I am successfully getting Postman's Get Access Token feature to work. I need to see the request it's making, though, so I can make the call in code.
Any ideas how to do that?
You can view a token request by opening the postman console.
View > Show Postman console (ALT + CTRL + C)
The postman console holds all your request logs, to make it easier you can clear all the request using the clear button in the top right corner. When you make the token request for your call, it will show up here.
There is a Code button on the right hand side of the browser in orange.
When you click that you should get the code snippet of the request:
Related
Hi I'm facing an issue that, onclick on hyper link calling script funciton which opens the URL in window.open.
In netwrok tab Noticed that URL request is sending twice, for one reposne code is 302(doesn have nay response data) and for another one response code is 200(which has reponse data), This behaviour in Microsoft edge browser.
In internet explore noticed behaviour is different, on click on hyperlink seeing request is sending twice, both requests are getting succesfull with response code 200 with proper response data.
Below is the code I've done so far of the Hyper link. Can some one help me why multiple request are triggering how to fix this to trigger only one request.
<a tabindex="13" title="This link will open a new browser window that contains the user details."
onclick="javascript:openChildWindow('http://xx.xx.xx.xxx:xxxx/xxxx/channel/session.cgi?sessargs=p47iorSBMUG1tKkTcNpjM4qNdGTees3H');return false;"
href="http://xx.xx.xx.xxx:xxxx/xxxx/channel/channel/session.cgi?sessargs=NliOOYGLmDf1yePDXopw8o2IMx2HYyg1">View details</a>
I am facing an issue regarding account linking in Actions on Google:
I am able to authenticate the user and access his email address and username however after this how can I redirect the user back to the google assistant and close the browser where he was authenticated?
Any help will be appreciated!
Update: Hey Prisoner thanks a lot for that.
I did what you said and yeah now it does redirect to google.com but without result_code=SUCCESS when I test it in the simulator.
The link is:
https://www.google.co.in/?gws_rd=cr&dcr=0&ei=z77fWbjQGIXxvATs_oqwBA
Now if I type talk to... again it shows me the message you need to link your account!
In the device the browser automatically closes and it shows SIGNING_IN however when I type an intent it is not recognized.
It would be great if you could point me in the right direction! (I am not sure but I might be at the token exchange stage that you mentioned, but I don't have a clue how to proceed!)
Update 2: As requested the entire flow that I am following:
This is the URL that I receive from debugInfo:
https://assistant.google.com/services/auth/handoffs/auth/start?account_name=cha***#gmail.com&provider=***_dev&scopes=email&return_url=https://www.google.com/
When I paste this in the browser the request that I receive at the authorization endpoint is:
ImmutableMultiDict([
('response_type', 'code'),
('client_id', ****.apps.googleusercontent.com'),
('redirect_uri', 'https://oauth-redirect.googleusercontent.com/r/****'),
('scope', 'email'),
('state', ' CtcCQUxWM2ROU3hNMjl4LUItVXhQSGd4THRMLU4yNExnb3lYbGRKQnQwa3NwTVFva19NUWpYNE5jNGJURzIyZFN3RDBXd2d4enFGVWJGb0Q0ZW1vaS1OaFdkaHdhb05HZ2xlWTR6SllKVlRWYktwd09faklyUTVheFhQbGw2dmVKYzVFTk05N3B1QkxaZG41RVdHN0wyTktvRFdCYzFPVFBzM1dQUlFtN2RmM1VtRU4****(state)')
])
The response (redirect_url) that I send back:
https://accounts.google.com/o/oauth2/v2/auth?scope=email&response_type=code&redirect_uri=https%3A%2F%2F******.herokuapp.com%2Fcallback%2Fgoogle&client_id=****.apps.googleusercontent.com
When it reaches my endpoint again the request arguments are:
ImmutableMultiDict([
('code', '4/***********')
])
Now I am able to access the email address and other details
The url that I redirect to from here:
https://oauth-redirect.googleusercontent.com/r/****?code=abcdefgh&state=CtcCQUxWM2ROU3hNMjl4LUItVXhQSGd4THRMLU4yNExnb3lYbGRKQnQwa3NwTVFva19NUWpYNE5jNGJURzIyZFN3RDBXd2d4enFGVWJGb0Q0ZW1vaS1OaFdkaHdhb05HZ2xlWTR6SllKVlRWYktwd09faklyUTVheFhQbGw2dmVKYzVFTk05N3B1QkxaZG41RVdHN0wyTktvRFdCYzFPVFBzM1dQUlFtN2RmM1VtRU4****(state)
This redirects me to :
https://www.google.co.in/?gws_rd=cr&dcr=0&ei=5c_fWdfKNYndvASO7o6ACA
Edit 3: I checked the network logs:
result_code=FAILURE&result_message=Account+linking+failed
I also added /token/google as the token URL in AoG. It is detected in heroku however I never receive this request in my code.
Note: I am using python flask and hosting my app on heroku
Once you have authenticated the user, you'll need to return a temporary auth code back to Google. Later, Google will exchange this auth code for an access token and a refresh token, but you're not there yet. The important part is that this code needs to be unique and that, later, you'll be able to recognize what user it is for. The code should be valid for a limited time - 10 minutes is a generally accepted time frame.
In the request Google sent to you as part of the login, they've provided a redirect_uri and a state as parameters. You'll need to use these in your reply. (state can be anything - you shouldn't care what it is, you're just going to send it back with your redirect. Its purpose is to improve security by preventing replay attacks.)
Verify that the redirect_uri has the form
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID
Where YOUR_PROJECT_ID is... you guessed it, the ID of your project. You can find this in the cloud console.
You'll then redirect the user to this URL with a few additional parameters:
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID?code=AUTHORIZATION_CODE&state=STATE_STRING
Where YOUR_PROJECT_ID is as noted above, AUTHORIZATION_CODE is the code you've generated, and STATE_STRING is the value of the state parameter that you were sent in the request.
For details, you can see https://developers.google.com/actions/identity/oauth2-code-flow#handle_user_sign-in
I am working on an application that integrates with Instagram API to access the user information. I successfully fetch the Access Token using the authorize url but unable to fetch the userId using access_token url:
i am tried both the endpoints:
https://api.instagram.com/oauth/access_token?client_id=48275564e2c445f6b8e1356djfha3e0c&client_secret=ab2062da9f314e3489dke7ae9cbe6e5d&redirect_uri=http://localhost&grant_type=authorization_code
https://api.instagram.com/oauth/access_token
with the post body as:
client_id=48275564e2c445f6b8e1356djfha3e0c&client_secret=ab2062da9f314e3489dke7ae9cbe6e5d&redirect_uri=http://localhost&grant_type=authorization_code&code=1351860224.4827556.5dc92c4d15ea4a4ea1b0d33eaf0eef19
(The data in the request is modified), But i am getting the follwing
{
"code": 400,
"error_type": "OAuthException",
"error_message": "No matching code found."
}
I have seen tons of queries and questions but could not find any solution to the problem.
The couple of questions i have is:
1) is the field code in the URL is same as access_token, if not how could i get the code field's value.
2) is there any other mechanism(API) to fetch the user details given the username is not known.
Please help me as i am completely stuck and running out my deadlines.
For me unchecking Disable implicit OAuth in instagram developer -> manage clients fixed the issue
I found that using either form-data or application/x-www-form-urlencoded works fine. The most important is the code you get from redirect uri is only used by one request. It means you could request the access token once for the code. If the you request more than one time with same code, you'll get the error like this:
{
code: 400,
error_type: "OAuthException",
error_message: "Matching code was not found or was already used."
}
Wish you all the best ;)
Try to urlEncode the redirect_uri param to
http%3A%2F%2Flocalhost
And your code param contains the "." character which might be a error.
code=1351860224.4827556.5dc92c4d15ea4a4ea1b0d33eaf0eef19
might caused the problem
"error_message": "No matching code found."
"5dc92c4d15ea4a4ea1b0d33eaf0eef19" seems to be the correct code
I got same error. It seems that instagram's spam system disable user's access to any non-official application. Just change user's password. In my case it was help.
Also try create another application.
UPD
From my answer to another question
It looks like users get more than one code, and you see first code, but need second. Try relogin users, if you gets error. User will not see instagram page with confirm button, just redirections.
Possible algorithm of error:
1. User click auth link.
2. Get first code.
3. User click auth link (twice, redirection problem, public auth system, etc.)
4. Get another code (even on the same client_id, redirect_uri).
5. You get first code.
6. But first code already doesn't exists.
The problem is here that need redirect url set as http://localhost/signin-instagram
signin-instagram part is very important
So go to Instagram.com/developer ->Manage Client-> Security -> Valid redirect URIs set with that end http:/../signin-instagram
Off late instagram python snippet fails due to missing content-type HTTP header
response, content = http_object.request(url, method="POST", body=data,headers = {"Content-type": "application/x-www-form-urlencoded"})
adding application/x-www-form-urlencoded worked for me
I will mention what worked for me.
Step 1. Generate a new client secret from you panel.
Step 2. Follow the step 1 mentioned here to obtain the code again.
Step 3. Send the request again with the changed parameters.
Make sure you are logged in the browser when you send the request. You will get the required response.
Go into Facebook for Developers > Your app. Click on "Roles" and add an Instagram test-account under "Instagram Testers".
Log into instagram.com and go to: Settings > Security > Apps and Websites, where you will accept the test invitation.
Prepare your URL link, which you will paste into the web browser. Make sure to use a valid redirect URI from "Valid OAuth Redirect URIs" from the Instagram Basic Display settings.
If you did everything right, the Instagram tester account for the app, will have the option to gain access to user_profile,user_media. Continue the process to get the code which you can exchange for a short-lived access token.
I am able to access a user picture in a web browser without providing an access token, using the url:
http://graph.facebook.com/ID/picture
I know it performs a redirection, but it works.
However, when trying to access the same url in an iOS HttpRequest, I get an "invalid_token" response.
Is it possible to get a picture from an ID, in iOS without a token? If so, how do I achieve this? If not, how is it possible using the web browser?
Thanks!
In case anyone else is stuck with this, apparently under some conditions you get an "invalid token" response from the facebook (graph api) if you use a POST and not a GET http request method. Switching to GET solved the problem for me.
I'm working my way through the OAuth 1.0 flow on an iPhone app.
I have the requestToken. I segue to a UIWebView with the proper URL to perform user authorization of the requestToken, which performs successfully. However, the user has to tap "back" manually after this step is done to get back to the app. The user then taps a separate button to perform the getAccessToken. (this is obviously work in progress).
How do I automate the going back after performing the user authorization of the requestToken? On the UIWebView, when the user successfully logs in, then they get a page verifying permissions, and the user clicks "OK", I want the app to automatically go back and proceed with getting accessToken once that is complete.
I'm new at this, so may not be explaining this too well. FWIW, I'm working with smugmug APIs. Thanks in advance for any help.
I'm not an iOS coder but once the request token has been authorized by the end user, the service provider should redirect to your callback. There must be a way for you to "listen" for this in the UIWebView. Either by picking up on the redirect HTTP response which would look something like this:
301 Moved Permanently
Location: URI?oauth_token=BLAHBLAH&oauth_verifier=BLAHBLAH
If you can intercept that redirect you can probably hinder the UIWebView from actually completing it and instead just scrape the Location header.
Or, you should at least be able to by pick up on when the redirect has completed and you are actually on your callback page. Then it would be a simple case of scraping the URL containing the token and verifier from the invisible addressbar. If all else fails you can have your callback actually print the token and secret on the page and scrape that.
Once you have the verifier you should be able to get your access token without involving the end user at all.
I resolved this by looking for a particular URL, then manually popping the navigationController stack when the right URL finished loading. My code looks something like:
- (void)webViewDidFinishLoad:(UIWebView *)webView
{
NSRange range = [webView.request.URL.absoluteString rangeOfString:#"http://thecallbackurl.com/"];
if (range.location != NSNotFound) {
[self.navigationController popViewControllerAnimated:YES];
}
}
I'm writing to smugmug.com APIs. On token authorization success, they redirect the browser to the callback URL, so that's what I was looking for.