I logged into the API explorer and authorized my dummy company file here: http://idsapiexplorer.cloudapp.net/V2QBD#api
It is indicating everything is ok:
When I try to make a request, I keep getting the following response:
Here is the ErrorDesc:
<ErrorDesc>message=Exception authenticating OAuth; errorCode=003200; statusCode=401; source=OAuthStrategy; oauth_problem=token_rejected; cause=net.oauth.OAuthProblemException: token_rejected</ErrorDesc>
I'm guessing I'm probably not using this correctly. Is there any more documentation I can read to learn? Or is there an actual problem happening that is causing this error? Any help is appreciated.
The error means the token was not found, expired or invalid.
I would try refreshing your access token and you should be all set.
thanks
Jarred
Related
Using the App Console, I am generating an Access Token for use by my java application.
Why is my access token expiring? It worked yesterday but today I get the below error.
How do I get a permanent token for my application to use? (Usage is similar to a "Google Service Account" that generates a permanent token.)
Exception:
InvalidAccessTokenException
{
"error_summary": "expired_access_token/...",
"error": {
".tag": "expired_access_token"
}
}
UPDATE 2022 12 02:
Thanks for the below information and links. After about 5 hours of working on wrapping my brain around the concepts and the example code, I finally got something working by doing the following:
(1) Using the example code and manual process at https://github.com/dropbox/dropbox-sdk-java/blob/main/examples/examples/src/main/java/com/dropbox/core/examples/authorize/ShortLiveTokenAuthorize.java I obtained an auth code.
(2) I then wrote java code to post the auth code to the https://api.dropbox.com/oauth2/token end point and receive tokens including the refresh token.
(3) I then wrote code to post the refresh token to the same end point to receive an access token.
It appears I can hold on to the refresh token and repeat step 3 to get access tokens each time.
HOWEVER, I must be missing something here.
This is WAY too much extra work that should be done either by the App Console and/or the SDK.
Also, it seems to me that a “Client Credentials Flow” should be available in the API and SDK.
Your thoughts?
Dropbox is in the process of switching to only issuing short-lived access tokens (and optional refresh tokens) instead of long-lived access tokens. You can find more information on this migration here.
Apps can still get long-term access by requesting "offline" access though, in which case the app receives a "refresh token" that can be used to retrieve new short-lived access tokens as needed, without further manual user intervention. You can find more information in the OAuth Guide and authorization documentation.
The official Dropbox Java SDK can actually handle the process for you automatically, as long as you supply the necessary credentials, e.g., as shown retrieved in the examples here.
We have created a app that uses Azure AD authentication and now facing issue with acquiring refresh token using MSAL library.
The issue that when ever authentication token expires(I believe expiry time is 1hr), I get HTTP status code 200 with HTML response which is Microsoft's login page.
I believe we should be getting 400 or 401 when token expires but somehow we are getting 200 with HTML response.
We have also used AcquireTokenSilent() method suggested in following guide but nothing changes.
https://learn.microsoft.com/ja-jp/azure/active-directory/develop/scenario-desktop-acquire-token?tabs=macOS
Microsoft authenticator allowing user to login.
Does anyone have any idea on how to troubleshoot this issue?
Thanks in advance
400 code means bad request and 401 means Unauthorized. In case of token expire you should get 401 ( Unauthorized ). MSAL doesn't actually issue tokens or decide a token expiration, but rather ingests an acquires token from the Azure AD STS. MSAL will automatically refresh your access token after expiration when calling AcquireTokenSilentAsync. You're likely not getting automatic silent refreshes due to some kind of token cache miss. It's hard to say the specific issue without seeing your code
In your backend you can first check if the user is authenticated if it is then return the response. If not, then instead of executing the method you should return 401 (Unauthorized).
Unable to retrieve ANY data when I try to fetch simple content from Archer via REST API calls through Postman or Mule.
1. Is URL below correct? What am I missing?
2. How to get Reports via Archer REST API i.e what API resource to use.
Have seen the Archer REST documentation but do not find it clear enough.
Have tried GET & POST, with Authorization configured, through Postman:
https://hostname/platformapi/core/security/login https://hostname/platformapi/core/content/123
https://hostname/RsaArcher/platformapi/core/content/123
I get 'Unauthorized: Access is denied due to invalid credentials.' error although I am told to have access.
Please suggest proper API call/path to be used and if any specific settings is to be made to retrieve data?
Archer version: 6.5
Note: Through POSTMAN and Mule, I have successfully consumed REST API from other secured applications. Struggling with Archer.
Thank you.
The documentation for Archer REST API was mentioned in a previous answer and seems to require a login into their site: https://stackoverflow.com/a/38511131/721855
This KB article shows examples on how to use the API from Powershell: https://community.rsa.com/docs/DOC-45643. It should be easy to adapt to Postman, Mule or whatever other language/tools.
I recently had the same issue. The company had anonymous authentication disabled on the api directory. The user account running postman must have access to the api directory. If you are still getting a 401, see if you anonymous access can be enabled to rule out other non-access related issues. If you are able to generate a security token when calling core/security/login when anonymous authentication is enabled, then you know the issue is that your account did not have access to the api directory. If you are not able to make the request successfully with anonymous authentication enabled, then you know the issue is likely with the way you've structured your REST call. Hope this helps!
Authentication to any Archer API is two step process. First you have to call an authentication resource or method. That will return a session token. You must then add that token to the request headers for subsequent requests. Your header would look something like this:
Authorization: Archer session-id=439C730FF83F68EFDC017ED705D9908E
Without this header, you'll get a 401 for any request other than an authentication request.
I'm working on a project and a new Beats Music API library for Clojure, but in my testing I'm finding it difficult to get write access authentication, but read-only user authentication works fine.
In testing my library I set up a HTML page to do the OAuth and get the OAuth code and then feed that code in to my library to fetch the actual authentication token. The first part works flawlessly, the second part has the dreaded "Developer Inactive" error:
URL: /oauth/token
PARAMS: client_secret, client_id, redirect_uri, code, grant_type=authorization_code
METHOD: post (application/x-www-form-urlencoded)
I've double checked my redirect_uri is the same as defined in my app settings and is the url of the HTML page I generated the code with. I even checked with the support folks to double check that my application wasn't throttled or something, but that took too long and I made a second application and had the exact same results. I've looked at other support questions like this and nothing has helped, so unless I'm missing something in my auth request, my only other thought was that my user account is still on it's 14-day trail and maybe that is affecting my auth token in some way?
Any ideas or suggestions would be greatly appreciated.
From https://developer.beatsmusic.com/docs/read/getting_started/Client_Side_Applications
"The scope of an access token using the implicit flow is limited to read only since client side applications cannot keep a secret. You'll need to request the authorization grant flow via the Web Server Authentication for write permissions, such as updating a playlist."
I hope this helps.
As #jsd pointed out in a comment on my question, there was a typo in the url endpoint. The correct endpoint is (which I had in the other function and that's why it was working correctly):
/oauth2/token
is there a possibility to check when a fb-token will expire?
I've read Authenticating as an app and Handling invalid and expired access tokens and searched the interwebs for an answer but I couldn't find any.
Regards, Senad
The good news is, there's an endpoint for it now.
You can retrieve the information related to a particular Access Token by issuing a GET request to the debug_token connection. Something like:
GET /debug_token?
input_token={input-token}&
access_token={access-token}
You can get more information about it in the Getting Info about Tokens and Debugging reference.
Unfortunately there's no specific endpoint that will tell you if an access_token is still valid or not, but you can use the token to fetch anything and see if it return an error or not.
However if you are using the server side flow for authentication, they will send you an expire parameters that will hold the time in seconds that the token will remain valid (the sdk may hide this fact from you).
But as the Handling invalid access tokens page explains, there's a number of reasons why an access_token can go invalid so the expire field alone won't be able to tell you if the token is valid at the moment or not, so the only way to find out is to try using it and see if its returns an error, as the Handling expired... page states, you will have to be prepared for any graph request return errors.
You can manually check it here for a given access token:
https://developers.facebook.com/tools/debug