I'm using the LinkedIn Javascript SDK on my website in order to allow users to register and log in via Linked In.
I want to achieve this without redirecting the user to Linked In, but instead via the popup window.
The issue is, I'm not sure how to securely get an access token, which I can then use to get the users profile and create an account.
Currently, via the Javascript SDK, I can log the user in without redirection, and receive a oauth_token, which I then post to by backend. My Here is my code:
IN.User.authorize(function(){
$.ajax({
type: 'POST',
url: '/auth/li/'+IN.ENV.auth.oauth_token,
});
});
This succesfuly sends the token to my server, but how do I use it to then get an access token in order to use in the backend?
I tried to simply convert it to one using the LinkedIn API with
https://www.linkedin.com/oauth/v2/accessToken
but I get an error
Unable to retrieve access token: appid/redirect uri/code verifier does not match authorization code. Or authorization code expired.
I sort of understand the error, as with the javascript SDK there is no redirect URI.
With the Facebook SDK/API, on successful authorisation via the Javascript API, a cookie encrypted with my app secret is stored, and my backend can decrypt and read it, and then finally create an account.
Is there something like that in LinkedIn that I missed?
I have the same issue, with Google and Facebook SDK I can get access_token but linkedin SDK auth_token is not working. I think we need access_token but don't know how to get that with linkedin SDK.
I have come up with a solution. I ended up not using the javascript API. What I did was generate a login URL on my server and retrieved it via AJAX. I then created a javascript popup window and aimed it at the login url. One the user authenticates, linkedin redirects to my selected redirect URL within the popup, and I can then authenticate on my side (and close the popup).
Related
I am using Oauth to download blog posts from Blogger. The first step of the process is sending a request to
https://accounts.google.com/o/oauth2/v2/auth?redirect_uri=https%3A%2F%2Fdevelopers.google.com%2Foauthplayground&prompt=consent&response_type=code&client_id=407408718192.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fblogger.readonly&access_type=offline
and then google redirects me back to my script with an access code in the parameter
/oauthplayground/?code=4/YVFm8eTYX5ZjMmDZn5g3joSm2s7NLg27kPU2fZPwXtE
Once the user granted access to through his google account, is there an alternative to get this code without the redirect? For example a request that returns a JSON object?
Can anyone help me on generating OAuth token using QuickBooks API and postman?
I am not able to create one using API.
and can u help me to get sample account data from an account QuickBooks API ?
You can refer the following blog which shows how to generate OAuth1 tokens using OAuthPlayground tool and use those tokens in POSTMAN to make any API calls.
https://developer.intuit.com/hub/blog/2016/04/25/quick-start-to-quickbooks-online-rest-api-with-oauth1-0
You can try the entire QBO POSTMAN collection from the link below.
https://developer.intuit.com/docs/0100_quickbooks_online/0400_tools/0012_postman?isExpand=false#/1500
You can't generate OAuth tokens via Postman.
The whole point of OAuth is to give the end-user a UI-based process to click through and provide tokens.
Use the UI components Intuit provides to get your tokens.
https://developer.intuit.com/docs/0100_quickbooks_online/0100_essentials/000000_quickbooks_online_overview
I recently had to download QBO's postman collection to debug an integration issue with my app. I use OAuth2.0 with Authorization Code as the grant type to authenticate a user from my app to QBO. This is what QBO offers now and its not upto the app developer's discretion.
You can download the QBO's Postman collection from here.
To access QBO's endpoint from Postman, you must first create and register an app entry with QBO. Doing so will give you ClientID and ClientSecret which are needed for authentication purposes. Also put https://www.getpostman.com/oauth2/callback as the RedirectURI for your app since you will be authenticating using Postman. If you have your website up and running, you can put the link to your website as the RedirectURI.
Once you open the collection in Postman, open the Accounts endpoint and switch to the Authorization tab
Click on Get New Access Token.
CallbackURL is going to be what you put in the RedirectURL you registered your sample QBO app with.
AuthURL and AccessTokenURL are taken from the QBO link I mentioned above. Paste these as is.
ClientID and ClientSecret are the keys you get once you register your sample app with QBO.
Scope can be used as is since you need to access the accounting endpoint.
State can be any string that is returned intact after a successful authentication with QBO. It is something that your app can use for an extra check to ensure that you got a response from the right authorization server. Put any length string(do not leave it blank) in this case because we are only accessing the endpoints using Postman.
ClientAuthentication is set to Send client credentials in body as instructed by QBO.
Once you click on Request Token, you will be redirected to QBO's login page inside Postman itself in a new popup window. Successful authentication will close the popup window and give you an Access Token. Clicking Use Token will set the token in the body at the time of Send Request.
Make sure you know your companyid and that you are targeting the right baseurl. Notice that Im using minorversion 9 because thats what my app uses. You can choose to stick with 14.
Hitting Send Request should get you some accounts objects in the response.
I want to make an application to fetch data from my Facebook page and display it in my application.
I tried using the Facebook API Explorer, it work fine but it expires after around 1 hour.
So, I need another way to get access to all my post like text, image and videos without expire data and anyone download my app can show my post without login to Facebook or any authentication.
Non-expiring Page Access Token are seemingly no longer possible with Graph API v2.0. If you have a v1.0 App, you could use the way described at Facebook non-expiring access token to get a non-expiring Page Access Token.
Is it possible to retrieve Facebook page posts in an iOS application without having to use Facebook Login?
I am currently using the Tumblr API which works perfectly fine and delivers pictures and texts from everything that has been posted.
Any help would be much appreciated.
Thanks.
Facebook SDK says, that you need any valid access token if the post is public. So just use your app access token.
Read how to request app access token here.
Yes, this is possible. There are two options from my point of view:
If your Page is only posting in public, you could use an App Access Token
If your Page also contains non-public Posts, you should use a Page Access Token
See https://developers.facebook.com/docs/graph-api/reference/v2.0/page/feed/#readperms
An access token is required to view publicly shared posts.
A user access token is required to retrieve posts visible to that person.
A page access token is required to retrieve any other posts.
An App Access Token will not expire unless you change your App secret, a Page Access Token will expire the latest 60 days after issuing.
You should consider to wrap this in an own webservice, so that you don't have to hard-code an Access Token into your App. With an own webservice, you could encapsulate the Access Token validity issues.
I recommend their graph api for such tasks
Using it I have successfully retrieved page level data using Facebook graph api(REST)
using an app token(public posts)
user token(posts visible to that user) or
page token(all posts in page)
App token is obtained by default on creation of your Facebook app(easiest way)
User token is obtained on a user oauth login(needs oauth,can be done with oauth libraries)
Page token is obtained with a second call to Facebook, after obtaining the user token if you have manage_pages permission from the page admin (needs oauth and a second call to Facebook)
Try Facebook graph explorer and hit the page URL to get a json response of your page information.
Play with the graph explorer
https://developers.facebook.com/tools/explorer/
Page data reference
https://developers.facebook.com/docs/graph-api/reference/v2.0/page/
Access token reference
https://developers.facebook.com/docs/facebook-login/access-tokens
I've been struggling through Facebook authentication for a canvas app for a while. My approach is as follows:
Check the user's session for an access token.
Check the user's Facebook cookies for an access token.
Check the parameters for a signed_request.
If an access token is found during any of those 3 steps:
I make a call to the graph API requesting the /me resource.
If the call is successful, the user is logged in.
If the call fails (causes an OAuthException), I request a new access token by redirecting the user to the Facebook OAuth endpoint to obtain a code, then obtaining a fresh access token by exchanging that code.
If no access token is found in the session, cookies, or signed_request, I display a landing page.
Is this the correct procedure? I've noticed that oftentimes there is no signed_request present in the parameters if the user's access token has expired. The method Facebook endorses for requesting a fresh access token results in 2 user-facing redirects as well as an API exchange, which seems a bit heavy.
The setup I'm working in is:
Rails v3.0.8
Koala gem v1.2.1
I've followed these guides:
https://github.com/arsduo/koala/wiki/OAuth
https://github.com/arsduo/koala/wiki/Koala-on-Rails
https://developers.facebook.com/blog/post/500/
Have you considered using Omniauth? (https://github.com/intridea/omniauth) It wraps up all this stuff and lets you easily extend to other sites as well.