I get code from this direct url with my client id and redirect uri;
https://foursquare.com/oauth2/authenticateclient_id=YOUR_CLIENT_ID&response_type=code&redirect_uri=YOUR_REGISTERED_REDIRECT_URI
But I can't do it with the rest service. I have to embed this service in my java application and then get access token. I can use that different option,if there is another way you know to get access token.Can you help me?
The Foursquare docs walk through the process in great detail. There are 2 options:
Web Applications Code Flow
Web Applications Token Flow
Both these options will require you to setup an app through the Foursquare Developer site. You'll need to setup a redirect URL for Foursquare to redirect back to. This is usually a publically accessible URL, but a locahost URL also works for testing purposes.
The first, the Code Flow, follows a standard OAuth process:
Direct users (generally done through a link or button) to
https://foursquare.com/oauth2/authenticate?client_id=YOUR_CLIENT_ID&response_type=code&redirect_uri=YOUR_REGISTERED_REDIRECT_URI`
If the user accepts, they will be redirected back to
https://YOUR_REGISTERED_REDIRECT_URI/?code=CODE
Your server should exchange the code it got in step 2 for an access token. Make a request for
https://foursquare.com/oauth2/access_token?client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=authorization_code&redirect_uri=YOUR_REGISTERED_REDIRECT_URI&code=CODE
The response will be JSON
{ access_token: ACCESS_TOKEN }
This access token is what you're looking for.
The second method, the token flow is slightly easier:
Redirect users who wish to authenticate to
https://foursquare.com/oauth2/authenticate?client_id=CLIENT_ID&response_type=token&redirect_uri=YOUR_REGISTERED_REDIRECT_URI
If a user accepts, they will be redirected back to
https://YOUR_REGISTERED_REDIRECT_URI/#access_token=ACCESS_TOKEN
This access_token query param is what you're looking for.
Go to your "App Settings" page on the developer console of Foursquare.com
Set the "Redirect URL" under "Web Addresses" to https://www.google.com
Paste and enter the following url in your web browser (replace YOUR_CLIENT_ID with your actual client id):
https://foursquare.com/oauth2/authenticate?client_id=YOUR_CLIENT_ID&response_type=code&redirect_uri=https://www.google.com
This should redirect you to a google page requesting permission to make the connection.
Accept and then look at the url of your web browser (take note at the CODE part of the url to use in step 5)
It should look like https://www.google.com/?code=CODE
Copy the code value from the previous step.
Paste and enter the following into your web browser (replace placeholders with actual values):
https://foursquare.com/oauth2/access_token?client_id=YOUR_CLIENT_ID&client_secret=YOUR_CLIENT_SECRET&grant_type=authorization_code&redirect_uri=https://www.google.com&code=CODE.
When you paste the link , This should lead you to a page that gives you your access token.
Credit : IBM course intructor.
Related
The main point of my POC is to send Mail using Microsoft Graph Api In Java.
I have followed this below Github repo steps each and I am able to build the code successfully:
https://github.com/microsoftgraph/console-java-connect-sample
According to the steps mentioned in the Repo , I should get Authorization code in URL,
But I am unable to get the Authorization code.
I made few changes in the code ,
First , I replace the CLIENT_ID value as per my application client id's.
Secondly also change the redirect URL in Constants.java. In the Repo,
redirect url is mentioned as
"https://login.microsoftonline.com/common/oauth2/nativeclient". But As I am
using organizational account, I have mentioned my application(web service)
redirect url.
Also one more change which i made is in MicrosoftAzureAD20Api.java , I
replaced the getAccessTokenEndpoint() and getAuthorizationBaseUrl() URL's
as per my application.
After running the code , it ran without error , I printed the authorization URL in console as well, but I am not getting authorization code in URL(which I printed in my console).
The expected url (acc to github) is something like :
https://login.microsoftonline.com/common/oauth2/nativeclient?code={IAQABAAIAAABHh4kmS_aKT5XrjzxRAtHz5S...p7OoAFPmGPqIq-1_bMCAA}&session_state=dd64ce71-4424-494b-8818-be9a99ca0798
But the URL which I am getting is something like below :
https://login.microsoftonline.com/{{tenantId}}/oauth2/v2.0/authorize?response_type=code&client_id={{ClientId}}&redirect_uri=https%3A%2F%2Flogin.microsoftonline.com%2Fcommon%2Foauth2%2Fnativeclient&scope=Files.ReadWrite%20openid%20User.Read%20Mail.Send%20Mail.ReadWrite
As comparison in both url , code is missing in second one.(Which I need to pass on further)
Please help me out.
The URL you got is an authorization url. The command line interface opens a browser window on the Azure Active Directory authorization endpoint. You need to enter your user name and password to authenticate.
When you are authenticated, you're taken to an authorization window for the app. Click the Ok button on the authorization window. Then you will get the code.
I am facing an issue on my project. I have to send a POST request to a vendor's API. But I am getting the response login is required.
The vendor has not exposed the Login API , but has given the login url. It wants us to authenticate on the browser and then send the POST request from our Java code.
Can anyone please help us that if it is possible to this?
I have tried to launch the login url from my Java code. Then I authenticate it. But since I have authenticated in Browser's process so I am not able to send the POST request from my Java code.
Ideally you should make a GET request using the login url (a REST call from the Java code and not via a browser process) which would return you a valid access token or something similar, using which (ideally on the header), you should make the POST request which would allow the vendor's API to authenticate your request.
You would need to provide sample code and what you have tried for me to help you further, but I hope you get the idea.
I have a web application that when user click on the a link it will generate security information and log on to an external application if the security information is authenticated.
At this point from security concern I don't want to expose the URL and request information on the web page, so instead I am seeking solutions to handle the process behind the scene
I know Apache Components can easily send post request within POJO, jersey client can do as well through web service. However the requirement here is also including to let browser automatically redirect to the 3rd app's front page if the login process succeeded.
My question is what could be the proper solution to handle the login process and go to the external application from web as well.
Say you have:
publicapp.com
secretapp.com
Set up an API in publicapp.com to POST the initial request to itself. When the user submits the initial login form it goes to say publicapp.com/login. This endpoint will pre-process the information then send a server to server request to secretapp.com/login.
If secretapp.com/login accepts the information it responds to publicapp.com with a success and publicapp.com redirects the client to secretapp.com/home, with a short term auth token encoded in a JWT. secretapp.com, swaps the short term token for a full auth token.
In the above scenario, the actual login endpoint is never made public. secretapp.com should also have IP whitelisting to only accepts login attempts from publicapp.com. You can also do a lot of filtering on publicapp.com to eliminate malicious requests without bothering secretapp.com.
I am trying to make an upload to YouTube from my Java based web app, I spent a few days to understand what and where is the problem and I cannot get it, for now I am pulling my hair out off my head.
I registered my web app in Google Console, so I got a pair of Client ID and Secret and a possibility to download JSON type file with my config.
So here is the config:
{
"web":{
"auth_uri":"https://accounts.google.com/o/oauth2/auth",
"client_secret":"***",
"token_uri":"https://accounts.google.com/o/oauth2/token",
"client_email":"***",
"redirect_uris":["http://localhost:8080/WEBAPP/youtube-callback.html","http://www.WEBAPP.md/youtube-callback.html"],
"client_x509_cert_url":"***",
"client_id":"***",
"auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
"javascript_origins":["http://www.WEBAPP.md/"]
}
}
How is possible that I am getting the default URL from Google?
The redirect URI in the request: http://localhost:8080/Callback did not match a registered redirect URI
It always gives me the default http://localhost:8080/Callback URL instead of mine.
And IDE console shows me that:
Please open the following address in your browser:
https://accounts.google.com/o/oauth2/auth?client_id=***&redirect_uri=http://localhost:8080/Callback&response_type=code&scope=https://www.googleapis.com/auth/youtube.upload
Attempting to open that address in the default browser now...
I am using the last version of dependencies:
google-api-services-youtube v3-rev99-1.17.0-rc and google-api-services-youtubeAnalytics v1-rev35-1.17.0-rc
I think I encountered the same problem as you. I addressed this problem with the following steps:
1) Go to Google Developers Console
2) Set JavaScript origins:
http://localhost
3) Set Redirect URIs:
http://localhost:8080
http://localhost:8080/Callback
When your browser redirects the user to Google's oAuth page, are you passing as a parameter the redirect URI you want Google's server to return to with the token response? Setting a redirect URI in the console is not a way of telling Google where to go when a login attempt comes in, but rather it's a way of telling Google what the allowed redirect URIs are (so if someone else writes a web app with your client ID but a different redirect URI it will be disallowed); your web app should, when someone clicks the "login" button, send the browser to:
https://accounts.google.com/o/oauth2/auth?client_id=XXXXX&redirect_uri=http://localhost:8080/WEBAPP/youtube-callback.html&response_type=code&scope=https://www.googleapis.com/auth/youtube.upload
(the callback URI passed as a parameter must be url-encoded, btw).
When Google's server gets authorization from the user, then, it'll redirect the browser to whatever you sent in as the redirect_uri. It'll include in that request the token as a parameter, so your callback page can then validate the token, get an access token, and move on to the other parts of your app.
If you visit:
http://code.google.com/p/google-api-java-client/wiki/OAuth2#Authorization_Code_Flow
You can see better samples of the java client there, demonstrating that you have to override the getRedirectUri method to specify your callback path so the default isn't used.
The redirect URIs are in the client_secrets.json file for multiple reasons ... one big one is so that the oAuth flow can verify that the redirect your app specifies matches what your app allows.
If you visit https://developers.google.com/api-client-library/java/apis/youtube/v3 You can generate a sample application for yourself that's based directly off your app in the console, in which (again) the getRedirectUri method is overwritten to use your specific callbacks.
I was able to get mine working using the following Client Credentials:
Authorized JavaScript origins
http://localhost
Authorized redirect URIs
http://localhost:8090/oauth2callback
Note: I used port 8090 instead of 8080, but that doesn't matter as long as your python script uses the same port as your client_secret.json file.
Reference: Python Quickstart
You need to go into the developer console and set
http://localhost:8080/WEBAPP/youtube-callback.html
as your callback URL.
This video is slightly outdated, as it shows the older Developer Console instead of the new one, however, the concepts should still apply. You need to find your project in the developer console and register a callback URL.
I thought I had this configured but it turns out I set the URL in the wrong place. I followed the URL provided in the Google error page and added my URL here. Stupid mistake from my part, but easily done. Hope this helps
I am trying to make a webapp in java that is capable of posting to a users facebook status, and I am having some problems with the authorization process. Basically, I have a struts2 action that redirects the user to the facebook login page, which then redirects back to me with a "code". I then use this code to access another facebook URL (to trade it for an access token).
The problem is, and I'm likely just missing something simple, that this second facebook url doesn't redirect to an action, it instead just returns a page with the access token on it. So, my question is, how would I access that token to put into my database, preferably without showing the access token to the end user?
TLDR; Any idea how I could call a request from an action in struts2 to an external url and parse the response without showing it to the user? Thanks!
Cheers,
Lukas Rezek
So basically you would want 3 pieces:
Interceptor
authRequest action
authResponse action
So the flow is:
Interceptor would check if current user has auth token, if not - it will redirect to authRequest action
authRequest action will fill up your app details - create url graph.facebook.com/oauth/authorize?client_id=xxx&redirect_uri=yyy etc
Please note that redirect_uri is exactly is authResponse action. so after user authorizes your app - browser willo redirect to authResponse action
authResponse action is the plave where you retreive the token, save it to DB and probably set it to session. after you done with that - you are done with login and you can redirect to your application home action
To access an external web site within a struts action you have two choices. Create a socket and connect to the external site and send your request via the socket.outputstream and parse the reponse via the socket.inputStream or use a browser emulator such as Apache HttpComponents or HTMLUnit.
I wouldn't let the user of my web-app anywhere near the Facebook site - I would have my own page that asked for the FB login and would handle the interaction with the facebook site using one of the two methods above. I would favour using HTMLUnit as that is designed to look like a browser to the remote site.