Tried checking documentation for a few days and contacted support - Looks like GET URLs for OAuth are not available (like Google API 'https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.google.com/m8/feeds`) for HERE Maps. I need the below URLs. Does anyone have luck with the below?
Request Token URL - Should accept GET
Access Token URL
Refresh Token URL
Revoke Token URL
https://account.api.here.com/oauth2/token accepts only POST per my knowledge.
Example Google API URLs
Request Token URL:
https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.google.com/m8/feeds
Access Token URL:
https://www.googleapis.com/oauth2/v4/token
Refresh Token URL:
https://www.googleapis.com/oauth2/v4/token
Lowkey: My aim is to validate the address - But I'm offering this as an extension - so I'd like to allow respective users to generate their own Keys/Tokens.
Below is the screenshot of ZOHO Configuration form:
Related
I am developing a web application that allows any user to connect with its Salesforce account. I've implemented User-Agent Flow and I obtain correctly access_token and other info but I can't obtain refresh_token, even if I have the correct scopes (api, web, refresh_token, offline_access).
This is the request I use:
https://login.salesforce.com/services/oauth2/authorize?response_type=token&scope=refresh_token&client_id=[MY_CLIENT_ID]&redirect_uri=[MY_REDIRECT_URL]
And my redirect URL is:
http://[MYSITE].com/#/services/oauth2/success
(that corresponds to the host from where I make the call)
This call correctly gives me access_token but not refresh_token.
if I use "https" instead "http" as redirect uri I receive this error:
error=invalid_scope&error_description=the requested scope is not available
From the documentation, I read that:
The refresh token for the user-agent flow is only issued if you
requested scope=refresh_token and one of the following scenarios is
true:
....
The redirect URL host matches the request host and includes the servlet services/oauth2/success.
...
I think to be in this case, what am I doing wrong?
Thanks in advance
Try adding Perform requests at any time (refresh_token, offline_access) under Selected OAuth Scopes in your connected app
Background
I'm implementing Alexa's App-to-App Account Linking Flow, and I'm stuck on Step 6 - enabling the skill using Alexa's Skill Activation API.
Concretely, I am not sure what value to supply to the redirect_uri POST field. In the docs, the following description is provided:
The redirect_uri parameter that was included in the authorization request to your OAuth 2.0 server to obtain the user's authorization code. This enables Amazon to retrieve access tokens from your token server. This URL must be opaque to Amazon.
My understanding is that Alexa wants to exchange an existing authorization code for an access token, but I don't know how Alexa is trying to accomplish this "under the hood" and my current approach throws a 400 error.
Error Message
[status] 400
[response] {"message":"Could not contact provider of account linking credentials"}
Notes
My app uses Firebase authentication, and creates accounts for users via federated login with Google and Facebook. Thus, Google and Facebook redirect back to my native app (React Native).
I do not have a universal link; instead in my account-linking flow,
the Alexa app redirects users to an html page that redirects to my app using its custom schema.
When a user signs into my app from Alexa, Alexa redirects them from my login page back to the Alexa app. In this case, the Alexa universal link is the redirect url.
When a user signs into Alexa from my app (app-to-app linking), The Alexa app redirects them to my app. My app is the redirect url.
I have tried using my app's [faux] "universal link" as the redirect url, to no avail. There are no other redirects in my login flows. What is this url supposed to be?
NB: I have a endpoint for exchanging an auth_code for an access_token. The token is returned in the body; there's no redirect with the access_token appended to the redirect_url.
Example Skill Activation (my React Native app):
async enableSkill() {
try {
let response = await fetch(`https://api.amazonalexa.com/v1/users/~current/skills/${this.skillId}/enablement`, {
method: 'POST',
headers: {
'Authorization': `Bearer ${this.alexaAccessToken}`,
'Content-Type': 'application/json'
},
body: JSON.stringify({
stage: 'development', // or live
accountLinkRequest: {
redirectUri: Linking.makeUrl(), // <--- unsure
authCode: this.myAppAuthCode, // <-- auth code from my system, not Alexa's
type: "AUTH_CODE"
}
})
});
return response.json();
} catch (err) {
throw new Error(err);
}
}
I think it is not possible to use different OAuth Server like Google and Facebook together. I am not sure if it is possible to use firebase as OAuth Server.
In the account linking tab of the skill, you have to enter the details of the OAuth server you want to use and in the accountLinkRequest you must enter the redirectUri which you used for the OAuth Login with this server.
When you have your own OAuth server make sure it is running on port 443. It took me hours to find out that it is not working with Port 3000 which my Node.js backend used.
According to the developer documentation The redirect_uri you are asking about is a parameter that was included in the authorization request to your OAuth 2.0 server to obtain the user's authorization code. This enables Amazon to retrieve access tokens from your token server. You must set this URL in the developer console of your skill like that:
I allow users to authorize their Microsoft accounts using oAuth and the Microsoft Graph API. I am using this omniauth strategy to facilitate the authorization. In the OmniAuth strategy, it includes the resource for both authorize_params and token_params "https://graph.microsoft.com". This allows me to authenticate just fine but when I go to refresh the auth, I get this error returned:
{"error"=>"unauthorized_client", "error_description"=>"AADSTS70001: Resource 'https://graph.microsoft.com/' is not supported as resource.\r\n"}
Along with a trace_id and some other things that I will post if needed.
The endpoint I am hitting to refresh is POST https://login.microsoftonline.com/common/oauth2/v2.0/token with the client_id, refresh_token and grant_type: "refresh_token" params.
Refreshing this oAuth token was working fine as recently as last week. Did something change with the Microsoft Graph API or something?
You may want to take a look at Refreshing a Token.
It sounds like you were partially there, you were just missing some additional parameters:
grant_type - Set as refresh_token
refresh_token - The refresh token value you received from the Provider
client_id - This is your Application ID from above
client_secret - This is the Password we generated before
scope - This should match the same set of scopes you first requested
redirect_uri - This is the redirect URI defined in your application registration
These are formatted application/x-www-form-urlencoded in you POST to https://login.microsoftonline.com/common/oauth2/v2.0/token
POST URL: https://login.microsoftonline.com/common/oauth2/v2.0/token
POST HEADER: Content-Type: application/x-www-form-urlencoded
POST BODY: grant_type=refresh_token&refresh_token=[REFRESH TOKEN]
&client_id=[APPLICATION ID]&client_secret=[PASSWORD]
&scope=[SCOPE]&redirect_uri=[REDIRECT URI]
Turns out it was as simple as I was authing to v1.0 but attempting to reauth to v2.0. Not sure why this worked up until now but ensuring they are hitting the same version of the API has solved the issue.
I am getting following error while configuring
social login( Janrain )
for x-cart based e-commerce website ( Facebook and Google+)
The tokenUrl or xdReceiver has not been whitelisted
while the tokenUrl that i have set i.e. [www.culturetruck.com][1] is whitelisted. I guess I didn't understand the concept of tokenUrl. Please suggest me what should I use as token URL to receive tokens in X-cart?
1) According to 'Social Login Flow Walkthrough'
http://developers.janrain.com/overview/social-login/social-login-overview/
Janrain posts an access token to your token URL.
Using the access token and your API key, your application can fetch
data about the user through our Social Login REST API.
User data can be served to your site to customize the end-user
experience.
2) X-Cart 4 'Social Login' module uses URLs like these
https://www.culturetruck.com/xauth_return_rpx.php?xid=8bf6ea9554b4b33e4698d0258575d7da
as Token URL.
In this case you have to add these URLs to the whitelist
www.culturetruck.com
culturetruck.com
*.culturetruck.com
cdn-social.janrain.com
according to
https://janrain.zendesk.com/hc/en-us/community/posts/203661356-The-definitive-token-URL-or-xdReceiver-has-not-been-whitelisted-error-thread
3)To create an integration from scratch follow this guide
http://developers.janrain.com/overview/social-login/social-sign-in-migration-guide/#Step_3Generate_New_Code
This is about Token URL
http://developers.janrain.com/overview/social-login/implementing-social-login/#4_Create_a_Server-side_Token_URL
I figured out how to get the sign in button and redirect through php code. BUT, Chrome Dev only allows client side code. How do I get the log in with twitter with client side code for my Chrome app?
is there a way to run php code for a chrome app?
Here is another alternative to CodeBird for authenticating a twitter user in a Chrome extension.
The key with this approach is to provide Twitter with a legitimate domain for the callback URL for your app. Then, use content scripts to inject a script onto that same domain. That script will parse the query string of the URL to get the tokens and send those tokens in a message to your extension's background script. Your background script will take the tokens and then perform the third leg of the oauth process, which will finally get you the oauth token and oauth token secret.
Here is a brief example:
in your manifest.json, make sure your content script matches the same domain that you put in your twitter app settings callback URL:
"content_scripts": [{
"matches": ["https://andyjiang.com/*"],
"js": ["js/session.js"]
}]
Then, in your js/session.js file, have this sort of logic:
chrome.runtime.sendMessage({type: 'auth', session:
window.location.search.substr(1)}, function(response) {
window.open('', '_self', '');
window.close();
});
In your background script, have some logic that listens for the message, gets the token, and uses Twitter's API for the third leg of the oauth process to finally get the oauth token and oauth token secret, which you can then save in localStorage or chrome.storage.
Here is sample code of the logic:
https://github.com/lambtron/chrome-extension-twitter-oauth-example
Hope that helps!
You can use the Chrome Identity API for this. Check out Non-Google account authentication for simple instructions on making a request using the launchWebAuthFlow API function.
Previously, there were client side libraries for implementing the OAuth flow, such as oauth2-extensions described here, but thankfully this is not required anymore .
Update
I've been playing around trying to get an example working for Twitter, but haven't quite got there. It appears that Twitter doesn't have an API endpoint that matches the OAuth2 URL that is expected. I think in the case of Twitter, you may have to use OAuth 1.0a instead, which would require a library after all. I found one called CodeBird. I will try and investigate further though.
Example using Chrome Identity API to Authorise Instagram
You need to register the client to your provider with https://abcdefghijklmnopqrstuvwxyzabcdef.chromiumapp.org/intagram_cb, where 'abcdefghijklmnopqrstuvwxyzabcdef' is replaced with your extension ID and intagram_cb is name for a path to be able to distinguish between other providers you wish to authenticate with within the extension. If you only have one, then you can omit it.
Add provider to the permissions property in the manifest.json file:
"permissions": [
"*://*.instagram.com/*"
]
Get access token. You obtain the client_id token from your provider account:
var redirect_uri = chrome.identity.getRedirectURL("intagram_cb");
var client_id = "123456789012345";
var auth_url = "https://instagram.com/oauth/authorize/?" +
"client_id=" + client_id + "&" +
"response_type=token&" +
"redirect_uri=" + encodeURIComponent(redirect_uri);
chrome.identity.launchWebAuthFlow({'url':auth_url, 'interactive': true},
function(redirect_url) {
// extract the token from this url and use it for future requests
var accessToken = redirect_url.substring(redirect_url.indexOf("=") + 1);
}
});