I need to create a slack token that would last for a very long period but all i can find are the test tokens and i don't know how to they even last for i tried to search in their documentation but all i could find were the bot tokens and test tokens, your help is very much appreciated, I used facebook's API and they got a way to generate a never expiring token is that available in slack?
As far as I know all of the tokens you can generate (and also those you receive when a team installs your app via OAuth) do not have an expiry date.
They are active for an indefinite amount of time.
You should be able to use them however long you want.
Related
Do we get token on creating seller account on eBay or we have to generate it manually through developer login.I'm really stuck with this problem.Please help if anyone knows!!
The relevant documentation is here but I'll sum it up:
You need an eBay user account. (The term "seller account" means "user account that happens to sell things", which is useful for people who have two accounts and only sell with one of them.)
You also need a developer account.
Using your developer account, you write a program that prompts a user to sign in and request an access token with permissions you specify.
This prompts eBay to send a token to your program, which expires in 2 hours. Just enough time for your program to do all the eBay tasks it needs to do.
If 2 hours isn't long enough, there is a way of using the first token to create more tokens, but you still need the user to sign in once every 18 months to keep your program running.
There is no way to gain indefinite access. Sorry.
I am using the Authy API for TOTP authentication. Many users prefer to use google authenticator and don't want to download the Authy app. So I am using the authy API as mentioned here to get the QR code for Google Authenticator (https://www.twilio.com/docs/authy/api/one-time-passwords#other-authenticator-apps).
One security issue I see here is that users might want to change their authenticator secret time to time and twilio doesn't have a direct API to renew the secret. Is there a way to achieve that outcome?
One solution I can think of is to delete the use and create a new one but I am hoping to find a better option.
Twilio developer evangelist here.
Every time you make a request to the API to generate a new secret and QR code the old one is invalidated. So to update a user's secret, just request the same API again.
This does seem like an edge case though, I might suggest that you wait for a user to request this rather than build a feature you don't necessarily need.
If you are looking for automated token management, then using the Authy app and Authy generated tokens is the best option. Because the app and the API work together, tokens can be rolled automatically by Authy without the user having to worry.
Edit
We have added the following to the documentation to clarify this for the future:
Note, each QR code request will generate a unique TOTP seed. As such, you can only have a single active QR code per user per protected site. Requesting an additional QR code for a user will invalidate the previous secret and generate a new QR code.
Our application can show rich links to webpages. So instead of a mere weblink we show a short summary and a picture. We used to use embed.ly's extract api to supply us with this data, but since they have changed their terms and pricing we have implemented an alternative solution.
The problem we find is that linkedin profile urls cannot be assessed by our new solution. Embedly was able to give us all the details we needed from a linkedin profile url (including the user's picture), but we don't seem to have access to that information without going through linkedin's API.
This call gives us all the data we are looking for:
GET https://api.linkedin.com/v1/people/url=[PROFILE_URL]:(id,email-address,first-name,last-name,headline,summary,formatted-name,picture-url,picture-urls::(original),site-standard-profile-request,public-profile-url)?format=json&oauth2_access_token=[TOKEN]
Where [PROFILE_URL] is a linked in profile url and [TOKEN] is the oauth2 access token.
There are two issues that I have:
Our application does not ask users to authenticate through linkedin, so we do not have a user oauth2 access token available;
Linkedin's suggestion in their FAQ (https://developer.linkedin.com/support/faq) seems very daft:
Can I get an access token for my application that doesn't require a member to login?
We do not provide access tokens for applications that are not associated with a particular LinkedIn member.
If your application requires you to make API calls in an automated way - without user interaction, you need to bootstrap the first access token request by manually signing in, and then ensure that your application refreshes the token automatically prior to expiry to avoid the need for additional human authentication.
Now... four questions:
a. Has anyone implemented option [2] in a production setting?
b. If yes, what are the limitations, downsides etc. Is this really the best and safest solution?
c. Is there any alternative that allows me to authenticate the application itself with its mighty client key and client secret?
d. Is there anyone from linkedin monitoring this? If yes, can you contact me?
Cheers, Raymond
I am currently developing an app that's going to show a Facebook page's events in one tab. Now I'm struggling with facebook's graph API and I think I just need some more explanation about how the whole thing is meant to be.
I registered an app and got my app id, app secret and an access token. Generally it works by using my app id and the access token. But from what I've read there are two drawbacks with that.
The token expires.
There seems to be only one token at a time.
If the token expires I need to re-authenticate my app whenever the session is not valid any more. But - what's the correct way to do that? Is it by sending the request method by adding my data to the params dictionary?
And if there can only be one app access token at a time, will it result in conflicts when multiple clients are going to connect?
I want my app to just read public data, so authenticating a user is a no-go, as its simply not needed (I hope). But the more I think about it the more I think that using an app's token is not the correct way either.
How is this generally achieved? Do I need a wrapper web app to implement reading public event data?
Thanks for your help
Arne
I've never had a problem using one app token with multiple users.
As for expiring tokens, you can request a generic token, which should be sufficient for retrieving public data, by sending a GET request to:
https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&grant_type=client_credentials
I have a j2me project on blackberry that needs to connect to twitter. I did most of the hard stuff already, I've got an api that guided me through to the access token pretty easily. Now I can't seem to get the authentication to work with a status update in REST.
I know my tokens are valid because if I run a GET method like verify credentials, it's fine, everything is valid. But POST messages are just confusing me. Am I supposed to pass in a whole consumer key, signature, oauth version, etc every time I update a status? Or do I just pass the access token? Are they all supposed to be POST variables or just the ones specified in the twitter api as parameters. The twitter api documentation has left me completely lost.
If someone had a link to a site that had examples of all of these messages put into plain text NOT in an library as 99% of tutorials for this situation are, it would be really helpful.