For testing purpose, I'd like to get a token to process a payment without using Accept.js because I want to do some tests with Postman and on the backend side.
Is there a way to achieve that?
Thanks
Yes there is a way to get a token to process payments without using Accept.js and it is very easy. See : https://community.developer.authorize.net/t5/Ideas/Test-Opaque-Token/idc-p/59455#M452 for an example.
Related
I am using Django with a Tastypie library, and the Django-OAuth-Toolkit, and a Tastypie authentication for the Django-OAuth-Toolkit.
Disclaimer: There is a chance I am totally wrong about all of this. If so, please correct me and guide me towards the less ignorant.
Main Question: How do I create users securely?
My Understanding:
In order to get or post, the client needs a token.
In order to get a token, they need to login.
In order to login they need a user account.
In order to make an account they need token.
In order to make an account they need to login?
I am left in a struggle trying to figure this out. Do I make it when the client tries to make an account it does not need OAuth2? Or is there a way to use OAuth2 without a login that only lets the client create accounts?
Any help is much appreciated!
in order to make an account you don't need a token, Signup using the normal flow, and on login request authenticate the user and give the token for further communication.
The answer is No, OAuth2 is usually meant for authorisation which in turn needs authentication.
So for creating account you cannot use Oauth, you have to use normal flow , setup account and then you can use OAuth to gain access token.
I am doing an $.ajax post command and i currently have an authenticated session on the client side. I am trying to figure out how to add the token to the ajax call (as on the server i check the token to see if it matches in my local database. How is it possible to use that same auth token in a generic ajax call ?
Thanks
You add the token as a request header in your authorizer.
To do this, either use one of the including solutions (if you're using the corresponding backend), or implement your own custom authorizer.
If you have to write your own, you can look at the devise authorizer's authorize method for an example of how to add the header.
My app got white-listed for using the Ads API.
I was wondering in regarding to the authentication flow.
Say, that I need to retrieve and execute actions via the API on daily tasks ( with no user interaction) , I find the authentication process quite cumbersome.
Is there a way to work with my app access token instead of a user access token?
I want to be able to approve my app only once for each user and then to be able to work with no user interaction.
Can I achieve this?
App access token is not relevant for this case.
I had to work with the user access token.
I followed this doc: https://developers.facebook.com/docs/reference/ads-api/
Eventually , one should use some client side code in order to get a user permissions and then make another request for getting the user token.
So you'll have to call
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=ads_management,offline_access&response_type=code
Get the authentication code and make another call:
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=AUTHORIZATION_CODE
Then you'll get an access token which is valid only for two months, in opposed to what Facebook docs says in here:
https://developers.facebook.com/roadmap/offline-access-removal/
"Ads APIs are special cased to allow collection of statistics offline. PMD partners should use server-side OAuth flow in order to receive a non-expiring token rather than a token that has longer expiration time."
Too bad that the access token is not really valid forever...
According to "Exception 4" in this document , if you have Ads API access you should be able to get a non-expiring token if you use the correct workflow. Following the guidelines outlined here, if you use the server side OAuth flow, to make the following request you should get a non-expiring token:
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
thx for the feedback regarding the Access token process being cumbersome. Because this is a one to many solution - a single App ID can manage multiple ad accounts, on behalf of multiple people - we need to make calls on behalf of people.
You should be able to get a persistent access token for Ads API. If you are not getting it, please provide exact steps you are following so we can see if there is a bug or you might be missing a step.
Thx.
I'm trying to create Facebook test accounts using the graph API. (I need to be able to log into them from my iphone app). Here's how I'm getting the app access token:
https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id=MY-CLIENT-ID&client_secret=MY-CLIENT-SECRET
which seems to work fine. And here's how I'm trying to create a user:
https://graph.facebook.com/MY-APP-ID/accounts/test-users?installed=true&name=TestUser1&permissions=read_stream&method=post&access_token=MY-APP-ACCESS-TOKEN
The response I'm getting is:
This method must be called with an app access_token
I looked at this post Problem with access token while creating Facebook Test Users. Not really familiar with PHP, and just to make sure, I did try to "url encode" the app access token returned before using it... but no goodness.
I'm using Fiddler to test my posts.
Thanks!
Facebook doesn't support test users for Native Mobile App
see related bug on bugzilla
http://bugs.developers.facebook.net/show_bug.cgi?id=17779
hope this helps
Did you remove the 'access_token=' part from access token that's returned from the first request? If not, then you'll have an incorrect request on the second call, since the URL will have 'access_token=' twice.
Oauth is pretty complicated but I think I got the authentication working. I got up to the point where I get the user to authorize on Twitter and I have the access token and access token secret. From here, I'm not sure how I use it to generate a request to follow a user.
I know that the url is: http://api.twitter.com/1/friendships/create.xml and that you can either pass in a user_id or screen_name
but does anyone have any example code in Coldfusion that I can see as to how the cfhttp call looks like with all the parameters?
Thanks in advance.
Try (monkeh)Tweet Twitter API. It supports most of the twitter API methods including follow a user. Easy & freaking cool CF open source by Matt Gifford