I try to add an event in my calendar by an installed application.
The problem: I didn't get the success-code to change for an access token.
My request seems like following:
accounts.google.com:80/o/oauth2/auth?scope=https:%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&client_id=73561***.apps.googleusercontent.com
If i send this request at the browser it works. Like the example.
But i wanted my application to do everything for me. That means, that the User only give his login dates and he is able to add as an example an event. Without giving the agreement. Well, if my application send the same request i get an answer: "moved temporarily". But i need the key (success code) from the title bar.
I should add, that i use c++ so i can't use the Google Api. Therefore, i use cURL to send my request.
Anyone able to help me?
Related
I made a Authorizing system with SMS which gets number of an application then makes account and with verify code it let user to login. the problem is that when I send data by Retrofit in Kotlin as POST ,it sends no data (None) to server and Django logs show that no data sent for it. I know my Django API is working truly because of that POSTMAN works with it but my Kotlin application doesn't. Here I used APIService "Kotlin Intrface" class like this you see as below:
#FormUrlEncoded
#POST("v1/register/")
suspend fun RegisterRequest(
#Field("mobile") mobile: String
):Response<Reply>
I expected to see in logs that data sends for server but it doesnt work.
Also maybe you say that it needs Header but no ,cuz of I tried to set header for it also its Register and doesn't need token or anything like this and there's no persmission for it in server side.
I am building a frontend client for Jira and am running into some conflicting authentication methods I think.
I have setup the OAuth2 authentication method for logging in and hitting the Jira API. I have a button on a login page that redirects to Jira, you log in, hit "allow" and are redirected to my app. This step completes fine, I have a token and a secret and can make api calls just fine.
Next, I make an api call to get the user data, which returns fine. One of the pieces of data is a set of avatar urls. I put one of the urls into my site's markup. Here is where the problem begins.
If my browser session that I used to login is still active, I get an avatar. BUT if not, I get an "anonymous" avatar from Jira.
All the while, my OAuth token/api calls all seem to return fine.
This makes sense as Jira is using cookie based auth and I am not. So if that cookie dies in my browser, the call to the image will fail.
My ultimate question is how to handle this? Is this my responsibility to put an expiration on the token? What happens if they select "Stay logged in"? I don't think I get that knowledge on the OAuth side.
I kind of feel like I am missing something but I cannot figure out what. This seems like a problem that has been fixed or isn't even really a problem.
One solution would be just to switch to a cookie based authentication but OAuth seems more secure.
I've also tried directly hitting it from my server but that also yields an anon avatar. As does a curl with the access token. Maybe I didn't provide it in the correct way?
Any thoughts or ideas on this would be greatly appreciated. Thanks in advance.
How can I setup PAW to work with Facebook locally for development? Or even at all for that matter?
I have a node.js backend that I'm setting up with Facebook Auth. Every one of my routes needs the user to be logged in. I have two endpoints related to FB Auth. localhost:3000/api/v1/loginFB and localhost:3000/api/v1/callbackFB. Both of these work great in a web browser.
loginFB simply returns this string... https://www.facebook.com/dialog/oauth?client_id=523534457345&redirect_uri=https://localhost:3000/api/v1/callbackFB&scope=email,public_profile,user_friends.
When I call that URI in a browser, it returns a code=blahblah which my callbackFB endpoint uses to fire off another request to get the access token. All good.
So now in PAW I'm confused by the difference between the request URI and the Authorization URL text field? Should I use the loginFB URI for my request URI? And then https://www.facebook.com/dialog/oauth in the Authorization URL textfield?
Basically what's happening is that when I click Get Access Token, it returns the code but my callbackFB endpoint 500's by saying "This authorization code has been used." The code that it's getting returned is definitely different each time I Get Access Token.
This is where I'm at with this thing (Client ID and Client Secret are actually my App ID and App Secret from fb's dev management site, and the Access Token URL is actually set to https://graph.facebook.com/v2.3/oauth/access_token which I'm 99% sure is the correct URI):
This is the error I get when I click Get Access Token button:
It would be awesome to get some advice from anyone with experience with this issue. Thanks.
Re: #MichaMazaheri
tl;dr Fixed in version 2.2.2
Sorry for the super late follow-up. We actually fix this exact issue in Paw 2.2.2, which is already released on our website, and pending review for the Mac App Store. (It was some JSON vs. Form URL-Encoded parsing issue). Thanks for reporting.
This is confusing. So just to clarify:
REQ #1: To fetch basic stats for a URL, you send GET request to:
http://graph.facebook.com/?ids=http://some.com
(alternatively, FQL can be used to fetch stats for a URL, but that doesn't return the OpenGraph Object)
REQ #2: To fetch comments for a URL, you do a GET:
http://graph.facebook.com/comments/?ids=http://some.com
REQ #3: To fetch likes for a URL, you GET:
http://graph.facebook.com/likes/?ids=http://some.com
But how do you comment on / like a URL programmatically?
I guess, likes can be created using Open Graph API, right?
https://graph.facebook.com/me/og.likes?object=1234
where 1234 is the OpenGraph Object ID of an article (as returned by REQ #1).
But this requires an approval process, the like action has to be approved by Facebook.
Is there a better way to do this? Can I use for example the Graph API for all these things?
My goal:
Currently I'm using the Facebook like button and comments plugin to create likes and comments. But these use the JS SDK, which is huge, and they generate a lot of external requests. I wanna get rid of them and just send an AJAX request to my server, which would then asynchronously talk to Facebook, and it would post the Like / Comment.
Is this possible?
Thanks in advance!
I read through the Facebook docs briefly and I don't believe you can do this other than the way you indicated with authenticating.
You should also take a look at this thread: 'Like' a page using Facebook Graph API
You would need to authorize every single user before he would be able to like something, and you would need to go through a review process on Facebook. And i am pretty sure you would not get the required permissions approved just because you want to get rid of the JavaScript SDK overhead, to be honest.
The Social Plugins are asynchronously, so the overhead for downloading the SDK is irrelevant as it happens in the background and it is non-blocking.
I have an idea, to do this. You can use long term access token, Once you login you receive short term token. After receiving short term token you need to request your long term access token. Save that token in DB or file.
Then you can use Graph Api, to make requests. This will eliminate the need for access requirement every time you request api.
Just use access token you saved before.
Refer this documentation from Facebook for further clarity.
https://developers.facebook.com/docs/facebook-login/access-tokens
Happy Coding!
Atul Jindal
I am looking into authenticating via google.
I dont understand how it works:http://code.google.com/apis/accounts/docs/OpenID.html#Samples
If i do that 2nd request by entering the data as one url with params into browser i get back XML file. Should i not get back sample response nr3?
Can somebody explain this to me?
The problem is, that im trying to sort through some third party app that uses google openid authentication and its not recieving authenticated users e-mail back, like in sample response 3.
Alan
PS i have read through similar questions and their responses and gone through pages like:
How does OpenID authentication work?
http://www.windley.com/archives/2006/04/how_does_openid.shtml
http://tinisles.blogspot.com/2008/02/how-does-openid-work.html
http://openid.net/pres/protocolflow-1.1.png
What sort of XML file?
Remember that a checkid_setup request like that isn't something your application is meant to make with a direct connection, it's a request that's sent from the user's browser. So the response is going to be something for the browser to parse, prompt the user to log in if necessary, maybe ask the user for permission or which values it should send back, and only after all of that send back a redirect like in the sample response.