.NET core External Authentication - Get extra info from Twitter - asp.net-mvc

I have successfully implemented the Twitter Authentication in my .net core project. in the ExternalLoginCallback (Account Controller), I am receiving the access_token and access_token_secret after successful authentication with twitter.
How am I meant to use those to call the twitter REST API in order to receive further information about the user?
It looks like the API needs different keys for the authorisation.. See here:
Authorization:
OAuth oauth_consumer_key="xxxxxxxxxxx",
oauth_signature_method="HMAC-SHA1",oauth_timestamp="xxxxxxxxxxx",
oauth_nonce="xxxxxxxxxxx",
oauth_version="1.0",oauth_token="xxxxxxxxxxx-xxxxxxxxxxx",
oauth_signature="xxxxxxxxxxx"
I have replaced all values with xxxx..
Hope you can provide me with the missing puzzle piece!
Thanks, Nik

It looks like you're building the autorization string property.
The last step is to send the request to the Twitter endpoint, setting the value of the header to your authorization string.
https://dev.twitter.com/oauth/overview/authorizing-requests

Related

How to authorize correctly with Trello via OAuth?

I am trying to Authorize via OAuth with Trello and I can't seem to get it right, even in postman.
I have followed their API docs and have got myself a developer key and I have used a little link they have in this article to get a valid auth token.
I tried including the API key and Auth token in the header and (in a separate test) in the body, as per their documentation.
Everything I try results in "unauthorized permission requested".
What am I doing wrong?
Ok so I had obviously made a mistake when trying the Header route.
It works now if I provide a header key called Authorization and the API key and Auth Token in the following format OAuth oauth_consumer_key="{{apiKey}}", oauth_token="{{apiToken}}".

Bad Request while authenication in bot sdk4 using own generic oauth 2 connection string

We have used our own generic oauth 2 authentication for verifying user.
After clicking sign in its redecting to login page(bot popup) but while returning to bot its always giving Bad Request.
Sending request from bot to application(post):-
client_id=12352&response_type=code&redirect_uri=https://token.botframework.com/.auth/web/redirect&scope=&state=ccd1dcf683044447a1fed78ed6828ba1
Returning request from application to bot(get):-
https://token.botframework.com/.auth/web/redirectcode=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy93cy8yMDA1LzA1L2lkZW50aXR5L2NsYWltcy9uYW1lIjoiYW5qaTU0MyIsIm5iZiI6MTU0Mzg5OTEzNiwiZXhwIjoyNTM0MDIyODEwMDAsImlzcyI6IkNTUEwiLCJhdWQiOiJFdmVyeW9uZSJ9.mLEbu06qlBsLY6hODY-YtmPNU2EaAfdFF0PPlHMKgb8enter image description here&state=ccd1dcf683044447a1fed78ed6828ba1
There's something wrong with the authorization/Token/Refresh URLs you're calling for your token.
I set up a generic OAuth 2 using imgur for the authentication and it works as expected.

Instagram API: do scopes work with OAuth2 implicit authentication flow?

I'm making requests against the Instagram API from a mobile app. Currently, I'm just directing the user to the Instagram auth url and specifying the response type to be "access_token". Specifying this response_type is known as implicit auth.
Explicit auth: response_type=code
Implicit auth: response_type=access_token
I'm trying to get around needing to stand up a web service to facilitate explicit auth. This would be necessary because in explicit auth flow, the Instagram API needs to make a call to a redirect URL and pass in a "code" parameter. The code would then be used by my server-side code to make a final request to Instagram for an access token.
It's much more efficient for a mobile app to use implicit flow because no extra privately-maintained auth service needs to be stood up to handle it.
Instagram supports the following scopes:
basic - to read any and all data related to a user (e.g.
following/followed-by lists, photos, etc.) (granted by default)
comments - to create or delete comments on a user’s behalf
relationships - to follow and unfollow users on a user’s behalf
likes - to like and unlike items on a user’s behalf
When I make any other type of scope specification besides "basic", I get the following response when the user provides the credentials at the auth URL:
{"code": 400, "error_type": "OAuthException", "error_message": "Invalid scope field(s): basic+likes"}
Any combination of scopes other than "basic" gives the same response.
So, my question are these:
Is explicit auth required in order to specify scopes beyond "basic"??
Do I need to specify response_type=code in order for extended scopes to work?
Is this an Instagram limitation, or is it a limitation of OAuth 2.0?
Thanks in advance.
I just tried with implicit oauth flow with my client_id and scope=basic+likes and it worked. Replace the url below with your client_id and redirect_uri, and try.
https://instagram.com/oauth/authorize/?client_id=CLIENT_ID&redirect_uri=REDIRECT-URI&response_type=token&scope=basic+likes
May be Instagram is not allowing scope other than basic with new client accounts...
The answer here is that YES, scopes can be requested by implicit auth flow just fine. My problem was related to an OAuth component that I was using. The component was silently URL-encoding the value of the scope param, which was rejected by the Instagram auth endpoint. I updated the component (Xamarin.Auth) to accomodate a non-encoded scope param and issued a pull request.
Thanks to #krisak for providing a working URL that I could test.
So I had similar issues regarding the encoding of the + when trying to get permission for multiple scopes (basic, likes, comments). The solution I found was to use spaces between the individual scopes:
In the config/initializers/omniauth.rb file:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :instagram, 'TOKEN', 'SECRETKEY' , {:scope => "basic likes comments"}
end
Unfortunately starting from April 14th 2015 new clients cannot get access for any scope but basic. Official message could be found at the client configuration page:
Starting April 14th 2015, new clients need to request access to be able to post likes, follows, and comments. For more information please read the Developer Blog at http://developers.instagram.com.
The message refers following blog entry: http://developers.instagram.com/post/116410697261/publishing-guidelines-and-signed-requests
Instagram requires personal request to be sent to enable scopes for your application (client ID), but your app has to meet certain conditions described in the blog entry.
i have the same problem i found this solution and works fine
Go to Manage clients under instagram/developer. Then click edit under your app and uncheck Disable Implicit OAuth. It will now work as intended.
Instragram changed this for a reason though, so should probably think twice before going public with your app: http://instagram.com/developer/restrict-api-requests/
At this time, May 2015, YES.
As explained on instagram documentation about authentication:
The Instagram API uses the OAuth 2.0 protocol for simple, but
effective authentication and authorization. OAuth 2.0 is much easier
to use than previous schemes and developers can start using the
Instagram API almost immediately. The one thing to keep in mind is
that all requests to the API must be made over SSL (https:// not
http://).
You first need to register your app here and then, with CLIENT ID provided by instagram, you can do this request:
https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=code
Where you have to put your client_id and redirect_uri.
Just for information, in redirect_uri field you can insert also
http://localhost
you must be add "+" between scopes like that is "basic+comments+follower_list+likes+public_content+relationships"

Twitter API 1.1: Getting friends list from twitter

How can I get all followers(friends) of a user who is authenticated by my twitter app. I had tried below one as per twitter docs
https://api.twitter.com/1.1/friends/ids.json?cursor=-1&screen_name=<user_screen_name>
But the result was:
{"errors":[{"message":"Bad Authentication data","code":215}]}
Your call needs to be made with oAuth, a plain URL call won't work, even if the screen name has authorised your Twitter app.
You need to construct an HTTP GET to the URL you have shown, but with a properly formed authorisation header (oAuth).
It is effectively a web request header with a key of "Authorization" and a generated value which looks like this:
OAuth realm="<name of realm, e.g. Twitter API>",
oauth_consumer_key="<your app key, you'll know this already from your twitter app>",
oauth_nonce="<this is basically a random alphanumeric string which your app should generate>",
oauth_timestamp="<number of seconds since 1/1/1970 00:00:00",
oauth_signature_method="HMAC-SHA1",
oauth_version="1.0",
oauth_signature="<this is the trickiest part, you basically have to hash the request + two secret params through a signing algorithm using the signature method above>"
See here for more info:
https://dev.twitter.com/docs/auth/authorizing-request

How to actually use Twitter provider in Kohana?

There are no clear docs or anything. shadowhand's demo repo is broken. How to actually use Twitter Oauth provider in Kohana 3.0?
It's a bit complicated, but the steps basically are:
Build an OAuth_Consumer
Build a OAuth_Provider (twitter)
Get a request token
Redirect them to the authorize_url
Get the callback
Exchange the request token for an access token
Make API calls
Here's an example controller that does all of that: https://gist.github.com/1267793

Resources