WinHttp 5.1 oauth2 authentication
txeriff
Member Posts: 515
Hi all,
does any1 know if there is any one this automation to authenticate with oauth2?
'Microsoft WinHTTP Services, version 5.1'.WinHttpRequest
Or some other similar.
It needs to be automation since it´s old NAV and needs to run on a NAS.
https://developer.paypal.com/docs/api/get-an-access-token-curl/
thanks!
does any1 know if there is any one this automation to authenticate with oauth2?
'Microsoft WinHTTP Services, version 5.1'.WinHttpRequest
Or some other similar.
It needs to be automation since it´s old NAV and needs to run on a NAS.
https://developer.paypal.com/docs/api/get-an-access-token-curl/
thanks!
0
Answers
-
Hello @txeriff ,
Yes, you can use 'Microsoft WinHTTP Services, version 5.1'.WinHttpRequest to connect to PayPal with OAuth2.url := 'https://api.sandbox.paypal.com/v1/oauth2/token'; IF ISCLEAR(WinHttp) THEN CREATE(WinHttp); WinHttp.Open('POST', url, FALSE); WinHttp.SetRequestHeader('Accept', 'application/json'); WinHttp.SetRequestHeader('Accept-Language', 'en_US'); WinHttp.SetRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); WinHttp.SetRequestHeader('Authorization', STRSUBSTNO('Basic %1', AUTHORIZATION)); WinHttp.Send('grant_type=client_credentials'); IF WinHttp.Status = 200 THEN MESSAGE(WinHttp.ResponseText);
Where AUTHORIZATION is a Text constant with the Base64 value of your clientID and your secret, you can use the next Powershell scrpit to get the combined value:$clientID = 'Af3DnhKLg7IUF7wekancR0359QwQ4XLNt8xqjaxK7R9g1bSiXeH5aCKfdDuGYMvUME5AZHF0OnY68fbh' $secret = 'EJq_4cd48l4uPXQXC596oH82QI9IofNMM5IH3eBWkBPytpmQBM5Mw8qJWCSgkoYNzh2zxS2jBTJwszwR' $b64 = [System.Convert]::ToBase64String([system.text.encoding]::UTF8.GetBytes($clientID+':'+$secret)) $b64
And later on parse the response to get the access_code for the next request.
Regards.1 -
> @ftornero said:
> Hello @txeriff ,
>
> Yes, you can use 'Microsoft WinHTTP Services, version 5.1'.WinHttpRequest to connect to PayPal with OAuth2.
> url := 'https://api.sandbox.paypal.com/v1/oauth2/token'; IF ISCLEAR(WinHttp) THEN CREATE(WinHttp); WinHttp.Open('POST', url, FALSE); WinHttp.SetRequestHeader('Accept', 'application/json'); WinHttp.SetRequestHeader('Accept-Language', 'en_US'); WinHttp.SetRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); WinHttp.SetRequestHeader('Authorization', STRSUBSTNO('Basic %1', AUTHORIZATION)); WinHttp.Send('grant_type=client_credentials'); IF WinHttp.Status = 200 THEN MESSAGE(WinHttp.ResponseText);
>
>
> Where AUTHORIZATION is a Text constant with the Base64 value of your clientID and your secret, you can use the next Powershell scrpit to get the combined value:
> $clientID = 'Af3DnhKLg7IUF7wekancR0359QwQ4XLNt8xqjaxK7R9g1bSiXeH5aCKfdDuGYMvUME5AZHF0OnY68fbh' $secret = 'EJq_4cd48l4uPXQXC596oH82QI9IofNMM5IH3eBWkBPytpmQBM5Mw8qJWCSgkoYNzh2zxS2jBTJwszwR' $b64 = [System.Convert]::ToBase64String([system.text.encoding]::UTF8.GetBytes($clientID+':'+$secret)) $b64
>
>
> And later on parse the response to get the access_code for the next request.
>
> Regards.
You saved me a lots of headache. Thanks.
I developed a tricky code with output and file reading for the token. (Create, make sure file not open, loop... delete read...)
This will make smooth
Thanks again.0 -
Hello @txeriff ,
Yes, you can use 'Microsoft WinHTTP Services, version 5.1'.WinHttpRequest to connect to PayPal with OAuth2.url := 'https://api.sandbox.paypal.com/v1/oauth2/token'; IF ISCLEAR(WinHttp) THEN CREATE(WinHttp); WinHttp.Open('POST', url, FALSE); WinHttp.SetRequestHeader('Accept', 'application/json'); WinHttp.SetRequestHeader('Accept-Language', 'en_US'); WinHttp.SetRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); WinHttp.SetRequestHeader('Authorization', STRSUBSTNO('Basic %1', AUTHORIZATION)); WinHttp.Send('grant_type=client_credentials'); IF WinHttp.Status = 200 THEN MESSAGE(WinHttp.ResponseText);
Where AUTHORIZATION is a Text constant with the Base64 value of your clientID and your secret, you can use the next Powershell scrpit to get the combined value:$clientID = 'Af3DnhKLg7IUF7wekancR0359QwQ4XLNt8xqjaxK7R9g1bSiXeH5aCKfdDuGYMvUME5AZHF0OnY68fbh' $secret = 'EJq_4cd48l4uPXQXC596oH82QI9IofNMM5IH3eBWkBPytpmQBM5Mw8qJWCSgkoYNzh2zxS2jBTJwszwR' $b64 = [System.Convert]::ToBase64String([system.text.encoding]::UTF8.GetBytes($clientID+':'+$secret)) $b64
And later on parse the response to get the access_code for the next request.
Regards.
Hi again,
I hope you can help me fixing this.
When I run codeunit manually, it works.
from NAS, it tells me the following, event viewer:
This message is for C/AL programmers:
The call to member Send failed. WinHttp.WinHttpRequest returned the following message:
A certificate is required to complete client authentication
0 -
[quote="f
tornero;c-327467"]Hello @txeriff,
This happens in the same machine or are different ones ??
Regards[/quote]
It happens in the same machine. I run it. all fine. I set NAS, this happens.
Iñve been trying and reading,may be that NAS runs in kind of different cointainer?
https://microsoft.public.winhttp.narkive.com/dMdsYpqA/sending-post-over-https-using-a-client-certificate-with-winhttprequest-5-1
I tried to install certificate file and i guess it succeded, also i make setclientcertificate ( I also have it from paypal but, as far as I understand is unnecessary and it works if I run CU) but anyway i get same error.
edit
https://docs.microsoft.com/en-us/windows/desktop/winhttp/winhttpcertcfg-exe--a-certificate-configuration-tool0 -
Hello @txeriff,
I was doing some more test and in one of my machines get the certificate error in both cases, running the CU and of course with the NAS.
Using any certificate works for me, even a selfsigned one.url := 'https://api.sandbox.paypal.com/v1/oauth2/token'; IF ISCLEAR(WinHttp) THEN CREATE(WinHttp, TRUE, TRUE); WinHttp.Open('POST', url, FALSE); WinHttp.SetRequestHeader('Accept', 'application/json'); WinHttp.SetRequestHeader('Accept-Language', 'en_US'); WinHttp.SetRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); WinHttp.SetRequestHeader('Authorization', STRSUBSTNO('Basic %1', AUTHORIZATION)); // Adding the certificate WinHttp.SetClientCertificate('FTG2'); WinHttp.Send('grant_type=client_credentials'); IF WinHttp.Status = 200 THEN BEGIN IF GUIALLOWED THEN MESSAGE(WinHttp.ResponseText) ELSE BEGIN IF Tabla.FINDLAST THEN i := Tabla.NMov ELSE i := 0; Tabla.NMov := i + 1; Tabla.Valor := COPYSTR(WinHttp.ResponseText, 1, MAXSTRLEN(Tabla.Valor)); Tabla.INSERT; END; END;
Regards.0 -
Sorry. Seems like it´s related to NAS running account. I tried to log with nas account and tells me that error on screen. So this must be the permission they at IT left for that nas user. If I do run navision with my user works fine0
-
Sorry, so you get error in both machines. what is FTG2? is a new certificate or what is it? I don´t know how to selft sign a certificate to be honest. I have paypal certificate file I tried to point to it but still same error.
PD: Hablas español?0 -
Hola @txeriff,
FTG2 is the name of the certificate.
How do you pointed to the PayPal certificate ?
Si, hablo español.
Regards.
Hola ftornero,
Veras, lo ultimo que ha medio funcionado ha sido usando la cuenta del nas, en internet explorer, ir a settings>certificados> y ahi añadir el que tengo de paypal en todas partes. Despues hice un run y me funciono. Aun asi con el nas, me sigue sin funcionar.
Tu dices que te creaste cualquier certificado y te funciono? Donde almacenaste el ceertificado? en sitios de confiaza? personal?
muchas gracias. Esto esta siendo un quebradero de cabeza horrible.0 -
One last question:
It is still not working. I used my paypal certificate (even it is useless as any cert works as you said) . I entered "friendly name" SANDCERT.Then I do like you did before,
WinHttp.SetClientCertificate('SANDCERT').
Cerificate seems like to be into LOCAL COMPUTER PERSONAL CERTIFICATES and also in personal certificates now, I just imported, logged as nas user account
any ideas?
thanks!0 -
Yes I can. I also tried using that name (which is much longer as is generated from paypal)
Would you tell me how quickly I can create that self certificate?
thanks again
Edit: I think i managed to self create one, I will try tomorrow.0 -
Hello @txeriff,
In this link you can get a selfcerticate in PFX format with the name of PayPal2, like the image that I just created.
https://www.dropbox.com/s/ff1lyptz2f2p7vr/PayPal2.pfx?dl=1
Regards.0 -
Hi ftornero.
Thanks again for your help. I was missing your certificate password.
Anyway, i tried to make my own. Surprisingly "noafter" parameter does not work on windows server 2012!
PE:
New-SelfsignedCertificateEx -Subject "CN=Test Code Signing" -EKU "Code Signing" -KeySpec "Signature" `
-KeyUsage "DigitalSignature" -FriendlyName "Test code signing" -NotAfter $([datetime]::now.AddYears(5))
I tried to create it on my computer, export and import into the server. It said certificate was not valid.
At the end, it worked the following I created yesterday:
New-SelfSignedCertificate -DnsName <Computer name> -CertStoreLocation "cert:\LocalMachine\My"
It´s 2 years cert but.. i think i won´t try to change anything now.
and then I point to it:
WinHttp.SetClientCertificate('LOCAL_MACHINE\MY\localhost');
0 -
Hi again ftornero,
Seems like your cert does not work for me. It works the following:
Now I´m not sure if I created or it was already there cos the other ones I tried to create don´t say IIS Express on friendly name. This sounds more like visual studio project created it.
Edit:
maybe this could be useful
https://stackoverflow.com/questions/19338395/how-do-you-use-winhttp-to-do-ssl-with-a-self-signed-cert
SECURITY_FLAG_IGNORE_UNKNOWN_CA |
SECURITY_FLAG_IGNORE_CERT_WRONG_USAGE |
SECURITY_FLAG_IGNORE_CERT_CN_INVALID |
SECURITY_FLAG_IGNORE_CERT_DATE_INVALID;
There is a property in the automation called option. Perhaps this could skip the headache. I can´t test know but I will.
https://docs.microsoft.com/en-us/windows/desktop/winhttp/option-flags
SECURITY_FLAG_IGNORE_CERT_CN_INVALID0 -
Now I think it does not work at all. I removed that certifiate and added again (by export) now it does not find any of it.
I also tried
winHTTP.Option(4,'0x3300');
https://www.autoitscript.com/forum/topic/196243-winhttpwinhttprequest51-certificate-error/
Oh god...
Any ideas?
The call to member Send failed. WinHttp.WinHttpRequest returned the following message:
The client certificate credentials were not recognized.0 -
OK, I guess I found the only way to make it work, at least for me:
cd C:\Program Files (x86)\IIS Express
IisExpressAdminCmd.exe setupsslUrl -url:https://localhost:8080/ -UseSelfSigned
then, use "localhost" called certificate.
Only by IIS Express seems to be working.
Winhttpcfg.exe neither works.0 -
[Topic moved from 'NAV/Navision Classic Client' forum to 'NAV Three Tier' forum]
Regards,Alain Krikilion
No PM,please use the forum. || May the <SOLVED>-attribute be in your title!0
Categories
- All Categories
- 73 General
- 73 Announcements
- 66.6K Microsoft Dynamics NAV
- 18.7K NAV Three Tier
- 38.4K NAV/Navision Classic Client
- 3.6K Navision Attain
- 2.4K Navision Financials
- 116 Navision DOS
- 851 Navision e-Commerce
- 1K NAV Tips & Tricks
- 772 NAV Dutch speaking only
- 617 NAV Courses, Exams & Certification
- 2K Microsoft Dynamics-Other
- 1.5K Dynamics AX
- 320 Dynamics CRM
- 111 Dynamics GP
- 10 Dynamics SL
- 1.5K Other
- 990 SQL General
- 383 SQL Performance
- 34 SQL Tips & Tricks
- 35 Design Patterns (General & Best Practices)
- 1 Architectural Patterns
- 10 Design Patterns
- 5 Implementation Patterns
- 53 3rd Party Products, Services & Events
- 1.6K General
- 1.1K General Chat
- 1.6K Website
- 83 Testing
- 1.2K Download section
- 23 How Tos section
- 252 Feedback
- 12 NAV TechDays 2013 Sessions
- 13 NAV TechDays 2012 Sessions