"Invalid OAuth access token" when using valid token - oauth

When trying to use the Deezer JS SDK to access /user/me, I keep getting error code 300 (Invalid OAuth access token). My code is mostly copied from the examples so I can't figure out why this would be happening. I've tried manually specifying the token in the API call, and directly accessing the API via HTTP and haven't gotten past the Invalid Access Token error. What am I doing wrong?
index.html:
<!doctype html>
<html>
<body>
<div id="dz-root"></div>
Login
Get Login Status
Me
<script type="text/javascript" src="http://cdn-files.deezer.com/js/min/dz.js"></script>
<script src="js/index.js"></script>
</body>
</html>
index.js:
DZ.init({
appId: "253122",
channelUrl: "http://mopho.local/deezer-channel.html",
});
document.getElementById("dtest").addEventListener("click", () => {
DZ.login(function(response) {
console.log("1",response);
}, {perms: 'basic_access,email'});
});
document.getElementById("lstat").addEventListener("click", () => {
DZ.getLoginStatus(function(response) {
console.log(response);
});
});
document.getElementById("getme").addEventListener("click", () => {
DZ.api('/user/me',
function(response) {
console.log("2",response);
}
);
});
deezer-channel.html:
<script src="http://cdn-files.deezer.com/js/min/dz.js"></script>
mopho.local is configured in my hosts file + nginx to point to 127.0.0.1.
My Deezer app has the following configuration:
Application domain: mopho.local
Redirect URL after authentication: http://mopho.local

This turned out to be a permissions issue. I changed the permissions to "basic_access,email,offline_access,manage_library,manage_community,delete_library,listening_history" and it worked. I'm not sure which of the returned data points were associated with which permissions, but my guess is that some of the permissions were changed on the back end and the examples in the docs haven't caught up.

Related

How can I get the authorization token from localhost (ie without redirect_url)?

Let's say I want to obtain an authorization token from google via javascript/python/anything on localhost. How can I do that? After sending a authorization request on "https://accounts.google.com/o/oauth2/auth?..." user has to allow it, but there is no way my script obtained the token back (since google cannot redirect to localhost). Or is it?
I have been dealing with OAuth for the last couple of days, and I'm not sure I 100% understand it...but I will try to relay what I have learned.
Here is the code I used to ask a question earlier this week...
index.html
<!doctype html>
<html>
<head>
</head>
<body>
<p>Tripping all day...</p>
<p id="output"></p>
<script src="auth.js"></script>
<script type="text/javascript">
function init() {
console.log('init');
checkAuth();
}
</script>
<script src="https://apis.google.com/js/client.js?onload=init"> </script>
<script>
document.getElementById("output").innerHTML = "Coooooorrrrrraaaaalll";
</script>
</body>
</html>
auth.js
var CLIENT_ID = 'xxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com';
var SCOPES = 'email';
function handleAuth(authResult) {
console.log('handle auth');
console.log(authResult);
}
function checkAuth() {
console.log('check auth');
gapi.auth.authorize({client_id: CLIENT_ID, scope: SCOPES, immediate: false, cookie_policy: 'single_host_origin'}, handleAuth);
}
This uses the Gapi javascript client Google provides. When I call gapi.auth.authorize and give it my Client ID I set up in the Developer Console, it shows me the Google account authorization popup, and then I believe that the Gapi object has a method that adds the OAuth token to the Gapi object itself. I didn't include a redirect URI when I set up my credentials, by the way.
After I got the authorize call working, I could then call oauth2.userinfo.get() to get my token to use with their APIs.
var request = gapi.client.oauth2.userinfo.get();
As for the locahost, I used just the IP address of my development server which doesn't have a top level domain attached to it. Localhost may work the same way?

Cannot login to yammer using yam.connect.logonButton in IE11

Trying to login using yam.connect.loginButton, works fine on firefox and chrome but not on IE (I am using IE11). The response has an auth but no user object. Or sometimes the popup window doesn't close and the callback is never called. Code I used is below:
<html>
<head>
<script id="yammer-js-include" data-app-id="APP-CLIENT-ID-GOES-HERE" src="https://assets.yammer.com/assets/platform_js_sdk.js"></script>
</head>
<body>
<span id="yammer-login"></span>
<script>
yam.connect.loginButton('#yammer-login',
function (response) {
console.dir(response);
document.getElementById('yammer-login').innerHTML = 'user ' + (typeof response.user !== 'undefined' ? 'exists in response' : 'is missing!');
}
);
</script>
</body>
</html>
You mention that was the code you used, but did you replace the data-app-id with the one provided from your app on https://yammer.com/client_applications ?
Assuming yes, a lot of people run in to problems with IE and not having Yammer urls added to Trusted Sites in IE. If you can add more logs from your console output that it would help.
You can read more about what to include in your Trusted Sites here:
http://developer.yammer.com/connect/#IETrustedSites
When I add the host of where my app was running also in the Trusted Sites, it worked.
http://kendomen.wordpress.com/2014/11/06/yammer-authentication-with-javascript-and-yammer-sdk/

Google Chrome Extension with OAuth

I am trying to integrate OAuth with my chrome extension. I am following the tutorial by google: https://developer.chrome.com/extensions/tut_oauth.html
I create ExOauth from the background.js (defined by me and it is loaded by background.html).
var oauth = ChromeExOAuth.initBackgroundPage({
'request_url': 'https://www.google.com/accounts/OAuthGetRequestToken',
'authorize_url': 'https://www.google.com/accounts/OAuthAuthorizeToken',
'access_url': 'https://www.google.com/accounts/OAuthGetAccessToken',
'consumer_key': 'anonymous',
'consumer_secret': 'anonymous',
'scope': 'https://docs.google.com/feeds/',
'app_name': Test app'
});
oauth.authorize(onAuthorized);
Here is the OnAuthorized method:
onAuthorized = function () {
// Start my application logic.
};
Am I missing something here? When I load the extension, it opens up several "Redirecting...." tabs.
The tutorial seems to be missing one file. If you open chrome_ex_oauth.html, you'll see that it tries to load 3 js files:
<script type="text/javascript" src="chrome_ex_oauthsimple.js"></script>
<script type="text/javascript" src="chrome_ex_oauth.js"></script>
<script type="text/javascript" src="onload.js"></script>
The onload.js file is not provided. The OAuth contacts example provides such a file, with the following content:
window.onload = function() {
ChromeExOAuth.initCallbackPage();
}
After adding this file, it seems to work just fine.
I know the Question is a bit older but i had the same Problem.
I made the mistake that i want to authenticate two oauth endpoint and call both times the ChromeExOAuth.initBackgroundPage({})
Obviously that's wrong cause i dont want to init my background page twice.
Maybe using the ..._oauthsimple.js will fix that

MVC App is no longer logging in through Facebook

I have been developing an app using the Facebook add ons to enable Facebook users to log in and the app to access details such as profile pictures.
Yesterday the app was working perfectly and my development was continuing as normal.
This morning I tried to log in to check how far I'd got and was confronted with an Access Token error message.
Individual Partial Views would load up okay, but the site as a whole would not. On further investigation I found that the log in screen was assigning a new Access Token, but by the time the site tried to bring up the Master Page the token was null.
My log in is as follows :-
<html>
<head>
<title>Log On</title>
</head>
<body>
<div id="fb-root"></div>
<script type="text/javascript">
window.fbAsyncInit = function() {
FB.init({
appId : '***app no***',
status : true,
cookie : true,
xfbml : true,
oauth : true
});
FB.Event.subscribe('auth.login', function () {
window.location.reload();
});
};
(function(d){
var js, id = 'facebook-jssdk'; if (d.getElementById(id)) {return;}
js = d.createElement('script'); js.id = id; js.async = true;
js.src = "//connect.facebook.net/en_US/all.js";
d.getElementsByTagName('head')[0].appendChild(js);
}(document));
</script>
<div class="fb-login-button" data-scope="email">
Login with Facebook
</div>
</body>
</html>
This is frying my head.
The error that is returned is (OAuthException) An active access token must be used to query information about the current user.
Hope this is enough information for someone to find a solution.
Many thanks
You have not set the channel url i.e you website path(that can be localhost or server domain)
<script type="text/javascript">
window.fbAsyncInit = function() {
FB.init({
appId : '***app no***',
channelUrl : '//WWW.YOUR_DOMAIN.COM/channel.html', // Channel File for x-domain communication
status : true,
cookie : true,
xfbml : true,
oauth : true
});
Also you have to set your url path in developer.facebook.com from where you got your app-id.....
Okay, found some information suggesting that changes to the Facebook SDK made at the start of December will be what caused my problems. On the advice given I ran the reference updates on the Facebook references in my project. This has removed the facebookSettings line from the Web.config and the following error message now appears six times in the warnings box.
Reference to type 'Facebook.IFacebookApplication' claims it is defined
in '\packages\Facebook.6.1.4\lib\net40-client\Facebook.dll', but it
could not be
found \packages\FacebookWeb.5.4.1.0\lib\net40\Facebook.Web.dll
and the following error is produced on trying to run the program
Exception Details: System.TypeLoadException: Could not load type
'Facebook.FacebookApplication' from assembly 'Facebook,
Version=6.0.10.0, Culture=neutral, PublicKeyToken=58cb4f2111d1e6de'.
Source Error:
Line 12: public class HomeController : Controller
Line 13: {
Line 14: FacebookWebContext FBWebContext = new FacebookWebContext();
Line 15: FacebookWebClient FBWebClient = new FacebookWebClient();
Line 16:
I know this is a bit of an old one, but this may help someone else. Found the answer in the end. It was in the controller that I needed the following :-
var client = new FacebookClient(Session["FacebookToken"].ToString());
dynamic me = client.Get("me");
This got an active Token which allowed me to access the info again.

Error "Origin null is not allowed by Access-Control-Allow-Origin" in jsOAuth

I'm trying to use the twitter API with library jsOAuth.
Full html
<div id="message">Loading..</div>
<script src="jsOAuth-1.3.3.min.js" type="text/javascript"></script>
<script src="http://code.jquery.com/jquery-1.7.min.js" type="text/javascript"></script>
<script type="text/javascript">
var oauth = OAuth({
consumerKey: "-MY-KEY-",
consumerSecret: "MY-SECRET"
});
Updated
oauth.get("http://api.twitter.com/1/statuses/home_timeline.json?callback=?", success, failure);
function success(data){
$("#message").html("Sucess: " + data.text);
var timeline = jQuery.parseJSON(data.text);
console.log(timeline);
$.each(timeline, function (element){
console.log(element.text);
});
}
function failure(data) {
console.log("Throw rotten fruit, something failed");
$("#message").html("Error" );
}
</script>
Result
Full image
Questions
What am I doing wrong?
How can I use the twitter API in my PC.
If you can send me I would appreciate any examples.
Thank you all.
What am I doing wrong?
You are trying to make an AJAX request to Twitter. You are violating cross domain access policies - you cannot access data on the Twitter domain.
How can I use the Twitter API on my PC?
Pick one :
Use JSONP
Use a server-side proxy
Store your code on a file:// path, which removes the cross domain restrictions
Change your browser's security settings to allow this kind of access.
I have styled the unlikely ones in italic.
Also, as an experienced Twitter developer, I have one important note to make about your code: you're using Javascript to access the API. While using JS to do that isn't disallowed, using OAuth in javascript is very unsafe and your application will be blocked from the Twitter API if you used this code on a website.

Resources