PayPal: Create and Capture Order - asp.net-mvc

I am following this sample (https://developer.paypal.com/docs/checkout/reference/server-integration/set-up-transaction/#on-the-server) to get PayPal working on the server.
I have finished creating the order, but it doesn't capture the order at the same time. Is it possible to create and capture the order at the same time?
var request = new OrdersCreateRequest();
request.Prefer("return=representation");
request.RequestBody(BuildRequestBody());
var response = await PayPalClient.client().Execute(request); //this will only create the order. How to capture it at the same time?
When I tried to capture the order:
//continue from above
var result = response.Result<Order>();
var requestCapture = new OrdersCaptureRequest(result.Id);
requestCapture.Prefer("return=representation");
requestCapture.RequestBody(new OrderActionRequest());
response = await PayPalClient.Client().Execute(requestCapture);
I get the error:
"name":"UNPROCESSABLE_ENTITY",
"details": [{
"issue":"ORDER_NOT_APPROVED",
"description":"Payer has not yet approved the Order for payment. Please redirect the payer to the 'rel':'approve' url returned as part of the HATEOAS links within the Create Order call or provide a valid payment_source in the request."
}],
"message": "The requested action could not be performed, semantically incorrect, or failed business validation.",
"links": [{
"href": "https://developer.paypal.com/docs/api/orders/v2/#error-ORDER_NOT_APPROVED",
"rel": "information_link",
"method": "GET"
}]
My question is, is it possible to create order, authorize and capture at the same time?
Thanks

Before using OrdersCaptureRequest, you have to redirect to [rel] => approve link from the response of OrdersCreateRequest:
$client = PayPalClient::client();
$response = $client->execute($request);
$res_links = $response->result->links;
$approve_index = array_search('approve',array_column($res_links,'rel'));
redirect($res_links[$approve_index]->href,'location',302);`
And then use OrdersCaptureRequest.

I don't think there's a way to create, authorize and capture order at the same time in PayPal, even in sandbox environment. You'll have to follow each step separately.
And about the ORDER_NOT_APPROVED error, you can either get the order approved by the user as #raj-kamal said, or you can make a Paypal-Auth-Assertion and send it in the headers. This header is an API client-provided JSON Web Token (JWT) assertion that identifies the merchant.
Reference: https://developer.paypal.com/docs/api/reference/api-requests/#paypal-auth-assertion
NOTE:
To use this header, you must get consent to act on behalf of a merchant.

Related

Microsoft graph subscription to outlook / drive not working "InvalidRequest"

I created an app on Azure and want to use it to subscribe to business emails of certain users. However, I cannot get it to work and I'm wondering if it is even possible this way. The code is as follows:
url = 'https://graph.microsoft.com/beta/subscriptions'
payload = {
'changeType': 'updated',
'notificationUrl': 'http://<server_ip>/webhook',
'resource': "users/<my_user>#<my_domain>/mailFolders('inbox')/messages",
'expirationDateTime': '2022-07-23T11:52:20',
}
headers = {
'Authorization': f'Bearer {access_token}',
'Content-Type': 'application/json'
}
response = requests.post(url, headers=headers, data=json.dumps(payload))
print(response.status_code)
print(response.reason)
print(response.text)
400
Bad Request
{"error":{"code":"InvalidRequest","message":"Could not process subscription creation
payload. Are all property names spelled and camelCased properly? Also are the
dateTimeOffest properties in a valid internet Date and Time format?","innerError":
{"date":"2022-07-22T09:12:11","request-id":"317989f4-c921-44ce-a701-
c57a660aad3b","client-request-id":"317989f4-c921-44ce-a701-c57a660aad3b"}}}
I also want to subsribe to changes to our drive, for this I substitute the resource for f'drives/{drive_id}/root'. This gives the same error messsage.
I have read all the relevant docs and feel this this should be the correct approach, but the error message is not useful to me for find the issue.

What auth flow to use with spa and service account msal

There's so many different flows in the Microsoft docs that I have no clue what one is needed for me. I am using React and Python. (I understand node, so if someone explains using node/express its fine)
What user should see:
A page with a button to login, nav is there but wont work till logged in. The login creates a popup to sign in with Microsoft account. Once signed in, the user will be able to use nav to see dynamics information.
What I am trying to do:
This app needs to sign in a user and obtain the users email through 'https://graph.microsoft.com/v1.0/me'.(no client secrets needed) Then I need to send that email in this request;
(The tenant == {company}.crm.dynamics.com.)
allInfo = requests.get(
f'https://{TENANT}api/data/v9.0/company_partneruserses?$filter=company_email eq \'{email}\'', headers=headers).json()
This backend request needs to have a client secret to obtain the information. So I believe my backend also needs to be logged on to a service account. I believe I need to get a token for my backend to make requests on behalf of the service account.
What I have:
I have a React frontend that is signing a user in and calling 'https://graph.microsoft.com/v1.0/me' correctly and getting that email. Once I get the email, I am sending it to my backend.
Now I have no clue how to proceed and have tried many things.
What I have tried for backend:
Attempt 1: I get a token but error: {'error': {'code': '0x80072560', 'message': 'The user is not a member of the organization.'}}. Problem is, this id is the Azure AD ID. It should def work
#app.route('/dynToken', methods=['POST'])
def get_dyn_token():
req = request.get_json()
partnerEmail = req['partnerEmail']
token = req['accessToken']
body = {
"client_id": microsoft_client_id,
"client_secret": client_secret,
"grant_type": "client_credentials",
"scope": SCOPE_DYN,
}
TENANTID = '{hash here}'
res = requests.post(
f'https://login.microsoftonline.com/{TENANTID}/oauth2/v2.0/token', data=body).json()
dyn_token = res['access_token']
headers = {
"Prefer": "odata.include-annotations=\"*\"",
"content-type": "application/json; odata.metadata=full",
"Authorization": f"Bearer {dyn_token}"
}
try:
allInfo = requests.get(
f'https://{TENANT}api/data/v9.0/company_partneruserses?$filter=company_email eq \'{email}\'', headers=headers).json()
print(allInfo)
Attempt 2:
Same code but instead of f'https://login.microsoftonline.com/{TENANTID}/oauth2/v2.0/token' its
f'https://login.microsoftonline.com/common/oauth2/v2.0/token'. Error: An exception occurred: [Errno Expecting value] : 0. Because it returns an empty string.
Now I don't know if I am even on the right path or where to go. I know the routes work themselves if the token is correct. I used only SSR with no react and these routes work. But I need the React to be there too. I just don't know what flow to use here to get what I need. The docs make it easy for /me route to work. But the {company}crm.dynamics.com docs don't really provide what I am trying to do.
Additional info after comment:
What 'f'https://{TENANT}api/data/v9.0/company_partneruserses?$filter=company_email eq '{email}'', headers=headers" is trying to get are API keys. Full code :
try:
allInfo = requests.get(
f'https://{TENANT}api/data/v9.0/company_partneruserses?$filter=company_email eq \'{email}\'', headers=headers).json()
partner_value = allInfo['value'][0]['_company_partner_value']
response = requests.get(
f'https://{TENANT}api/data/v9.0/company_partnerses({partner_value})', headers=headers).json()
return {'key': response['company_apikey'], 'secret': response['company_apisecret']}
Then once it has the keys:
def api_authentication(apikey, apisecret):
headers = get_headers() #<-- same headers as above with using dyn_token
response = requests.get(
f'https://{TENANT}api/data/v9.0/company_partnerses?$filter=company_apikey eq \'{apikey}\' and company_apisecret eq \'{apisecret}\'&$select=company_apikey,company_apisecret,_company_account_value,_company_primarycontact_value,blahblah_unassignedhours,company_reporturl', headers=headers).json()
return response
Afterwards I am able to get all the information I am looking for to send back to my frontend for the client to see. (By making multiple request to crm with these keys)
The client_credentials grant that you are using should work, provided the CRM trusts the token issued to the client (your python backend). Please use MSAL library instead of hand crafting the token request. It will save you time and eliminate errors.

Twitter User Lookup Request Error Confusion

I have activated my app after getting approval of my Twitter developer account. I am trying to get twitter account associated with an email/phone number using Twitter Api.
It works perfect with params like screen_name,user_id but while trying email or phone number as a param the
Response says :
Could Not Authenticate you
Code is
import requests
url = "https://api.twitter.com/1.1/users/lookup.json?map=true&phone=1234567890"
payload = {}
headers = {
'Authorization': 'OAuth realm="http%3A%2F%2Fapi.twitter.com",oauth_consumer_key="<consumer_key>",oauth_token="<outh_token>",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1595318479",oauth_nonce="<nonce>",oauth_version="1.0",oauth_signature="<sig>"'
}
response = requests.request("GET", url, headers=headers, data = payload)
print(response.text.encode('utf8'))
Response :
{
"errors": [
{
"code": 32,
"message": "Could not authenticate you."
}
]
}
What are the reasons and suggestions on this ?
Will appreciate the positive feedback.
Have you tried using dynamic values generation for header like nonce generation, Timestamp, base_url according to query paramters?
It is not possible to use email or phone number as query parameters on the Twitter API. This is not supported as a feature in the API. See the documentation for supported parameters on users/lookup and users/search.

Sendgrid Ruby API, Trying to send over Header content in post request

I am trying to send over a Post request to sendgrid to generate an API key for a subuser.
This is what my code currently looks like
body = JSON.parse('{
"name":"My API Key",
"scopes": [
"mail.send",
"alerts.create",
"alerts.read"
]
}')
header = {'On-Behalf-Of' => 'my#email.com'}
sg = SendGrid::API.new(api_key: ENV['SENDGRID_API_KEY'])
response = sg.client.api_keys.post(request_body: body, request_header: header)
This code generates the API but on the main account instead of the Subuser account. The header is what drives where the API key is generated and I can seem to find any sources online that how the correct syntax for sending over the header to sendgrid.
If you could please help I would really appreciate it. Thanks!
I recently had to do this. You need to set the On-Behalf-Of headers when you instantiate the client not when you make the request:
```
#send_grid = API.new(api_key: #api_key, request_headers: {
'On-Behalf-Of' => #username
})
```
Then when you make a request with #send_grid it will send on behalf of the subuser -- and the API key will not show up in the list of api keys on the parent account
If I understand correct, you want to send email "From" another user. On Behalf of is non standard way of doing things.
For eg. https://sendgrid.com/docs/Classroom/Troubleshooting/Authentication/my_emails_are_displaying_as_on_behalf_of_or_via_in_some_mail_clients.html
You may want to try setting from instead of on-behalf-of
"from": {
"email": "from_address#example.com"
},
Refer to: https://sendgrid.com/docs/API_Reference/Web_API_v3/Mail/index.html

Django-allauth stores an empty token_secret with linkedin_oauth2

I'm trying the make further requests to linkedinAPI and to do so I need both token and token_secret.
I have several test accounts in linkedin, the login process success with all of them, however the token_secret stores (for all of them is empty).
Is that an error? I suspect so because using the pair token/token_secret in subsecuent oauth2 calls I get the following from linkedin
{ "errorCode": 0, "message": "[unauthorized]. The token used in the OAuth request is not valid. AQVvM2f2qefU3vULPS-R46DXN8Mnra9ImG14hzeTvMMcXvBVOEiUl4RTZCJrdFZoTfGGN1fFzLvxG-O_UWB8s8EDr35ZsgwW59y4KilndoEkr105Sg2GR90jmUxpqxU572IiARjN5gxAjfoWC4-_UupKlEtafQn23XQqvXeuLvE-FsPAaSA", "requestId": "VOAL1ULK4X", "status": 401, "timestamp": 1395348629428 }
Further details:
I check these tokens using the shell:
from allauth.socialaccount.models import SocialToken
map(lambda st: st.token_secret, SocialToken.objects.all())
And I get empty output:
[u'', u'', u'']
I found a solution myself so I'll explain it.
I'm not very into oauth2 so I don't know about the process neither if it was normal to have an empty secret_token. So I debugged a bit into the django-allauth code, and I saw that the requests they perform use only the token (no secret token)
Then I changed the library and started using the same they do: requests. And with the following simple script I can make any other request to the linkedin API:
def see_my_groups_json(request, url):
import requests
token = SocialToken.objects.get(account__user_id=request.user.pk)
resp = requests.get(url, params={'oauth2_access_token': token.token})
return resp.json()
You should check the SCOPE parameter for linkedin provider. For example, the next configuration requests permission for accessing user's email address, basic profile and to read and share updates on behalf of the user.
SOCIALACCOUNT_PROVIDERS = {
'linkedin_oauth2': {
'SCOPE': ['r_emailaddress', 'r_basicprofile', 'rw_nus'],
'PROFILE_FIELDS': ['id', 'first-name', 'last-name', 'email-address', 'picture-url', 'public-profile-url']
}
}
If after the token generation, we try to make an API call that requires some other privilege, we will get a 401 status code HTTP response.
django-allauth, by default, r_emailaddress scope or none at all, depending on whether or not SOCIALACCOUNT_QUERY_EMAIL is enabled.
Hope this helps you.

Resources