There was a question about an undocumented method in the steam api, which serves to confirm authorization in the client (https://steamapi.xpaw.me/#IAuthenticationService/UpdateAuthSessionWithMobileConfirmation). With the help of Charles proxy, I saw a discrepancy with the documentation, instead of post parameters in the request, access_token is passed in the get parameter. When you try to retry the request, a 500 error is returned. The question is, how to implement the execution of this API method and what is needed for this? Is it possible to use another undocumented method to confirm authorization - UpdateAuthSessionWithSteamGuardCode and where can I get the parameters for its implementation? if anyone has an example of the implementation of these methods in python?
I tried to make a test request in python, but in response I received a 401 error, although according to the documentation I passed the necessary parameter
import requests
url = "https://api.steampowered.com/IAuthenticationService/UpdateAuthSessionWithMobileConfirmation/v1/"
data = {
'key': 'my steam web api key from [https://steamcommunity.com/dev/apikey]'
}
req = requests.post(url,data)
print(req.status_code) # 401
maybe there are convenient libraries for python where these methods are implemented?
Related
I have a website that requires login then allows a search api, that's public, it's returning error 405, How do I give parameters in requests.post, since following code isn't working
response = requests.post(
'https://www.somewebsite.com/api/public/',
auth=('asct1#gmail.com', 'Cons')
)
As you can see here 405 means that the method you chose in your case .get(...) is not allowed on the endpoint.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/405
You wrote as well that you should make a Post request. So give requests.post(...) a try!
Happy Coding, T!
I am using the tutorial in the following link to create an Access Token automatically for Oauth Zoom API: OAuth with Zoom
The issue lies in the first step where I am required to provide a redirect link. Everytime I try to make a post request to their API, I get an error
"Invalid redirect url (4,700)".
This token which I desire will be needed to use the rest of the functions in the API. The token can be generated manually, but I desire it to be automated for my process. I am using python requests for this.
Here is the code:
import requests
import json
headers = {
'content-type': "application/json"
}
url = "https://zoom.us/oauth/authorize?response_type=code&client_id=ulDD9pB4RG28mFrX0jnIQ&redirect_uri=https://zoom.us"
res = requests.post(url,headers = headers)
print(res.text)
I have looked this issue up everywhere, but I haven't been able to find an answer to my issue.
Any help for this would be greatly appreciated. Thank you.
If you check the documentation for Oauth 2.o Authorization you will find that the Redirect Uri is defined as folows
So the redirect URI is the endpoint on your system which is designed to handle the oauth response, it must have also been added to the Oauth app settings when you set up your project on zoom.
You have added https://zoom.us unless your a developer at zoom i dont think that you can have a app located at https://zoom.us designed to handle the oauth response.
I would expect a redirect uri to look something like https://www.yourdomain.com/zoom/oauthcallback.py
If you even check the tutorial you are following you will notice they use https://yourapp.com
https://zoom.us/oauth/authorize?response_type=code&client_id=7lstjK9NTyett_oeXtFiEQ&redirect_uri=https://yourapp.com
I would double check that the redirect_uri in your /oauth request URL matches exactly that which is referenced in your oauth configuration/whitelist settings for Zoom.
Even the smallest difference like http vs https or including wwww., etc. can throw an error. You might find some of the tips in this OAuth Troubleshooting Guide helpful for other common OAuth errors to check, too!
The first item in that guide covers some common invalid redirect errors.
I am having some trouble running the Freedom of information act API in python. I am sure it is related to how I am implementing my API key but I am uncertain as to where I am dropping the ball. Any help is greatly appreciated.
import requests
apikey= ''
api_base_url = f"https://api.foia.gov/api/webform/submit"
endpoint = f"{api_base_url}{apikey}"
r = requests.get(endpoint)
print(r.status_code)
print(r.text)
there error I receive is requests.exceptions.InvalidSchema: No connection adapters were found for this website. Thanks again
According to the documentation, the API requires the API key to be passed as a request header parameter ("X-API-Key"). Your python code appears to be simply concatenating the API key and the URL.
The following Q&A explains how to set a request header using requests.
Using headers with the Python requests library's get method
It would be something like this:
import requests
apikey= ...
api_base_url = ...
r = requests.get(api_base_url,
headers={"X-API-Key": apikey})
print(r.status_code)
print(r.text)
Note that the documentation for the FOIA site explains what you need to do to submit a FIOA request form. It is significantly different to what your Python code is apparently trying to do. I would advise you to read the documentation. Also read the manual entry for the "curl" command so that you understand the requests that the examples show.
I'd like to call the Facebook graph API to query some information about an object. The GET method is required. However, for security purposes, I'd like to hide the access token in a payload. I tested in Graph API Explorer. It worked. But I cannot do it using Python code.
import requests
r = requests.get(url, data={'access_token' : '0123456789ABCDEF',})
r.text
The response is
{"error":{"message":"An access token is required to request this resource.","type":"OAuthException","code":104,"fbtrace_id":"AQshJ5NFFYMaED92Azgo0AL"}}
I changed data= to json= and it does not work.
Modify your URL to URL+parameter
Eg:
https://graph.facebook.com/me?access_token=ACCESS_TOKEN
Different way:
payload = {'access_token': 'ACCESS_TOKEN'}
r = requests.get('https://graph.facebook.com/me', params=payload)
If you want to avoid insecureness of exposing access token, You can use appsecret_proof along with the parameters. So, spamming becomes impossible.
This simple encryption technique avoids the usage of access token without proof.
An access token can also be stolen by malicious software on a person's
computer or a man in the middle attack
You can prevent this by adding the appsecret_proof parameter to every
API call from a server and enabling the setting to require proof on
all calls
.
UPDATE: Solved. I was indeed making a basic mistake, among other things. My usage of the session.headers.update function was incorrect; instead of session.headers.update = {foo:bar}, I needed to be doing session.headers.update({foo:bar}). Additionally, I changed the following section of code:
From this:
payload = urllib.parse.urlencode({
"grant_type":"urn:ietf:params:oauth:grant-type:jwt-bearer",
"assertion": str(token)
})
To this:
payload = "grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=" + token.decode("utf-8")
The code now works as intended.
Original question below
I've seen several hits on SO and Google about this problem; none of them have helped, although I've certainly made sure to double-check my code to make sure I'm not guilty of the same problems they detail. The problems people tend to have involve passing the POST data as parameters or POSTing to the wrong URL, which I'm not doing, as far as I can tell. Additionally, most of the hits I've found involve 3-legged OAuth2 involving users; I've found comparatively few hits pertaining to service accounts and JWTs, which differ enough from the user flow that I'm concerned about how relevant they are to my problem.
I'm trying to get an access token from the Google Authentication server for a service account. I've generated my JWT and now want to POST to the server to receive back my access token. I've set the headers according to the documentation described here, under "Making the access token request," and as far as I can tell, my request is up to spec, but Google responds back with a 400 response, and the following JSON:
{'error': 'invalid_request', 'error_description': 'Required parameter is missing: grant_type'}
Here's the code causing the problem:
# Returns the session, now with the Host and Authorization headers set.
def gAuthenticate(session):
token = createJWT()
session.headers.update = {
"Host": "www.googleapis.com",
"Content-Type": "application/x-www-form-urlencoded"
}
payload = urllib.parse.urlencode({
"grant_type":"urn:ietf:params:oauth:grant-type:jwt-bearer",
"assertion": str(token)
})
response = session.post("https://www.googleapis.com/oauth2/v4/token", data = payload)
session.headers.update = {"Authorization": "Bearer " + response.json()["access_token"]}
return session
I'm having a lot of strange issues with this code. First of all, if I don't urllib.parse.urlencode my dictionary (i.e. simply payload = {dictionary}), I get only a Bad Request / 'invalid_request' error, which I assume from the less specific error message means that this is less acceptable than what I'm currently doing. Why do I have to do this? Isn't Requests supposed to encode my data for me? I've never had this problem when POSTing with Requests before.
Second, examining the prepared request before it's sent reveals that my headers aren't being correctly set, despite the header update. Neither of the headers I've added to the request are being transmitted.
I've examined the request body and it looks to be identical (except of course the content of the JWT) to the one that Google provides as an example in the documentation.
All of this leads me to believe that I'm making a very basic error somewhere, but I haven't had any success finding it. What am I doing wrong here? Links to any helpful documentation would be extremely appreciated; thanks for your time and attention.
Try "grant_type": "authorization_code". And add grant type as header.
Also, check this link - Accessing Google oAuth giving invalid grant_type (Bad request)