Using Office 365 SharePoint REST API within Rails app, access token fails - rest

I'm trying to use an Office 365 organizational SharePoint site as a storage point through the SharePoint REST API for docx files generated in a Rails app. I've registered the app through https://<domain>.sharepoint.com/_layouts/15/appregnex.aspx and obtained a client_id and client_secret. Using https://<domain>.sharepoint.com/_layouts/15/appinv.aspx, I gave the app the following permissions:
<AppPermissionRequests AllowAppOnlyPolicy="true">
<AppPermissionRequest Scope="http://sharepoint/content/sitecollection" Right="FullControl" />
</AppPermissionRequests>
Using the oauth2 gem, I've so far managed to obtain an access token using client_credentials:
client = OAuth2::Client.new(<client_id>, <client_secret>, site: "https://<domain>.sharepoint.com", token_url: "https://login.windows.net/<tenant_id>/oauth2/token")
token = client.get_token(grant_type: "client_credentials", client_id: client.id, client_secret: client.secret, resource: "https://<domain>.sharepoint.com")
The client_credentials strategy seems to work, as a token is received. However, trying to use it results in failure.
token.get("/_api/web/title") returns OAuth2::Error: { "error_description" : "The server was unable to process the request due to an internal error. For more information about the error, either turn on IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from the <serviceDebug> configuration behavior) on the server in order to send the exception information back to the client, or turn on tracing as per the Microsoft .NET Framework SDK documentation and inspect the server trace logs." }
RestClient.get("https://<domain>.sharepoint.com/_api/web/title", { "Authorization" => token.token }) returns RestClient::Unauthorized: 401 Unauthorized
I'm pretty much at my wits' end over this, and I'm this close to telling my boss that if it can somehow be done, I'm simply not knowledgeable enough to do it.

The IncludeExceptionDetailInFaults is a wcf service setting in the endpoint applications web.config. If you have access to the server https://.sharepoint.com then you can turn that on momentarily. Basically, this will send the exception trace dump to the client in the response. By default, any 500 status errors will come back with no information except for ...ooops an error occurred.
I don't know how that server is configured or that much about SharePoint at all. However, the error could be anything imaginable and not even related to oauth. Unless you can get the server log or have it spit back the exception then you are going to be spinning your wheels.

Very likely you don't have sufficient permissions. Try with different scopes.

Related

Why does the PayPal API not recognize my client id and secret

The Paypal API doesn't recognize my Client ID and Secret I got from https://developer.paypal.com/developer/applications/
I wanted to include a server side checkout according to this tutorial https://developer.paypal.com/docs/archive/checkout/how-to/server-integration/
When I do the request to https://api-m.paypal.com/v1/payments/payment I always get a 401 Error with the message "Authentication failed due to invalid authentication credentials or a missing Authorization header.".
I checked multiple times if my credentials were correctly included into the request. I also tested the endpoint in my server environment and as well via Postman.
I also tried the route https://api-m.sandbox.paypal.com/v1/oauth2/token to exchange my credentials with an access token and got the same problem.
I also tried to create multiple Sandbox and Live Accounts and always got the same error.
Has anyone an idea what the problem could be?
There are two separate issues here.
You first need to use /v1/oauth2/token to obtain an access token, and then use that access token to call any of the other actual APIs.
The credentials you obtain from PayPal Developer will be for either "Sandbox", or "Live". Make sure you choose the correct tab (sandbox, for development). Sandbox credentials will only work for api-m.sandbox.paypal.com , and Live credentials will only work for api-m.paypal.com . The two environments are completely separate.
If you still have issues, post the SANDBOX client ID and secret you are using, and the full request and response to the api-m.sandbox.paypal.com endpoint. There should be a PayPal-Debug-Id in any error response, in the headers if nowhere else.

I needed to access HUAWEI AppGallery Connect API and create a product through the PMS API (server API). But 403 client token authorization fail

Recently,I needed to access HUAWEI AppGallery Connect API
and create a product through the PMS API (server API). However, when Postman
was used for basic service interconnection tests,
the error message "403 client token authorization fail" was displayed.
how can i fix it?
Based on the error code included in your screen captures, the error was caused by an authentication failure.
To solve the problem, you first need to confirm that the client ID used for applying for the token has sufficient permission.
HMS official document suggested that the project associated with the API client be selected as N/A. You need to create an API client and associate it with a project. E.g. An app ID in the project was 100xxx591. However, the app ID in the Postman service request was 101xxx531, which would cause the authentication failure.
Also, to fix the above, you need to create an API client and selected N/A (indicating that all projects are supported), and use the client to request a token. The process should work well after this.
In general, if Huawei's 403 authentication failure occurs, you can verify the permission first, and then check the associated projects.
For more details about the PMS API, please refer to this link.

Issue in calling the OneDrive for Business REST API to upload image files

I am facing the issue in calling the OneDrive for Business API to work. Below are the steps I have followed till now:
Created a Web App/API application in Microsoft Azure Portal (A very tricky process). Gave all the permissions.
Got Application ID (A_ID) from there.
Went to the URL to get the 'code' via browser:
https://login.microsoftonline.com/common/oauth2/authorize?response_type=code&client_id=<A_ID>&redirect_uri=<URI>
Got the code. Did a callout via POSTMAN (using the code, client ID, client secret and redirect URI) to the URL: https://login.microsoftonline.com/common/oauth2/token
Received an Access Token (AT) and other details.
NOW, when I want to use this AT to upload a file, I am getting the error. The URI is: https://<tenant>/_api/v2.0/me/drive/root:/Abc.txt:/content. For headers, I am passing: Authorization-> Bearer AT; Content-Type -> application/octet-stream
The error is:
{"error":{"code":"unauthenticated","message":"Token contains invalid signature.","innerError":{"code":"invalidSignature"}}}
I don't know where the issue is. Is it in the tenant name I am using (There is a chance that I might be using it wrong!) OR is it in the permissions OR I have not set up the app in the Azure Portal correctly OR is it something entirely different.

IBM Weather REST API 401 Keep getting CORS issues when access

I am getting a 401 and some cross domain issues when trying to access IBM Weather REST API from either client (browser) or server.
If I generate a URL and try and access it directly from a browser (eg paste it in it works fine and the JSON weather report is returned).
When I try and run the Javascript HTTP request from either the browser or server it seems like it's only allowed to run from an ibm.com domain.
Failed to load https://twcservice.au-syd.mybluemix.net/api/weather/v1/geocode/-33.00/151.00/forecast/daily/7day.json?units=m&language=en-US: The 'Access-Control-Allow-Origin' header contains multiple values 'https://*.ibm.com, https://*.ibmcloud.com', but only one is allowed. Origin 'http://localhost:3000' is therefore not allowed access.
I am using the free service on Bluemix. Is this restricted to only run via a Bluemix server? or are there some options I can pass when I create the service on Bluemix
Note, when I make the request I am using the credentials supplied via the Bluemix console. Again, this works via the browser URL bar, but not via code.
Update/More info: if I hit past the URL above into the browser (with creds) it works as above, then if hit it via the web app in the same session it works.
Hmmm. So the IBM server is sending the following response header:
Access-Control-Allow-Origin: https://*.ibm.com, https://*.ibmcloud.com
That's an invalid response from IBM. Unfortunately, I think your only option is to complain to IBM, and convince them to
Return a valid Access-Control-Allow-Origin response header (with only one value)
Allow people outside of IBM to access it
Without that, I fear you're out of luck.

Azure mobile service throws "Authorization has been denied for this request."

I'm using Azure mobile services with .net backend. My API controller works OK on my pc but as soon as I deploy it to Azure, Upon pinging from Postman gives "Authorization has been denied for this request." message with HttpStatusCode 401
Note that... I'm using table storage for storage instead of SQL Server and in the process removed all of Entity Framework related code. Also, None of the endpoints do not require any authentication.
Thanks.
The default authentication for mobile services is anonymous (i.e., no authentication required) when running locally, and application (i.e., at least the application key needs to be supplied).
If you're using Postman, try adding a "x-zumo-application" header to the request, with the application key (which you can get in the Azure portal) as the value. The request should work then.