant_type = refresh_token,
client_secret = secret
NOTE: Everything I read told me to URLEncode the values. I found it worked with them UNENCODED - no idea if it will really make a difference or not. Since it is going in the body of the post, which means it is TLS encrypted.
The other important thing was the url I posted to. There seem to be so many examples and none seem to be consistent. I used this format:
https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
The last thing is to be sure you are using the correct app id. In my case I was using the appId for the wrong app and it didnt have consent. Hope this helps. I do wish Microsoft would make a concerted effort to spell out things consistently and think like someone who doesn't do security for a living.
Finally resolved thanks yo the Azure Support.
The problem is the client id: as I supposed before, Microsoft allow you to define another application name, but always want to use the GUID client id to submit any request. Unfortunately, it was warning me when I didn't url-encoded it, but did not alert me that it was not correct until I tried to use the refresh token.
So just read very very well the documentation: client_id: The Application (client) ID that the Azure portal – App registrations experience assigned to your app (so not the one you choose).
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
Maybe including a format validation in the documentation would help!
I am new to Sinatra and want to get it working with oauth2-provider gem. I followed instruction https://github.com/songkick/oauth2-provider#readme and looked at example. But after i've got access_token, i can't get information from Oauth endpoint using this. It generate 401 not Unauthorized error. From my application i do request
http://localhost:9292/me?access_token=, i've tried html request as well as json request, but without success.
Anybody faced with this problem ?
Looks like you did your request using HTTP vs HTTPS. Did you try setting Songkick::OAuth2::Provider.enforce_ssl = false for now?