I want to download files in the background using NSUrlSessionDownloadTask.
To download I need to perform the following:
Perform a POST to get an auth token
Perform a GET to get a download URL using the auth token in the header. The URL I get back includes a temp token in a query parameter. E.g. https://myserver.com/file1?token=abc
Download from the URL I got in the previous step using NSUrlSessionDownloadTask
The token in the download URLs is valid for 3 hours after which I need to perform the process again and get a new URL with a new token.
I checked out NSUrlSessionDownloadTask and I have several problems:
I see there is support for for cert auth and basic auth challenges but not the the auth scheme I use. So, if the download takes more than 3 hours (e.g. because it was interrupted due to no network), I need to re-auth and get a new download URL. Is there a callback that I can use to do the re-auth stuff?
If I manage to re-auth, then I get a new URL. Can I switch URLs in the middle of the NSUrlSessionDownloadTask? In other words, can I continue a download with a different URL? (it is the same URL but the token in the query string is different).
Related
https://learn.microsoft.com/en-us/onedrive/developer/rest-api/api/permission_delete?view=odsp-graph-online
Note: The #microsoft.graph.downloadUrl value is a short-lived URL and can't be cached. The URL will only be available for a short period of time (1 hour) before it is invalidated.
In the tutorial, the download url expires after an hour. How do I get a permanent download address?
error Message
Sorry, something went wrong
The access token has expired. It's valid from '11/11/2020 1:18:52 AM' and to '11/11/2020 2:18:52 AM'.
"The lifetime of an access token is 1 hour. Have you tried to use the refresh token to obtain a new access token, or customize the lifetime of the access token?"
Please try the same as suggested above by Carl. You need to use the refresh token to obtain a new access token or customize the lifetime of the access token. Here's the document.
Note: The #microsoft.graph.downloadUrl value is a short-lived URL and can't be cached. The URL will only be available for a short period of time (1 hour) before it is invalidated. Removing file permissions for a user may not immediately invalidate the URL.
The workaround was to create a share link for DriveItem and use the WebUrl as the result of the response.
The file was accessed and made available for download through WebUrl.
It seemed that the only way for non-tenant users to access it.
I am building an oauth app to connect to Basecamp 3 API using PHP and following the documentation here.
https://github.com/basecamp/api/blob/master/sections/authentication.md
The request authorization url works fine
https://launchpad.37signals.com/authorization/new
but the token url produces a page not found
https://launchpad.37signals.com/authorization/token
I contacted Basecamp but didn't get a response. They do say they don't prioritize suppose issues with the API because so few of their customers use it.
Any ideas on what the correct url for getting tokens would be?
There are 4 steps:
Step 1: Choose a webhook service or build your own (which certainly takes more time). This will receive the authentication.
Step 2: Register your app within Basecamp. it'll give you the client key and secret key
Step 3: You need to make a GET call to the .../new address. You need to pass on the client key, secret key and redirect url. The API will send an 8-digit number to the Webhook. You need to retrieve that from the webhook.
Step 4: Make the same GET call to the .../token address. You'll pass the key in addition to all previous information in the header. Then you'll receive an access token.
Supposedly with this access token you should be able to activate all other API. I have not figure this part out.
Using Google Cloud Storage, I'd like to pass a client the necessary information to do a resumable upload. Is this possible?
Yes, this is possible.
With a server that has authenticated to the Cloud Storage service and a client it wishes to grant access to, the typical signed URL upload workflow looks like this:
Client requests a signature so it can do a PUT
Your server creates and returns a signed URL using the method described here
Client does a PUT with the returned URL
The resumable workflow looks like this:
Client requests a signature so it can do a PUT
Your server does creates and returns a signed URL using the method described here
Your server makes a POST request to initiate the resumable upload as described here
Your server returns both the URL and the Upload ID to the client
Client does one or more PUTs using the provided URL and Upload ID
I just found this note on the docs here:
Note: If your users are only uploading resources (writing) to an access-controlled bucket, you can use the resumable uploads functionality of Google Cloud Storage, and avoid signing URLs or requiring a Google account. In a resumable upload scenario, your (server-side) code authenticates and initiates an upload to Google Cloud Storage without actually uploading any data. The initiation request returns an upload ID, which can then be used in a client request to upload the data. The client request does not need to be signed because the upload ID, in effect, acts as an authentication token. If you choose this path, be sure to transmit the upload ID over HTTPS.
So basically you don't need a signed url. The upload ID would be enough. The procedure would be as follows:
Client requests an upload so it can do a PUT
Your server makes a POST request to initiate the resumable upload.
Your server returns the upload id to the client.
Client does a PUT to upload the file using the provided upload id.
I'm working with OAuth 2.0 for MVC, found here: http://community.codesmithtools.com/CodeSmith_Community/b/tdupont/archive/2011/03/18/oauth-2-0-for-mvc-two-legged-implementation.aspx
For anyone who's worked with this - I'm confused about the RequestToken. There is a controller implemented that lets you get a request token, which expires in 5 minutes, and you pass that token back in to get an AccessToken. But it never checks the request token for validity - it seems like you can pass in any access token you want to. What is the idea for the RequestToken here - are you supposed to create your own method of storing, referencing, and then deleting that token for those 5 minutes?
Thanks,
Andy
This is all about how OAuth works in conjunction with your application Id, application secret key and valid domains for your application. Here is the process in general
Your application sends a request to the OAuth provider using your application Id and secret along with a callback (return Url).
The OAuth provider gets the request, checks your application Id and secret and validates that the callback url is from a domain that you have specified for your application.
2a. If the callback url is not from a domain that you have specified, then the request is rejected with error.
2b If the callback url is from your domain, it returns a temporary request key to your server.
Given that you received a request key, you send that back to the OAuth provider to get the actual access token for the user.
Now, as to why the request key step is in place, this is to prevent and help protect 'bad people' from attempting to use your application id to falsely authenticate other users. By sending the request token to you (a callback URL that you have approved), the OAuth provider has confidence that the request actually came from your servers.
You most certainly could send any string back instead of the request token, but you would quickly get an error back from the OAuth provider as that request token does not correspond to any existing authentication request from any known application.
Lastly, I am not clear on what you mean by 'validating the request token'? You did not generate the token not probably do not have insight into the algorithm to generate the request token. Given that, I am not sure how you would validate this. If you are concerned about validating the first step, take a look at the Facebook OAuth process. In there, they recommend sending a request key as part of your return Url(as a query string parameter). That request key will come back to your application which you could then use as a validation that, indeed, this is a response to a request that you made. How you store and track that request key is up to you (session, database). In the PHP samples, they use a 'state' variable to track a unique/arbitrary string: Facebook OAuth Server Side Login Example (in PHP)
I'm creating a viewer app for Windows Phone 7. The app already handles the OAuth2 stuff and succesfully browses Google Doc's folder structure.
I use Google Documents List API 3. BTW browsing works perfectly without using request headers, instead I append the access_token to the request Uri.
Now the app needs to show files to the user, if possible without downloading them first. This means that I want to set the UI's Image.Source to the Uri of an image, the UI's MediaElement.Source to the Uri of a video and the BackgroundAudioPlayer.Track.Source to the Uri of an audio file. Obviously I can't use request headers in this scenario.
However it seems that simply appending the access_token to the download Uri doesn't work. The UI elements fail with generic error messages, and if I manually try with a web browser (which isn't logged in to Google) it shows an empty screen, a 401 error or it redirects to Google's login page.
Is it possible to download/stream a Google Data entry just by defining the Uri? If yes, what does the Uri need to look like?
Support for authorization using the access_token URL parameter has not been allowed on purpose for security reasons. Basically if a user would be to open a malicious file on a browser (e.g html containing some Javascript would suffice) the malicious code on the file could steal the access token in the URL and send it to a third party bad guy.
To access the file you need to authorize using "Authorization" HTTP header. Simply add an HTTP header to the request which is like:
Authorization: Bearer access_token_here