I am new to APIs and have made my first OAuth 2.0 calls to the Vimeo API.
I was able to reach the Vimeo login that allows authorization. However, when I login with my username and password, I am not able to click "allow". I've tried both Postman and Insomnia clients and get the same issue. If I click "Don't Allow" the window simply turns blank. I'm wondering what might be causing this hang-up where I cannot click "Allow" and get back my access token
Image of Window (Insomnia Client).
Please let me know if you need any code or more images in order to troubleshoot.
Thanks from a newbie,
-Josh
Could you open a ticket here, https://vimeo.com/help/contact.
We'll need to triage this with your account info.
Related
I am learning to use dropbox APIs and got confused when came up with the token flow.
As guide indicates, the flow should be like this:
the app redirect the user to a Dropbox webpage, i.e. .../oauth2/authorize
user logs in and approves the app
redirect back to the app. At this point, the app gets an access token.
However, when i requested the URL:
.../oauth2/authorize?client_id=xxx&response_type=token&redirect_uri=xxx
I was directly redirect to the destination with
REDIRECT_URI = "#access_token=xxx&token_type=bearer&uid=xxx"
And the "approve step" was skipped, i.e I got an access token without being allowed.
Is it a bug or my fault?
Any help would be appreciated :]
In certain cases, when the user has already approved the app to access their account previously, they will be automatically redirected through the app authorization flow.
If you want, your app can prevent this behavior from happening by using the force_reapprove parameter, documented for the /oauth2/authorize page here:
https://www.dropbox.com/developers/core/docs#oa2-authorize
Short description:
If a user has already granted my application OAuth access to their google profile, I want to spare them of having to press "sign in using google" button every time they land on my home page and log them in automatically.
If user has not granted access yet, I want to present them with sign in options page with "sign in using google" button.
Long description:
I am implementing Google OAuth flow as described on this link:
Using OAuth 2.0 for Web Server Applications
Just for the clarity, the flow in question is as follows:
present (client side) user with "sign in using google" button
after user presses the button, redirect them to google's OAuth 2.0 server, where they allow/deny my application to access their google profile
if user allows access, google redirects them back to my application
my application (server side) uses acquired grant to get access token
my application (server side) access user's profile using acquired access token
I want to achieve the following:
If user has already allowed my application access to their google profile before (either on current computer or some other), I want them to have an impression of being signed in to my application (using google) immediately after they navigate to my application's URL. Without having to click anything.
This is at first glance not a problem. To achieve this, I would automate steps 1 and 2 of the flow described above. User would be redirected to google oauth server automatically - without having to press "sign in using google" button - right after they navigates to application's URL. Google in turn immediately redirects user back to my application with a valid grant (again without requiring any input from the user). The rest remains the same. User would have an impression of being logged in immediately .
This approach has a problem though. If user goes to my page for the first time (not having granted my application access before), they would also be redirected to google OAuth page. But since they haven't granted access yet, and didn't press any sing in button, they would and end up staring at google oauth server page confused having no clue, what is going on.
Is there some API, by which I can detect that user has not yet granted access to my app (and I should present him with sing in button first)?
Please, if your solution would involve some API calls, point me to a HTTP/REST API, as I don't use (and do not want use) any higher level OAuth library.
Thanks.
Add "prompt=none" parameter to your initial OAuth redirect. This way google will not block if user has not logged in or has not granted your app the permissions.
See Chapter 3.1.2.1 of http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
Short summary of other possible "prompt" values:
none - will not prompt anything, redirects back with error "login_required" or "interaction_required" if silent login is not possible.
login - force the login prompt, even when user is logged-in.
consent - force the consent prompt, even if user has provided consent in the past.
select_account - present account selection prompt.
we are running into an issue that once our users are login in the app and are authenticated thru the oauth flow the authentication page is never being displayed again, in that way user cannot switch account if needed. We are using a popup display mode (which does not provide options to switch user) and "switch user" small button in top right side of the screen is not appearing in our mobile small screen devices (as Iphones). We tried the auth_type=reauthenticate but it does not provide any option to switch user in popup mode either. We can´t control user´s cookies as well so there is not how to delete them. Is there any way to always ask user to reathenticate during all oauth requests allowing user to switch accounts?
If Facebook has implemented OpenID Connect correctly, try to add prompt=login or prompt=select_account to your authorization request. See "3.1.2.1. Authentication Request" in OpenID Connect Core 1.0 for details.
I'm currently trying to integrate the Unity Facebook SDK into my game. I've downloaded the SDK and trying to test the example that it have. I've insert my app id into the settings and can do the FB Init, and when I press the Login button a pop-up appear asking for the User Access Token. I've done some searching/asking and it seems this is because I'm running it inside the Unity Editor (on mobile it would get the token by itself).
I've heard that I can use the User Token from my Facebook Developer page for testing. However, when I paste the User Token from Facebook Developer->Tools->Access Token and press login, an error appear saying "Access token is not for current app id : XXXXXXXXX". I'm not sure what's wrong here since the app id it shows is the app id I got from Facebook. Is there another User Token that I should be using? Or is there some settings that I need to do first for this to work?
Thank you.
I had this problem.
For me: I had trailing whitespace in the "App id" field in Facebook Settings.
E.g. I had in there "12345 " when I needed "12345".
Got rid of whitespace, all good.
To clarify: I'm assuming you are doing your testing in the editor, which can work you just need to get an access token from the developer site.
I'm going to assume you got the access token from here:
https://developers.facebook.com/tools/accesstoken/
I hate to assume error on your part, so let me know if you can repro this again and we can figure out what went wrong. Also, if I'm way off, please let me know.
I am using Cordova 3.4.0 along with the official facebook connect plugin link
The issue is that every time user opens the application. He/She has to press login and then it shows the "App already authorized screen" before the user is able to perform any action. How to prevent this addition of an action in the user flow?
I read that it is basically because the access token isn't stored by the plugin. As a result this action needs to be taken again and again. So I have now stored access token using localstorage but unfortunately don't know how to go about using it.
FB.api('/me/friends?access_token="+access_token+"', { fields: 'id, name, picture' },
Using it in the manner above results in an error saying invalid oAuth access token. Even though I placed an alert before this line to ensure that access_token had a valid value. Any help in this regard would be highly appreciate.
Just to rephrase I don't want the user to be asked to press login button every time they open the application.