So, im working on an Application which compares your youtube channel Data with other similare youtube channels.
Currently im working on the authentication of an user with his youtube account, therefore im Using the OAuth Client.
I already got an code which i can exchange for an access_token, which also works.
Sadly, the access_token which i get does not work for an simple /search call and gives me an HTTP 400 -> keyinvalid
The same call works with an generated ApiKey just fine, but i would prefer to use OAutch.
My question is, does an accessToken not work with public calls like /search? If it does, what could be my problem here?
Thanks in Advance!
EDIT: Added Code Examples
Step 1: I call the OAuth client with the following url call in an new window with window.open(url)
https://accounts.google.com/o/oauth2/v2/auth?
scope=https://www.googleapis.com/auth/youtube.readonly&
access_type=offline&
include_granted_scopes=true&
state=state_parameter_passthrough_value&
redirect_uri=https://website.com/&
response_type=code&
client_id=9791...7bng.apps.googleusercontent.com"
In the Response I extract the Code which looks something like this
4/1QCLZnwsntp...sNcE
Send this code over an REST API to my Backend which uses this code to exchange it for an access_token with an PHP curl POST call
$this->connection = curl_init();
$url = 'https://www.googleapis.com/oauth2/v4/token';
$param = 'code='.$this->credentialsTemp['code'].'&client_id='.$GLOBALS['Youtube-Credentials']['clientId'].'&client_secret='.$GLOBALS['Youtube-Credentials']['clientSecret'].'&redirect_uri=https://website.com/&grant_type=authorization_code';
curl_setopt($this->connection, CURLOPT_URL, $url);
curl_setopt($this->connection, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($this->connection, CURLOPT_TIMEOUT, 20);
curl_setopt($this->connection, CURLOPT_POST,true);
curl_setopt($this->connection, CURLOPT_POSTFIELDS, $param);
$resp = curl_exec($this->connection);
curl_close($this->connection);
$acces_token = json_decode($resp,true)["access_token"];
in $acces_token should be my access_token which at the Moment looks close to this ya29.GlyTBtFMdLqKbvgaps...SA2pBORo_Am5UuBuxo8g
Related
It feels like amazon are encouraging people to just use their client SDK, but it would be nice to see what a sequence of valid REST calls looks like for the authorization and implicit grant flows.
The AWS documentation for the authorization and token endpoints is a nice start:
http://docs.aws.amazon.com/cognito/latest/developerguide/cognito-userpools-server-contract-reference.html
Does anybody know if some examples exist showing the sequence of REST calls for the Implicit and Authorization flows (against Cognito)?
The documentation is a bit shoddy, but here's an example PHP cURL call to get the ID/Access Tokens using your authorization code for the Authorization flow:-
$url = 'https://<YOURDOMAIN>.auth.us-east-1.amazoncognito.com/oauth2/token';
$client_key = '<YOUR_CLIENT_ID>';
$client_secret = '<YOUR_CLIENT_SECRET>';
$data = [ 'grant_type' => 'authorization_code',
'client_id'=>$client_key, 'code'=>$_GET["code"],
'redirect_uri'=>'<YOUR_REDIRECT_URI>'];
$handle = curl_init($url);
curl_setopt($handle, CURLOPT_VERBOSE, true);
curl_setopt($handle, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($handle, CURLOPT_USERPWD, $client_key . ":" . $client_secret);
curl_setopt($handle, CURLOPT_RETURNTRANSFER, true);
$field_string = http_build_query($data);
curl_setopt($handle, CURLOPT_POSTFIELDS, $field_string);
$resp = json_decode(curl_exec($handle),true);
Once you've got the ID token you need to parse the JWK JSON file from
https://cognito-idp.us-east-1.amazonaws.com/<USER_POOL_ID/.well-known/jwks.json
and then lookup the kid field in the token header, and use that as the secret to decode the token. I used this library:-
https://github.com/firebase/php-jwt
So the token validation code looks something like:-
$jwks_json = file_get_contents("https://cognito-idp.us-east-1.amazonaws.com/<USER_POOL_ID>/.well-known/jwks.json");
$jwk = JWK::parseKeySet($jwks_json);
$tks = explode('.', <YOUR_TOKEN>);
list($headb64, $bodyb64, $cryptob64) = $tks;
$jwt_header = json_decode(base64_decode($headb64),true);
$jwt_body = json_decode(base64_decode($bodyb64),true);
$key=$jwk[$jwt_header["kid"]];
try
{
$decoded = JWT::decode(<YOUR_TOKEN>, $key, array($jwt_header["alg"]));
$decoded_array = (array) $decoded;
// GREAT SUCCESS!
}
catch (\Exception $e)
{
// TOKEN COULDN'T BE VALIDATED
}
I am not aware of anything with it nicely documented. I think your best option would be to spin up a test app using one of the SDKs and monitor the network traffic. It seems the API is not well documented.
I'm trying to get the entered information on a survey of SurveyMonkey through the API. But i'm getting the following return message: "Could not validate access to survey at this time, please try again later.", with status 5 (System Error).
I'm working with a APP in Draft status. All the scopes in my app are put on optional. And other api calls (like get_survey_list) do give me data.
I'm working with php, but the API console (https://developer.surveymonkey.com/docs/api_console/) also gives me these results.
Is there an extra permission layer i'm missing? Do ppl need to approve something through oauth?
The API console is for V2 of the API (which is either deprecated, or likely to be deprecated soon), I would recommend using V3 (https://developer.surveymonkey.com/api/v3)
You can fetch the list of surveys using
GET /v3/surveys
And you can get a specific survey with
GET /v3/surveys/<id>
And follow down the path to get individual pages/questions, or if you want the entire survey expanded at once, use:
GET /v3/surveys/<id>/details
With regards to the request you are doing with API v2, I'd probably need a bit more information, if you are doing a POST with an empty body to get_survey_list and are getting that issue I'd probably contact their customer support to look into it as it looks like a server error. But I would recommend going to V3 and see if everything works fine for you.
Like the general posted, v3 works fine. Here is the code of my POC that works:
// GET USER
$requestHeaders = array(
'Content-Type: application/json',
'Authorization: Bearer [ACCESS_TOKEN]',
);
$url = 'https://api.surveymonkey.net/v3/users/me?api_key=[API_KEY]';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $requestHeaders);
$result = curl_exec($ch);
curl_close($ch);
The above is the just a simple call to get the basic info of the user.
The next call get's the answers given in the responses that are given through a specific collector.
// GET THE ANSWERS OF THE SURVEY
$requestHeaders = array(
'Content-Type: application/json',
'Authorization: Bearer [ACCESS_TOKEN]',
);
$url = 'https://api.surveymonkey.net/v3/collectors/[COLLECTOR_ID]/responses/bulk?api_key=[API_KEY]';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_HTTPHEADER, $requestHeaders);
$result = curl_exec($ch);
curl_close($ch);
You can also import the API into Postman. There is a button for this on the documentation site. Pretty nice :)
I'm using PHP and CURL to try and get all my account's events from EventBrite's web service.
I'm running this script (edited down slightly):
$curl = curl_init();
$hdr = array();
$hdr[] = 'Authorization: Bearer <MY TOKEN>';
$hdr[] = 'Content-type: application/json';
curl_setopt($curl, CURLOPT_HTTPHEADER, $hdr);
curl_setopt(
$curl,
CURLOPT_URL,
'https://www.eventbriteapi.com/v3/users/me/owned_events/?status=live'
);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$events = curl_exec($curl);
print_r($results);
But the status=live parameter is not taking effect and all events including drafts are being returned.
Has anyone successfully achieved a list of live events using EventBrite's API and if so, can you advise me how you managed and where I went wrong?
I'm unsure if I just helped you via email, but after troubleshooting I've deducted that this will only return 'live' events if you also pass in 'started' as a status parameter.
Ex.) 'https://www.eventbriteapi.com/v3/users/me/owned_events/?status=live,started'
I hope this helps!
For the benefit of anyone else with a similar problem, the issue was the "Content-Type" header. Remove this, and all is well with the world.
There are many REST API methods to check if a username is being used on Twitter but as far as I researched all of them are rate limited.
The reason I want this feature is to prevent someone from claiming a username on a website that someone else uses on Twitter, for example someone might claim a celebrity's username and confuse people.
It's impossible to use oauth in this scenario, since the user in this scenario might not be a Twitter user.
[150/hour rate limit is unacceptable. A possible solution would be to use Bing Search API to search for the username? - If Bing Search is not rate limited of course]
Try curl, here is minimal working script in php:
$url = "http://mobile.twitter.com/justinbieber";
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$resp = curl_exec($curl);
$code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
if($code == 200)
{
echo "He is on twitter";
}
else
{
echo "He is on not twitter";
}
You should query mobile.twitter.com instead of real one, because real one doesn't do HTTP response codes. and few more reasons.
I have a problem while updating twitter status by username and password.
Here is the Code for that:
$username = 'username';
$password = 'password';
$message = 'Testing';
$url = 'http://twitter.com/statuses/update.xml';
$curl_handle = curl_init();
curl_setopt($curl_handle, CURLOPT_URL, $url);
curl_setopt($curl_handle, CURLOPT_CONNECTTIMEOUT, 2);
curl_setopt($curl_handle, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); //basic authentication
curl_setopt($curl_handle, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl_handle, CURLOPT_POST, 1);
curl_setopt($curl_handle, CURLOPT_POSTFIELDS, "status=$message");
curl_setopt($curl_handle, CURLOPT_USERPWD, "$username:$password");
$buffer = curl_exec($curl_handle);
curl_close($curl_handle);
echo $buffer;
This is not for only one user so that I can not use OAuth(means using consumer key and other token). I have already tried this: http://www.1stwebdesigner.com/tutorials/how-to-update-twitter-using-php-and-twitter-api/ but i can not pass multiple user's username and password for updating multiple twitter status.
Please help me on this.
You won't be able to update twitter status by username and password via curl any more - basic authentication was deprecated/turned off by Twitter several months ago (August 2010). Updates and such by third party applications now have to be done via oauth authentication.
By the way - considering you're using PHP - I'd suggest using either the PEAR Services_Twitter package or the Zend equivalent.
You can not use user name and password to update a Twitter status no matter how many users you have. This no longer works. It has been turned off. You must use OAuth. OAuth allows multiple users to log into Twitter on your site. When they do that, you get a copy of their OAuth tokens. You then use these tokens to send tweets to their accounts. You will still find documentation for using basic authentication to do this online, but all of these are out of date. Basic authentication is no longer available on Twitter.
First you have to use cookie each time you update user status, then destroy cookie after each success status update.
Second, put this condition in loop to update all user's you wont.
See this may help you:
http://blancer.com/tutorials/73877/how-to-authenticate-users-with-twitter-oauth/