How to send new request to redirect URL with new access token

» chash » How to send new request to redirect URL with new access token

By : AMIN

Date : January 11 2021, 03:26 PM

wish helps you The updated controller method is below. In the case of this site, I Should not have used a Bearer token. I had to send a User ID for the token to be applied to.

code :

  public async Task<IActionResult> AOFun(RequestValues requestValues)
    {
        try
        {
            ServicePointManager.ServerCertificateValidationCallback += (o, c, ch, er) => true;
            string userID = requestValues.userId;
            string id = requestValues.id;
            string accessToken = requestValues.accessToken;
            string url =
            @"https://companydomain.com/api/api/pl/redirect-url?&vendorSystem=false&action=5&id={{idValue}}&app=ONE"
            .Replace("{{idValue}}", id);
            using (var requestMessage = new HttpRequestMessage(HttpMethod.Get, url))
            {
                client.DefaultRequestHeaders.Accept.Clear();
                client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
                client.DefaultRequestHeaders.Add("userId", userID);
                client.DefaultRequestHeaders.Add("access_token", accessToken);
                var responseData = await client.SendAsync(requestMessage);
                responseData.EnsureSuccessStatusCode();
                var responseString = await responseData.Content.ReadAsStringAsync();
                ResponseModel rm = JsonConvert.DeserializeObject<ResponseModel>(responseString);
                ViewBag.ResponseString = rm.url;
            }


        }
        catch (Exception ex)
        {
            ViewBag.ResponseString = "error: " + ex.Message;
        }

        return View("Index");
    }

Share :

Is it possible to send a request to the Facebook Graph API from client side without exposing our access token to the pub

By : mohamed

Date : March 29 2020, 07:55 AM

I wish this help you I found the answer after some Googling. In short, the answer is no.
And here's an excerpt from Facebook:

Facebook access token send to server with every request

By : Prithu Banerjee

Date : March 29 2020, 07:55 AM

it helps some times Tokens being passed with every request and being verified on the server is the standard solution. Irrespective, of the HTTP method, it is again a standard practice to send the token as a HTTP Header.
While you're at it use the standard OAuth2 header for sending across tokens 'Bearer'. Like below.

code :

Bearer: 8QIEF9QWEDFCQERMF0139RF1E=

unable to exchange auth token with access token - redirect uri missmatch

By : mmatt

Date : March 29 2020, 07:55 AM

Does that help Ok I go it,
if you see this

code :

def credentials_from_clientsecrets_and_code(filename, scope, code,
                                            message=None,
                                            redirect_uri='postmessage',
                                            http=None,
                                            cache=None,
                                            device_uri=None):

credentials = client.credentials_from_clientsecrets_and_code(
                  app.config.get('GG_APP_SECRET'),
                  ['https://www.googleapis.com/auth/plus.me', 'profile', 'email'],
                  authCode, redirect_uri='https://developers.google.com/oauthplayground')

Should I explicitly send the Refresh Token to get a new Access Token - JWT

By : Denise C

Date : March 29 2020, 07:55 AM

Hope that helps Yes, the refresh token is used to obtain a new access token.
When you request the access token for the first time, you usually start by sending a token request to the token endpoint, in case of the so called Resource Owner Password Credentials Grant with user credentials in the request header, e.g.

code :

grant_type=password&username=user1&passowrd=very_secret

grant_type=refresh_token&refresh_token=<your refresh token>

Need to Store a Access token send from backend (json) into localstorage and login using that token. How?

By : Anon

Date : March 29 2020, 07:55 AM

I hope this helps . So once you receive the token back from your login request, you need to store your token. Looks like you are on the right track, thinking about localStorage. Also, I'd recommend going ahead and using the async/await syntax as its much easier to read / use. It requires you to leverage promises, but it much more readable. And rather than resolve / reject functions, you just wrap your code in try/catch blocks. So to store your token in localStorage after login, do something like this:

code :

async function handleLogin(un, pw) {
  try {
    let response = await fetch('https://example.api.com/login', {
        method: "POST", // POST
        mode: "cors",
        cache: "no-cache",
        headers: {
            'Content-Type': 'application/json; charset=utf-8',
            'Access-Control-Allow-Origin': '*',
            'Accept': 'application/json'    
        },
        redirect: "follow",
        referrer: "no-referrer",
        body: JSON.stringify({
            isArray: false,
            data: {
                    email: document.getElementById("email").value,
                    password: document.getElementById("passwordNew").value
                }
        })
    })
    response = response.json();
    window.localStorage.setItem('token', response.data.token)
  } catch(e) {
    console.log('error while logging in', e)
  }
}

async function editProfile(updatedProfileInfo) {
  const token = localStorage.getItem('token');
  try{
    let response = await fetch('https://someurl.com/edit', {
      method: "POST",
      ...
      'x-access-token': token,
      ...
    })
  //handle response
  } catch(e) {}
}