I am practicing an azure sample named OAuth 2.0 Sample for Azure AD Spring Boot Starter Resource Server library for Java.I followed the steps but blocked in Check the authentication and authorization.I have got the access_token successfully, but I don't know how to use it in postman or any other ways. Is there any doc or advice? Thanks very much!
Okay, I added the Authorization in request header, but I got 401 and an error message. And this is way where I got the access_token.
Is there something wrong?
You could do something like below :
You can add the necessary URL and HTTP verb at the top.
You will have to add Authorization Headers in the postman and add the oauth token bearer like below
Authorization : Bearer <Oauth Token>
Update :
Related
I'm writing a spring boot backend in java which endpoints are secured by okta.
The application uses the okta api service app integration since only the frontend and never a user is retreiving data from it.
To get a valid access token from the okta api I followed these steps: https://developer.okta.com/docs/guides/implement-grant-type/clientcreds/main/#request-for-token
Sadly all my attempts result in an error.
My postman configuration:
Okta api endpoint:
https://dev-61814681.okta.com/oauth2/default/v1/token
Authentication method:
Basic auth with client id as username and client secret as password
Headers:
accept = application/json
cache-control = no-cache
content-type = application/x-www-form-urlencoded
Body:
grant-type = client_credentials
scope = MyDefault
The response:
400 bad request
It would be nice if someone could push me in the right direction with this one.
It should be grant-type instead of what you wrote (grand-type).
Also, make sure you have defined the "MyDefault" scope in your Okta API app and that it has the necessary permissions for your client to access the endpoints it requires.
Hopefully the typo fixes the issue in this case.
I was able to solve my problem by doing the following:
I took the cURL pictured at https://developer.okta.com/docs/guides/implement-grant-type/clientcreds/main/#request-for-token
After that I inserted my Okta domain, added my authorization (client id and client secret written in the same line seperated by ':' and encoded as base64) and updated the scope from customScope to my own custom scope.
I imported all of that into postman by pressing the import button and inserting the raw text.
Now everithing works fine.
I have an Java backend app uses Azure Active Directory. I am using oauth2 bearer token to login. On backend side I am searching and using oauth2 attribute "preferred_username" and it works. However when I send login request from postman/insomnia there is oauth v1 token and there are oauth v1 attributes like instead of "preferred_username" there is "unique_name" but "ver" attribute is 1.0.
The token type seems oauth2
What causes this?
Please check the URLs you are currently using to send login request via Postman.
To get v2.0 OAuth2 token, you need to use v2.0 endpoints:
Go to Azure Portal -> Azure Active Directory -> App Registrations -> Your App -> Overview -> Endpoints
In addition to that, ensure to modify Manifest file by changing accessTokenAcceptedVersion value to 2. By default, it will be null for single tenant applications.
I tried to reproduce the same in my environment and got below results:
Initially I generated access token with v2.0 endpoints, leaving Manifest file as default like below:
When I decoded the token, I found OAuth2 v1.0 attributes like below:
In order to get v2.0 token, I changed App's Manifest file like below:
I generated the access token via Postman with parameters like below:
POST https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token
When I decoded the above token, I got OAuth2 v2.0 attributes successfully like below:
In addition to #Sridevi s answer I realize that I need to add optional claim preferred_username as below from Azure Active Directory > App registrations > My App > Token Configuration.
Related documentation is https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims
Both are fixed my issue.
I intend to implement a simple login app with Spring Boot REST API, JWT(Auth0 -java-jwt), and Angular 8. After login, I am receiving a Cookie from the REST API as follows:
Cookie cookie= new Cookie("token",token);
cookie.setPath("/");
cookie.setDomain("localhost");
cookie.setHttpOnly(true);
cookie.setMaxAge(60 * 60 * 24 * 365 * 10);
//cookie.setSecure(true); - for deployment
httpServletResponse.addCookie(cookie);
In the browser(Dev tools, Response headers), I can see the Cookie received, with the correct token. However, I can't see it in chrome://settings/siteData?search, I tried Chrome, Chromium, and Firefox, all showing the same results.
Now, this is how I am sending my request from the Angular client:
const h = new HttpHeaders().append("Authorization", "Bearer ");
this.http.get("http://localhost:8080/api/users", {headers:h, withCredentials: true })
In the request headers, I am not seeing this cookie, and for that reason, I suppose, the request does not get authorized.
What is it that I am missing? Also, I appreciate any articles that demonstrate a simple login with Spring Boot (REST API only, not with Thymleaf or something), Angular and JWT (java-jwt). Thank you.
In my opinion here the problem is that you are sending an Authorzation header without the JWT, in fact you are writing in your code const h = new HttpHeaders().append("Authorization", "Bearer ");.
I had solved a similar problem with fetch in a react application, but I guess that it should be the same for you, without setting Authorization header but setting like you withCredentials: true.
at the end m suggestion is try to remove the header due to with your configuration you does not sending the JWT token
TIPs if in your question you have written a blank token but in your actual production code you are inserting it properly perhaps you should check if your resource server works fine with I do not know... postman curl or something like that
or you should check that your token is a valid token and not an expired token
p.s. in your backend server implementation I saw a very low level details I suggest you to use Spring Security oauth2 module if you are useing a spring boot 2.x or Spring Cloud Security OAuth2 if you are using a Spring Boot 1.5.x version
I used BlazeMeter's chrome extension to build a .jmx file for testing our login page in JMeter. Most of our application is written in node js. We are using Auth0 for our login and the /login/callback is giving me a 400. I am not sure why. My goal is to test our applications with about 200 users. Any help would be great!
The HTTP 400 Bad Request response status code indicates that the server could not understand the request due to invalid syntax.
Most probably you are getting this error due to malformed request body or missing header, most probably you need to add a HTTP Header Manager and configure it to send Content-Type header with the value of application/json
Also be aware that OAuth authorization flow isn't something you will be able to record and replay, it is all about obtaining an Authorization Bearer token and sending it along with the requests requiring authorization via the aforementined HTTP Header Manager.
There are several ways of obtaining an OAuth token, check out How to Run Performance Tests on OAuth Secured Apps with JMeter guide for more details on bypassing OAuth login challenge in JMeter tests.
My applications should login with Microsoft account (OAuth Provider). I got stuck to get user info after successfully authenticated by using following URL
https://login.live.com/oauth20_authorize.srf?client_id=CLIENT_ID&scope=SCOPES&response_type=code&redirect_uri=REDIRECT_URL
Can any one please help me to get user-info? Is there any library that I need to include for that ?
I'm getting authenticated code but I don't know how use ? I'm working with JAVA
The userinfo endpoint is https://apis.live.net/v5.0/me. Before you call it you need to exchange the code for a token.
For anyone stumbling here.
OpenID discovery URL: https://login.live.com/.well-known/openid-configuration
Microsoft doesn't provide userinfo_endpoint in the service configuration json
UserInfo URL : https://graph.microsoft.com/v1.0/me
Make a GET request to this url with header containing access_token that you got after exchanging auth_code
Key: Authorization
Value: Bearer <access_token>