I'm trying to make some GET calls through Postman to the following endpoint:
https://api.xero.com/api.xro/2.0/Reports/BalanceSheet
getting this error:
{"title":"Unauthorized","status":401,"detail":"AuthorizationUnsuccessful","instance":"674c99d2-0ae3-4940-b23b-aec74cef79ea"}
The docs say this is a user roles issue, and suggests "view reports" access is off, but I'm pretty sure that's all set up correctly:
screenshot of user role options
It works fine through the API previewer, so I can't see what I'm missing.
Any help?
If it makes a difference, I'm using Oauth2.0 route.
You'll likely be missing the accounting.reports.read scope.
During the authorisation process, when you direct your user to the https://login.xero.com/identity/connect/authorize... url, try including accounting.reports.read in scope query parameter (along with your existing scopes, of course).
Related
I have keycloak on docker (v20.0.2) and as you know some versions change some or good part of the UI, so is hard to follow tutorials around the web...
I am trying to follow this particular tuto
https://developers.redhat.com/blog/2020/11/24/authentication-and-authorization-using-the-keycloak-rest-api#keycloak_sso_demo
that seems the more updated. My keycloak is actually behind traeffic and thomseddon/traeffic-fordward-auth with a docker-compose file (but the connection through traeffic is good and I have acces to admin UI)
So on step 10 of the tutorial things change for me, I have to look for that particular view inside:
Click on lateral menu Client Scope
Click on button Create client scope
Give a name to the scope, and click on Tab Mapper
All mappers are predefined... so there is no "New mapper" don't understand this bit
then just follow the tuto
With that series of steps I get an error when retriving the token...
https://keycloak:8443/realms/education/protocol/openid-connect/token
enter image description here
(this are fake local data from the realm I created for testing)
that responds with a or something similar I have also tried to change the grant_type to password, and the same happens can not query the token....
{
"error": "invalid_client",
"error_description": "Invalid client or Invalid client credentials"
}
But if I do not link a user with an scope/role as in the tuto suggest then I get the token, but of course I want to use the role or scope to limit who can see which endpoint and who can not
Any step that I'm missing from this update, do you have the same error?
Thank you in advance
I have tried to run it with different combinations of options to see if there is a toggle that actually allows me to fetch the token
Also with different types of grant_type
I will build an API in Python (I don't know Java and prefer Json instead of XML) that connect to this keycloak to allow users or not based on their scope/role/permission or something
I need to be able to block user so if user Student try to access an url from another Student he get blocked that url. So is based on the role or scope or I don't know which is prefered or easer to accomplish, the mission is to block users or not based on a factor that could be used for this in keycloak.
So, I'm making this application, and it's required that it has an embed thingy containing the recent LinkedIn posts as well as basic profile info of the company...
Since I like the Law of Minimum effort, the first thing I saw that made my eyes sparkle was the RSS feed... But it seems like it's been phased out. It just redirects to the company page, period.
Then I realized that we have 2 APIs, v1 being superdead since May.
So, I succesfully generated a v2 access token, keeping in mind that it will have to be renewed every 2 months, but hey, nothing's perfect.
Anyway, I know there's a v1 endpoint that would seem to put me on the right track:
https://api.linkedin.com/v1/companies/{id}:
(id,name,ticker,description)?format=json
However, when I go to the v2 docs (https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin/context), there's this entire, very detailed section about Authentication, and a section titled "API guide" which talks about "API Concepts" as well as "Best Practices"... but no section detailing just where the endpoints are and how to use them?????
Please, help me, SO, how do I get a company's recent posts as well as basic info like name and pfp?
Thank you in advance.
UPDATE: I have made progress, I think.
I found this: https://learn.microsoft.com/en-us/linkedin/marketing/integrations/community-management/shares/company-pages-migration
And this: https://learn.microsoft.com/en-us/linkedin/marketing/integrations/community-management/organizations/organization-lookup-api
I am making the call and after basically having to guess how to input my token (it must be included as the oauth2_access_token parameter) I get a 403 error DESPITE me being an administrator for the organization I'm looking up.
Call: https://api.linkedin.com/v2/organizations/XXXXXXXX?oauth2_access_token=my-token
Response:
{"serviceErrorCode":100,"message":"Not enough permissions to access: GET /organizations/00000000","status":403}
This makes me think maybe I need to request extra permissions on authentication... but THAT I do not find anywhere (i.e. what the permissions are. I only find really vague stuff with NO details. eg: https://learn.microsoft.com/en-us/linkedin/shared/authentication/permissions?context=linkedin/context)
UPDATE 2: As suggested by #ManvinderSingh I removed the oauth2_access_token param and instead included my token in the Authorization header. This works awesome for the /v2/me endpoint, for instance, BUT still 403's me on the v2/organizations/XXXXXXXX endpoint for an organization that I am an admin of.
As per the documentation https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin/context#step-4-make-authenticated-requests.
You have to send the token in the Authorization header like this.
Authorization: Bearer {access_token}
I'm creating a custom module in Drupal, that for part of its functionality must fetch posts from a business page. So for simplicity, I'm using fbapp module as a dependency (drupal.org/project/fbapp), so that I can use it's authentication and request functions (fbapp_app_authenticate() and fbapp_graph_request()) without having to worry about the constant facebook graph updates making my own code obsolete.
I've created a facebook app, so authentication should be app token, using appid and app secret. This seems fine and I'm getting back access_token. However, when I try to read posts from a publicly available page (the clients), I get the response:
"Unsupported get request. Please read the Graph API documentation at https:\/\/developers.facebook.com\/docs\/graph-api"
Here's the queries and responses my code produces:
graph.facebook.com/oauth/access_token?client_id=<redacted>&client_secret=<redacted>&grant_type=client_credentials
array(1) {
["access_token"]=>
string(43) "<redacted>|<redacted>"
}
graph.facebook.com/<page_id>/posts?access_token=<redacted>|<redacted>"
string(183) "{"error":{"message":"Unsupported get request. Please read the Graph API documentation at https:\/\/developers.facebook.com\/docs\/graph-api","type":"GraphMethodException","code":100}}"
Can anyone verify a correct way to query a Facebook page programmatically, perhaps there's a setting in the page I'm querying that I need to set (although I can't find anything)?
If page restrictions apply, the page's feed can only be retrieved with an user access token as far as I know (because FB needs to evaluate the visibility criteria, and setting your app to the same restrictions doesn't help here):
See
https://developers.facebook.com/docs/graph-api/reference/v2.4/page/feed#readperms
It looks like everything you have done is correct. The response you got can be (i am not sure) because you got your clients pageid wrong.
I am working on a library in LUA for an ipad app called Codea. I'm trying to figure out to use OAuth for GitHub Gists. Only part that i can not figure out is how to get an Auth token via code. I used curl in terminal to get myself a token but this seems to be to much work for other users.
I've read through the github api docs multiple times but I cant figure out how to get a Token programmatically. I've tried to duplicate the method I've used to GET and POST gists but it does not seem to work. I'm not sure how to pass the username and password.
I'm creating a table with the needed params then encoding it in json. Everything I try gets a 404 error or 500 error. Thank you all in advance.
local url = "https://api.github.com/authorizations"
local d = {}
d.scopes = {"gist"}
d.note = "AutoGist Codea"
projectAuth = json.encode(d)
opts = { data = projectAuth }
opts.method = "POST"
opts.headers = {Authorization = "basic " .."username:password"}
http.request(url,successCallback,failedCallback,opts)
Scopes are coming, but only in Q4 2013.
See "OAuth changes coming" (October 2013, by Tim Cleam - tclem):
Starting today, we are returning granted scopes as part of the access_token response.
For example, if you are making a POST with the application/json mime-type you’ll see an additional field for the granted scopes.
{
"access_token":"e72e16c7e42f292c6912e7710c838347ae178b4a",
"scope":"repo,gist",
"token_type":"bearer"
}
Right now, these scopes will be identical to what you requested, but we are moving towards a feature set that will allow GitHub users to edit their scopes, effectively granting your application less access than you originally requested.
You should be aware of this possibility and adjust your application behavior accordingly.
Some things to watch out for and keep in mind:
Most third party applications using GitHub OAuth to identify users have the best success in adoption by starting out with a request for the minimum access that the application can possibly get away with.
Something like no scopes or just user:email is very sane.
It is important to handle the error cases where a users chooses to grant you less access than you originally requested.
Now that we are surfacing the granted scopes on the access_token response, applications can warn or otherwise communicate with their users that they will see reduced functionality or be unable to perform some actions.
Applications can always send users back through the flow again to get additional permission, but don’t forget that users can always say no.
I'm using the Javascript SDK inside a node.js (Express) App.
Connecting Users works fine, but the connection does not persist between page reloads.
Is this the default behaviour, or is the User supposed to stay connected in new requests?
Do I have to use OAuth token authentication and if so, how can this be done with the JS-SDK?
Inside the "Permission"-Popup, Users are already logged in with soundlcoud, though.
(just have to click the "connect" button each time)
Figured I'd share my answer for those who are unsatisfied with the current answers for automated oauth:
Retrieving access_token:
I had to define get and set cookie functions and then I use the functions to set and retrieve a function holding the access token. I'm not going to give these functions for conciseness but you can easily find them with a google search. I then use this line of code to get the SC access token (once the user has authenticated for the first time)
SC.accessToken()
Setting token:
So this is kind of just an elephant in the room in my opinion that for some reason no one has mentioned. How in the **** do you connect w/ SC using the access token? Do you set it as oauth param? On each call pass it? Well, after experimenting with putting the parameter in every single place I could think, I found out you have to do something like this:
SC.initialize({
client_id: '[removed for security reasons]',
client_secret: '[removed for security reasons]',
redirect_uri: '[removed for security reasons]',
access_token: getCookie("sc_lm2"),
scope: 'non-expiring'
});
//Where "sc_lm2" is the name of my cookie
Hope the helps! Took me a while to figure this out for such a simple thing
EDIT
Using PHP and Wordpress:
$json = wp_remote_get("http://api.soundcloud.com/users/[user_id]/tracks.json?client_id=[client_id]");
$soundcloudData = json_decode($json['body'],true);
(substitue cURL functionality if you're not using Wordpress). #krafty I assume you would just change the endpoint from "/tracks" to "/users" but I can't say I have ever really needed to grab anything but tracks using the Soundcloud API. Hope this helps, though I'm not sure I fully understand what it is that you are trying to accomplish (or rather, how exactly you're going about it) - are you trying to allow user logins? If you want to explain fully what you're trying to accomplish and the steps you're taking I'd be happy to take a crack at it.
Yep, this is the way to do it, officially. :)
For the Next SoundCloud site, we store the token in localStorage (until the user logs out, of course). In each AJAX request to the API from the front end, we put the oauth token in a request header:
jqXHR.setRequestHeader('Authorization', 'OAuth ' + the_oauth_token);