Twitter User Lookup Request Error Confusion - twitter

I have activated my app after getting approval of my Twitter developer account. I am trying to get twitter account associated with an email/phone number using Twitter Api.
It works perfect with params like screen_name,user_id but while trying email or phone number as a param the
Response says :
Could Not Authenticate you
Code is
import requests
url = "https://api.twitter.com/1.1/users/lookup.json?map=true&phone=1234567890"
payload = {}
headers = {
'Authorization': 'OAuth realm="http%3A%2F%2Fapi.twitter.com",oauth_consumer_key="<consumer_key>",oauth_token="<outh_token>",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1595318479",oauth_nonce="<nonce>",oauth_version="1.0",oauth_signature="<sig>"'
}
response = requests.request("GET", url, headers=headers, data = payload)
print(response.text.encode('utf8'))
Response :
{
"errors": [
{
"code": 32,
"message": "Could not authenticate you."
}
]
}
What are the reasons and suggestions on this ?
Will appreciate the positive feedback.

Have you tried using dynamic values generation for header like nonce generation, Timestamp, base_url according to query paramters?

It is not possible to use email or phone number as query parameters on the Twitter API. This is not supported as a feature in the API. See the documentation for supported parameters on users/lookup and users/search.

Related

Discord OAuth2 throws Missing Permissions error when I already granted it the right permissions

Literally every single post I see when I search this is about a bot. If you are here for a bot error leave, this is not about a bot.
I am trying to create a bot that allows users to join a server from OAuth2, and I already have the access token (which works) and I am able to successfully get their user id and everything. However, when I try to join a server it immediately throws the error '{"message": "Missing Permissions", "code": 50013}'.
OAuth link: https://discord.com/oauth2/authorize?client_id=1044368734988546068&redirect_uri=*****&response_type=code&scope=identify%20guilds.join
^ The link above works fine, it's just when I try to use it to join a server, it throws the issue.
my code:
def add_to_guild(access_token, guildID, userID):
url = f"{API_ENDPOINT}/guilds/{guildID}/members/{userID}"
data = {
"access_token": access_token,
}
headers = {
"Authorization": f"Bot {TOKEN}",
'Content-Type': 'application/json'
}
r = requests.put(url=url, headers=headers, json=data)
return r.text
PLEASE help me with this. Thank you

What auth flow to use with spa and service account msal

There's so many different flows in the Microsoft docs that I have no clue what one is needed for me. I am using React and Python. (I understand node, so if someone explains using node/express its fine)
What user should see:
A page with a button to login, nav is there but wont work till logged in. The login creates a popup to sign in with Microsoft account. Once signed in, the user will be able to use nav to see dynamics information.
What I am trying to do:
This app needs to sign in a user and obtain the users email through 'https://graph.microsoft.com/v1.0/me'.(no client secrets needed) Then I need to send that email in this request;
(The tenant == {company}.crm.dynamics.com.)
allInfo = requests.get(
f'https://{TENANT}api/data/v9.0/company_partneruserses?$filter=company_email eq \'{email}\'', headers=headers).json()
This backend request needs to have a client secret to obtain the information. So I believe my backend also needs to be logged on to a service account. I believe I need to get a token for my backend to make requests on behalf of the service account.
What I have:
I have a React frontend that is signing a user in and calling 'https://graph.microsoft.com/v1.0/me' correctly and getting that email. Once I get the email, I am sending it to my backend.
Now I have no clue how to proceed and have tried many things.
What I have tried for backend:
Attempt 1: I get a token but error: {'error': {'code': '0x80072560', 'message': 'The user is not a member of the organization.'}}. Problem is, this id is the Azure AD ID. It should def work
#app.route('/dynToken', methods=['POST'])
def get_dyn_token():
req = request.get_json()
partnerEmail = req['partnerEmail']
token = req['accessToken']
body = {
"client_id": microsoft_client_id,
"client_secret": client_secret,
"grant_type": "client_credentials",
"scope": SCOPE_DYN,
}
TENANTID = '{hash here}'
res = requests.post(
f'https://login.microsoftonline.com/{TENANTID}/oauth2/v2.0/token', data=body).json()
dyn_token = res['access_token']
headers = {
"Prefer": "odata.include-annotations=\"*\"",
"content-type": "application/json; odata.metadata=full",
"Authorization": f"Bearer {dyn_token}"
}
try:
allInfo = requests.get(
f'https://{TENANT}api/data/v9.0/company_partneruserses?$filter=company_email eq \'{email}\'', headers=headers).json()
print(allInfo)
Attempt 2:
Same code but instead of f'https://login.microsoftonline.com/{TENANTID}/oauth2/v2.0/token' its
f'https://login.microsoftonline.com/common/oauth2/v2.0/token'. Error: An exception occurred: [Errno Expecting value] : 0. Because it returns an empty string.
Now I don't know if I am even on the right path or where to go. I know the routes work themselves if the token is correct. I used only SSR with no react and these routes work. But I need the React to be there too. I just don't know what flow to use here to get what I need. The docs make it easy for /me route to work. But the {company}crm.dynamics.com docs don't really provide what I am trying to do.
Additional info after comment:
What 'f'https://{TENANT}api/data/v9.0/company_partneruserses?$filter=company_email eq '{email}'', headers=headers" is trying to get are API keys. Full code :
try:
allInfo = requests.get(
f'https://{TENANT}api/data/v9.0/company_partneruserses?$filter=company_email eq \'{email}\'', headers=headers).json()
partner_value = allInfo['value'][0]['_company_partner_value']
response = requests.get(
f'https://{TENANT}api/data/v9.0/company_partnerses({partner_value})', headers=headers).json()
return {'key': response['company_apikey'], 'secret': response['company_apisecret']}
Then once it has the keys:
def api_authentication(apikey, apisecret):
headers = get_headers() #<-- same headers as above with using dyn_token
response = requests.get(
f'https://{TENANT}api/data/v9.0/company_partnerses?$filter=company_apikey eq \'{apikey}\' and company_apisecret eq \'{apisecret}\'&$select=company_apikey,company_apisecret,_company_account_value,_company_primarycontact_value,blahblah_unassignedhours,company_reporturl', headers=headers).json()
return response
Afterwards I am able to get all the information I am looking for to send back to my frontend for the client to see. (By making multiple request to crm with these keys)
The client_credentials grant that you are using should work, provided the CRM trusts the token issued to the client (your python backend). Please use MSAL library instead of hand crafting the token request. It will save you time and eliminate errors.

Sendgrid Ruby API, Trying to send over Header content in post request

I am trying to send over a Post request to sendgrid to generate an API key for a subuser.
This is what my code currently looks like
body = JSON.parse('{
"name":"My API Key",
"scopes": [
"mail.send",
"alerts.create",
"alerts.read"
]
}')
header = {'On-Behalf-Of' => 'my#email.com'}
sg = SendGrid::API.new(api_key: ENV['SENDGRID_API_KEY'])
response = sg.client.api_keys.post(request_body: body, request_header: header)
This code generates the API but on the main account instead of the Subuser account. The header is what drives where the API key is generated and I can seem to find any sources online that how the correct syntax for sending over the header to sendgrid.
If you could please help I would really appreciate it. Thanks!
I recently had to do this. You need to set the On-Behalf-Of headers when you instantiate the client not when you make the request:
```
#send_grid = API.new(api_key: #api_key, request_headers: {
'On-Behalf-Of' => #username
})
```
Then when you make a request with #send_grid it will send on behalf of the subuser -- and the API key will not show up in the list of api keys on the parent account
If I understand correct, you want to send email "From" another user. On Behalf of is non standard way of doing things.
For eg. https://sendgrid.com/docs/Classroom/Troubleshooting/Authentication/my_emails_are_displaying_as_on_behalf_of_or_via_in_some_mail_clients.html
You may want to try setting from instead of on-behalf-of
"from": {
"email": "from_address#example.com"
},
Refer to: https://sendgrid.com/docs/API_Reference/Web_API_v3/Mail/index.html

Ebay getOffer API token problems

I need help in understanding a problem of token when trying to get an offer's information using https://api.ebay.com/sell/inventory/v1/offer/OFFER_ID endpoint.
I've got 2 types of tokens:
User token and Access token.
Documentation clearly gives me the explanation that I must use the USER TOKEN.
I made it using Auth'n'Auth method, I agreed to give permission as a seller. Now I am trying to use this token like that:
public void getOffer(#RequestBody Map<String, String> args) throws IOException {
HttpClient client = HttpClientBuilder.create().build();
HttpGet httpGet = new HttpGet("https://api.ebay.com/sell/inventory/v1/offer/OFFER_ID");
httpGet.setHeader("Authorization", "Bearer " + args.get("token"));
httpGet.setHeader("Content-Language", "en-US");
HttpResponse response = client.execute(httpGet);
System.out.print(EntityUtils.toString(response.getEntity()));
}
It keeps returning me:
{
"errors" : [ {
"errorId" : 1001,
"domain" : "OAuth",
"category" : "REQUEST",
"message" : "Invalid access token",
"longMessage" : "Invalid access token. Check the value of the Authorization HTTP request header."
} ]
}
What can be wrong and what steps I missed?
Thank you in advance
Well it's giving you the exact error that is occurring:
"Invalid access token. Check the value of the Authorization HTTP request header."
That means you have an issue with this line of code...
httpGet.setHeader("Authorization", "Bearer " + args.get("token"));
Something is wrong with the Authorization header, so either the token is wrong, the value isn't correct, or it's just not receiving it. Is the word "Bearer" supposed to be send with the header? And does the value of the args.get("token") contain the correct value?
Another issue that happens a lot with REST services, sometimes you have to use an HTML entities function to encode the strings/ldata you are attaching to a web request. Because you have a space in the authorization, perhaps the space isn't interpreting correctly from eBay and you have to use HTML entities on the string. Something like this...
httpGet.setHeader("Authorization", HttpUtility.HtmlEncode("Bearer " + args.get("token"));
I made it using Auth'n'Auth method
There are two versions of an User Token. eBay provides an older style called "Auth 'n' Auth" and a newer OAuth version. The "Auth 'n' Auth" token does not work with the new RESTFul APIs. You need to generate an OAuth User Token following the process found in the documentation.

Django-allauth stores an empty token_secret with linkedin_oauth2

I'm trying the make further requests to linkedinAPI and to do so I need both token and token_secret.
I have several test accounts in linkedin, the login process success with all of them, however the token_secret stores (for all of them is empty).
Is that an error? I suspect so because using the pair token/token_secret in subsecuent oauth2 calls I get the following from linkedin
{ "errorCode": 0, "message": "[unauthorized]. The token used in the OAuth request is not valid. AQVvM2f2qefU3vULPS-R46DXN8Mnra9ImG14hzeTvMMcXvBVOEiUl4RTZCJrdFZoTfGGN1fFzLvxG-O_UWB8s8EDr35ZsgwW59y4KilndoEkr105Sg2GR90jmUxpqxU572IiARjN5gxAjfoWC4-_UupKlEtafQn23XQqvXeuLvE-FsPAaSA", "requestId": "VOAL1ULK4X", "status": 401, "timestamp": 1395348629428 }
Further details:
I check these tokens using the shell:
from allauth.socialaccount.models import SocialToken
map(lambda st: st.token_secret, SocialToken.objects.all())
And I get empty output:
[u'', u'', u'']
I found a solution myself so I'll explain it.
I'm not very into oauth2 so I don't know about the process neither if it was normal to have an empty secret_token. So I debugged a bit into the django-allauth code, and I saw that the requests they perform use only the token (no secret token)
Then I changed the library and started using the same they do: requests. And with the following simple script I can make any other request to the linkedin API:
def see_my_groups_json(request, url):
import requests
token = SocialToken.objects.get(account__user_id=request.user.pk)
resp = requests.get(url, params={'oauth2_access_token': token.token})
return resp.json()
You should check the SCOPE parameter for linkedin provider. For example, the next configuration requests permission for accessing user's email address, basic profile and to read and share updates on behalf of the user.
SOCIALACCOUNT_PROVIDERS = {
'linkedin_oauth2': {
'SCOPE': ['r_emailaddress', 'r_basicprofile', 'rw_nus'],
'PROFILE_FIELDS': ['id', 'first-name', 'last-name', 'email-address', 'picture-url', 'public-profile-url']
}
}
If after the token generation, we try to make an API call that requires some other privilege, we will get a 401 status code HTTP response.
django-allauth, by default, r_emailaddress scope or none at all, depending on whether or not SOCIALACCOUNT_QUERY_EMAIL is enabled.
Hope this helps you.

Resources