When I was redirected from the OAuth Dialog, my application URL looks like this.
login/auth_fb/#access_token=AAAB
How can I grab my access_token from the URL? If it is
login/auth_fb/?access_token=AAAB
In CodeIgniter, I can get it easily like $this->input->get('access_token',TRUE);
Thanks for your help!
That part of the url is called the hash. BUT you can't get it from the server side - what you need to do is write some javascript to grab it on the client and pass it back in on a POST.
Related
I'm trying to submit a form in Postman which then redirects to another url. The redirected url query string contains some information that I want to use in my next call. Is this even possible and if yes, how?
I haven't been able to find anything in Postman docs regarding this.
Yes, you can retrieve the redirected URL, extract interested information, and use it in the next request in Postman.
First, to retrieve the redirected URL, the "Automatically follow redirects" option in Postman should be turned off:
Then, you can intercept the redirect response, extract what is interested, and set it as global variable or environment variable:
Finally, this variable can be used in "next request", as query string in GET request, or as part of POST request's body:
I try to add an event in my calendar by an installed application.
The problem: I didn't get the success-code to change for an access token.
My request seems like following:
accounts.google.com:80/o/oauth2/auth?scope=https:%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&client_id=73561***.apps.googleusercontent.com
If i send this request at the browser it works. Like the example.
But i wanted my application to do everything for me. That means, that the User only give his login dates and he is able to add as an example an event. Without giving the agreement. Well, if my application send the same request i get an answer: "moved temporarily". But i need the key (success code) from the title bar.
I should add, that i use c++ so i can't use the Google Api. Therefore, i use cURL to send my request.
Anyone able to help me?
I'm writing an Android app which will authenticate itself using OAuth2 to a Web server under my control.
I'm using Apache Amber on the client side, and oauth2app with Django on the server side.
From the client, I can generate an authorization request, and start a browser Activity that goes to a page asking whether to allow the client access, and after answering in the affirmative, redirects to a page with a "code" parameter.
But how do I get the "code" back to my client, in order to make the subsequent access_token request?
Do I need to bypass the browser entirely? How would that work?
I believe you have a couple of choices here.
The redirect_uri parameter will indicate to the server where it should send the code.
From the ouath2app docs:
If a request is authorized, Authorizer:grant_response() will serialize an object into a JSON response will return a redirect response to the client’s redirect_uri with information on the authorization code passed as query string parameters (response_type CODE) or access token passed as URI fragments.
So armed with that:
If that value is a location on your server, then your mobile browser is going to get the value as part of the redirect. Specifically, you're trying to read the URI fragments in the redirect. I believe this is the intended usage for an application like yours. This blog post seems to have code that might be relevant, under the section "Retrieving the access token".
Alternatively, as you pointed out, you could send the token to a different handler on your server, and then pass it back to your client. It must the callback URL defined in the service.
I found a different blog post, specific to OAuth 2:
http://blog.doityourselfandroid.com/2011/08/06/oauth-2-0-flow-android/
The trick is to fire up a new Activity whose content is provided by a WebView (rather than a layout). You can attach a handler to the WebView that's called on the redirect to the page containing the "code" parameter.
Some of the specifics in the blog post concern Google APIs, but so far my experiments suggest that it will work in my situation.
In our Java EE app we are invoking the fb oauth flow to get accessToken.
For this purpose we make a call with the callback url to the fb server with app key and secret.
At this moment the same url is provided in the fb app url section.
However, is it possible if we can some how change the redirect url to go to a different server ? I have seen just changing the callback url in the code does not work. Looks like it has to be same in the code as well as in the fb application.
This make very difficult to test or use the same app to try things from two different web servers.
Any advise on this?
This is unfortunately not possible. Just redirect user to your redirect_uri which will redirect you to the correct location
The URL to redirect to after the user clicks a button in the dialog.
The URL you specify must be a URL of with the same Base Domain as
specified in your app's settings, a Canvas URL of the form
https://apps.facebook.com/YOUR_APP_NAMESPACE or a Page Tab URL of the
form https://www.facebook.com/PAGE_USERNAME/app_YOUR_APP_ID
https://developers.facebook.com/docs/reference/dialogs/oauth/
For security reasons you can't change the redirect url. Facebook check that you provide the same redirect url as you gave when you registered the application. The way I solved this was to register one application on facebook for each server.
Here is Solution from Promo Group
One of the options - to add a 2nd domain (address mirror the primary site) in
Settings » Basic tab at the top» Mobile Site URL
I am looking into authenticating via google.
I dont understand how it works:http://code.google.com/apis/accounts/docs/OpenID.html#Samples
If i do that 2nd request by entering the data as one url with params into browser i get back XML file. Should i not get back sample response nr3?
Can somebody explain this to me?
The problem is, that im trying to sort through some third party app that uses google openid authentication and its not recieving authenticated users e-mail back, like in sample response 3.
Alan
PS i have read through similar questions and their responses and gone through pages like:
How does OpenID authentication work?
http://www.windley.com/archives/2006/04/how_does_openid.shtml
http://tinisles.blogspot.com/2008/02/how-does-openid-work.html
http://openid.net/pres/protocolflow-1.1.png
What sort of XML file?
Remember that a checkid_setup request like that isn't something your application is meant to make with a direct connection, it's a request that's sent from the user's browser. So the response is going to be something for the browser to parse, prompt the user to log in if necessary, maybe ask the user for permission or which values it should send back, and only after all of that send back a redirect like in the sample response.