I want to get the token expiration date or permission revoke for specific ado token, how can we do that?
I am referring the API and it gives me the list of PAT with date. But don't which one should I use for checking repository expiration date.
I am also referring the MS ADO API Documentation.
But when call the API mention in document then gettting unauthorized error,
I am passing my PAT and using Basic Auth. why getting unauthorized error, while above mention api work?
How can I identify the repository access expiration date using above API and how to use API mention in document?
There are no direct API available using but below post is helpful to resolve the issue
Get expiration date using PAT
Related
I have implemented simple OAuth server with Katana using following steps:
http://www.tugberkugurlu.com/archive/simple-oauth-server-implementing-a-simple-oauth-server-with-katana-oauth-authorization-server-components-part-1
I need to log each and every API Usage so when user access any API, I have to save the generated access token and other information in database.
In GrantResourceOwnerCredentials method, Is there any way to get generated access token or is there any event in OAuthAuthorizationServerProvider where I could get it?
I have not been able to find a way to get the token in the GrantResourceOwnerCredentials method. However, if you override the TokenEndpointResponse method, you can grab the access token there. It may be a little late in the pipeline for your purposes, but it's there.
I'm trying to get a refresh token for Google through Oauth.io but I'm having trouble finding the endpoint to send the code to. I'm using C# so I can't use the server-side SDK. I've also looked at Getting refresh tokens from Google with OAuth.io but that answer doesn't help me get the actual refresh token. I've looked at their server-side flow documentation which tells me I can get my refresh token at /auth/access_token but when looking at the web API documentation I don't see that endpoint listed.
I've also looked at their example here and I don't see the endpoint they use listed on the API documentation either. It also doesn't say which key/secret to use with that request - is it the one listed for my OAuth.io app, or is it the one for my provider (in this case Google)?
Any help going forward would be greatly appreciated.
I've just updated the documentation on docs.oauth.io, it was effectively /auth/access_token.
Take a look at the node.js SDK implementation: https://github.com/oauth-io/sdk-node/blob/master/coffee/lib/authentication.coffee#L99
The request is a POST on https://oauth.io/auth/access_token and require 3 parameters:
code : the code to be exchange against the access token / refresh token
key : the OAuth.io public key
secret : the OAuth.io secret key
I am attempting to create a payment profiles using express checkout with an old NVP .NET (C#) API implementation. The version is 65.1.
After I perform a SetExpressCheckout, I get a successful response. The user is sent back to my test site, and I attempt to CreateRecurrentPaymentProfile. I pass in the url-decoded token, set the billing agreement description the same as the first step, and fire off the request. I always get an "The token is invalid" error. I've gone through and made sure I included all the required information from this page: https://developer.paypal.com/docs/classic/api/merchant/CreateRecurringPaymentsProfile_API_Operation_NVP/.
I also know that we are set up to allow for recurring payments because the recurring charges over direct payments currently works.
I know that everybody and their dog has had this issue when working with PayPal's NVP API at one point or another, but of the umpteen internet threads and discussions, none of them have helped. Any suggestions?
You should be using the same token returned in the response to your SetExpressCheckout. The token is good for 3 hours once it is returned so it isn't expired. Perhaps the token is corrupted somehow, with an extra character, or perhaps a character was omitted. The token should look similar to this: EC-5UG654898R029060W.
To reiterate: You get a valid token from the SetEC, you use this token in the redirect, you get this token back appended to the RETURNURL the customer returns to, and you reference this token in any subsequent GetEC and DoEC, CreateRP calls.
I've created a web application that uses the OAuth authentication and universal connectors as explained in this tutorial, and started to fiddle around a little to add support for other providers like Yahoo and LinkedIn. So the authentication part works and users are created in the asp.net Membership provider. Also, all the providers return the accesstoken which I supposedly can use to retrieve more information regarding the user.
I'd really like to acquire the profile image, but it seems every provider has a different way of requesting this information. Twitter even describes a way to authorise every request by changing the HTTP header information.
Whilst reading this information on the websites of the various providers I was wondering whether this functionality isn't also already included somewhere in DotNetOpenAuth.AspNet or Microsoft.AspNet.Membership.OpenAuth implementation.
How can I use DotNetOpenAuth.AspNet and/or Microsoft.AspNet.Membership.OpenAuth to request the profile image of the loggedin user using the just acquired accesstoken?
UPDATE in response to Leo's answer
I use the following code to make a call on LinkedIn's API.
string accessToken = extraData["accesstoken"]; // Extra Data received from OAuth containing the accesstoken.
WebRequest request = WebRequest.Create("https://api.linkedin.com/v1/people/~:(id,first-name,last-name,date-of-birth,email-address,picture-url)?oauth2_access_token=" + accessToken);
using (WebResponse response = request.GetResponse())
{
// do something with response here.
}
Error message is "The remote server returned an error: (401) Unauthorized.".
What am I doing wrong?
The answer is simple...you can't use any of these. These are wrappers of OAuth and OAuth only specifies how you can authenticate a user. Now, to request the user's profile photo you will need to use the external provider's own API and you will need most likely a valid access token. So, you will need to use one of these implementations of OAuth to authenticate a user and the recieve an access token, store the access token somewhere (usually a cookie) and then use the access token to make sub-sequent calls to the provider's APIs. Examples and links....
Facebook's Graph API allows you to retrieve users profiles
https://developers.facebook.com/docs/graph-api/quickstart/
notice that all examples in the link above will require you to include the access token in a parameter named access_token, for example
https://graph.facebook.com/me?method=GET&format=json&suppress_http_code=1&access_token={your-access-token}
Google...
https://www.googleapis.com/oauth2/v3/userinfo?access_token={your-access-token}
LinkedIn...
https://api.linkedin.com/v1/people/~:(id,first-name,last-name,date-of-birth,email-address,picture-url)?oauth2_access_token={your-access-token}
You can get more specific information from these providers' websites
Let me know if you have any other doubts I might be able to help you since I have implemented stuff like these before.
Cheers, Leo
I'm using dotNetOpenAuth to authorise against Google oAuth provider.
I'm a bit confused with the difference between the following:
consumerToken, consumerSecret, accessToken
From the Provider I get the accessToken for some user. Can keep I it forever? Or does it expires?
How can the code enable authorization without redirecting the user to the "allow access to my google data page" ?
Never expect have any expectations about lifespan of accessToken. At any time you can be given 403 HTTP error which should trigger on of the following in your app:
If you have a refreshToken, get a new accessToken without resource owner (end user) interaction
If not, ask user again to authorize your application
OAuth 1.0, which you're using, does not include a provision for predicting when an access token will expire, so you'll have to read Google's documentation for OAuth 1.0 access tokens to see how long they last.
How can the code enable authorization without redirecting the user to the "allow access to my google data page" ?
You don't. If you could do that, that would be a huge security leak. The user must authorize your app to access his/her data. Once you've obtained authorization once however, by storing the access token (and its secret) that you obtained you should be able to use it in the future and avoid the user authorization step (until the user revokes the token or it otherwise expires).
"AccessToken" in OAuth normally have relatively short expiration (i.e. in Facebook and Messenger case less than a day). If implementation supports it then "refreshToken" is the one you can keep longer (weeks/months range depending on provider).
According to the doc ( https://developers.google.com/accounts/docs/OAuth2 ) Google supports refresh tokens, so if you want to store token - it is the one.
Note that both accessToken and refreshToken represent very sensitive information (comparable to clear text user name and password), so please check out provider's recommendations and requirements on storing these information.