As requested by Preston PHX, I uploaded a full copy of my
code to Dropbox:
My test ASP.NET Web App
I hope this helps someone to identify what I may have done wrong
#####################################
I am trying to use the sample code at https://github.com/paypal/Checkout-NET-SDK/tree/develop/Samples to make contact with the Sandbox but it doesn't work for me. In order to find out why, I ran my code in Visual Studio under Localhost in debugging mode, using several breakpoints.
This line of code in my test page ...
var createOrderResponse = CreateOrderSample.CreateOrder(true).Result;
... displayed the following error:
Inner Exception 2:
HttpException: {"error":"invalid_client","error_description":"Client Authentication failed"}
However, it was the environment function in PayPalClient.cs (modified to use my PAYPAL_CLIENT_ID and PAYPAL_CLIENT_SECRET) that appears to have generated the error:
public static PayPalEnvironment environment()
{
return new SandboxEnvironment(
System.Environment.GetEnvironmentVariable("PAYPAL_CLIENT_ID") != null ?
System.Environment.GetEnvironmentVariable("PAYPAL_CLIENT_ID"):"<<PAYPAL-CLIENT-ID>>",
System.Environment.GetEnvironmentVariable("PAYPAL_CLIENT_SECRET") != null ?
System.Environment.GetEnvironmentVariable("PAYPAL_CLIENT_SECRET"):"<<PAYPAL-CLIENT-SECRET>>");
}
I very carefully copied my PAYPAL_CLIENT_ID and PAYPAL_CLIENT_SECRET from the REST API app I created via the PayPal Developer Dashboard. Apart from that, the GitHub sample code has not been modified. I could see no requirement in the GitHub code to specify a Sandbox URL and assume that this is provided by the PayPalCheckoutSdk via the use of "return new SandboxEnvironment()".
It's not obvious to me why my attempt to connect to this Sandbox account is failing the authentication process. What might I be doing wrong? Is it anything to do with my use of Localhost?
EDIT on 1 Nov 2021 in response to Preston PHX
Creating a new Sandbox Client ID and Secret made no difference. Prompted by another forum post I read some time ago, I also tried using ngrok (for the first time) to open http port 80 to facilitate PayPal testing via Localhost, but the connection to the Sandbox still failed authentication.
Sandbox Client ID: AZcb8XrqhJEUO7lS_JtKSe3sdNDLESmo3ekhupDKTL1J9vQCKVOzacCjO3PBQwSfngYkLGa-qS7EUrGV
Secret:
EBEcuPewHdzCB8p0qE1Yszjk2eMyFCstzkL0Diz2WC5IQREsu6cDHr7yFG9a-GDIyljb-KRb2DA6Hoey
I installed curl (plus Bash and Git) on my Windows 10 PC and ran the curl command specified on the get-an-access-token page. I couldn't find a way to post the result here in an easily readable form so I put it in a Word doc and uploaded that to Dropbox.
https://www.dropbox.com/s/knia3y2ighfzxpa/Result%20of%20PayPal%20curl%20command.docx?dl=0
Edit on 2 Nov 2021
As requested by Preston PHX, I have uploaded a copy of the ASP.NET Web App I have been using for my tests to Dropbox.
https://www.dropbox.com/sh/4uclfs2lexv4v42/AAAjoZIN5cEMV1mu0cYi24zKa?dl=0
I've only uploaded the project folder, as I'm guessing that it is unnecessary to upload my Solution files.
Create a new sandbox client ID and secret in the developer dashboard. Test with the new client ID and secret.
If issues persist,
Update your question with both the new sandbox client ID, and the new sandbox secret.
Update your question with a sample curl command to get an access token, showing the entire command and the entire response in your question.
Related
The Paypal API doesn't recognize my Client ID and Secret I got from https://developer.paypal.com/developer/applications/
I wanted to include a server side checkout according to this tutorial https://developer.paypal.com/docs/archive/checkout/how-to/server-integration/
When I do the request to https://api-m.paypal.com/v1/payments/payment I always get a 401 Error with the message "Authentication failed due to invalid authentication credentials or a missing Authorization header.".
I checked multiple times if my credentials were correctly included into the request. I also tested the endpoint in my server environment and as well via Postman.
I also tried the route https://api-m.sandbox.paypal.com/v1/oauth2/token to exchange my credentials with an access token and got the same problem.
I also tried to create multiple Sandbox and Live Accounts and always got the same error.
Has anyone an idea what the problem could be?
There are two separate issues here.
You first need to use /v1/oauth2/token to obtain an access token, and then use that access token to call any of the other actual APIs.
The credentials you obtain from PayPal Developer will be for either "Sandbox", or "Live". Make sure you choose the correct tab (sandbox, for development). Sandbox credentials will only work for api-m.sandbox.paypal.com , and Live credentials will only work for api-m.paypal.com . The two environments are completely separate.
If you still have issues, post the SANDBOX client ID and secret you are using, and the full request and response to the api-m.sandbox.paypal.com endpoint. There should be a PayPal-Debug-Id in any error response, in the headers if nowhere else.
Trying to make use of the Server to Server OAuth flow defined here:
https://developers.google.com/identity/protocols/OAuth2ServiceAccount
Since I'm running from a local dev environment, I've created a service account in GCP and downloaded the JSON file with the private key, but cannot find any Node.js code examples on how to:
1) load the json file
2) set delegated credentials (for G Suite domain-wide authorization)
Places I've looked (besides stackoverflow) are Google's git wiki for the node.js client library, which does talk about server to server auth, but seems to assume you're running from appengine or google cloud and don't need to load a key file:
https://github.com/googleapis/google-api-nodejs-client#service-to-service-authentication
The Admin SDK Activities Reports API has a Node example, but it's using the web-based flow assuming a user is present:
https://developers.google.com/admin-sdk/reports/v1/quickstart/nodejs
Buried deep in the Node.js samples is use of the Directory API, which does seem to take a keyfile as input, but when I try running locally it says getClient is not a constructor, and still this example doesn't show how to set the G Suite admin user for context (which is generally when a refresh token and access token are loaded into the app):
https://github.com/googleapis/google-api-nodejs-client/blob/master/samples/directory_v1/group-delete.js
So... does anybody have an example of this? I really don't want to switch to a Python runtime but Google seems to have left out important examples on this topic.
Response status code does not indicate success: 401 (Unauthorized) When calling Azure Blockchain
I am getting above error when calling Azure Blockchain RESTApi and I have checked all the permissions and getting Access Token correctly but When I call to get the applications we are getting Above mentioned Error
The issue was fixed, by following the below steps:
1) Go to Azure Portal-> App Service -> [Your App Service]-Api
2) Go to Authentication/Authorization Blade
Allow App Service Authentication and choose Allow anonymous requests(no action) and choose Azure Active Directory as Authentication Providers
Click on Advanced -> Fill in the options as in the following image:
Client ID is the same as App ID in the AzureAD Application Registration
Client Secret is the same as API Key you generated from the Keys Section in the AzureAD Application Registration
Issuer URL is https://sts.windows.net/{AZUREADTENANTID} ß You can get the azuread tenant ID from the AzureAD Properties
Allowed Token Audiences should have the following value:
i. [https://%7bYOURBLOCKCHAINAPIURL-API.azurewebsites.net/.auth/login/aad/callback]
https://{YOURBLOCKCHAINAPIURL-API.azurewebsites.net/.auth/login/aad/callback
3) Go to Azure Active Directory
Now, go to Azure AD and Navigate to App Registrations and Click BlockChain API ß or the name you chose for your Azure AD App Registration when you configured blockchain the first time:
Click Settings and Click Reply URLs
Add the following URLs there:
Blockchain Workbench URL (it should be already there)
Blockchain API Base URL (the one that has -API in it)
Blockchain API Base URL with Callback (as indicated below, but use your own URL and add /.auth/login/aad/callback)
The getpostman.com/oauth2/callback URL will be used later to test the API using the Postman App (An App used to test APIs), please add it as is below
4) Save your settings and then go to the Manifest(Next to settings in the Blockchain API AzureAD App Properties)
Set the manifest entry oauth2allowimplicitflow to True
Save Configuration.
That’s it, now we need to test the API, you can download Postman to test the API, the configuration of Postman is a little bit long, I would prefer that you sign up free on this service: https://www.wintellectnow.com/Videos/Watch?videoId=blockchain-on-azure
Use Code: FREETRIAL to sign up – It will require a credit card but it won’t be charged, use any prepaid or postpaid card, but watching this video is highly recommended, specially at minute 53 as it explains how to use the API with Postman (Remember to disable the trial to prevent the card from being charged after 7 days 😊)
Here is a sample Token generated using the built in Auth Sample code that comes with Azure Blockchain Samples on Gethub (You can download this from here: https://github.com/Azure-Samples/blockchain/tree/master/blockchain-workbench/auth-samples/bearer-token-retrieval/static ), if you are going to test using it, you must add http://localhost to the Reply URLs above and you have to place it on your localhost IIS)
And here is a sample from Postman which shows how the token is added to the request header:
Here is the response before the authorization token:
Once the authorization token is available, here is the response that is generated once I call the API indicated in the GET Section in the image above:
Also, here is the response headers after a successful authorization:
To sum it up, the #blockchain API requires #OAuth2 authentication token, this token isn’t passed using Swagger UI or the application you built, you need to modify your application to authenticate to AAD OAuth2 to obtain a Token from AzureAD, then you need to use this generated token in the request header to the API in order to call the API.
One additional tip, don’t select the default machine size while creating workbench, but choose better performance machines like: VM Size: Standard F2s_v2 (2 vcpus, 4 GB memory) ==> approx.. 50 USD per month .
Discussion on Microsoft tech community site
The original Post of the Author
We are currently experiencing an outage in South Central US
https://azure.microsoft.com/en-us/status/
Azure AD is also impacted.
You will want to monitor the Azure Status Page for further updates. Unfortunately we cannot do anything until the problem has been mitigated by engineering.
After the issue has been mitigated and if you are still seeing issues let us know.
I am facing the issue in calling the OneDrive for Business API to work. Below are the steps I have followed till now:
Created a Web App/API application in Microsoft Azure Portal (A very tricky process). Gave all the permissions.
Got Application ID (A_ID) from there.
Went to the URL to get the 'code' via browser:
https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=<A_ID>&redirect_uri=<URI>
Got the code. Did a callout via POSTMAN (using the code, client ID, client secret and redirect URI) to the URL: https://login.microsoftonline.com/common/oauth2/token
Received an Access Token (AT) and other details.
NOW, when I want to use this AT to upload a file, I am getting the error. The URI is: https://<tenant>/_api/v2.0/me/drive/root:/Abc.txt:/content. For headers, I am passing: Authorization-> Bearer AT; Content-Type -> application/octet-stream
The error is:
{"error":{"code":"unauthenticated","message":"Token contains invalid signature.","innerError":{"code":"invalidSignature"}}}
I don't know where the issue is. Is it in the tenant name I am using (There is a chance that I might be using it wrong!) OR is it in the permissions OR I have not set up the app in the Azure Portal correctly OR is it something entirely different.
I'm trying to add PayPal payments in a Prestashop (v1.7.3) store using the PayPal & Braintree Official Module (v3.11.6), but until now without success.
Installed and configured the module without any problems, but every time i proceed with a payment this error is displayed to the user:
Tested the module in both sandbox and production environments, and the error still persists.
What can be the problem?
UPDATE: After some debugging i found the origin of the problem. The problem is that the module is unable to connect to PayPal's API via cURL with SSL/TLS.
I'm using Prestashop in Windows Server with IIS, and in this environment cURL has to be informed where the certificate authority is located in order to establish a secure connection.
I downloaded the cacert.pem file from curl website, stored it in my server and then, in module files (PPHtmlConfig.php) i added the CA location in the cURL options settings manually:
CURLOPT_CAINFO => 'C:\\(...)\\cacert.pem',
Now i'm able to connect to PayPal's API and successfully make a payment!
I've contacted the module's tech support team and they are analysing this issue.
After several contacts with the module tech support, this is their final response to the issue:
We do not know the specialty of your server. This is not a recurring
error in our module. It happens if the CURL can not find the CA
certificate. In general, we advise you to ask your server to verify
that the CA certificate is correctly configured. Otherwise, it is
necessary to specify the route or curl to find the certificate, for
example, as you did in your module.
At the moment there is no way to specify this in our module in
general. So, you should wait for the next update of our Paypal module.
So, if someone comes across the same issue when using a Windows Server environment, specify the complete CA path in the module files (as explained in the question update):
I downloaded the cacert.pem file from curl website, stored it in my
server and then, in module files (PPHtmlConfig.php) i added the CA
location in the cURL options settings manually:
CURLOPT_CAINFO => 'C:\\(...)\\cacert.pem',