Hi I have been using rest methods to integrate Google Ads API in C#. Everything seemed to be working fine but all of sudden I started getting 400 response with the error message.
{
"error": "invalid_grant",
"error_description": "Token has been expired or revoked."
}
As mentioned above that I am not using client library but instead using restsharp and testing all my end points using postman also.
Any reason why it is happening? My refresh token is also valid. I have been using this for one week. I have also not reached to the limit of refresh token as I have only generated refresh token 3 to 4 times when I was trying to set up the accounts.
I believe the validity of refresh token is life long then why it is happening?
I solved the problem by generating new refresh token using playground. The reason it expired because the publishing status of OAuth consent screen of my project was on testing mode.
If you are integrating an API, you need to apply publishing status for production to avoid manual generation of refresh tokens when it expires.
I have file called StoredCredential, in my Java project, if you have something similar, you can try to delete StoredCredential file and after rerun your code.
An alternative method is to re-new your Authentication Token. You'll first need to head over to "Credentials" at https://console.cloud.google.com/ .
After you hover over to your project, you should see a edit icon on the right most, click that. Once you enter that you will see the option: "Reset Secret".
After your reset is complete, make sure to save the project.
Then you will have to hover back to your project and click on the download icon on the right most. This will have you download the JSON secret token.
Replace that token and make sure to delete any other token related file such as "pickle_token" from your repository.
After you have followed all your steps, it may prompt you to re-login through google. And you are all set.
Keep in mind, the token expires after 7 days, if your project is in "testing" mode.
Related
I am following the steps in this document
https://learn.microsoft.com/en-us/aspnet/core/security/authentication/social/additional-claims?view=aspnetcore-6.0
I also downloaded their sample application here and set my google client id and client secret in my secrets.json.
https://github.com/dotnet/AspNetCore.Docs/tree/main/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample
The application runs fine. But I do not get the same output on the "My Claims" page as they have on their site. Specifically I am missing the access token.
Their results...
My Results...
If I am reading the documentation correctly that access token should be there due to this line
https://github.com/dotnet/AspNetCore.Docs/blob/7ae6a3f3f523c9a0b9d268e2b7ec37b11e7052a4/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/Program.cs#L19
I should also see a Token.TicketCreated value because of this line
https://github.com/dotnet/AspNetCore.Docs/blob/7ae6a3f3f523c9a0b9d268e2b7ec37b11e7052a4/aspnetcore/security/authentication/social/additional-claims/samples/6.x/ClaimsSample/Program.cs#L31
So why am I not seeing either of those?
The Home Page does show my picture and locale though so at least that part of the sample app is working. Any ideas?
Thanks for looking.
Background
I am developing an Outlook add-in that requires our users to obtain a token so that they may interact with our API. We use Auth0 for this.
Essentially, when the user attempts to use a feature from our add-in, they are presented with a sign-in dialog that is powered by Auth0's Auth0.WinformsWPF nuget package (if they are not yet authenticated):
Of course, our users do not care to sign in to our API every time the token expires so I need to make use of Auth0's Refresh Token so that if our code attempts to call the API but the token is expired, I can refresh it without asking the user to log back in.
Problem
I do not see an obvious way to obtain or make use of the refresh token using Auth0.WinformsWPF package. Launching the above dialog to obtain a token is pretty simple however:
auth0.LoginAsync(wrapper, "","openid name email email_verified picture given_name family_name sso").ContinueWith(t => {
//Callback logic after successful authentication.
},
TaskScheduler.FromCurrentSynchronizationContext())
Question
Preferably using Auth0.WinformsWPF, how do I obtain and use a refresh token? I would very much appreciate some example code.
You need to add the offline_access parameter to scope. That will instruct Auth0 to return a refresh_token
I'm throwing together a simple POC for a client that wants to use LiveId (now Microsoft Account or MSA) for users to sign in. I've done this with FaceBook, Google and Twitter and they were all a walk in the park. For whatever reason MSA is a royal PITA.
I've created a MVC5 application using Visual Studio 2015. I went to the MSA developer center to create my app and get the client id and secret. The redirect URL I'm using is http://localtest.me/membersweb/signin-microsoft
The client id and secret go in Start.Auth.cs just like usual.
I've setup IIS and have my app in a virtual directory. When I run my application it comes up like usual. I click Log In and it goes to the login page as expected and the Microsoft button appears in the right hand column as expected. When you click the Microsoft button you are redirected to the MSA sign in page. B/c I'm already signed in I should be taken to the authorization page where I give my application permission to access my info. Instead I'm taken to an error page. The title says "We're unable to complete your request" and the rest of the message says "Microsoft account is experiencing technical problems. Please try again later.". Pretty useless.
The url is a tiny bit more helpful with the following error message:
invalid_request&error_description=The+provided+value+for+the+input+parameter+'redirect_uri'+is+not+valid.+The+expected+value+is+'https://login.live.com/oauth20_desktop.srf'+or+a+URL+which+matches+the+redirect+URI+registered+for+this+client+application.
This isn't rocket science. I do this w/ FaceBook all the time. What the blazes am I doing wrong?
No other coding, configuring or customization has been performed.
TIA
Go to https://account.live.com/developers/applications
Choose your application
Go to Edit Settings
Go to API Settings
Edit the Redirect URLs: add "/signin-microsoft" to the end of your redirect_uri
Go to your code and set the same redirect_uri for the API call
Go to drink a beer or two or more
This worked for me :)
PS: If it is still not working, try to add "/Account/ExternalLoginCallback" at the end of your redirect_uri, but this is not confirmed as working solution
For more info here: http://www.benday.com/2014/02/25/walkthrough-asp-net-mvc-identity-with-microsoft-account-authentication/
In case anyone is having this problem....
I ran into this issue recently and adding "/signin-microsof" or "/Account/ExternalLoginCallback" did not help.
What I ended up doing is adding the following redirect URIs to all app registrations (Microsoft, Google and Facebook in my case).
https://YOUR-DOMAIN.b2clogin.com/YOUR-DOMAIN.onmicrosoft.com/oauth2/authresp
https://login.microsoftonline.com/te/YOUR-DOMAIN.onmicrosoft.com/oauth2/authresp
We have some web services with OAuth on them.
I am required to run some tests against them, preferably in an automated environment without using a browser.
The problem is logging in.
Without using a browser, and with using DotNetOpenAuth and setting the HttpContext.Current manually, I seem able to do everything and get a request token and a verifier (I use a test username and password).
I believe the next stage is to get an authorising token. Unfortunatly, no matter how I construct the request, I cannot get it to work.
At the moment, using a WebConsumer (DotNetOpenAuth library) and calling consumer.ProcessUserAuthorization() results in an error:
DotNetOpenAuth.OAuth.Messages.AuthorizedTokenRequest message: oauth_verifier
Probably the whole approach is wrong, so any help/advice would be useful.
Thanks.
I would recommend you skip the entire OAuth handshake and authorization step by having a test access token and access token secret that your web service's token manager always includes. Then wiring your test to also have that token pair included in its token manager, and always using that access token when authorizing your outbound calls.
In the end, it was a problem with cookies not being stored properly.
I was losing cookies between the login page (where the user types their username and password), and the authorise page (where the user says it is okay to share details with the third party). The second page was doing an extra check to see if the user was who they say they were (reading a cookie value that the login page was meant to have written).
It was not really an OAuth issue, just something I did not understand in the Authorising page (which has since been removed anyway - c'est la vie).
I then had issues with the domains of the cookies (when the domain starts with a ‘.’). This post helped me:
CookieContainer bug?
I ended up copying cookies from one domain to another.
I've integrated my website with Facebook Connect, authorization/single-sign on all working great.
Now im trying to post something to the user's wall, which im having some problems with.
First of all, im using the "old" JavaScript API (FeatureLoader.js).
These are the Graph API URL's im using:
private const string UserDetails_Url = #"https://graph.facebook.com/{0}?access_token={1}";
private const string Feed_Url = #"https://graph.facebook.com/{0}/feed?access_token={1}";
private const string TokenExchange_Url = #"https://graph.facebook.com/oauth/access_token?{0}";
I'm using the TokenExchange_Url URL to receive the unique user OAuth token to make calls with.
This is working fine, because a) i receive the token back, and b) i can issue HTTP Get Requests to the Graph API (i.e UserDetails_Url) and it works fine.
But, i cannot Post to the User's wall using the Feed_Url.
I'm pretty sure the issue is i haven't got the appropriate user permissions to post to a wall (i.e facebook-side setting).
Now, i realise i can use the fbPublish API method client-side to do this, but i want to do it server-side with the Graph API.
I wont bother showing my code which attempts the call to the Graph API to post to the user's wall, as its pretty straightforward (HttpWebRequest, set method to "POST', set content type/length, write bytes to Stream, etc).
I think the problem is i need the user to grant my aplpication "publish_stream" extended permissions.
The Facebook Graph API doco says to do this in your authorization request:
https://graph.facebook.com/oauth/authorize?
client_id=...&
redirect_uri=http://www.example.com/callback&
scope=user_photos,user_videos,publish_stream
Which confuses me because im using the following URL to get the OAuth token:
https://graph.facebook.com/oauth/access_token?bunchofqsparams
Am i using the wrong Token Exchange URL? Why is there two different URL's to seemingly get the same piece of information?
Yes - i have read the Facebook API doco (numerous times), and yes i have read other similar SO questions, but they all result in using the client-side API to publish to wall, i want to do it server side.
For the actual "Facebook Connect" button, i'm using the standard FBML:
<fb:login-button length="long" size="medium" autologoutlink="false" background="light" onlogin="facebookLogin('/login')" class=" fb_login_not_logged_in FB_login_button FB_ElementReady"><a id="RES_ID_fb_login" class="fbconnect_login_button"><img id="RES_ID_fb_login_image" src="http://static.ak.fbcdn.net/rsrc.php/zB6N8/hash/4li2k73z.gif" alt="Connect"></a></fb:login-button>
When i click this (and not logged into Facebook), it pops up a window which the user can login. But it doesnt have the "Request Extended Permissions" dialog - shouldnt it? Or is that another popup i need to manually trigger?
So to sum up, here are my questions:
How do i grant extended permissions to publish to the user's wall?
What is the correct URL for obtaining an OAuth token?
Is there a definitive source for showing how to post to a user's wall using server-side Graph API calls?
As i presumed, i was missing a call to the client-side API to request extended permissions. (ie publish_stream).
I had a simple JavaScript function which was executed as part of the "onlogin" attribute of the FBML Login control.
Previously, i was simply doing a redirect (which would then do a single-sign-on in the server-side code).
Now, im doing this:
function postLogin(targetUrl) {
FB.Facebook.apiClient.users_hasAppPermission('publish_stream', function(result) {
if (result == 0 || result == null) {
FB.Connect.showPermissionDialog('publish_stream', function() { redirectTo(targetUrl); });
} else {
redirectTo(targetUrl);
}
});
}
Translated to english:
// On "Facebook Connect" click (which passes in a redirect URL)
// Check if user has 'publish-stream' permissions
// If they do, just redirect.
// If they dont, show a dialog requesting that permission, then redirect.
Now the server-side Graph API calls all work fine.
So to answer my own original three questions:
How do i grant extended permissions to publish to the user's wall?
Answer: make use of the client-side JavaScript API function 'FB.Connect.showPermissionDialog' to show the popup, and 'FB.Facebook.apliClient.users_hasAppPermission' to check if they have the permission.
What is the correct URL for obtaining an OAuth token?
Answer: I still believe it is "https://graph.facebook.com/oauth/access_token?{0}", but "https://graph.facebook.com/oauth/authorize?{0}" might be able to be used for a server-side authentication/authorization process.
Is there a definitive source for showing how to post to a user's wall using server-side Graph API calls?
Answer: If there was, i wouldnt have to had asked this question - so the answer in short, is no. =)
Advice to anyone starting Facebook Connect work, try to avoid the "Old JavaScript API". Do as much as you can server-side (Graph API), and only use the client-side JavaScript API for the initial handshake (cross domain receiver).