Trouble with client side scripting with oauth2

Daniel_Berger2 · 8 June 2015 13:49

Hi folks,

I'm just learning oauth2 here, trying to interface with Windows Azure's
REST API, and having some trouble. It seems all of the examples assume an
auth code approach where you dig an authentication code out of a params
hash sent to a reply-url. For example, this approach works:

require 'oauth2'

# Actual values obfuscated to protect the innocent
CLIENT_ID = "XXXXXX"
CLIENT_KEY = "YYYYYY"
APP_ID_URI = "http://localhost:3000"
TENANT_ID = "ZZZZZZ"
AUTHORITY = "https://login.windows.net"
RESOURCE_ID = "https://management.azure.com/"
AUTHORIZE_URL = TENANT_ID + "/oauth2/authorize"
TOKEN_URL = TENANT_ID + "/oauth2/token"
SUBSCRIPTION_ID = "XXXXXXXX-YYYYY"

client = OAuth2::Client.new(
  CLIENT_ID,
  CLIENT_KEY,
  :site => AUTHORITY,
  :authorize_url => AUTHORIZE_URL,
  :token_url => TOKEN_URL
)

# Get code if necessary
url = client.auth_code.authorize_url(
  :response_mode => 'query',
  :response_type => 'code',
  :redirect_uri => APP_ID_URI,
  :resource => RESOURCE_ID
)

# Code was sent to localhost:3000, thanks webrick
code = "XXXXXYYYYYY"

# Get token now that we have a code
token = client.auth_code.get_token(
  code,
  :redirect_uri => APP_ID_URI,
  :expires_at => Time.now + (365 * 24 * 60 * 60)
)

# Now setup our azure connection
conn = Faraday.new(:url => 'https://management.azure.com') do |f|
f.request :url_encoded
f.adapter Faraday.default_adapter
end

# REST API
url = "/subscriptions/#{SUBSCRIPTION_ID}/resourceGroups"
url += "?api-version=2015-01-01"

resp = conn.get do |req|
  req.url url
  req.headers['Content-Type'] = 'application/json'
  req.headers['Authorization'] = 'Bearer '+ token.token
end

# Huzzah, we have json!
p resp.body

But this is obviously unsuitable for client side scripting. I've been
looking at other approaches (client credentials, password, etc) but
can't seem to make them work.

I was hoping it was something as simple as:

token = client.client_credentials.get_token

But that gives me this error:

'client_assertion' or 'client_secret' is required for the
'client_credentials' grant type

Any guidance appreciated.

Regards,

Dan

Daniel_Berger2 · 8 June 2015 15:42

Note, I also tried a plain REST approach, but the request times out for
some reason.

require 'rest-client'
require 'json'

CLIENT_ID = "XXXXX"
CLIENT_KEY = "YYYYY"
TENANT_ID = "ZZZZZZ"
SUBSCRIPTION_ID = "ABC123"

url = "Sign in to your account;

response = RestClient.post(
  url,
  :grant_type => 'client_credentials',
  :client_id => CLIENT_ID,
  :client_secret => CLIENT_KEY,
)

# I get a token back, cool
token = JSON.parse(response)['access_token']
#p token

url = "http://management.azure.com"
url += "/subscriptions/#{SUBSCRIPTION_ID}/resourceGroups"
url += "?api-version=2015-01-01"

# But this request times out for some reason
resp = RestClient.get(
  url,
  :content_type => 'application/json',
  :authorization => 'Bearer ' + token,
)

p resp.body

···

On Mon, Jun 8, 2015 at 9:49 AM, Daniel Berger <djberg96@gmail.com> wrote:

Hi folks,

I'm just learning oauth2 here, trying to interface with Windows Azure's
REST API, and having some trouble. It seems all of the examples assume an
auth code approach where you dig an authentication code out of a params
hash sent to a reply-url. For example, this approach works:

require 'oauth2'

# Actual values obfuscated to protect the innocent
CLIENT_ID = "XXXXXX"
CLIENT_KEY = "YYYYYY"
APP_ID_URI = "http://localhost:3000"
TENANT_ID = "ZZZZZZ"
AUTHORITY = "https://login.windows.net"
RESOURCE_ID = "https://management.azure.com/"
AUTHORIZE_URL = TENANT_ID + "/oauth2/authorize"
TOKEN_URL = TENANT_ID + "/oauth2/token"
SUBSCRIPTION_ID = "XXXXXXXX-YYYYY"

client = OAuth2::Client.new(
  CLIENT_ID,
  CLIENT_KEY,
  :site => AUTHORITY,
  :authorize_url => AUTHORIZE_URL,
  :token_url => TOKEN_URL
)

# Get code if necessary
url = client.auth_code.authorize_url(
  :response_mode => 'query',
  :response_type => 'code',
  :redirect_uri => APP_ID_URI,
  :resource => RESOURCE_ID
)

# Code was sent to localhost:3000, thanks webrick
code = "XXXXXYYYYYY"

# Get token now that we have a code
token = client.auth_code.get_token(
  code,
  :redirect_uri => APP_ID_URI,
  :expires_at => Time.now + (365 * 24 * 60 * 60)
)

# Now setup our azure connection
conn = Faraday.new(:url => 'https://management.azure.com') do |f|
  f.request :url_encoded
  f.adapter Faraday.default_adapter
end

# REST API
url = "/subscriptions/#{SUBSCRIPTION_ID}/resourceGroups"
url += "?api-version=2015-01-01"

resp = conn.get do |req|
  req.url url
  req.headers['Content-Type'] = 'application/json'
  req.headers['Authorization'] = 'Bearer '+ token.token
end

# Huzzah, we have json!
p resp.body

But this is obviously unsuitable for client side scripting. I've been looking at other approaches (client credentials, password, etc) but can't seem to make them work.

I was hoping it was something as simple as:

token = client.client_credentials.get_token

But that gives me this error:

'client_assertion' or 'client_secret' is required for the 'client_credentials' grant type

Any guidance appreciated.

Regards,

Dan

Georgi_Gromyko · 8 June 2015 13:54

You may probably want to wrap oauth into your own simple class.
It’s very simple and it will give you a couple of advantages, including:
- make the interface that makes sense to you and your domain logic
- the ability to swap oauth2 to oauth3 or whatever else you want to use in the future painlessly

Hope it helps a little,

Georgi

···

On Jun 8, 2015, at 6:49 PM, Daniel Berger <djberg96@gmail.com> wrote:

Hi folks,

I'm just learning oauth2 here, trying to interface with Windows Azure's REST API, and having some trouble. It seems all of the examples assume an auth code approach where you dig an authentication code out of a params hash sent to a reply-url. For example, this approach works:

require 'oauth2'

# Actual values obfuscated to protect the innocent
CLIENT_ID = "XXXXXX"
CLIENT_KEY = "YYYYYY"
APP_ID_URI = "http://localhost:3000 <http://localhost:3000/>"
TENANT_ID = "ZZZZZZ"
AUTHORITY = "https://login.windows.net <https://login.windows.net/>"
RESOURCE_ID = "https://management.azure.com/"
AUTHORIZE_URL = TENANT_ID + "/oauth2/authorize"
TOKEN_URL = TENANT_ID + "/oauth2/token"
SUBSCRIPTION_ID = "XXXXXXXX-YYYYY"

client = OAuth2::Client.new(
  CLIENT_ID,
  CLIENT_KEY,
  :site => AUTHORITY,
  :authorize_url => AUTHORIZE_URL,
  :token_url => TOKEN_URL
)

# Get code if necessary
url = client.auth_code.authorize_url(
  :response_mode => 'query',
  :response_type => 'code',
  :redirect_uri => APP_ID_URI,
  :resource => RESOURCE_ID
)

# Code was sent to localhost:3000, thanks webrick
code = "XXXXXYYYYYY"

# Get token now that we have a code
token = client.auth_code.get_token(
  code,
  :redirect_uri => APP_ID_URI,
  :expires_at => Time.now + (365 * 24 * 60 * 60)
)

# Now setup our azure connection
conn = Faraday.new(:url => 'https://management.azure.com <https://management.azure.com/>'\) do |f|
  f.request :url_encoded
  f.adapter Faraday.default_adapter
end

# REST API
url = "/subscriptions/#{SUBSCRIPTION_ID}/resourceGroups"
url += "?api-version=2015-01-01"

resp = conn.get do |req|
  req.url url
  req.headers['Content-Type'] = 'application/json'
  req.headers['Authorization'] = 'Bearer '+ token.token
end

# Huzzah, we have json!
p resp.body

But this is obviously unsuitable for client side scripting. I've been looking at other approaches (client credentials, password, etc) but can't seem to make them work.

I was hoping it was something as simple as:

token = client.client_credentials.get_token

But that gives me this error:

'client_assertion' or 'client_secret' is required for the 'client_credentials' grant type

Any guidance appreciated.

Regards,

Dan

Daniel_Berger2 · 8 June 2015 15:46

Actually, once I changed "http" to "https" the second part did respond, but
gave me a 401 (authorization error).

Dan

···

On Mon, Jun 8, 2015 at 11:42 AM, Daniel Berger <djberg96@gmail.com> wrote:

Note, I also tried a plain REST approach, but the request times out for
some reason.

require 'rest-client'
require 'json'

CLIENT_ID = "XXXXX"
CLIENT_KEY = "YYYYY"
TENANT_ID = "ZZZZZZ"
SUBSCRIPTION_ID = "ABC123"

url = "Sign in to your account;

response = RestClient.post(
  url,
  :grant_type => 'client_credentials',
  :client_id => CLIENT_ID,
  :client_secret => CLIENT_KEY,
)

# I get a token back, cool
token = JSON.parse(response)['access_token']
#p token

url = "http://management.azure.com"
url += "/subscriptions/#{SUBSCRIPTION_ID}/resourceGroups"
url += "?api-version=2015-01-01"

# But this request times out for some reason
resp = RestClient.get(
  url,
  :content_type => 'application/json',
  :authorization => 'Bearer ' + token,
)

p resp.body

On Mon, Jun 8, 2015 at 9:49 AM, Daniel Berger <djberg96@gmail.com> wrote:

Hi folks,

I'm just learning oauth2 here, trying to interface with Windows Azure's
REST API, and having some trouble. It seems all of the examples assume an
auth code approach where you dig an authentication code out of a params
hash sent to a reply-url. For example, this approach works:

require 'oauth2'

# Actual values obfuscated to protect the innocent
CLIENT_ID = "XXXXXX"
CLIENT_KEY = "YYYYYY"
APP_ID_URI = "http://localhost:3000"
TENANT_ID = "ZZZZZZ"
AUTHORITY = "https://login.windows.net"
RESOURCE_ID = "https://management.azure.com/"
AUTHORIZE_URL = TENANT_ID + "/oauth2/authorize"
TOKEN_URL = TENANT_ID + "/oauth2/token"
SUBSCRIPTION_ID = "XXXXXXXX-YYYYY"

client = OAuth2::Client.new(
  CLIENT_ID,
  CLIENT_KEY,
  :site => AUTHORITY,
  :authorize_url => AUTHORIZE_URL,
  :token_url => TOKEN_URL
)

# Get code if necessary
url = client.auth_code.authorize_url(
  :response_mode => 'query',
  :response_type => 'code',
  :redirect_uri => APP_ID_URI,
  :resource => RESOURCE_ID
)

# Code was sent to localhost:3000, thanks webrick
code = "XXXXXYYYYYY"

# Get token now that we have a code
token = client.auth_code.get_token(
  code,
  :redirect_uri => APP_ID_URI,
  :expires_at => Time.now + (365 * 24 * 60 * 60)
)

# Now setup our azure connection
conn = Faraday.new(:url => 'https://management.azure.com') do |f|
  f.request :url_encoded
  f.adapter Faraday.default_adapter
end

# REST API
url = "/subscriptions/#{SUBSCRIPTION_ID}/resourceGroups"
url += "?api-version=2015-01-01"

resp = conn.get do |req|
  req.url url
  req.headers['Content-Type'] = 'application/json'
  req.headers['Authorization'] = 'Bearer '+ token.token
end

# Huzzah, we have json!
p resp.body

But this is obviously unsuitable for client side scripting. I've been looking at other approaches (client credentials, password, etc) but can't seem to make them work.

I was hoping it was something as simple as:

token = client.client_credentials.get_token

But that gives me this error:

'client_assertion' or 'client_secret' is required for the 'client_credentials' grant type

Any guidance appreciated.

Regards,

Dan

Daniel_Berger2 · 8 June 2015 18:14

I did figure one thing out - you need to explicitly pass client.params to
the credentials.get_token call. I don't know if this is a bug, but I got
farther:

creds = client.client_credentials
token = creds.get_token(creds.client_params)
p token.token

However, now I see this error when I try to pass the token:

"The access token has been obtained from wrong audience or resource
'00000002-0000-0000-c000-000000000000'. It should exactly match (including
forward slash) with one of the allowed audiences '
https://management.core.windows.net/','https://management.azure.com/'"

The resource id there is the Microsoft.Azure.ActiveDirectory principal ID.

And that's where I'm stuck.

Regards,

Dan

···

On Mon, Jun 8, 2015 at 11:46 AM, Daniel Berger <djberg96@gmail.com> wrote:

Actually, once I changed "http" to "https" the second part did respond,
but gave me a 401 (authorization error).

Dan

On Mon, Jun 8, 2015 at 11:42 AM, Daniel Berger <djberg96@gmail.com> wrote:

Note, I also tried a plain REST approach, but the request times out for
some reason.

require 'rest-client'
require 'json'

CLIENT_ID = "XXXXX"
CLIENT_KEY = "YYYYY"
TENANT_ID = "ZZZZZZ"
SUBSCRIPTION_ID = "ABC123"

url = "https://login.windows.net/#{TENANT_ID}/oauth2/token"

response = RestClient.post(
  url,
  :grant_type => 'client_credentials',
  :client_id => CLIENT_ID,
  :client_secret => CLIENT_KEY,
)

# I get a token back, cool
token = JSON.parse(response)['access_token']
#p token

url = "http://management.azure.com"
url += "/subscriptions/#{SUBSCRIPTION_ID}/resourceGroups"
url += "?api-version=2015-01-01"

# But this request times out for some reason
resp = RestClient.get(
  url,
  :content_type => 'application/json',
  :authorization => 'Bearer ' + token,
)

p resp.body

On Mon, Jun 8, 2015 at 9:49 AM, Daniel Berger <djberg96@gmail.com> wrote:

Hi folks,

I'm just learning oauth2 here, trying to interface with Windows Azure's
REST API, and having some trouble. It seems all of the examples assume an
auth code approach where you dig an authentication code out of a params
hash sent to a reply-url. For example, this approach works:

require 'oauth2'

# Actual values obfuscated to protect the innocent
CLIENT_ID = "XXXXXX"
CLIENT_KEY = "YYYYYY"
APP_ID_URI = "http://localhost:3000"
TENANT_ID = "ZZZZZZ"
AUTHORITY = "https://login.windows.net"
RESOURCE_ID = "https://management.azure.com/"
AUTHORIZE_URL = TENANT_ID + "/oauth2/authorize"
TOKEN_URL = TENANT_ID + "/oauth2/token"
SUBSCRIPTION_ID = "XXXXXXXX-YYYYY"

client = OAuth2::Client.new(
  CLIENT_ID,
  CLIENT_KEY,
  :site => AUTHORITY,
  :authorize_url => AUTHORIZE_URL,
  :token_url => TOKEN_URL
)

# Get code if necessary
url = client.auth_code.authorize_url(
  :response_mode => 'query',
  :response_type => 'code',
  :redirect_uri => APP_ID_URI,
  :resource => RESOURCE_ID
)

# Code was sent to localhost:3000, thanks webrick
code = "XXXXXYYYYYY"

# Get token now that we have a code
token = client.auth_code.get_token(
  code,
  :redirect_uri => APP_ID_URI,
  :expires_at => Time.now + (365 * 24 * 60 * 60)
)

# Now setup our azure connection
conn = Faraday.new(:url => 'https://management.azure.com') do |f|
  f.request :url_encoded
  f.adapter Faraday.default_adapter
end

# REST API
url = "/subscriptions/#{SUBSCRIPTION_ID}/resourceGroups"
url += "?api-version=2015-01-01"

resp = conn.get do |req|
  req.url url
  req.headers['Content-Type'] = 'application/json'
  req.headers['Authorization'] = 'Bearer '+ token.token
end

# Huzzah, we have json!
p resp.body

But this is obviously unsuitable for client side scripting. I've been looking at other approaches (client credentials, password, etc) but can't seem to make them work.

I was hoping it was something as simple as:

token = client.client_credentials.get_token

But that gives me this error:

'client_assertion' or 'client_secret' is required for the 'client_credentials' grant type

Any guidance appreciated.

Regards,

Dan

Gustavo_Saracca · 8 June 2015 15:55

E

···

Enviado desde mi BlackBerry de Movistar (http://www.movistar.com.ar)

-----Original Message-----
From: Daniel Berger <djberg96@gmail.com>
Sender: "ruby-talk" <ruby-talk-bounces@ruby-lang.org>Date: Mon, 8 Jun 2015 11:46:08
To: Ruby users<ruby-talk@ruby-lang.org>
Reply-To: Ruby users <ruby-talk@ruby-lang.org>
Subject: Re: Trouble with client side scripting with oauth2

Actually, once I changed "http" to "https" the second part did respond, but
gave me a 401 (authorization error).

Dan

On Mon, Jun 8, 2015 at 11:42 AM, Daniel Berger <djberg96@gmail.com> wrote:

Note, I also tried a plain REST approach, but the request times out for
some reason.

require 'rest-client'
require 'json'

CLIENT_ID = "XXXXX"
CLIENT_KEY = "YYYYY"
TENANT_ID = "ZZZZZZ"
SUBSCRIPTION_ID = "ABC123"

url = "https://login.windows.net/#{TENANT_ID}/oauth2/token"

response = RestClient.post(
  url,
  :grant_type => 'client_credentials',
  :client_id => CLIENT_ID,
  :client_secret => CLIENT_KEY,
)

# I get a token back, cool
token = JSON.parse(response)['access_token']
#p token

url = "http://management.azure.com"
url += "/subscriptions/#{SUBSCRIPTION_ID}/resourceGroups"
url += "?api-version=2015-01-01"

# But this request times out for some reason
resp = RestClient.get(
  url,
  :content_type => 'application/json',
  :authorization => 'Bearer ' + token,
)

p resp.body

On Mon, Jun 8, 2015 at 9:49 AM, Daniel Berger <djberg96@gmail.com> wrote:

Hi folks,

I'm just learning oauth2 here, trying to interface with Windows Azure's
REST API, and having some trouble. It seems all of the examples assume an
auth code approach where you dig an authentication code out of a params
hash sent to a reply-url. For example, this approach works:

require 'oauth2'

# Actual values obfuscated to protect the innocent
CLIENT_ID = "XXXXXX"
CLIENT_KEY = "YYYYYY"
APP_ID_URI = "http://localhost:3000"
TENANT_ID = "ZZZZZZ"
AUTHORITY = "https://login.windows.net"
RESOURCE_ID = "https://management.azure.com/"
AUTHORIZE_URL = TENANT_ID + "/oauth2/authorize"
TOKEN_URL = TENANT_ID + "/oauth2/token"
SUBSCRIPTION_ID = "XXXXXXXX-YYYYY"

client = OAuth2::Client.new(
  CLIENT_ID,
  CLIENT_KEY,
  :site => AUTHORITY,
  :authorize_url => AUTHORIZE_URL,
  :token_url => TOKEN_URL
)

# Get code if necessary
url = client.auth_code.authorize_url(
  :response_mode => 'query',
  :response_type => 'code',
  :redirect_uri => APP_ID_URI,
  :resource => RESOURCE_ID
)

# Code was sent to localhost:3000, thanks webrick
code = "XXXXXYYYYYY"

# Get token now that we have a code
token = client.auth_code.get_token(
  code,
  :redirect_uri => APP_ID_URI,
  :expires_at => Time.now + (365 * 24 * 60 * 60)
)

# Now setup our azure connection
conn = Faraday.new(:url => 'https://management.azure.com') do |f|
  f.request :url_encoded
  f.adapter Faraday.default_adapter
end

# REST API
url = "/subscriptions/#{SUBSCRIPTION_ID}/resourceGroups"
url += "?api-version=2015-01-01"

resp = conn.get do |req|
  req.url url
  req.headers['Content-Type'] = 'application/json'
  req.headers['Authorization'] = 'Bearer '+ token.token
end

# Huzzah, we have json!
p resp.body

But this is obviously unsuitable for client side scripting. I've been looking at other approaches (client credentials, password, etc) but can't seem to make them work.

I was hoping it was something as simple as:

token = client.client_credentials.get_token

But that gives me this error:

'client_assertion' or 'client_secret' is required for the 'client_credentials' grant type

Any guidance appreciated.

Regards,

Dan

Daniel_Berger2 · 8 June 2015 18:51

Well, I think I solved it. I had to explicitly pass the :resource to the
get_token method as well. For anyone interested, this is how I did it:

creds = client.client_credentials
params = creds.client_params.merge(:resource => RESOURCE_ID)
token = creds.get_token(params)

As I mentioned before, I'm pretty sure this is a bug, as I shouldn't have
to restate attributes that were already set in the constructor. Anyway,
that worked for me.

Regards,

Dan

···

On Mon, Jun 8, 2015 at 2:14 PM, Daniel Berger <djberg96@gmail.com> wrote:

I did figure one thing out - you need to explicitly pass client.params to
the credentials.get_token call. I don't know if this is a bug, but I got
farther:

creds = client.client_credentials
token = creds.get_token(creds.client_params)
p token.token

However, now I see this error when I try to pass the token:

"The access token has been obtained from wrong audience or resource
'00000002-0000-0000-c000-000000000000'. It should exactly match (including
forward slash) with one of the allowed audiences '
https://management.core.windows.net/','https://management.azure.com/'"

The resource id there is the Microsoft.Azure.ActiveDirectory principal ID.

And that's where I'm stuck.

Regards,

Dan

On Mon, Jun 8, 2015 at 11:46 AM, Daniel Berger <djberg96@gmail.com> wrote:

Actually, once I changed "http" to "https" the second part did respond,
but gave me a 401 (authorization error).

Dan

On Mon, Jun 8, 2015 at 11:42 AM, Daniel Berger <djberg96@gmail.com> >> wrote:

Note, I also tried a plain REST approach, but the request times out for
some reason.

require 'rest-client'
require 'json'

CLIENT_ID = "XXXXX"
CLIENT_KEY = "YYYYY"
TENANT_ID = "ZZZZZZ"
SUBSCRIPTION_ID = "ABC123"

url = "Sign in to your account;

response = RestClient.post(
  url,
  :grant_type => 'client_credentials',
  :client_id => CLIENT_ID,
  :client_secret => CLIENT_KEY,
)

# I get a token back, cool
token = JSON.parse(response)['access_token']
#p token

url = "http://management.azure.com"
url += "/subscriptions/#{SUBSCRIPTION_ID}/resourceGroups"
url += "?api-version=2015-01-01"

# But this request times out for some reason
resp = RestClient.get(
  url,
  :content_type => 'application/json',
  :authorization => 'Bearer ' + token,
)

p resp.body

On Mon, Jun 8, 2015 at 9:49 AM, Daniel Berger <djberg96@gmail.com> >>> wrote:

Hi folks,

I'm just learning oauth2 here, trying to interface with Windows Azure's
REST API, and having some trouble. It seems all of the examples assume an
auth code approach where you dig an authentication code out of a params
hash sent to a reply-url. For example, this approach works:

require 'oauth2'

# Actual values obfuscated to protect the innocent
CLIENT_ID = "XXXXXX"
CLIENT_KEY = "YYYYYY"
APP_ID_URI = "http://localhost:3000"
TENANT_ID = "ZZZZZZ"
AUTHORITY = "https://login.windows.net"
RESOURCE_ID = "https://management.azure.com/"
AUTHORIZE_URL = TENANT_ID + "/oauth2/authorize"
TOKEN_URL = TENANT_ID + "/oauth2/token"
SUBSCRIPTION_ID = "XXXXXXXX-YYYYY"

client = OAuth2::Client.new(
  CLIENT_ID,
  CLIENT_KEY,
  :site => AUTHORITY,
  :authorize_url => AUTHORIZE_URL,
  :token_url => TOKEN_URL
)

# Get code if necessary
url = client.auth_code.authorize_url(
  :response_mode => 'query',
  :response_type => 'code',
  :redirect_uri => APP_ID_URI,
  :resource => RESOURCE_ID
)

# Code was sent to localhost:3000, thanks webrick
code = "XXXXXYYYYYY"

# Get token now that we have a code
token = client.auth_code.get_token(
  code,
  :redirect_uri => APP_ID_URI,
  :expires_at => Time.now + (365 * 24 * 60 * 60)
)

# Now setup our azure connection
conn = Faraday.new(:url => 'https://management.azure.com') do |f|
  f.request :url_encoded
  f.adapter Faraday.default_adapter
end

# REST API
url = "/subscriptions/#{SUBSCRIPTION_ID}/resourceGroups"
url += "?api-version=2015-01-01"

resp = conn.get do |req|
  req.url url
  req.headers['Content-Type'] = 'application/json'
  req.headers['Authorization'] = 'Bearer '+ token.token
end

# Huzzah, we have json!
p resp.body

But this is obviously unsuitable for client side scripting. I've been looking at other approaches (client credentials, password, etc) but can't seem to make them work.

I was hoping it was something as simple as:

token = client.client_credentials.get_token

But that gives me this error:

'client_assertion' or 'client_secret' is required for the 'client_credentials' grant type

Any guidance appreciated.

Regards,

Dan

Topic		Replies	Views
[ruby-talk:444196] Montreal.rb May 2023: Integrating REST APIs w/ Microsoft Kiota ruby-talk	0	186	4 May 2023
[ruby-talk:443111] [ANN] rodauth-oauth 1.0.0.pre.beta2 released ruby-talk	0	219	9 November 2022
Problem with HTTParty when get bing translator api access token ruby-talk	0	137	12 July 2012
[ANN] rest-core 0.8.0 released ruby-talk	0	120	30 November 2011
Posting an XML document to a protected API ruby-talk	9	184	30 July 2009

Trouble with client side scripting with oauth2

Related topics