I am working on allowing users to log in to my website using Yahoo. I have intermittent problems with Yahoo Oauth2. I will generate the url to request the authorization code and it will get to the Yahoo login sometimes. Other times I will get the window with "Uh oh Looks like something went wrong. Please try again later. Developers: Please specify a valid request and submit again." and the url will have error=invalid_request&error_description=invalid+redirect+uri
My request url is configured on the yahoo console. Also I am using https on a server connected to the internet (not a local machine)
My request authorization was created using the one in https://developer.yahoo.com/sign-in-with-yahoo
I have
https://api.login.yahoo.com/oauth2/request_auth?
client_id={MY CLIENT D}
&scope=openid
&nonce=4c29ac770b9b1d795b
&prompt=consent
&response_type=code
&redirect_uri=https%3A%2F%2F{MY WEB SITE}%2Fcallback_yahoo.php
I am out of ideas at this point.
Thank you
Apparently (maybe) something was wrong on Yahoos side. I created another application with the SAME configuration and the problem seem to have gone away.
Related
I use Oauth via Microsoft and it has worked fine for a while, then a couple of weeks ago (can't remember exactly when) i got some tweet or something from someone saying that they had problems signing in with MS Oauth.
The error i get is this.
https://login.live.com/err.srf?lc=1033#error=invalid_request&error_description=The+provided+value+for+the+input+parameter+'redirect_uri'+is+not+valid.+The+expected+value+is+'https://login.live.com/oauth20_desktop.srf'+or+a+URL+which+matches+the+redirect+URI+registered+for+this+client+application.
The page actually says
"We're unable to complete your request
Microsoft account is experiencing technical problems. Please try again later."
And that indicates that they may actually have some issues but i think it's been like this for a while so i suspect it's just some generic error.
If i look at my request it says.
client_id=[MY CLIENT ID]&scope=wl.basic&response_type=code&redirect_uri=http://dev.ohso.se/login/ExternalLoginCallback/?provider=microsoft&sid=[some id]
I do get the same error on both my dev app and the production app i have setup.
This is how my callback URLs look like. I have tried to add URLS both with ExternalLoginCallback and externallogincallback but it doesn't seems to work. It looks like it's saved but it's gone when you return to the page.
Anyone know how to contat MS to at least report this bug and maybe also get hold of someone that can help debug my problem?
/Ola
OK, got it. The issue is with your request URL, remove / character from ..back/?provid.... Your request URL should be
client_id=[MY CLIENT ID]&scope=wl.basic&response_type=code&redirect_uri=http://dev.ohso.se/login/ExternalLoginCallback?provider=microsoft&sid=[some id]
and you can have any redirect URL #MS
http://dev.ohso.se/login/ExternalLoginCallback
or
http://dev.ohso.se/login/ExternalLoginCallback/
I am trying to implement oauth2 for yahoo (target is yahoo's contact api). See here: https://developer.yahoo.com/oauth2/guide/#implicit-grant-flow-for-client-side-apps
However, I get the following error:
Oops. Yahoo is unable to process your request.
We recommend that you contact the owner of the application or web site to resolve this issue. [95037]
How to get this resolved? It comes with I use response_type=token (which is needed for Implicit Grant Flow), but works fine for response_type=code
[EDIT]
The request to yahoo (urldecoded):
https://api.login.yahoo.com/oauth2/request_auth?client_id=[CLIENT_ID]&response_type=token&redirect_uri=[PATH]&display=popup&scope=&state={"client_id":"[CLIENT_ID]","network":"yahoo","display":"popup","callback":"_hellojs_23g8z6wk","state":"","redirect_uri":"[PATH]","scope":"friends,basic"}
[UPDATE]
After following the recommendations from HansZ., I was able to resolve it.
Now the issue has come back without changing any code. Basically, it only works when I am logged in with the Yahoo ID that I used to setup the App at Yahoo.
Otherwise, sometimes it goes in loops and chrome says
This webpage has a redirect loop`
rest of the time it gives the error again.
Your state is the problem. I can reproduce the problem by including your URL-encoded state in the authorization request for my Yahoo client. The problem is the length of the state or the total URL. You may revert to using a cookie for maintaining that state and send only the (much shorter) cookie name as the state parameter.
Hopefully someone here can help me fix this. I have been trying to make a web app for twitter, I have setup my application in the developer section of the twitter website.
I have set a callback url in both the developer section and in my code.
Where I get stuck is I get a 401 Unauthorized exception when requesting the Access Token. The app correctly sends the user to Twitter to ask for authorization, and then twitter send back to my callback URL successfully. My webapp then tries to request the access token and thats when the exceptions happens.
Below is an example of the API I call:
https://api.twitter.com/oauth/access_token?oauth_callback=http://www.example.com&oauth_consumer_key=6Rfhub7fDgCIazdg4dMECT6fJ&oauth_nonce=1721260&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1403965501&oauth_token=RCbfmuvzqFjJWHwCtWfNqEQ22uXFvv422AtHfBBYE&oauth_verifier=0QuTFy5SBmAl29VIWkBjfogJQ7GiSAoR2qIjokoii0&oauth_version=1.0&oauth_signature=JRzlH5Fiv5Ani3P+oXj5dxV58cA=
Any ideas where I might be going wrong?
Thanks
EDIT: Im using code from here http://www.aspdotnet-suresh.com/2012/05/add-twitter-login-authentication-to.html
and I changed it to use https:// not http://
Couldn't fix this issue. Using TweetSharp instead.
I'm trying to develop a desktop application to access an API exposed by Groundspeak for geocaching.com. The API requires the use of OAuth.
After finally figuring out why my message signature was being rejected (I had to double-encode my callback URL, after reading somewhere that double-encoding causes problems), I now receive the following error from Groundspeak when attempting to get a request token:
oauth_error_message=Error%20while%20reading%20message%20%27DotNetOpenAuth.OAuth.Messages.UnauthorizedTokenRequest%27%20parameter%20%27oauth_callback%27%20with%20value%20%27http%253A%252F%252Fwww.mysite.com%252F%27.
Not a very descriptive error message. What's the problem here? Groundspeak uses DotNetOpenAuth on its server. Seems like my callback URL might be causing some issue, but I don't have any idea what.
I should probably also say that I'm developing a desktop application, so the callback URL isn't really valid. It does point to a website I own, but that website has no idea about OAuth at all. If I omit the callback URL, I receive the error "Callback URL not present or not valid" or somesuch.
I don't know anything about Groundspeak but I'd guess that they require that you register your app's callback URL before using OAuth. At least Google and Microsoft do this with their OAuth APIs. Look for some kind of developer settings on Groundspeak.
This is definitely something that needs to be further defined in the future: OAuth for non-web applications. But there does seem to be a few possible solutions (not the cleanest) that you can try to get OAuth working within a desktop application. You can look into the articles below that have some working solutions (I have not tested this myself). It's based off of Google's workable solution for handling OAuth from installed desktop apps:
https://developers.google.com/accounts/docs/OAuthForInstalledApps
Link to possible workaround solutions:
http://blog.appharbor.com/2012/06/21/oauth-for-net-desktop-applications
Here's also a related article on SO for desktop app OAuth: OAuth for Desktop apps?
Hope this helps!
I am using the ruby twitter gem and oauth to gain access to users twitter accounts. In my code, I have:
unless #user.twitter_authd?
oauth = Twitter::OAuth.new('token', 'secret')
session[:twitter_request_token] = oauth.request_token.token
session[:twitter_request_secret] = oauth.request_token.secret
#twitter_auth_url = oauth.request_token.authorize_url
end
where token and secret have my actual token and secret inserted. When I click on the link to the #twitter_auth_url, I am taken to twitter and asked to grant access. I click allow and then twitter redirects me to my callback URL http://www.mydomain.com/twitter_callback/?oauth_token=fmy2aMvnjVgaFrz37bJ4JuB8r5xN79gsgDQRG4BNY which then hits this code:
oauth = Twitter::OAuth.new('token', 'secret')
logger.info("session[:twitter_request_token] = #{session[:twitter_request_token]}")
logger.info("session[:twitter_request_secret] = #{session[:twitter_request_secret]}")
oauth.authorize_from_request(session[:twitter_request_token], session[:twitter_request_secret])
session[:twitter_request_token] = nil
session[:twitter_request_secret] = nil
#user.update_attributes({
:twitter_token => oauth.access_token.token,
:twitter_secret => oauth.access_token.secret,
})
redirect_to root_path
The twitter request token and secret are being set just fine. However I end up with an authorization error:
OAuth::Unauthorized in MainController#twitter_callback
401 Unauthorized
RAILS_ROOT: /Users/TAmoyal/Desktop/RoR_Projects/mls
Application Trace | Framework Trace | Full Trace
/Library/Ruby/Gems/1.8/gems/oauth-0.3.4/lib/oauth/consumer.rb:167:in `token_request'
/Library/Ruby/Gems/1.8/gems/oauth-0.3.4/lib/oauth/tokens/request_token.rb:14:in `get_access_token'
/Library/Ruby/Gems/1.8/gems/erwaller-twitter-0.6.13.1/lib/twitter/oauth.rb:29:in `authorize_from_request'
/Users/TAmoyal/Desktop/RoR_Projects/mls/app/controllers/main_controller.rb:70:in `twitter_callback'
The code is failing at this line:
oauth.authorize_from_request(session[:twitter_request_token], session[:twitter_request_secret])
when it tries to get an access token. You can see the source code of authorize_from_request here. I am not sure why this is happening. Anyone have ideas?
A bit late to the party but just ran into the same issue myself. I tracked the issue down to the setup of my OAuth app in Twitter. I had initially not specified a callback URL as I was unsure of it.
Once I had setup my rails app I went back to find Twitter had assumed I was a desktop application as I hadn't specified a callback URL. Once I changed this to website and entered a callback URL I stopped getting 400s.
If you're getting error 401 - OAuth::Unauthorized, make sure you edit the settings of your Twitter application as follows:
Application Type: Browser
Callback URL: http://127.0.0.1:3000/auth/twitter/callback
this is an issue about time synchronization of your system with twitter server.
Twitter doesn't allow localhost as part of a valid callback URL.
Instead use http://127.0.0.1:3000/auth/twitter/callback
Hope this helps
This was one of the most annoying things to debug that I have come across. I was outputting in a couple places by accident because the URL's are dynamic and they happened to not be defined in my test case (i use this to display chart data and there is not enough right now so the google chart api URL's are blank). This caused my browser to make multiple requests to my localhost when some pages were loaded. Somehow that made the oauth process crap out. Obviously there is no way for people on S.O. to know about my application specific issue so I had to answer my own question.
I had this same problem and none of the suggestions in this thread worked for me.
I found the problem for me was the TIMESTAMP on my request. The mobile device I was running my scripts on had a jacked up clock. When I updated the system time on my device to the correct time (i.e. now), all of my requests came back "200 OK" instead of "401 Unauthorized".
This problem seems to be caused by twitter not being able to handle connection keep-alive correctly. Make sure you set connection=close http header in the request to twitter. Wasted a weekend debugging this.
not enough info for me, but when was twitter gem last updated? twitter changed their oauth 'stuff' in mid may approx. perhaps you have an old one. I'd update your question to show the callback_url, and make sure you have the right token and secret, which it looks like you don't have.
also, did you put the right callback url in your twitter app page? alot of times that screws you up too.
if that fails use mbleighs twitter_auth instead. it worked for me and is pretty slick.