I'm trying to understand how to use accessTokens in Loopback. I'm reading Loopback docs. But there is a broken link for the document I'm keen on reading. Where can I find that document?
Here is the text:
Make subsequent API calls using the access token. Provide the access
token in the HTTP header or as a query parameter to the REST API call,
as shown in Making authenticated requests with access tokens.
Here is the link for Making authenticated requests with access tokens that follows nowhere:
https://docs.strongloop.com/display/public/LB/Managing+users#Managingusers-Makingauthenticatedrequestswithaccesstokens
Looks like the link has been malformed. The correct link is:
https://docs.strongloop.com/display/public/LB/Making+authenticated+requests#Makingauthenticatedrequests-Makingauthenticatedrequestswithaccesstokens
Related
On my site, I want to be able to retrieve whether my own YouTube account goes live. After looking around, I found this endpoint:
GET https://www.googleapis.com/youtube/v3/liveBroadcasts,
that would help me do just that. However, the main problem I found is that it requires an OAuth2 token, and the only way I could find to generate one was going through the whole Login with Google approach.
My main problem is that I want anyone who visits my site, to be able to see whether I'm live or not. I'm not looking for workarounds or using web crawlers either - I want to be able to use this specific endpoint. Is that even possible?
In other words, is it possible to get my own access token manually, and just plug that into the API request to access the endpoint directly? Or is this just impossible?
First thing to know about YouTube Data API is the following: for to issue authorized request to it, one cannot alleviate authentication through the browser.
You may read the doc OAuth 2.0 Flow: Installed apps for thorough info about the authorization flow on standalone computers.
The doc specifies step 4 -- Handle response from Google -- and step 5 -- Exchange authorization code for refresh and access tokens. By the initial OAuth flow, you get two tokens: a short-lived access token and a refresh token that produces access tokens on demand. Authentication without browser is not possible, but once having a refresh token, it can be traded programmatically for access tokens:
Initialization: obtain via browser authentication a refresh token;
Iterations: as many times as needed, query the API for an access token -- without any browser interaction! -- using the refresh token from (1), then proceed further with the call to the target API endpoint (again, without any browser interaction).
Note that the steps (1) and (2) may well be separated such that (1) is executed by a standalone (local) computer that stores the refresh token into a file; later, upon a secure transfer of that file on a different remote computer (e.g. a server that does not have a browser installed), execute (2) on that remote computer, repeatedly as needed
(see Using OAuth 2.0 for server-side, standalone scripts.)
Sounds right:
complete the flow (once) with your own google account,
cache the token server-side, and
include the API’s response when serving your page.
Pitfalls:
How long are OAuth tokens valid for? (The API will start returning errors if this occurs)
How often will the page be generated vs. what rate-limits does the API have? ( you may have to request status at most once per few minutes, and cache the response)
This is confusing. So just to clarify:
REQ #1: To fetch basic stats for a URL, you send GET request to:
http://graph.facebook.com/?ids=http://some.com
(alternatively, FQL can be used to fetch stats for a URL, but that doesn't return the OpenGraph Object)
REQ #2: To fetch comments for a URL, you do a GET:
http://graph.facebook.com/comments/?ids=http://some.com
REQ #3: To fetch likes for a URL, you GET:
http://graph.facebook.com/likes/?ids=http://some.com
But how do you comment on / like a URL programmatically?
I guess, likes can be created using Open Graph API, right?
https://graph.facebook.com/me/og.likes?object=1234
where 1234 is the OpenGraph Object ID of an article (as returned by REQ #1).
But this requires an approval process, the like action has to be approved by Facebook.
Is there a better way to do this? Can I use for example the Graph API for all these things?
My goal:
Currently I'm using the Facebook like button and comments plugin to create likes and comments. But these use the JS SDK, which is huge, and they generate a lot of external requests. I wanna get rid of them and just send an AJAX request to my server, which would then asynchronously talk to Facebook, and it would post the Like / Comment.
Is this possible?
Thanks in advance!
I read through the Facebook docs briefly and I don't believe you can do this other than the way you indicated with authenticating.
You should also take a look at this thread: 'Like' a page using Facebook Graph API
You would need to authorize every single user before he would be able to like something, and you would need to go through a review process on Facebook. And i am pretty sure you would not get the required permissions approved just because you want to get rid of the JavaScript SDK overhead, to be honest.
The Social Plugins are asynchronously, so the overhead for downloading the SDK is irrelevant as it happens in the background and it is non-blocking.
I have an idea, to do this. You can use long term access token, Once you login you receive short term token. After receiving short term token you need to request your long term access token. Save that token in DB or file.
Then you can use Graph Api, to make requests. This will eliminate the need for access requirement every time you request api.
Just use access token you saved before.
Refer this documentation from Facebook for further clarity.
https://developers.facebook.com/docs/facebook-login/access-tokens
Happy Coding!
Atul Jindal
My app got white-listed for using the Ads API.
I was wondering in regarding to the authentication flow.
Say, that I need to retrieve and execute actions via the API on daily tasks ( with no user interaction) , I find the authentication process quite cumbersome.
Is there a way to work with my app access token instead of a user access token?
I want to be able to approve my app only once for each user and then to be able to work with no user interaction.
Can I achieve this?
App access token is not relevant for this case.
I had to work with the user access token.
I followed this doc: https://developers.facebook.com/docs/reference/ads-api/
Eventually , one should use some client side code in order to get a user permissions and then make another request for getting the user token.
So you'll have to call
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&scope=ads_management,offline_access&response_type=code
Get the authentication code and make another call:
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&client_secret=YOUR_APP_SECRET&code=AUTHORIZATION_CODE
Then you'll get an access token which is valid only for two months, in opposed to what Facebook docs says in here:
https://developers.facebook.com/roadmap/offline-access-removal/
"Ads APIs are special cased to allow collection of statistics offline. PMD partners should use server-side OAuth flow in order to receive a non-expiring token rather than a token that has longer expiration time."
Too bad that the access token is not really valid forever...
According to "Exception 4" in this document , if you have Ads API access you should be able to get a non-expiring token if you use the correct workflow. Following the guidelines outlined here, if you use the server side OAuth flow, to make the following request you should get a non-expiring token:
GET /oauth/access_token?
grant_type=fb_exchange_token&
client_id={app-id}&
client_secret={app-secret}&
fb_exchange_token={short-lived-token}
thx for the feedback regarding the Access token process being cumbersome. Because this is a one to many solution - a single App ID can manage multiple ad accounts, on behalf of multiple people - we need to make calls on behalf of people.
You should be able to get a persistent access token for Ads API. If you are not getting it, please provide exact steps you are following so we can see if there is a bug or you might be missing a step.
Thx.
I'm having an issue that I've seen in a couple of places, but with no real resolution.
I'm attempting to view my friends' checkins using the /checking api. I'd prefer not to use fql, as proposed in this answer: Graph Checkin method returns empty data, because I'd like to have all of the user/place/checkin meta data in one call.
I've tested the call using the access token that all the examples on the Graph API docs site use (http://developers.facebook.com/docs/reference/api/). When I use that access token on this url:
https://graph.facebook.com/103309013088837/checkins?access_token=ACCESS_TOKEN
I get back a result with one checkin.
However, when I use the token I've generated via my app on the same url I get an empty data set. I've confirmed that the permissions on both tokens are the same using the /me/permissions call and that other calls return the same result for both access tokens.
Is there something that needs to be configured on the app side? Is there anything else I could be doing incorrectly?
Oauth is pretty complicated but I think I got the authentication working. I got up to the point where I get the user to authorize on Twitter and I have the access token and access token secret. From here, I'm not sure how I use it to generate a request to follow a user.
I know that the url is: http://api.twitter.com/1/friendships/create.xml and that you can either pass in a user_id or screen_name
but does anyone have any example code in Coldfusion that I can see as to how the cfhttp call looks like with all the parameters?
Thanks in advance.
Try (monkeh)Tweet Twitter API. It supports most of the twitter API methods including follow a user. Easy & freaking cool CF open source by Matt Gifford