I am having a few problems setting up Django Piston. I have managed to get as far as generating authentication via the oauth_client.py sample shown here (http://github.com/clemesha/django-piston-oauth-example). When I run "python oauth_client.py" i am taken to http://localhost:8000/api/oauth/authorize/?oauth_token=8wm33jeWR92BpsrHjs where I then tick a box to confirm access and then submit the form.
At this point i hit a "oauth_user_auth() takes exactly 1 argument (2 given)" error. Simple answer, i'm sure, is that the oauth_user_auth method doesnt accept one parameter, but to remove that character i would have to edit a piston file, which i'm a little reticent to do so. Has anyone else come across this issue before?
This problem comes from the fact that your OAuth consumer does not specify any callback URL. Your call should look like this:
http://localhost:8000/api/oauth/authorize/?oauth_token=8wm33jeWR92BpsrHjs&oauth_callback=http://www.myoauthconsumer.com/receive_authorization/
http://www.myoauthconsumer.com/receive_authorization/ should request an access token if authorization has been granted by the service provider...
This diagram at oauth.net is very helpful for understanding the workflow of the oauth protocol.
Related
How do I get a registration code or otherwise solve this problem?
While writing this question, I realized the crux of this problem is the bottom-most part of this question: I'm not getting the popup I'm supposed to get and when I enter the URL in a browser it says invalid registration code.
I'm attempting to develop an Alexa Voice Service application. Website/companion service only. I have gone through the Reference Implementation Guide twice and have double checked that all of the setup has been done correctly.
This is the server error I get: invalid registration code. I never did anything with a registration code and can't seem to find anything about a registration code (relevant to Alexa) anywhere after googling quite a bit.
Listening on port 3000
error: { [InvalidRegistrationCode: The provided registration code was invalid.]
name: 'InvalidRegistrationCode',
message: 'The provided registration code was invalid.',
status: 401 }
Error: Can't set headers after they are sent.
Here's the client output:
vlcj: (DefaultMediaPlayer.java:183)
addMediaPlayerEventListener(listener=com.amazon.alexa.avs.AVSAudioPlayer$1#4b3a4950)
There was a problem connecting to the Companion Service. Trying again in 2 seconds. Please make sure it is up and running.
[DEBUG] joining on thread Thread[Timer-0,5,com.amazon.alexa.avs.AVSApp]
There was a problem connecting to the Companion Service.
Trying again in 2 seconds. Please make sure it is up and running.
The AVS launcher opens too, and when I record something and send it I get:
com.amazon.alexa.avs.AVSException: 403 Invalid Access Token
The instructions mention (at the very bottom of the reference guide) that I need to:
Please register your device by visiting the following website on any system and following the instructions: https://localhost:3000/provision/************** That URL is supposed to pop something up once the companion service but that hasn't happened.
Any thoughts on how can I fix this?
I was following a good document Project: Raspberry Pi + Alexa Voice Service at https://github.com/amzn/alexa-avs-raspberry-pi . It describes all steps very well.
Please take a look at the following steps:
3 - Getting started with Alexa Voice Service
3.1 Register for a free Amazon Developer Account
3.4 Register your product and create a security profile.
6 - Enable Security Profile
This thread on the Amazon developer forums seems related: http://forums.developer.amazon.com/forums/thread.jspa?threadID=11327&tstart=0
Quoted response:
There are a number of potential issues causing that error.
You might be sending an invalid scope. Are you sending "alexa:all" as
the scope? Or, your security profile might not be correctly linked. Is
it selected in the dropdown on the developer portal?
Are you getting an access token from the companion service, or is the
text box blank? If you're not getting an access token, check that your
device serial number matches between the companion service and the
java client. If you're getting an access token, the problem is more
likely with your security profile.
You should also look at these threads to see if they're helpful...
(links removed due to reputation requirement)
If that doesn't help, you'll probably have more luck asking the AVS team directly on their forum site.
I have a mirror API based app in which i have assigned a custom menu item, clicking on which should insert a new card. I have a bit of problem in doing that. I need to know of ways i can debug this.
Check if the subscription to the glass timeline was successful.
Print out something on console on click of the menu.
Any other way i can detect whether on click of the menu, the callback URL was called or not.
It sounds like you have a problem, but aren't sure how to approach debugging it? A few things to look at and try:
Question 1 re: checking subscriptions
The object returned from the subscriptions.insert should indicate that the subscription is a success. Depending on your language, an exception or error would indicate a problem.
You can also call subscriptions.list to make sure the subscriptions are there and are set to the values you expect. If a user removes authorization for your Glassware, this list will be cleared out.
Some things to remember about the URL used for subscriptions:
It must be an HTTPS URL and cannot use a self-signed certificate
The address must be resolvable from the public internet. "localhost" and local name aliases won't work.
The machine must be accessible from the public internet. Machines with addresses like "192.168.1.10" probably won't be good enough.
Question 2 re: printing when clicked
You need to make sure the subscription is setup correctly and that you have a webapp listening at the address you specified that will handle POST operations at that URL. The method called when that URL is hit is up to you, of course, so you can add logging to it. Language specifics may help here.
Try testing it yourself by going to the URL you specify using your own browser. You should see the log message printed out, at a minimum.
If you want it printed for only the specific menu item, you will need to make sure you can decode the JSON body that is sent as part of the POST and respond based on the operation and id of the menu item.
You should also make sure you return HTTP code 200 as quickly as possible - if you don't, Google's servers may retry for a while or eventually give up if they never get a response.
Update: From the sample code you posted, I noticed that you're either logging at INFO or sending to stdout, which should log to INFO (see https://developers.google.com/appengine/docs/java/#Java_Logging). Are you getting the logging from the doGet() method? This StackOverflow question suggests that appengine doesn't display items logged at INFO unless you change the logging.properties file.
Question 3 re: was it clicked or not?
Depending on the configuration of your web server and app server, there should be logs about what URLs have been hit (as noted by #scarygami in the comments to your question).
You can test it yourself to make sure you can hit the URL and it is logging. Keep in mind, however, the warnings I mentioned above about what makes a valid URL for a Mirror API callback.
Update: From your comment below, it sounds like you are seeing the URL belonging to the TimelineUpdateServlet is being hit, but are not seeing any evidence that the log message in TimelineUpdateServlet.doPost() is being called. What return code is logged? Have you tried calling this URL manually via POST to make sure the URL is going to the servlet you expect?
I'm using the oauth playground for the Directory Members Update tool https://developers.google.com/admin-sdk/directory/v1/reference/members/patch
Whenever I try to update an existing member in the group I'm encountering an error 500 message. Is this a temporary issue or am I missing something.
When generating the request I am providing the groupKey, memberKey, and role:MEMBER for the patch body. If I provide the exact same arguments for the Update function things work just fine.
Thank you.
James
Only the role should be in the body since its the only value that is changing.
I'm implementing user registration for a Web Service.
When somebody wants to register an account, my WS sends an activation link to his/her mail. Until this link is clicked, user account is not activated (but the info is persisted in database, so the resource exists).
So my question is, if you try to register the same mail several times, you will get a 409 CONFLICT code. But there are two scenarios right there:
User account pending on confirmation
User already registered and activated
I would like to know what is the right approach. Should I "invent" an HTTP status 4XX to distinguish them, or send 409 with a JSON with info? other solutions?
Thx!
EDIT:
I have found this response -> https://stackoverflow.com/a/3290369/1171280 where Piskvor suggest to use 409 status and request header to explain the reason why it failed and/or body. Which one? header? body? both?
What do you think?
EDIT 2:
HTTP status + body with detailed error (with machine-parseable codes even) is OK, Twitter does that (https://dev.twitter.com/docs/error-codes-responses) and RESPECT :) . But I still doubt with 403 vs 409... :S
Pending account is a special type of a user account, so I think both accounts (already registered and pending) are same in the context of your question. You should return 409 in both cases. For the REST API both are same cases because that resource already exists in the system.
Regarding your updated question, I would suggest using body (JSON) to send out error(s) instead of using a custom HTTP header to explain the reason why the call failed. Reason is that in the body can you have multiple error messages (each one as a separate JSON object/array element) where as in the header you can have only one (though you can split based on some character). Other reason is that you can have one generic error handling method which looks for an "error" object in the JSON instead of looking for different custom headers for each failure scenario.
HTTP codes:
403 - The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be
repeated.
409 - The request could not be completed due to a conflict with the current state of the resource. This code is only allowed in
situations where it is expected that the user might be able to resolve
the conflict and resubmit the request.
I think it should be 409 because the conflict can be resolved by re-issuing the request with different email address.
HTTP status codes are not meant to "invented".
409 CONFLICT sounds OK to me. Including details in the body ist OK, too, if your client needs to know.
Don't use 409. Use 403.
[409] is only allowed in situations where it is expected that the user might be able to resolve the conflict and resubmit the request.
It's for a request that should have been OK, but has a problem that can be resolved. If you edit a document and PUT the revised text but someone else did the same thing before you did, you should have a chance to look at the other person's work so you don't accidentally undo all their work. You'd get a 409 which means, if you want to revise it, you should send your revision with an indication that you've seen the latest revision by the other person -- i.e. you know what you're doing.
There's no way to 'correct' a redundant attempt to register. The only way to avoid the conflict is to register with a different username, but that's very incorrect.
I'm imagining a POST request that takes a username and email address and creates a new resource dedicated to that new user (which should now be used for validation), sending that resource's URL in an email. So you're dealing with the refusal of the POST request handler to create a new resource, for a reason specific to the business model of your application (rather than an HTTP-related reason like bad syntax).
There's no status code more specific to what you want than 403. In this case, all you should use HTTP's vocabulary to communicate is 'that's not allowed' -- use the layer on top of HTTP to communicate why, like a polite HTML page or a JSON object for the client to understand and render as a polite HTML page.
409 should be ok; for the details https://datatracker.ietf.org/doc/html/draft-nottingham-http-problem-04 might be of interest.
I'm trying to post a feed on my wall or on the wall on some of my friends using Graph API. I gave all permissions that this application needs, allow them when i make the request from my page, I'm having a valid access token but even though this exception occurs and no feed is posted. My post request looks pretty good, the permissions are given. What do I need to do to show on facebook app that I'm not an abusive person. The last think I did was to dig in my application Auth Dialog to set all permission I need there, and to write why do I need these permissions.
I would be very grateful if you tell me what is going on and point me into the right direction of what do I need to do to fix this problem.
Had the same problem. I figured out that Facebook was refusing my shortlinks, which makes me a bit mad...but I get the point because its possible that shortlinks can be used to promote malicious content...so if you have shortlinks as part of your test, replace them w the full url...
I believe this message is encountered for one of the two reasons :
Your post contains malicious links
You are trying to make a POST request over a non-https connection.
The second one is not confirmed but I have seen that behavior. While same code in my heroku hosted app worked fine, it gave this #368 error on my 000webhost hosted .tk domain which wasn't secured by SSL
Just in case anyone is still struggling with this, the problem occurs when you put URLs or "action links" that are not in your own app domain, if you really need to post to an extarnal page, you'll have to post to your app first, then redirect from there using a script or something. hope that helps.
also it's better in my opinion to use HTTPS links, as sometimes i've seen a behaviour where http links would be rejected, but that's intermittent.
I started noticing that recently as well when running my unit tests. One of the tests I run is submitting a link that I know Facebook has blocked to verify that I handle the error correctly. I used to get this error:
Warning: This Message Contains Blocked Content: Some content in this message has been reported as abusive by Facebook...
But starting on July 4th, I started receiving this error instead:
(#368) The action attempted has been deemed abusive or is otherwise disallowed'
Both errors indicate that Facebook doesn't like what you're publishing.