Generating unauthenticated token with upload scope - vimeo-api

I'm trying to get an unauthenticated token with upload scope making a request to
https://api.vimeo.com/oauth/authorize/client with scope value of "public private upload".
In response token scope have value "public private" or "public private ".
My app has upload permissions, my account is PLUS. I can create token with upload scope in app control page and upload video via API using it.
I'm trying to make possible to upload a video directly from client's browser to my Vimeo account without oAuth2. The client making a request to the backend to get the unauthorized token. Backend authorizes the user in my system, create a token with API request, save it in my system for this user for reuse, return token to the client. Client upload video using Uppy via tus protocol directly to Vimeo. Everything except creating token is working. What I'm doing wrong? Maybe I need another account plan and/or check "Other people created these videos" at Request Upload Permissions page?

An unauthenticated token can only be used to interact with resources public on vimeo.com. In other words, a token is used the same way as a user who is not logged into a Vimeo account. Upload requires a login.
If you want to upload to your account without going through the OAuth flow, you must generate a "Personal Access Token". To do so, go to your app management page at https://developer.vimeo.com/apps, select your app, and select the Authentication tab.
From there, scroll down to "Generate a personal access token", select the scopes you want that token to have (for upload I would recommend at minimum public private edit upload), and click Generate. Copy the token and save it somewhere secure. You can then use that token to authenticate your requests with the API.
I hope this information helps!

Related

How to implement refresh token in django-oauth-toolkit? I'm able to get access_token but the refresh token isn't coming with it

I'm using django-oauth-toolkit with djangorestframework where our partner user will register their application and get application credentials (client id and client secret) which then used to get access token that can be used further to get our server resources. Upto now I'm able to convert those form based application registration process and other apis through rest. But while I hit for access_token only access token with expire are coming as response. Refresh token also supposed to come along the access token but it's not. What I'm missing here...
Below is the sample api response for access_token
And the oauth2 settings
FYI: I'm using Client type as "Confidential" and Authorization grant type as "Client Credentials"
Findings: This may be helpful for others
There is no need for refresh token for grant type client credentials.
Further descriptions RFC doc ; grant type client credentials

How to revoke all permission on facebook api using rest api

I trying to revoke all permission on withdrawl user
facebook document said will be conducted by calling Url with 'user access token or app access token
https://graph.facebook.com/me/{user_id}/permissions
but i cant attaching user access token in this request, but i can attach app access token in query params.
so i requested this url with app access token, but response message is
"An active access token must be used to query information about the current user."
Can I really request it with an app access token?
/me/{user_id}/ makes no sense as request path here.
You either use /me, in combination with a user or page token - then that alias will resolve to the actual ID of the entity the token belongs to.
Or you use an app-scoped user ID directly.
If you want to perform any actions on a user account using the app access token, then you must use the second version.
https://graph.facebook.com/{user_id}/permissions?access_token={app_access_token}

Getting access token from OKTA in PKCE flow without user interaction

We have REST Web API written in .NET CORE, which are used on REACT SPA, we are using OKTA with PKCE.
For our API(s) we have end to end test cases written using postman/newman, the API(s) depend on JWT access token for finding user details.
How can I get access token from OKTA for PKCE flow without user interaction?
I followed this for getting access token but even this one throws a browser window for username/password.
https://developer.okta.com/docs/guides/implement-oauth-for-okta/request-access-token/
Is there a way I can pass username and password in the payload and get access token back?
In essence I am after a flow which lets me fetch access token using resource owner username and password on PKCE flow.
It seems with SPA configuration it isn't possible as per OAuth specifications.
Had to create a native app with PKCE and used "Get Access Token with Resource Owner Password Credentials" API in the postman collection available on OKTA

How to get a Facebook access token that grants permission for an event endpoint?

How can I get a Facebook access token that will grant permission to request information on events that the user has RSVP'd to (interested or attending)? My current method works for my user, but not other users.
My current method:
I'm using the Facebook Javascript SDK to log in as a user, get an access token, and then query the graph API to get data about events that the user has logged into.
The route I'm hitting to get event data is (pseudo):
https://developers.facebook.com/docs/graph-api/reference/v2.12/event
Or in my code (pseudo)
https://graph.facebook.com/v2.12/{event-id}?{access-token}&fields={fields}
When the app logs in as my own user (also admin of app), I get an access token that can be used to query the event route successfully, but when it logs in with another user, I get a failure when hitting the event route with the API token I receive:
"Unsupported get request. Object with ID '466582570713258' does not exist, cannot be loaded due to missing permissions, or does not support this operation."
According to Facebook's API documentation, it states that my app needs the user_events permission to hit the event api endpoint that I'm looking for:
https://developers.facebook.com/docs/graph-api/reference/v2.12/event
I went through the verify process and requested that permission for my app, which now has these approved:
PERMISSIONS
email
Provides access to the person's primary email address. This permission is approved by default.
public_profile
Provides access to a person's name and profile picture. This permission is approved by default.
user_events
Provides access to a person's events.
If I grab the API token I get back when logging in as a user (other than myself), it does say that user_events scope was granted, which would seem to be sufficient to get a response from the event endpoint. But it is failing as above.

facebook api - what token do I need?

I'm developing a site for a non-profit. I'm building it as an express app hosted on heroku that needs access to the non-profits facebook group events.
I'm able to grab all the group's events in the graph api explorer. But I'm very confused as to what api token I need.
What facebook api token do I need to provide my webapp so it can access a random group's events listing?
Probably the app access token from the application requesting the information. The access token can be created by linking your application ID and your application secret together like so:
APP_ID | APP_SECRET
No spaces between though, just provided them for clarity.
PHP example:
$app_access_token=$app_id."|".$app_secret;
Then just append the access token to your request and it should work.
You want to use an app token. Easiest method is to create an app, then submit a get request with your app_id concatenated with your app secret.
Like so curl https://graph.facebook.com/v2.1/endpoint?key=value&access_token=app_id|app_secret note that https is required. https://developers.facebook.com/docs/facebook-login/access-tokens/#apptokens
Note this only works for endpoints that don't need user credentials e.g. public groups https://developers.facebook.com/docs/graph-api/reference/v2.1/group/ However group/events does need a user access token https://developers.facebook.com/docs/graph-api/reference/v2.1/group/events