I am trying to follow Zoho's guide for getting authorized via OAuth. Unfortunately, the guide seems a little outdated as the API Console doesnt look like the screen shots provided in the guide.
This is what I am trying to accomplish
I'm developing a windows client application. So naturally i chose the Non-Browser Application for my zoho client (in the API Console). Using this client type there is no "Authorized Redirect URIs".
So how am i supposed to get authorized to start using the Zoho APIs?
Currently, i've tried various client types w/ various redirect uris (bogus). I am getting an http code response of 500.
I am basically calling an HttpClient GetAsync(requestUrl ) where requestUrl is defined below:
var scopeValue = $"{scope}&client_id={clientId}&client_secret={secret}&response_type=code&access_type=offline";
var requestUrl = $"https://accounts.zoho.com/oauth/v2/auth?scope={scopeValue}";
Question
Why am i getting a 500 error when i invoke this GET request to get authorized?
Am I choosing/configuring the wrong zoho client type?
Is there a difference between a Zoho Account Id and User Id (this MIGHT be one of my problems)?
Just for FYI, here is the Zoho API Console with the various client types to choose from:
Try going to a different requestUrl. I believe you should be going here. You should also be using a POST request. I chose the Non-Browser Application for my zoho client (in the API Console). And I am able to get a response.
https://accounts.zoho.com/oauth/v3/device/code?client_id=xxxx&scope=ZohoProjects.tasklists.READ&grant_type=device_request
I wrote this in VBA only for trouble shooting this question.
Set objHTTP = CreateObject("MSXML2.ServerXMLHTTP")
Url = "https://accounts.zoho.com/oauth/v3/device/code?" & _
"client_id=xxx&" & _
"scope=ZohoProjects.tasklists.READ&" & _
"grant_type=device_request"
objHTTP.Open "POST", Url, False
objHTTP.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objHTTP.Send ("")
replyTXT = objHTTP.responseText
Debug.Print (replyTXT)
I believe this link has some helpful information.
https://www.zoho.com/accounts/protocol/oauth/devices/initiation-request.html
Related
I'm trying to use the oauth-ruby gem (https://github.com/oauth-xx/oauth-ruby/) in my Rails application to let users authenticate with a 3rd party API, but I'm having problems getting the oauth_callback to work properly when using get_request_token. Here is the code that keeps failing:
#request_token = oauth_consumer.get_request_token(:oauth_callback => "http://myurl.com")
This results in a 400 Bad Request "OAuth::Unauthorized" error everytime. However when I remove that from my code it returns a request token fine:
#request_token = oauth_consumer.get_request_token()
The problem I'm facing is that when doing this I am not able to be redirected back to my application once the user has authenticated with the 3rd party. Is this an issue with my code or something to do with how the 3rd party handles oauth_callbacks?
Thanks,
Chris
That error probably become because the API you requested needs you to save at least one callback URL. Review the API and add your test/production callback url from your dashboard, then the API could validate it on every request you do.
I am trying to connect to JIRA using OAuth. I have followed this tutorial but when i want to create a new Application Link, it asks me to enter the URL of the application i want to link which seems strange in my case, since i want to connect a Google spreadsheet to JIRA !!!
I really appreciate your help Welsh, i have managed to generate a public key thanks to you and a new application link, now i want to obtain a request token from JIRA but i always get an error message when executing the request token command.
The document states:
When creating the Application Link use a placeholder URL or the correct URL to your client, if your client can be reached via HTTP and choose the Generic Application type.
So you can either use the URL to the Google Docs Spreadsheet that will be using the token to authenticate or you can just use a placeholder URL.
When making a call to get the Yodlee Fastlink form I keep getting redirected to a URL with parameters oauth_error_problem=token_rejected and oauth_error_code=413. I am generating the user token via the recommended OAuthAccessTokenManagementService.getOAuthAccessToken call immediately before creating the oauth signature and substituting them into their respective positions of the sample url as outlined here Fastlink Integration Guide. I am using a token generated for an account in the Private Zone, is there a separate base url that I should be using for fastlink, like there is for other REST calls? Also, is there a list of oauth-related error codes and explanations? The error codes section under FAQ does not include references to this code in particular or anything else related to oauth.
You are getting this error as you are using the wrong URL to connect to FastLink for the specified token.
is there a separate base url that I should be using for fastlink, like there is for other REST calls?
Yes, the base URL for your private zone will be different than the one on the developer portal. Please contact your account manager to get the correct FastLink URL.
is there a list of oauth-related error codes and explanations?
Right now there is no documentation on the ouath error codes. We will take this as feedback and will have documentation around it.
I'm pretty new to Meteor and a total beginner with the Twitter API. I am creating a simple application in Meteor for demonstration purposes only. I need to be able to search Twitter for a specific hashtag. I just need to be able to get the tweets using that hashtag and display them in a list. Super simple.
I've registered my app, received keys and such. I just need to see an example of the code flow from starting before Oauth to receiving the results of the Twitter search.
I will be running this app locally and just need to be able to send a GET request and receive a RESTful response.
I have seen documentation about how jQuery isn't supported due to security risks. Since my backend is JS I need to be able to do this with JS.
Can anyone suggest documentation on how I can do this where I can see code examples?
Since the v1.1 of Twitter API (may 2013), it's not possible to search without being authorized using OAuth.
If you want to do it client side in a simple way, you may want to use OAuth.io.
I've just made an example in jsfiddle to make a simple search using Twitter API
The code is quite simple:
//Initialize the SDK with my OAuth.io public key, then display the OAuth authorization form
OAuth.initialize('YOUR-PUBLIC-KEY')
OAuth.popup('twitter', function(err, twitter) {
var search = encodeURIComponent("#oauth.io")
twitter.get('/1.1/search/tweets.json?q=' + search)
.done(function(data) {
console.log(data); //your search results are in data
})
})
Good question. You are correct, the Twitter 1.1 API requires oAuth tokens even for simple GET requests like the one you need. Yeah, requesting an oAuth key and secret from the twitter dev site can seem like overkill for a locally running project, but it's required for every one of their API endpoints.
Once you have the oAuth consumer key and secret, you are all set to make your API calls. Casual googling on the twitter dev site suggests that sending oAuth creds via JQuery is not supported by Twitter for security reasons. You can read more about that here.
I am not sure what you need to do with the Twitter data, so I'm not embedding any code samples for oAuth. In the mean time, check out how oAuth works as you think about how to implement your solution. PHP? Python? Ruby? Perhaps these oAuth code samples from Twitter are a good place to start?
There is a meteorite library intended to get around this exact problem.
https://github.com/subhog/meteor-twit
You can follow the documentation for use:
https://github.com/ttezel/twit
Below is some example code:
if (Meteor.isServer) {
Meteor.methods({
twit_get: function() {
Twit = new TwitMaker({
consumer_key: 'foo',
consumer_secret: 'foo',
access_token: 'foo',
access_token_secret: 'foo'
});
Twit.get(
'search/tweets',
{
q: 'banana since:2013-12-11',
count: 10
},
function(err, reply) {
console.log(reply);
});
}
});
}
The website I'm making makes it possible to connect your account with your youtube account. From localhost, this works perfectly, but from the site, which is step1tuts.appspot.com, it doesn't work. When I redirect the user to the authentication page from my website, I get the following message:
The page you have requested cannot be displayed. Another site was
requesting access to your Google Account, but sent a malformed
request. Please contact the site that you were trying to use when you
received this message to inform them of the error.
The code that handles this authentication looks like this:
client = youtube.get_client()
client.developer_key = 'AI39si759T7YcZ4E3XvICpZr3cGwQ0Ev4AjwyJrVSS6AW6NUc7_t10DX1JsngWzU4YoGjpsjAUTejav0hgXp9vDuM7a83tDXzQ'
client.client_id = 'step1tuts.com'
domain = 'http://' + os.environ['HTTP_HOST']+"/user/youtube_token"
scope = 'http://gdata.youtube.com'
url = client.GenerateAuthSubURL(domain,scope,secure=False,session=True)
self.redirect(str(url))
return
The url I'm redirecting to, ending in /auth_token then processes the token it gets back from youtube, but the error happens here.
Just for clarity, the youtube.get_client method is one that I developed to reuse the process of making the client appengine ready: the code for that is:
def get_client():
client = gdata.youtube.service.YouTubeService()
run_on_appengine(client)
client.developer_key = 'AI39si759T7YcZ4E3XvICpZr3cGwQ0Ev4AjwyJrVSS6AW6NUc7_t10DX1JsngWzU4YoGjpsjAUTejav0hgXp9vDuM7a83tDXzQ'
client.client_id = 'step1tuts.com'
user = users.get_current_user()
if(user and user.yt_token):
client.SetAuthSubToken(user.yt_token)
return client
While pasting in this code, I noticed that I'm duplicating the part where I give my developer key. I don't think that that's the problem, but I'll remove that from the authentication part of my code, and see what happens.
The problem must be tracable by watching the url that the user is redirected to, so just for some extra info, the url that I'm redirected to when I'm using the app on my local machine using the SDK, with which it works:
http://www.youtube.com/auth_sub_request?scope=http%3A%2F%2Fgdata.youtube.com&session=1&next=http%3A%2F%2Flocalhost%3A8081%2Fuser%2Fyoutube_token%3Fauth_sub_scopes%3Dhttp%253A%252F%252Fgdata.youtube.com&secure=0&hd=default
And the url that I'm redirected to when I use the same code on production:
http://www.youtube.com/auth_sub_request?scope=http%3A%2F%2Fgdata.youtube.com&session=1&next=http%3A%2F%2Fstep1tuts.appspot.com%2Fuser%2Fyoutube_token%3Fauth_sub_scopes%3Dhttp%253A%252F%252Fgdata.youtube.com&secure=0&hd=default
Interesting. All other urls work except this one. Probably a bug on youtube side? I just added a '.' at the end of your domain and the request seems to go through. Maybe you can try that?
http://www.youtube.com/auth_sub_request?scope=http%3A%2F%2Fgdata.youtube.com&session=1&next=http%3A%2F%2Fstep1tuts.appspot.com.%2Fuser%2Fyoutube_token%3Fauth_sub_scopes%3Dhttp%253A%252F%252Fgdata.youtube.com&secure=0&hd=default