Couple of questions:
I implemented the authentication process with DropNet. My desktop application is designed for end-users. Every time the application is launch the little browser window pops up asking the user to confirm access...
Is there any way that end-user with SOME SORT of saved credentials (or user Code +user Secret, or API code + API secret) will be able to invoke the application and not be prompted by browser form (that currently requires login - if access token expired - or confirmation)?
The goal of my application is file sharing - that is, one end user may send URL (to the file that he uploaded to DropBox) to another user and the latter should be able to download the file by clicking on the link (without any prompts, exactly like in manual process of sharing link to the file in DropBox). Is it possible? If yes, how to achieve that? THat is how do I get that URL? Redandent to say that I am looking for a programmatic way to obtain a URL that will achieve the above described)
Thanks guys, thanks for the tips, now work, The file is uploaded to a folder within the dropbox app, here's the code:
Dim client As DropNetClient
Dim dropboxLoggedIn As Boolean = False
Dim dropboxAsecret
Dim dropboxAtoken
Dim token As UserLogin
Dim url As String = ""
Private Sub test_form_Load(sender As Object, e As EventArgs) Handles MyBase.Load
client = New DropNetClient("xxxxxx", "xxxxxxx")
client.UseSandbox = True
Dim login = client.UserLogin
token = client.GetToken()
url = client.BuildAuthorizeUrl()
Process.Start(url)
End Sub
Private Sub ButtonX2_Click(sender As Object, e As EventArgs) Handles ButtonX2.Click
client.GetAccessToken()
dropboxAsecret = client.UserLogin.Secret
dropboxAtoken = client.UserLogin.Token
Try
Dim rawData As Byte() = File.ReadAllBytes("c:\flor_lotus.png")
Dim result As MetaData = client.UploadFile("/geral", "flor_lotus.png", rawData)
Catch ex As DropNet.Exceptions.DropboxException
MessageBox.Show(ex.Message)
End Try
End Sub
For starters, please read the API documentation for the Dropbox API. https://www.dropbox.com/developers/core/docs It will answer some of your questions for you.
Yes it is possible to save the authentication token to save the user logging in every time. At the end of the authentication process after calling GetAccessToken() the DropNetClient instance will have a property called UserLogin this contains a User token and secret. Store these, then next time you create an instance of the DropNetClient user the constructor that takes these as parameters.
The API has the ability to get a share link for a file. This is exposed by DropNet with the GetShare and GetShareAsync methods.
Related
I got some of the APP's APIs.
When I use the browser to access these APIs, the browser popup window tell me to fill in the username/password, Then I tried to fill out my username/password and found that I passed the verification!
Then I tried to write the code
var myClientHandler = new HttpClientHandler();
myClientHandler.Credentials = new NetworkCredential("abc", "!##");
this._client = new HttpClient(myClientHandler);
this._client.BaseAddress = new Uri("http://api.xxx.com");
var result = await this._client.GetStringAsync("some_api_foo.json");
Run well!
(We know that if there are no NetworkCredential, there will be 401 unauthorized exception)
But I found out that the official APP could access some of the APIs without the user logging in. How does it work? Does it use a public account? Or is there another way to access the APIs?
It uses Windows integrated authentication (Kerberos) to authenticate your users without asking them for credentials
Use Fiddler >check Authorization Header is present: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxx is Username:Password(Base64)
Decrypt it!
I'm doing a simple page to register users. However after I get the user's input I need to call a web service to get a token which will then allow me to call another web service which will finally proceed to register the user (using the input AND the token).
So what I want to know is how to call this WS and retrieve it's response and then add that response (which would be the token) to the form used for user registration.
Edit: I'm using classic ASP
Depends on how the web service is written. These days most APIs are written using REST (i.e. standard HTTP GET/POST URL format). So you simply make a call to a URL, and get a value back - you can do this using ASP's "ServerXMLHTTP" component. e.g.
Set xml = Server.CreateObject("MSXML2.ServerXMLHTTP.6.0")
xml.Open "POST", sURL, False
xml.Send parms
returnValue = xml.ResponseText
Then do something with "returnValue"
I am working with facebook graph api rsvp_event. I am using javascript SDK. Everything works great when the user is logged in. But when the user is not logged in, it gives an error.
I need information about who is attending a public event. I now understand that I would need an access token to retrieve this information. So, my question is how do I get the access token if no user is logged in? Is it impossible or is there a workaround? Could it be done server side using app_id and client_secret?
I am developing a ColdFusion page, but I can use PHP if needed. I have support for both.
I have heard the term *offline_access_permission*. They have removed this feature. Could it be done when it was still available?
EDIT:
Could this be achieved by test user? Say, on server side I login via test user, get the event information (Just a "get" request to read who is attending an event) and then log off. On the client side I do the rest ( user login, rsvp to an event).
I don't know much about "test user" or its purpose. Can anyone confirm whether this can be achieved or not?
Thanks in advance.
Are you sure you actually need the user's access token? According to documentation here you may need:
- a generic access_token for public events (those whose privacy is set to OPEN)
- a user access_token for a user who can see the event for non-public events
- an app access_token (for non-public events, must be the app that created the event)
- a page access_token (for non-public events, must be the page that created the event)
You can get info on how to get those tokens here https://developers.facebook.com/docs/concepts/login/access-tokens-and-types/
A good idea could be to store the attending users (in the DB) when you have access to the event - when some user is logged in.
UPDATE for getting the data from FileContent.
I don't know what API response exactly you are referring to, but from my experience they are returning data:
- serialized using JSON - you need to use DeserializeJSON(), for example like this:
local.returnStruct = DeserializeJSON( local.requestResult.FileContent );
or
local.returnStruct = DeserializeJSON( local.requestResult.FileContent.toString() );
send as something similar to URI. I'm using a function to get that data:
function getStructFromQueryString( queryString ) {
var ret = StructNew();
var i = 0;
var key = '';
for(i=1; i LTE ListLen(arguments.queryString,'&'); i++) {
key = ListGetAt(arguments.queryString, i, '&');
ret[ListFirst(key,'=')] = URLDecode(ListLast(key,"="));
}
return ret;
}
Basically what you want is a refresh token that can get access tokens when the user is offline, unfortunately facebook does not provide them anymore as far as i know.
To learn more about oauth2 pleas play around with https://developers.google.com/oauthplayground/ its a very nice tool to understand the oauth2 process.
I am using the v6 C#.Net Facebook SDK (a blog can be found http://blog.prabir.me/post/Facebook-CSharp-SDK-Writing-your-First-Facebook-Application-v6.aspx).
I need to receive access permission to offline_access from users and later on (different session) post images to that user.
I've also tried uploading images to a certain page (of mine) but couldn't.
I am providing a simple dialog for the user and accept his allow for all the credentials I am asking for "user_about_me,read_stream,user_online_presence,friends_online_presence,offline_access,publish_stream,photo_upload"
Than, in different session (restarting my application), I am creating an access token using the following method:
(using WebRequest as followed:)
var url = string.Format("https://graph.facebook.com/oauth/access_token?client_id={0}&client_secret={1}&grant_type=client_credentials",AppId, AppSecret);
WebRequest request = WebRequest.Create(url);
request.Method = "GET";
request.ContentType = "application/x-www-form-urlencoded";
HttpWebResponse webResponse = (HttpWebResponse)request.GetResponse();
var myString = (new StreamReader(webResponse.GetResponseStream()).ReadToEnd());
myString = myString.Replace("access_token=", "");
However when trying to access a user, that has previously gave an offline_access credentials, using the access token I get exception thrown:
(OAuthException) An access token is required to request this resource
for a very simple request:
var fb = new FacebookClient(myString);
var result = fb.Get("/{0}/permissions", userThatGaveCredentials);
Is it possible to achieve what I am looking for and if so, what am I doing wrong?
Your code to request the access token the second time is not working. There is no reason to do this (and it wont always work anyway). You should just save the access token from when the use logs in the first time.
The error you are receiving is because your myString is null when you pass it into FacebookClient, thus the error that you are not providing an access token.
Also, you should note that offline_access is being deprecated and will be removed in a few weeks so you shouldn't build a new app that uses it anyway.
I have been requested by a client to pull the latest posts from their LinkedIn group to one of our website pages.
I am developing using ColdFusion 9 and have been researching this for quite a few days now and decided to post my query here in the hopes that someone will be able to help me out.
I can get to the point where I have a requestToken. My understanding is that I now need to sign the request token to get the accessToken. My problem is that I need to do this behind-the-scenes. However, all the examples that I can find are redirecting the front-end user to the authorisation url to allow the user to authenticate, but I don't want the user to authenticate, I want to authenticate server-side instead.
I am trying to use the Scribe Java wrapper library. Below is the code that I have so far which gets the requestToken (as well as the authorisation url). I need someone to point me in the right direction to sign the token on the server-side code so that I can make the necessary calls to consume the Groups API (e.g. http://api.linkedin.com/v1/groups/{id}/posts?count=5&start=1)
<cfscript>
var l = {};
//The LinkedIn public and private keys for application
l.oauth_consumer_key = "[My public key]";
l.oauth_sign_key = "[My secret key]";
l.serviceBuilder = CreateObject("java","org.scribe.builder.ServiceBuilder");
l.LinkedInApiClass = CreateObject("java", "org.scribe.builder.api.LinkedInApi").getClass();
l.service = l.serviceBuilder.provider(l.LinkedInApiClass).apiKey(l.oauth_consumer_key).apiSecret(l.oauth_sign_key).callback("[My callback url]").build();
l.requestToken = l.service.getRequestToken();
l.authUrl = l.service.getAuthorizationUrl(l.requestToken);
// I NEED TO DEFINE WHAT TO DO AT THIS POINT TO SIGN THE REQUEST SERVER SIDE
...
...
</cfscript>
Kirsten is technically correct - Linked In Api's require user authentication. It's annoying because you need to authenticate to even retrieve group posts.
However there are ways round it.
With scribe you can manually create an access token. So what I would do is create a dummy user account on Linked In, authenticate that user as normal and save the returned signed credentials on your database, which you can then use to create the token:
var accessToken = createObject("java", "org.scribe.model.Token").init(
"singedTokenStringReturnBackFromLinkedIn",
"singedSecretStringReturnBackFromLinkedIn",
"oauth_token=singedTokenStringReturnBackFromLinkedIn&oauth_token_secret=singedSecretStringReturnBackFromLinkedIn&oauth_expires_in=0&oauth_authorization_expires_in=0"
);
You can then skip the authenticate part and call the api allowing you to display the group posts without the current user having to sign in:
var req = createObject("java", "org.scribe.model.OAuthRequest").init(
createObject("java", "org.scribe.model.Verb").GET,
"http://api.linkedin.com/v1/groups/123456/posts"
);
oAuthService.signRequest(accessToken, req);
I have no idea if this would violate Linked In's T&C though.
OAuth authentication is designed for the user to give their permission to the application via a login on the site (in this case LinkedIn). It is not designed for you to automatically have the user grant permission for your application.
In order to get an access token to use the LinkedIn APIs, you have to include the part of the authentication flow that sends the user to LinkedIn to give your application permission to act on their behalf, at which point you can retrieve a verifier token either via PIN (which the user inputs) or via a callback to your application.
In short, there is no way to "authenticate server-side" without having the user interact with the LinkedIn site.