Hi I want to publsh a post on user's wall but am getting this "permission error" error code 200 when trying to use stream.publish method of facebook api...i hve requested for extended permissions as:
http://m.facebook.com/login.php?api_key="+API_KEY&....&req_perms=read_stream,publish_stream,offline_access
but when i make call to the method stream.publish i am getting this permission error..it seems that req_perms in above url is simply getting ignored..
i am passing "method(stream.publish)","api_key","message","session_key","v","sig" as parametres to url http://api.facebook.com/restserver.php?
will be greatful if anyone helps meout in this problem or provide me with proper steps for publishing a post on user's wall...the application is being developed on blackbery platform..
I don't think you can request permissions from login.php. Instead check out prompt_permissions.php
http://wiki.developers.facebook.com/index.php/Authorization_and_Authentication_for_Desktop_Applications
Can you check to see if you are getting a valid session from facebook before trying stream.publish? If you are getting the offline_access extended permission, you will have a session object that has expires=0.
You can also try called the users.hasAppPermission API methods to verify you got the permissions.
Are you just making POSTs directly to http://api.facebook.com/restserver.php ? Are you including the request data in the POST body? You also should include a Content-Type: header of application/x-www-form-urlencoded in your headers.
I think it can be tricky to make direct calls to the restserver.php. Is there a client library you can use, like the Javascript client library?
Related
I am newbie to Azure AD and want to interact with it through my java app.
After doing some research, I found that we need to get bearer_token in order to use Graph API for Azure AD.
I am following this link to get bearer token but facing issue with one of parameters.
Now as shown in below image from above link, there are several parameters and information related to them is given like what they are and how to retrieve them but I dont see any information related 'code' parameter.
Can somebody tell me what is this 'code' and how am I supposed to get it?
Note: I have free trial account of Azure AD.
Any help is much appreciated!
Regards,
Amit
You are trying to use Authorization Code Grant Flow. You can read in detail about the flow and steps here in Microsoft Docs
It's a two step process:
STEP 1: Get Authorization Code by hitting the /authorize endpoint. You will get an authorization_code back as response for this call. Example shown below:
// Line breaks for legibility only
https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize?
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&response_type=code
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&response_mode=query
&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&state=12345
STEP 2: Once you have an authorization_code from previous call, you can redeem it for an access token. Example shown below:
// Line breaks for legibility only
POST /{tenant}/oauth2/v2.0/token HTTP/1.1
Host: https://login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
client_id=6731de76-14a6-49ae-97bc-6eba6914391e
&scope=https%3A%2F%2Fgraph.microsoft.com%2Fmail.read
&code=OAAABAAAAiL9Kn2Z27UubvWFPbm0gLWQJVzCTE9UkP3pSx1aXxUjq3n8b2JRLk4OxVXr...
&redirect_uri=http%3A%2F%2Flocalhost%2Fmyapp%2F
&grant_type=authorization_code
&client_secret=JqQX2PNo9bpM0uEihUPzyrh // NOTE: Only required for web apps
I am trying to fetch Facebook user access token as in the question title.
I configured my application, I am sending request to:
redirect:https://www.facebook.com/dialog/oauth?client_id="+appId+"&redirect_uri="+REDIRECT_URI+"&response_type=token
and I always got response where there is a hashtag before first parameter:
/auth/fb/callback/?#access_token=blablabla
Does anyone know why Fb is keep adding the # before access_token??
I have hard time to parse this from HTTP request, as Spring shows me 0 GET parameters.
Is it possible to avoid this situation or parse with #???
Does anyone know why Fb is keep adding the # before access_token?
Because you asked for it, by using response_type=token. You actually want to ask for a code instead.
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow#logindialog
I'm in the process of learning how to use HP Quality Center's REST api to query and manipulate data. Unlike REST standard, this API is not completely stateless. It uses cookies to store authentication sessions.
I've tried to implement a very simple test, using the Jersey Client library. I can successfully authenticate my user, by sending my credentials. The API reference claims that this will set a cookie, and I am good to go with further calling the REST api. However, a simple "is-authenticated" call returns a 401, Authentication failed.
I have a feeling that the cookie writing or reading is not working properly, as everything else seems to work as it should. But I haven't been able to find out if or how cookies are set and read, when no browser is involved. So How does cookies work, when calling cookie-setting REST services from java VM? Does it work at all? Where are they stored?
I am using Eclipse Kepler as my IDE, if that matters at all, and a 32-bit java 1.6 JDK and JRE.
Code, and response strings below:
1. Logging in:
Client client = ClientBuilder.newClient();
Response response = client
.target("http://[host]:[port]").path("qcbin/authentication-
point/alm-authenticate")
.request().post(Entity.entity("<alm-authentication>
<user>username</user>
<password>secret</password></alm-authentication>",
MediaType.TEXT_XML_TYPE));
System.out.println(response.toString());
Output:
InboundJaxrsResponse{ClientResponse{method=POST,
uri=http://[host]:[port]/qcbin/authentication-point/alm-authenticate,
status=200, reason=OK}}
API Return description:
One of:
HTTP code 200 and sets the LWSSO cookie (LWSSO_COOKIE_KEY).
HTTP code 401 for non-authenticated request. Sends header
WWW-Authenticate: ALMAUTH
2. Verifying Logged in:
response = client.target("http://[host]:[port]")
.path("qcbin/rest/is-authenticated")
.request().get();
System.out.println(response.toString());
Output:
InboundJaxrsResponse{ClientResponse{method=GET,
uri=http://[host]:[port]/rest/is-authenticated, status=401,
reason=Authentication failed. Browser based integrations - to login append
'?login-form-required=y to the url you tried to access.}}
PS: adding the ?login-form-required=y to the URL, will bring up a log-in window when called in a browser, but not here. Appending the line to the URL actually still gives the same error message, and suggestion to append it again. Also, when called in a browser, the is-authenticated returns a 200, success, even without the login-form.
When you log in, you're getting a cookie which is a name plus a value.
The REST server expects you to pass this in the request header with every request you make.
Look into the object which you get for client.request(); there should be a way to specify additional headers to send to the server. The header name must be Cookie and the header value must be name=value.
So if the server responds with a cookie called sessionID with the value 1234, then you need something like:
client.request().header("Cookie", "sessionID=1234")
Related:
http://en.wikipedia.org/wiki/HTTP_cookie
To get user details, facebook docs suggests making this call:
https://graph.facebook.com/me?access_token=YOUR_USER_ACCESS_TOKEN
When a user signs up using facebook's "Register plugin", how do I get this user access_token from the signed request. The latter contains a oauth_token, but I couldn't find documentation on how to obtain the access_token. I use java server side authentication technique (I don't use the javascript way..)
Specifically, the docs say:
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&redirect_uri=YOUR_REDIRECT_URI
&client_secret=YOUR_APP_SECRET
&code=CODE_GENERATED_BY_FACEBOOK
This answer recommends passing a blank redirect uri. But where does the "CODE_GENERATED_BY_FACEBOOK" come from in the REGISTRATION flow? I tried passing the oauth_token from the signed_request as the "code generated by facebook". But it fails verification.
Pointers will be be helpful. Thanks.
Note: I already have the "sign in with facebook" working & I know how to obtain the access_token in that flow. But I would expect a more straight forward way of doing that when the user registers using facebook.
You may have solved your problem, but anyway I place my case;
You must set exactly the same value for the "redirect_uri" parameters for both dialog/oauth and oauth/access_token pages (and unfortunately, this is not stated clearly on Facebook documentation). In my case the URIs in question were:
https:
//www.facebook.com/dialog/oauth?client_id=23902620775&redirect_uri=http%3a%2f%2fwww.mydomain.com%2fMembership%2fLoginCheckFacebook&scope=user_birthday,email
https
://graph.facebook.com/oauth/access_token?client_id=23902620775&redirect_uri=http%3a%2f%2flocal.www.mydomain.com%2fMembership%2fLoginCheckFacebook&client_secret=80a34471e31e7afa0a7a7cd3cfc7&code=AQDsrevxH_Q3-NVts8VBThXCC0z6cCIhdnTMVCE9McsjJYLLy6ZKnlibmi8tWPcP...
I am calling
service.insert(new URL(getContentFeedUrl()), newAttachment);
for Google sites file upload using MediaStreamSource in servlet and get following exception
com.google.gdata.util.ServiceForbiddenException: OK
Not authorized to write to this feed
at com.google.gdata.client.http.HttpGDataRequest.handleErrorResponse(HttpGDataRequest.java:561)
at com.google.gdata.client.http.GoogleGDataRequest.handleErrorResponse(GoogleGDataRequest.java:543)
at com.google.gdata.client.http.HttpGDataRequest.checkResponse(HttpGDataRequest.java:536)
at com.google.gdata.client.http.HttpGDataRequest.execute(HttpGDataRequest.java:515)
at com.google.gdata.client.http.GoogleGDataRequest.execute(GoogleGDataRequest.java:515)
at com.google.gdata.client.media.MediaService.insert(MediaService.java:390)
at morefile.UploadApp.uploadAttachment(UploadApp.java:95)
Do you call service.getAuthToken with good username and password before?
I just realised that i was granting access to user who was not owner of google sites and thus was getting this error. I am leaving this comment as there is little help available on web on this error.