[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Ftpapi] What am I missing?!?!



Corby,

These docs say "GET", but the example they show doesn't make sense (its not possible within the HTTP standard if you use GET.)  I think this is a mistake in their docs.

All of the examples on Microsoft's site for the same "login.microsoft.com" server use POST.

Once using POST, the data you send should be placed in a separate variable (not the URL) with the ? removed.  Then pass this in the "send string" parameter to http_req().  Set the content-type to application/x-www-form-urlencoded

Or, if you want a more complex solution, use the MFD encoder (multipart/form-data) with the http_mfd_encoder_xxx routines...  But that doesn't seem needed, here.

-- 
Scott Klement
sk@xxxxxxxxxxxxxxxx
On 3/10/2021 10:55 AM, Weaver, Corby wrote:

Vendor is Altria. They are using the Microsoft site to issue the authorization token. I would guess that 535b2d87-664f-415a-b7fa-fd3f1086d450 is used for all of their customers to get the token from Microsoft. Once I have the token, I go to another endpoint to get the actual data. This part I’m able to get to work. I just copy and paste the token that I get from Postman into a data area.

 

From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx <ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx> On Behalf Of Brad Stone
Sent: Wednesday, March 10, 2021 10:51 AM
To: FTPAPI/HTTPAPI mailing list <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Ftpapi] What am I missing?!?!

 

 

  [CAUTION]  This email originated from outside Core-Mark. Do not click links or open attachments unless you recognize the sender and know the content is safe.

 


Is the vendor Microsoft?

 

Is that your tenant ID (or possibly an example?)
535b2d87-664f-415a-b7fa-fd3f1086d450

 

On Wed, Mar 10, 2021 at 10:43 AM Weaver, Corby <corby.weaver@xxxxxxxxxxxxx> wrote:

The documentation (attached) is from the vendor.

 

From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx <ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx> On Behalf Of Brad Stone
Sent: Wednesday, March 10, 2021 10:30 AM
To: FTPAPI/HTTPAPI mailing list <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Ftpapi] What am I missing?!?!

 

 

  [CAUTION]  This email originated from outside Core-Mark. Do not click links or open attachments unless you recognize the sender and know the content is safe.

 


Is that your tenant ID?
535b2d87-664f-415a-b7fa-fd3f1086d450

Is that documentation from Microsoft or someone else?  Provide a link if possible.

 

 

On Wed, Mar 10, 2021 at 10:19 AM Weaver, Corby <corby.weaver@xxxxxxxxxxxxx> wrote:

This is from the vendor’s documentation…

 

From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx <ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx> On Behalf Of Brad Stone
Sent: Wednesday, March 10, 2021 10:03 AM
To: FTPAPI/HTTPAPI mailing list <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Ftpapi] What am I missing?!?!

 

 

  [CAUTION]  This email originated from outside Core-Mark. Do not click links or open attachments unless you recognize the sender and know the content is safe.

 


If that was provided by microsoft then you'll want to ask them why your request isn't working.  Also, we see a cookie and Authorization header in their example as well.  

 

Where exactly did you get that example?  And is that your tenant ID (535b2d87-664f-415a-b7fa-fd3f1086d450)?

 

 

On Wed, Mar 10, 2021 at 9:56 AM Weaver, Corby <corby.weaver@xxxxxxxxxxxxx> wrote:

curl --location --request GET 'https://login.microsoftonline.com/535b2d87-664f-415a-b7fa-fd3f1086d450/oauth2/token' \

--header 'Authorization: Bearer null' \

--header 'Cookie: fpc=AsRmKCSoZd5MoZkTHpKLW42f_YrjAQAAALHJ2tcOAAAA' \

--form 'client_id="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"' \

--form 'client_secret="XXXXXXXXXXXXXXXXXXXXXXXXXXx"' \

--form 'grant_type="client_credentials"'

 

 

From: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx <ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx> On Behalf Of Brad Stone
Sent: Wednesday, March 10, 2021 9:38 AM
To: FTPAPI/HTTPAPI mailing list <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: [Ftpapi] What am I missing?!?!

 

 

  [CAUTION]  This email originated from outside Core-Mark. Do not click links or open attachments unless you recognize the sender and know the content is safe.

 


A GET doesn't have data in the body of the request, a POST does.

 

Ask them if they can provide a cURL example that works... or a Postman example.

 

On Wed, Mar 10, 2021 at 9:32 AM Weaver, Corby <corby.weaver@xxxxxxxxxxxxx> wrote:

I have very little experience with HTML and have followed the examples and suggestions in the forum. However, I am still having some issues. The support staff with the endpoint assure me that this should be a GET.

 

I am trying to get an authentication token, passing Client ID and Client Secret.

 

Here is my code:

 

URL = '';     

                                                              

FormData = 'grant_type=client_credentials'                   

         + '&client_id=' + %TRIM(ClientID)                   

     + '&client_secret=' + %Trim(ClientSecret);              

                                                              

http_xproc( http_point_addl_header: %paddr(AddHeader1));     

rc = http_req('GET'                                          

          : URL                                              

          : '/tmp/httpauth.json'                             

          : *Omit                                            

          : *Omit                                            

          : FormData);                                       

 

I have also tried:

URL = ''       

     + '?grant_type=client_credentials'                       

     + '&client_id=' + %TRIM(ClientID)                        

     + '&client_secret=' + %Trim(ClientSecret);               

                                                               

http_xproc( http_point_addl_header: %paddr(AddHeader1));      

rc = http_req('GET'                                           

          : URL                                               

          : '/tmp/httpauth.json');                            

                                                               

They have told me that “grant_type”, “client_id”, and “client_secret” need to be in the body of the request. At this point, I am stumped. Any help is greatly appreciated.

 

Corby Weaver   -   Core-Mark Midcontinent, Inc.

Iowa Division IT

corby.weaver@xxxxxxxxxxxxx

 

--
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi

--
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi

--
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi

--
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi


-- 
_______________________________________________
Ftpapi mailing list
Ftpapi@xxxxxxxxxxxxxxxxxxxxxx
http://scottklement.com/mailman/listinfo/ftpapi