Captcha response while retrieving access_token - stocktwits

I'm now testing custom sharing flow in StockTwits and got stuck on authorizing the user.
I'm following the server-side oauth flow described here.
I'm using an npm lib stocktwits, but I've already tried this request from terminal using curl:
curl -X POST https://api.stocktwits.com/api/2/oauth/token -d 'client_id=439fb********3e6&client_secret=5420fa774******970c24f074b90e617&code=ccb99afde1**********de6d782029c68&grant_type=authorization_code'
After getting the code I call the https://api.stocktwits.com/api/2/oauth/token (POST) to perform exchange for access_token but I get an unexpected response with HTML in it asking to bypass a captcha instead of JSON like described in here.

I didn't solve the issue with server side flow. My purpose was to authorize in any possible way, so I just switched from server-side flow to client side and it works just fine. both approaches are described here

Related

How to consume the RSA Archer REST API to fetch Report?

Unable to retrieve ANY data when I try to fetch simple content from Archer via REST API calls through Postman or Mule.
1. Is URL below correct? What am I missing?
2. How to get Reports via Archer REST API i.e what API resource to use.
Have seen the Archer REST documentation but do not find it clear enough.
Have tried GET & POST, with Authorization configured, through Postman:
https://hostname/platformapi/core/security/login https://hostname/platformapi/core/content/123
https://hostname/RsaArcher/platformapi/core/content/123
I get 'Unauthorized: Access is denied due to invalid credentials.' error although I am told to have access.
Please suggest proper API call/path to be used and if any specific settings is to be made to retrieve data?
Archer version: 6.5
Note: Through POSTMAN and Mule, I have successfully consumed REST API from other secured applications. Struggling with Archer.
Thank you.
The documentation for Archer REST API was mentioned in a previous answer and seems to require a login into their site: https://stackoverflow.com/a/38511131/721855
This KB article shows examples on how to use the API from Powershell: https://community.rsa.com/docs/DOC-45643. It should be easy to adapt to Postman, Mule or whatever other language/tools.
I recently had the same issue. The company had anonymous authentication disabled on the api directory. The user account running postman must have access to the api directory. If you are still getting a 401, see if you anonymous access can be enabled to rule out other non-access related issues. If you are able to generate a security token when calling core/security/login when anonymous authentication is enabled, then you know the issue is that your account did not have access to the api directory. If you are not able to make the request successfully with anonymous authentication enabled, then you know the issue is likely with the way you've structured your REST call. Hope this helps!
Authentication to any Archer API is two step process. First you have to call an authentication resource or method. That will return a session token. You must then add that token to the request headers for subsequent requests. Your header would look something like this:
Authorization: Archer session-id=439C730FF83F68EFDC017ED705D9908E
Without this header, you'll get a 401 for any request other than an authentication request.

Using OAuth with Facebook as provider with an IBM Cloud Functions managed API

I am playing around with IBM Cloud Functions (OpenWhisk) and trying to setup authentication through OAuth with Facebook as the provider. I have setup an app with Facebook, I am able to successfully connect with this and fetch my token and I am able to verify this by fetching basic profile information (name and userID).
My problems starts when I enable OAuth in the IBM Cloud Functions API. I get a HTTP code 500 back from the call with very little information about what actually went wrong.
{"code":500, "message":"Oops. Something went wrong. Check your URI and try again."}
The only thing that is stated in the dashboard is:
You can control access to your API through the OAuth 2.0 standard. First require an end user to log in via IBM Cloud App ID, Facebook, GitHub, or Google. Then include the corresponding OAuth token in the Authorization header of each API request. The authenticity of the token will be validated with the specified token provider. If the token is invalid, the request will be rejected and response code 401 will be returned.
With this information I got that I need pass the token with the Authorization header. My best guess is that the call fails somewhere when the token is being validated.
I am using Vue and Vue-axios to perform the API call. My current call looks like this:
this.$http.get(API_URL+"?user_id="+localStorage.user_id,{headers :{'authorization':localStorage.token}}).then((response) => {
console.log(response);
});
I have tried adding bearer/Bearer or token/Token in front of the token (some posts I read indicated that you should do this), but this had no impact on the response.
If I disable the OAuth authentication from the Cloud Functions side, the code above works and correctly retrieves the data (with or without the header option).
From the Chrome Dev tools it looks to me like the token is added correctly to the request, since the request headers have the Authorization header with the token.
I am not that familiar with OAuth or IBM Cloud Functions, so the problem might have a very easy fix. However, I am unable to find documentation which clearly shows me how I am supposed set this up. I am also unable to find any logs or more information about what actually fails here. Am I missing something obvious here?
Kjetil

Sharepoint _api/contextinfo fails with 401 Unauthorized using PostMan

Im currently using Postman app to try the various Sharepoint Api.
To retrieve the RequestDigest i understand there has to be an api call to /_api/contextinfo with nothing in Body and Accept as application/json; odata=verbose in the Header. However i get 401 AUTHORIZED error as return rather than the digest value Postman screenshot
I have tried setting the Authorization to Basic in the first tab and entered the domain credentials (which has access to the site) however it still fails.
How to resolve the error
I faced the same issue with Postman Desktop application.
The solution I found is to use the NTLM Authentication.
However, I still have to figure out how to perform this from an external Java application that would reach the REST API.

How to pass user principle to rest endpoint using postman

Hi We have a rest end point and if it is expecting user principle in its request object how to send the same from your postman tool explicitly
I hope what you implies by 'user principle' is the user authentication. Then you are referring on how we can send REST commands with including authentication information (token, etc.)
Currently postman supports Basic Auth, Digest Auth, OAuth 1.0a, OAuth 2, Hawk and AWS authentication.
If what you are handling in the server is one of them, then please refer this link to see how we can prepare the authentication details in the Postman request.
If its a custom method, then please examine the 'Header', 'Cookies' and other relevant titles in this page and prepare the postman request according to what you are expecting from the server-side manually.

"Developer Inactive" on Beats Music server-side auth token request

I'm working on a project and a new Beats Music API library for Clojure, but in my testing I'm finding it difficult to get write access authentication, but read-only user authentication works fine.
In testing my library I set up a HTML page to do the OAuth and get the OAuth code and then feed that code in to my library to fetch the actual authentication token. The first part works flawlessly, the second part has the dreaded "Developer Inactive" error:
URL: /oauth/token
PARAMS: client_secret, client_id, redirect_uri, code, grant_type=authorization_code
METHOD: post (application/x-www-form-urlencoded)
I've double checked my redirect_uri is the same as defined in my app settings and is the url of the HTML page I generated the code with. I even checked with the support folks to double check that my application wasn't throttled or something, but that took too long and I made a second application and had the exact same results. I've looked at other support questions like this and nothing has helped, so unless I'm missing something in my auth request, my only other thought was that my user account is still on it's 14-day trail and maybe that is affecting my auth token in some way?
Any ideas or suggestions would be greatly appreciated.
From https://developer.beatsmusic.com/docs/read/getting_started/Client_Side_Applications
"The scope of an access token using the implicit flow is limited to read only since client side applications cannot keep a secret. You'll need to request the authorization grant flow via the Web Server Authentication for write permissions, such as updating a playlist."
I hope this helps.
As #jsd pointed out in a comment on my question, there was a typo in the url endpoint. The correct endpoint is (which I had in the other function and that's why it was working correctly):
/oauth2/token