I am following a tutorial from this URL
If you see the DeviceCodeAuthProvider and GetAccessToken, you would be able to get the token merely just by the app Id and the scope without any app/ client secret or password. You can also refresh the token just by providing the same info. My question is, is this safe? I thought the client id is just like a username.
Please refer the official docs. The DeviceCodeflow will provide the device code to validate the user/client id/app id and that is safe.
Device code flow protocol:
Related
I have two accounts of DocuSign, both have the same config on the Setting section. But the first one even though expires of the trial still can send the envelopes. The second one gets invalid_request when I tried to get the JWT token base on client_id, user_id, and private_key.
Do we need to enable some config to allow it? Thanks in advance.
A couple of things:
Are you using a trial (login via www.docusign.net) or developer demo account (login via demo.docusign.net)? You should only use developer demo accounts while developing with DocuSign.
To get a free developer demo account click the link at the top right of the developer center page. Demo accounts do not expire, but their envelopes that are over 30 days old are automatically deleted.
invalid_request can be cause by a number of different issues. Additional information is available in the body of the response. Please see what it is and then edit your question to add the information.
Added
For JWT invalid_request errors, the recommended steps are:
Get the DocuSign code example running with JWT grant. For C#, this repo.
Once that works, you'll know that the problem is in your code, not in the settings of the integration key (the client id), the private key, etc.
Check that your computer's clock settings are correct--the timezone and the day/date. These are used by JWT.
Check that you are specifying a user's guid id to be impersonated. This is also referred to as a user's "API User Id"
Check the body of the API response for additional debugging information.
If you receive the error "consent_required", that is good news since it indicates that your JWT grant was correct, except that the person being impersonated hasn't yet granted consent to be impersonated. To fix, see this blog post.
I want my Web API to get an Access Token to then call Microsoft Graph API. I've gone through a few documents and threads but they all talk about a POST method that asks for a Client ID and App Secret created when registering the app on AAD.
I'm following this document here.
My problem is:
What is client_credentials? Where should I get it from? I thought the API is supposed to be working with the secret and the client I'd only.
I appreciate your help.
There's 4 parameters in the HTTP request:
grant_type: in this case, the value is "client_credentials"
client_id: The client id of your app
client_secret: The client secret of your app
resource: The identifier of the API you want a token for, in this case https://graph.microsoft.com
So only client id and secret are needed from your app.
If you use v2 endpoint / MSAL, note there is no resource parameter.
Instead you would use scope=https://graph.microsoft.com/.default.
Let us assume :
An iframe embedded in a webpage for chatting with Bot.
Every time we refresh the page, a new conversation ID is assigned(c# bot solution with SDK's being used provided by microsoft. Microsoft Bot builder).
I need to get a token(secret) for the specific conversation ID mentioned above.
Note : we already have the conversation ID and Direct line secret on Azure, using these i need to get token to send messages to chat window asynchronously.
How do i get the token using Direct Line API 3.0, any ideas?
If you want to generate token you can do this way
Refer this More HelpFull
Generates a token that is valid for one conversation.
POST /v3/directline/tokens/generate
Refreshes the token.
POST /v3/directline/tokens/refresh
Whole Description
I have found a way to do the same,
Please refer https://learn.microsoft.com/en-us/azure/bot-service/rest-api/bot-framework-rest-connector-send-and-receive-messages?view=azure-bot-service-3.0
We need to make use of serviceUrl
I'm trying to get a refresh token for Google through Oauth.io but I'm having trouble finding the endpoint to send the code to. I'm using C# so I can't use the server-side SDK. I've also looked at Getting refresh tokens from Google with OAuth.io but that answer doesn't help me get the actual refresh token. I've looked at their server-side flow documentation which tells me I can get my refresh token at /auth/access_token but when looking at the web API documentation I don't see that endpoint listed.
I've also looked at their example here and I don't see the endpoint they use listed on the API documentation either. It also doesn't say which key/secret to use with that request - is it the one listed for my OAuth.io app, or is it the one for my provider (in this case Google)?
Any help going forward would be greatly appreciated.
I've just updated the documentation on docs.oauth.io, it was effectively /auth/access_token.
Take a look at the node.js SDK implementation: https://github.com/oauth-io/sdk-node/blob/master/coffee/lib/authentication.coffee#L99
The request is a POST on https://oauth.io/auth/access_token and require 3 parameters:
code : the code to be exchange against the access token / refresh token
key : the OAuth.io public key
secret : the OAuth.io secret key
I've created a web application that uses the OAuth authentication and universal connectors as explained in this tutorial, and started to fiddle around a little to add support for other providers like Yahoo and LinkedIn. So the authentication part works and users are created in the asp.net Membership provider. Also, all the providers return the accesstoken which I supposedly can use to retrieve more information regarding the user.
I'd really like to acquire the profile image, but it seems every provider has a different way of requesting this information. Twitter even describes a way to authorise every request by changing the HTTP header information.
Whilst reading this information on the websites of the various providers I was wondering whether this functionality isn't also already included somewhere in DotNetOpenAuth.AspNet or Microsoft.AspNet.Membership.OpenAuth implementation.
How can I use DotNetOpenAuth.AspNet and/or Microsoft.AspNet.Membership.OpenAuth to request the profile image of the loggedin user using the just acquired accesstoken?
UPDATE in response to Leo's answer
I use the following code to make a call on LinkedIn's API.
string accessToken = extraData["accesstoken"]; // Extra Data received from OAuth containing the accesstoken.
WebRequest request = WebRequest.Create("https://api.linkedin.com/v1/people/~:(id,first-name,last-name,date-of-birth,email-address,picture-url)?oauth2_access_token=" + accessToken);
using (WebResponse response = request.GetResponse())
{
// do something with response here.
}
Error message is "The remote server returned an error: (401) Unauthorized.".
What am I doing wrong?
The answer is simple...you can't use any of these. These are wrappers of OAuth and OAuth only specifies how you can authenticate a user. Now, to request the user's profile photo you will need to use the external provider's own API and you will need most likely a valid access token. So, you will need to use one of these implementations of OAuth to authenticate a user and the recieve an access token, store the access token somewhere (usually a cookie) and then use the access token to make sub-sequent calls to the provider's APIs. Examples and links....
Facebook's Graph API allows you to retrieve users profiles
https://developers.facebook.com/docs/graph-api/quickstart/
notice that all examples in the link above will require you to include the access token in a parameter named access_token, for example
https://graph.facebook.com/me?method=GET&format=json&suppress_http_code=1&access_token={your-access-token}
Google...
https://www.googleapis.com/oauth2/v3/userinfo?access_token={your-access-token}
LinkedIn...
https://api.linkedin.com/v1/people/~:(id,first-name,last-name,date-of-birth,email-address,picture-url)?oauth2_access_token={your-access-token}
You can get more specific information from these providers' websites
Let me know if you have any other doubts I might be able to help you since I have implemented stuff like these before.
Cheers, Leo