I am trying to fetch Facebook user access token as in the question title.
I configured my application, I am sending request to:
redirect:https://www.facebook.com/dialog/oauth?client_id="+appId+"&redirect_uri="+REDIRECT_URI+"&response_type=token
and I always got response where there is a hashtag before first parameter:
/auth/fb/callback/?#access_token=blablabla
Does anyone know why Fb is keep adding the # before access_token??
I have hard time to parse this from HTTP request, as Spring shows me 0 GET parameters.
Is it possible to avoid this situation or parse with #???
Does anyone know why Fb is keep adding the # before access_token?
Because you asked for it, by using response_type=token. You actually want to ask for a code instead.
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#logindialog
Related
I have my authorisation url - https://www.reddit.com/api/v1/authorize?client_id=xuJKekGTr1-V8Q&response_type=code&state=dfDfsd4gdf&redirect_uri=http://localhost:8080/redditimageuploader/callback&duration=permanent&scope=submit
But I don't really know what to do from here? I've found a few guides online but it's just a lot of jargon I don't really understand. When I click on the "allow" button, it takes me to the url that I defined as my redirect_uri, and appended to the end of the string is the state that I set, as well as code= and then a string - so I assume I need to do something with those, but I don't know what.
I was wondering if there is a super simple "explain like I'm 5" step-by-step guide on what to do from here?
It's a standard OAuth flow. From the doc :
When the user clicks the "Sign on with Reddit" button on your website, you must redirect the user to the authorisation URL at Reddit - the one in your question, starting with https://www.reddit.com/api/v1/authorize and enriched with the request params you specified. Reddit will then ask the user to sign in, and whether or not he wants to authorise your app access to the requested scope. See https://github.com/reddit-archive/reddit/wiki/OAuth2#allowing-the-user-to-authorize-your-application
If the user agrees, then Reddit will redirect the user to the redirect URI you specified as request param in the authorisation URL (in your case, http://localhost:8080/redditimageuploader/callback). Reddit will add a state request param: you need to ensure that this is the same as the one in your request.
Retrieve the access token with a POST request to https://www.reddit.com/api/v1/access_token, including the following data in your data: grant_type=authorization_code&code=CODE&redirect_uri=URI. Replace CODE with the value you received and URI with your same redirect URI as in the first step.
The response to this third step should return you an access token: store this for future requests on behalf of the user. See https://github.com/reddit-archive/reddit/wiki/OAuth2#retrieving-the-access-token
Extra steps are available and documented for error handling and access token operations (invalidation / renewal).
So, once you've correctly implemented the first step, all you need to do is create an endpoint (the one called when your redirect URI is redirected to) which will :
check the state request param
Retrieve the access token (third step) and store it
Let me know if this is clear enough.
I am newbie to Azure AD and want to interact with it through my java app.
After doing some research, I found that we need to get bearer_token in order to use Graph API for Azure AD.
I am following this link to get bearer token but facing issue with one of parameters.
Now as shown in below image from above link, there are several parameters and information related to them is given like what they are and how to retrieve them but I dont see any information related 'code' parameter.
Can somebody tell me what is this 'code' and how am I supposed to get it?
Note: I have free trial account of Azure AD.
Any help is much appreciated!
Regards,
Amit
You are trying to use Authorization Code Grant Flow. You can read in detail about the flow and steps here in Microsoft Docs
It's a two step process:
STEP 1: Get Authorization Code by hitting the /authorize endpoint. You will get an authorization_code back as response for this call. Example shown below:
// Line breaks for legibility only
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&state=12345
STEP 2: Once you have an authorization_code from previous call, you can redeem it for an access token. Example shown below:
// Line breaks for legibility only
POST /{tenant}/oauth2/v2.0/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&grant_type=authorization_code
&client_secret=JqQX2PNo9bpM0uEihUPzyrh // NOTE: Only required for web apps
I have Spring REST backend and Angular frontend.
Authentication is performed using a POST request to "/login" URL with username and password inside request JSON body (I use form based authentication).
REST backend replies with OK code. Everything is fine and I can perform other requests from frontend that requires authentication.
But frontend need to know what is the role of authenticated user so that it can display a proper view/rote for it. And where can we get this role on a frontend? The only response we got from authentication was OK and that is fine for REST.
We can get user information by performing GET request to "/users/[user_id]". But we don't have user id, just user name.
So the question is - what is a correct way for REST to get role (or other user information) from frontend having just user name?
As a workaround I can create new request on a backend that takes user name instead of id, or I can add user id to authentication response. But I'm not really sure that is a correct way from REST perspective.
You can not override HTTP Methods.So,if you are planning to write GET call with diffrent query parameters with the same path,then it is not allowed.You need to write two GET paths.
e.g.
GET /users/userid/{id}
GET /users/username/{name}
And in the second call,you can add desired logic for getting role in the second one.
There are two way's of doing it.
1) After successful authentication from the server, do one more $http call to the server with username from which you can fetch details from a server logic that fetches and store that result in the $rootScope.This info will be available through out the app.
2) When you are authenticating the user, if the user is valid then fetch his details and store those in an object.
Now in your server logic while returning response you can do like below
response.setHeaders("User",userDetilsObj);
NOTE: response is a HttpServletResponse object.
After the request is completed as you said we will get a status OK response that is 200. To access the user details at JS side follow below code
if(response.status == '200/OK'){
$rootScope.user = response.getHeaders().User;//In this object all the user details set at server side are available now..
}
Hope this gives you some light on how to achieve your desired results.
Get the user information from server at the the time when you authenticates the user.Pass the user details on successful user authentication.
After discussing the issue with #JBNizet in comments I decided to change REST endpoint from "/users/:user_id" to "/users/:user_name".
I am stucking with the following problem like one month already, I am trying to verify an inapp purchase by using the following api :https://developers.google.com/android-publisher/authorization
I followed every step from the documentation(doing everthing with Postman Rest Client from Chrome), I can retrieve an accesstoken and a refresh token, but whenever when I try to query a purchase it results in error code 403 access not configured, BUT I CONFFIGURED IT IN THE SETTINGS!
anybody with an idea maybe?
It is far from straightforward to get an accesstoken for this API. This blog post helped get me started in the right direction, but I've outlined my own process that does not depend on using any external scripts to work. The steps are:
Obtain a client ID and secret (one-time)
Obtain a Refresh Token (one-time)
Use the Refresh Token to obtain an Access Token (once per hour)
4 Use the access token to access the API
Each of these steps are detailed below:
Obtaining Client ID and Secret
Go to the the Google Developer's console
Go to your project page
Select "Consent Screen" on the left side and make sure that the email address and Product name fields are set
Select "Credentials" from the left menu, and select "create a new client id"
Leave Application type set to "Web application" and set "Authorized redirect URI" to https://localhost. You do not need to change the Authorized JavaScript Origins.
Click "Create Client ID" and record the Client ID and Client secret that result.
Obtaining a Refresh Token
In web browser, enter the following URL (substituting correct value for client_id):
https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/androidpublisher&response_type=code&access_type=offline&redirect_uri=https://localhost&client_id=XXXX
Accept any requests for authorization that appear
You will then be redirected to a URL like this:
https://localhost/?code=4/k0TenvwICIgmBoQOazJy4_EnJr6-.clLqtp_vVAIbEnp6UAPFm0GASPqQigI
Copy the code from the latter part of this URL
Use wget to convert this code into refresh token; substitute CODE, CLIENT_ID, and CLIENT_SECRET
wget --debug --post-data="grant_type=authorization_code&code=CODE&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&redirect_uri=https://localhost" https://accounts.google.com/o/oauth2/token
The resulting JSON file will contain an access_token and a refresh_token. Record the refresh_token value
Obtaining an Access Token
send a POST request to https://accounts.google.com/o/oauth2/token with the following fields set (substitute REFRESH_TOKEN, CLIENT_ID, CLIENT_SECRET)
grant_type=refresh_token
refresh_token=REFRESH_TOKEN
client_id=CLIENT_ID
client_secret=CLIENT_SECRET
You will get back a JSON string containing an access_token that will be good for one hour.
Using the Access Token to make API request
Fetch from
https://www.googleapis.com/androidpublisher/v1.1/applications/PACKAGENAME/inapp/SKU/purchases/PURCHASETOKEN
with an Authorization header containing the access token, e.g:
Authorization: Bearer ya29.1.AADtN_WoM4-4Fb1voFL-emcUWluijCzwvc9Z-FYM9SPvK03HCbGkdROJTVVPSLHK2IlVJQ
You may also be able to pass the access token as an HTTP query parameter, e.g.
https://www.googleapis.com/androidpublisher/v1.1/applications/PACKAGENAME/inapp/SKU/purchases/PURCHASETOKEN?authorization_token=AUTHTOKEN
I had a similar problem as you. Answer by mmigdol is helpful, but it didn't help me. I finally managed to solve it by looking at links generated here: https://developers.google.com/oauthplayground/
Apparently, Android publisher scope
https://www.googleapis.com/auth/androidpublisher
needs to be added into the link requesting authorisation code (before even generating refresh token) by adding:
&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fandroidpublisher
to get this:
https://accounts.google.com/o/oauth2/auth?redirect_uri=<YOUR_REDIRECT_URI>&response_type=code&client_id=<YOUR_CLIENT_ID>&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fandroidpublisher&approval_prompt=force&access_type=offline
Hi I want to publsh a post on user's wall but am getting this "permission error" error code 200 when trying to use stream.publish method of facebook api...i hve requested for extended permissions as:
http://m.facebook.com/login.php?api_key="+API_KEY&....&req_perms=read_stream,publish_stream,offline_access
but when i make call to the method stream.publish i am getting this permission error..it seems that req_perms in above url is simply getting ignored..
i am passing "method(stream.publish)","api_key","message","session_key","v","sig" as parametres to url http://api.facebook.com/restserver.php?
will be greatful if anyone helps meout in this problem or provide me with proper steps for publishing a post on user's wall...the application is being developed on blackbery platform..
I don't think you can request permissions from login.php. Instead check out prompt_permissions.php
http://wiki.developers.facebook.com/index.php/Authorization_and_Authentication_for_Desktop_Applications
Can you check to see if you are getting a valid session from facebook before trying stream.publish? If you are getting the offline_access extended permission, you will have a session object that has expires=0.
You can also try called the users.hasAppPermission API methods to verify you got the permissions.
Are you just making POSTs directly to http://api.facebook.com/restserver.php ? Are you including the request data in the POST body? You also should include a Content-Type: header of application/x-www-form-urlencoded in your headers.
I think it can be tricky to make direct calls to the restserver.php. Is there a client library you can use, like the Javascript client library?