Earlier we're using server token to get uber products which are not working anymore, it keeps on returning 401 Unauthorized exceptions. Is Server Token authentication no more valid? Does it support only access token?
Related
I have created an app registration in google cloud and have managed to authenticate when using the test scope by changing the redirect url to localhost:8080 and acquiring an access token and a refresh token. The problem is that the refresh token expires when using the test scope, so I switched to the production scope, and now I get an error no matter what url I list as an authorized domain.
The only solution I can find so far is to switch back to the test environment (Google oAuth 2.0 API Authentication Error: Error 400 - redirect_uri_mismatch (does not comply with policy) DJANGO APP), but that doesn't work for me for the reasons above.
Does anyone know how to get a permanent refresh token in production scope for sa 360?
Any help would be much appreciated.
From yesterday I am facing this error code 401 while accessing token from server using this API: https://oauth-login.cloud.huawei.com/oauth2/v3/token
Just for your information I am using Postman. Can anybody help me with this.
Error 401 usually means “unauthorized” or “request denied” because a request lacks valid credential. Although this error code is not listed in Account Kit server api, a developer can find it in other kit document - https://developer.huawei.com/consumer/en/doc/development/HMSCore-References-V5/webapi-error-code-0000001050163432-V5. Basically, a developer need to make sure that their API key and/or token is valid.
while using huawei auth service if error code 401 returned it means access token becomes invalid and we need to obtain a new token. Token Validity is 60 mins.
I am trying to enable JWT authentication for my backend java microservice which is deployed locally and all the requests to the microservice is gated through WSO2 apim 2.6 .The JWT token provider is used as WSO2 IS 5.6 .
I have placed all required configurations both at WSO2 IS and WSO2 apim on my machine.Since both are on same machine I have configured an offset of 1 too.
I created a fresh user in apim store and used it to create application and subscribe api for the same user.The Token type configured is JWT .I used Postman as client for fetching the access token and the access token gets fetched as expected.Thereafter when I use the same token to access the required resource through api gateway it gives me back "Unclassified Authentication Failure" with code as "0" and description as "Access failure for API: /notification/1.0, version: 1.0 status: (0) - Unclassified Authentication Failure"
<ams:fault xmlns:ams="http://wso2.org/apimanager/security">
<ams:code>0</ams:code>
<ams:message>Unclassified Authentication Failure</ams:message>
<ams:description>Access failure for API: /notification/1.0, version: 1.0 status: (0) - Unclassified Authentication Failure</ams:description>
</ams:fault>
I am expecting the resource to get created as it is a post request via WSO2 apim to backend service.Please share any available insights on this
The token type JWT can only be used with api manager micro-gateways. You create OAuth application and try using the JWT grant type for it. You can find more information about the JWT grant type in
https://docs.wso2.com/display/AM260/JWT+Grant#JWTGrant-JWTBearerGrant
I'm using next API for getting oauth token:
/oauth/authorize?client_id=openshift-challenging-client&response_type=token.
I get token, but it is not working then I do requests to some Openshift REST urls like /oapi/v1/nemespaces/namespace/routes.
The token work if I add it into oapi/v1/oauthaccesstokens by hands.
How can I do this automatically ?
Version
OpenShift Master:v1.2.0
Kubernetes Master:v1.2.0-36-g4a3f9c5
The token returned from the /oauth/authorize endpoint is created under /oapi/v1/oauthaccesstokens before being returned. Can you provide the request/response where you obtain the token, and where you attempt to use it against the API?
I'm implementing an Ouath2 authentication with Spring for our mobile API. So far it works but I don't know how I should keep the resource server separate. So I have an auth server which gives out tokens and refresh tokens using the password grant-type. Meaning the user would log into the mobile app, which sends the auth server the client id/client secret along with the user's
credentials, which results in an access token and a refresh token for the user with the appropriate (ROLE_USER) privileges. Another web based client is for the admins who do the same and get the ROLE_ADMIN privilege etc.
This works well so far.
Now if any client sends a request to the resource server what should happen? Should the resource server check the token's validity? If so in what way? Or should the auth server copy the token into the resource-server's database?
If you #EnableResourceServer you get a filter that checks access tokens. It needs to share a TokenStore with the auth server. That's about it to get something working.