With the oldest PayPal API, setting the return URL when a checkout is accomplishment, or when checkout is eliminated is easy, as described here:
Payment payment = new Payment();
RedirectUrls redirectUrls = new RedirectUrls();
redirectUrls.setCancelUrl(cancelUrl);
redirectUrls.setReturnUrl(successUrl);
payment.setRedirectUrls(redirectUrls);
How can I accomplished this goal with new PayPal API?
I have already setting an url return (google.com for testing) in my sandbox account but it seems not work..
Which new API? There are several. Are you using the Checkout-Java-SDK? The best integrations do not use a redirect, and hence do not need a return URL.
Instead, implement two routes on your server that return JSON data -- one for 'Create Order' and one for 'Capture Order', documented here.
The approval flow to pair those two routes with is: https://developer.paypal.com/demo/checkout/#/pattern/server
This flow does not redirect away, hence there is no need or use for a return URL and if specified it will be ignored.
I have already setting an url return (google.com for testing) in my sandbox account but it seems not work.
That is for non-API integrations that use a link or HTML form post. There is no API integration that pays any attention to that profile setting.
I know this is an old post now but with REST API, there is a way to return these URLs. If you go to https://developer.paypal.com/api/orders/v2/ and click the application_context object link, you would be able to see the other details you can add to pass into your payload -- eg. brand_name, return_url, cancel_url etc. I do not think that Paypal has provided now an SDK but would love to know if there is. Right now, only the REST endpoints and payloads are available on their developer page.
Related
Need some help with fetching some data from a website.
Previously , we had following code in our application and it used to fetch the required data. We just used to read the required fields by forming a URL by passing username , password and search parameter (DEA number). The same URL (with parameters ) could also be hit from browser directly to see the results. It was a simple GET request:
{URL url = new URL(
"http://www.deanumber.com/Websvc/deaWebsvc.asmx/GetQuery?UserName="+getUsername()+"&Password="+getPassword()+"&DEA="
+ deaNumber
+ "&BAC=&BASC=&ExpirationDate=&Company=&Zip=&State=&PI=&MaxRows=");
Document document = parser.parse(url.toExternalForm());
// Ask the document for a list of all <sect1> tags it contains
NodeList sections = document.getElementsByTagName("DEA");
//Followed by a loop code to get each element by using sections.item(index).getFirstChild() etc.
}
Now, the website URL has got changed to following:
https://www.deanumber.com/RelId/33637/ISvars/default/Home.htm
I am able to login to the URL with credentials , go to the search page , enter the DEA number and search. The login page comes as a pop-up once I click 'Login' link on home page. Also, the final result comes as a pop-up. This is a POST request so I am unable to form the complete URL which I could use in my code.
I am not an expert in Web Services , but I think I need a web service URL like the one mentioned in the code above. Not sure how to get that !! Even if I get the URL , I am not sure how to perform the login through Java code and search the DEA number.
Also, it would be great if I could validate the URL manually before using in Java. Let me know if there is any way.
Or, in case there is any alternate approach in Java; kindly suggest.
Thanks in advance.
First of all, the previous approach provided by the website was completely wrong and insecure, because it passes the username and password as querystring parameters in plain text. I think, they would have realized this thing and changed their way of authentication.
Also, it looks like that they have restricted the direct URL based requests from the client applications like yours. For such requests from clients, they have published the web services. Check this link. They also have mentioned the rates for web service request counts.
So, you may need to open a formal communication channel to get authentication and other details to access their web services for this purpose. Depends on what they use for web service client authentication, you may code your client to access the web services.
I hope this helps.
As the title states it, I want to access the bitbucket API from a native Java Desktop Application. Bitbucket requires Applications to use OAuth2, and for that I found that Oltu should do the job.
However, my knowledge of OAuth is very limited and so I am stuck at a very early point. Here is what I did so far:
Step 1: I registered an OAuth Consumer with my Bitbucket Account with the following details:
Name: jerseytestapp
Description:
CallbackURL: http://localhost:8080/
URL:
Question 1: Could I automate this step?
Step 2: I ran the following Java code:
package jerseytest;
import org.apache.oltu.oauth2.client.request.OAuthClientRequest;
import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
public class BitbucketJersey {
public static void main(String[] args) {
OAuthClientRequest request;
try {
request = OAuthClientRequest
.authorizationLocation("https://bitbucket.org/site/oauth2/authorize")
.setClientId("jerseytestapp")
.setRedirectURI("http://localhost:8080")
.buildQueryMessage();
System.out.println(request.getLocationUri());
} catch (OAuthSystemException e) {
e.printStackTrace();
}
}
}
Step 3: I received the following locationURI and opened in Firefox
https://bitbucket.org/site/oauth2/authorize?redirect_uri=http%3A%2F%2Flocalhost%3A8080&client_id=jerseytestapp
Question 2: Do I need to use the browser or can I do this from the java application?
I receive the following answer message in Firefox:
Invalid client_id
This integration is misconfigured. Contact the vendor for assistance.
Question 3: What would be the correct next steps, and what is wrong with my approach?
Answer 1: You can automate the creation of OAuth Consumers, but you probably don’t want to.
Bitbucket provides documentation on how to create a consumer through their APIs, although the documentation is lacking many pertinent fields. Even so, you could still craft an HTTP request programmatically which mimics whatever Bitbucket's web interface is doing to create consumers. So yes, it could be automated.
Here's why you probably don't want to. In your case, you have three things that need to work together: your application, the end user, and Bitbucket. (Or in terms of OAuth jargon for this flow, those would be the client, resource owner, and authorization server, respectively.) The normal way of doing things is that your application is uniquely identified by the OAuth Consumer that you’ve created in your account, and all usages of Bitbucket by your application will use that single OAuth Consumer to identify your application. So unless you’re doing something like developing a Bitbucket application that generates other Bitbucket applications, you have no need to automate the creation of other OAuth Consumers.
Answer 2: You can authorize directly from your Java application.
Bitbucket states that it supports all four grant flows/types defined in RFC-6749. Your code is currently trying to use the Authorization Code Grant type. Using this grant type WILL force you to use a browser. But that’s not the only problem with this grant type for a desktop application. Without a public webserver to point at, you will have to use localhost in your callback URL, as you are already doing. That is a big security hole because malicious software could intercept traffic to your callback URL to gain access to tokens that the end user is granting to your application only. (See the comments on this stackoverflow question for more discussion on that topic.) Instead, you should be using the Resource Owner Password Credentials Grant type which will allow you to authenticate a Bitbucket’s username and password directly in your application, without the need of an external browser or a callback URL. Bitbucket provides a sample curl command on how to use that grant type here.
Answer 3: The correct next steps would be to model your code after the following sample. What is wrong with your approach is that you are trying to use a grant type that is ill-suited to your needs, and you are attempting to use your OAuth Consumer's name to identify your application instead of your Consumer's key and secret.
The following code sample successfully retrieved an access token with my own username/password/key/secret combination, whose values have been substituted out. Code was tested using JDK 1.8.0_45 and org.apache.oltu.oauth2:org.apache.oltu.oauth2.client:1.0.0.
OAuthClientRequest request = OAuthClientRequest
.tokenLocation("https://bitbucket.org/site/oauth2/access_token")
.setGrantType(GrantType.PASSWORD)
.setUsername("someUsernameEnteredByEndUser")
.setPassword("somePasswordEnteredByEndUser")
.buildBodyMessage();
String key = "yourConsumerKey";
String secret = "yourConsumerSecret";
byte[] unencodedConsumerAuth = (key + ":" + secret).getBytes(StandardCharsets.UTF_8);
byte[] encodedConsumerAuth = Base64.getEncoder().encode(unencodedConsumerAuth);
request.setHeader("Authorization", "Basic " + new String(encodedConsumerAuth, StandardCharsets.UTF_8));
OAuthClient oAuthClient = new OAuthClient(new URLConnectionClient());
OAuthResourceResponse response = oAuthClient.resource(request, OAuth.HttpMethod.POST, OAuthResourceResponse.class);
System.out.println("response body: " + response.getBody());
Your main problem was that you were giving the customer name instead of the client id:
.setClientId("jerseytestapp")
The only way to get the client id that I know of is to query:
https://bitbucket.org/api/1.0/users/your_account_name/consumers
However, even then it was still not working so I contacted bitbucket support. It turned out that the documentation is misleading. You actually need to use the client key instead.
.setClientId("ydrqABCD123QWER4567") // or whatever your case might be
https://bitbucket.org/site/oauth2/authorize?client_id=client_key&response_type=token
To get user details, facebook docs suggests making this call:
https://graph.facebook.com/me?access_token=YOUR_USER_ACCESS_TOKEN
When a user signs up using facebook's "Register plugin", how do I get this user access_token from the signed request. The latter contains a oauth_token, but I couldn't find documentation on how to obtain the access_token. I use java server side authentication technique (I don't use the javascript way..)
Specifically, the docs say:
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&redirect_uri=YOUR_REDIRECT_URI
&client_secret=YOUR_APP_SECRET
&code=CODE_GENERATED_BY_FACEBOOK
This answer recommends passing a blank redirect uri. But where does the "CODE_GENERATED_BY_FACEBOOK" come from in the REGISTRATION flow? I tried passing the oauth_token from the signed_request as the "code generated by facebook". But it fails verification.
Pointers will be be helpful. Thanks.
Note: I already have the "sign in with facebook" working & I know how to obtain the access_token in that flow. But I would expect a more straight forward way of doing that when the user registers using facebook.
You may have solved your problem, but anyway I place my case;
You must set exactly the same value for the "redirect_uri" parameters for both dialog/oauth and oauth/access_token pages (and unfortunately, this is not stated clearly on Facebook documentation). In my case the URIs in question were:
https:
//www.facebook.com/dialog/oauth?client_id=23902620775&redirect_uri=http%3a%2f%2fwww.mydomain.com%2fMembership%2fLoginCheckFacebook&scope=user_birthday,email
https
://graph.facebook.com/oauth/access_token?client_id=23902620775&redirect_uri=http%3a%2f%2flocal.www.mydomain.com%2fMembership%2fLoginCheckFacebook&client_secret=80a34471e31e7afa0a7a7cd3cfc7&code=AQDsrevxH_Q3-NVts8VBThXCC0z6cCIhdnTMVCE9McsjJYLLy6ZKnlibmi8tWPcP...
I want to auto tweet from a java application. What is the simplest way to do it? Can i avoid using libraries like Twitter4j etc.,
I need an implementation for a simple api like
Tweet(username, password, message)..
Thank you.
I recommend you to use twitter4j and using this you can create oAuth requests easily.
Twitter rate limits apply to desktop application and it is 150/hour.
Twitter does not support basic authentication with username and password anymore.
You are required to create an application in twitter and using the consumer key and secret only you can access your twitter account.
If you are going to access the twitter by a desktop application then you have to select
Application Type: as "Client" while creating the application.
Then you can use the syntax below to update your status in twitter
ConfigurationBuilder cb = new ConfigurationBuilder();
cb.setDebugEnabled(true)
.setOAuthConsumerKey(consumerKey)
.setOAuthConsumerSecret(consumerSecret)
.setOAuthAccessToken(oAuthAccessToken)
.setOAuthAccessTokenSecret(oAuthAccessTokenSecret);
TwitterFactory tf = new TwitterFactory(cb.build());
Twitter twitter = tf.getInstance();
twitter.updateStatus("This is a test message"); //ThrowsTwitterException
I hope this helps you... Please let me know if this is not the answer you were looking for.
Implementing your own oAuth request involve creating signature that for me was complicated and it is sensitive to time and time format that we send.
Twitter has a REST web API, and a lot of documentation. For reference:
http://dev.twitter.com/doc
While you don't necessarily need Twitter4J, it does make it easier. Otherwise you would need to assemble your own URL requests and take care of authentication. They offer more than one style:
http://dev.twitter.com/pages/auth_overview
Traditionally, OAuth is the preferred style for desktop application to web server integration--but that protocol is a bit complicated.
There's nothing that says you can't create your Tweet() method to hide away the details of using Tweet4J or hand-rolling the request yourself.
I want to auto tweet from a java
application.
I hope you are not spamming.. :D
Try this one: http://code.google.com/p/java-twitter/
You can wrap the example code into:
public void tweet(String username, String password, String message){
Api api = Api.builder().username(username).password(password).build();
api.updateStatus(message).build().post();
}
And then call it as tweet.(username,pass,message)
Looks simple to me.
Spring Social? I saw a demo of it at SpringOne - looked pretty cool, although I personally do not have a use for it, and therefore haven't done much besides read about it. You get some OAuth capability and templates for interacting with the major social networking sites out of the box.
My problem is I get error while trying to get request token from Yahoo. The error says Im missing oauth_callback parameter and yes I miss it because I dont need it. Ive read I need to set it to "oob" value if I dont want to use it(desktop app). And I did that but to no avail. If I set it to null the same happens. Im using OAuth for java: http://oauth.googlecode.com/svn/code/java/core/
OAuthServiceProvider serviceProvider = new OAuthServiceProvider("https://api.login.yahoo.com/oauth/v2/get_request_token",
"https://api.login.yahoo.com/oauth/v2/request_auth",
"https://api.login.yahoo.com/oauth/v2/get_token");
OAuthConsumer consumer = new OAuthConsumer("oob", consumerKey, consumerSecret, serviceProvider);
OAuthAccessor accessor = new OAuthAccessor(consumer);
OAuthClient client = new OAuthClient(new HttpClient4());
OAuthMessage response = client.getRequestTokenResponse(accessor, OAuthMessage.POST, null);
System.out.println(response.getBodyAsStream());
Have you tried using Scribe?
I also had problems with OAuth java libs so I developed that one. It's pretty much cross provider and better documented than the one you're using.
If it does not work with Yahoo you can easily extend it creating your own Provider
Hope that helps!
there is a problem in the java OAuthMassage class, I resolved it by adding to addRequiredParameters method thie line
if (pMap.get(OAuth.OAUTH_CALLBACK) == null) {
addParameter(OAuth.OAUTH_CALLBACK, consumer.callbackURL);
}
if you still have this problem I can help you: rbouadjenek#gmail.com
I haven't used that library, but it looks like it isn't properly handling the callback URL. Since OAuth 1.0a (http://oauth.net/advisories/2009-1/ and http://oauth.net/core/1.0a/), the callback URL needs to be sent in the first call to get the request token (not in the client-side call to authorise it), and it seems that this library hasn't been updated to do this (at least from looking at the code). I assume that Yahoo requires the parameter to be there.
Not sure if the original problem was ever solved, but wanted to point to a new Java OAuth SDK that Yahoo released last week:
http://developer.yahoo.net/blog/archives/2010/07/yos_sdk_for_java.html
Developers trying to access Yahoo's services via OAuth with Java may find parts of this SDK helpful.