What is Facebook callback_url and how to use it in rails? - ruby-on-rails

I am using the Facebook Graph API in my rails projects, no matter I use oauth2 gem or koala, It need callback_url
Oauth2
token = client.auth_code.get_token('code_value', :redirect_uri => 'http://localhost:8080/oauth/callback')
Koala
#oauth = Koala::Facebook::OAuth.new(app_id, app_secret, callback_url)
I try to use http://localhost:3000/callback in my project, but it's not working.
Should I develop a routes for that?
like: get 'callback' => 'oauth#callback'?
What should I write in the callback method in OauthController, what does it use for? Thanks

Yes, you should.
Basically, OAuth uses callback data to provide tokens for authenticating users.
For example
user clicks on "sign in" (or whatever) link and your app redirects they to the OAuth provider (or open it in the iframe).
user permits to your app to use they profile details
OAuth provider send callback to your app with unique code
app uses that code to get secure access token for API communications
That's just a basic example.
In your case you need to implement controller that will parse callback data.
Here is the code example
#oauth = Koala::Facebook::OAuth.new(api_key, app_secret, callback_url)
=> #<Koala::Facebook::OAuth:0x007fc919d014e0 #app_id=1234567890, #app_secret="FaKeAppSecretKey", #oauth_callback_url="http://localhost:3000/callback">
#oauth.url_for_oauth_code
=> "https://www.facebook.com/dialog/oauth?client_id=893637180663238&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback"
And when you go to https://www.facebook.com/dialog/oauth?client_id=893637180663238&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fcallback FB will redirect you to
http://localhost:3000/callback?code=CODE_FROM_CALLBACK
Then you should use implement controller that uses code to get access token
access_token = #oauth.get_access_token(params[:code])
=> "ACCESS_TOKEN"
#graph = Koala::Facebook::API.new(access_token)
=> #<Koala::Facebook::API:0x007fc91a903ae0 #access_token="ACCESS_TOKEN", #app_secret=nil>
profile = #graph.get_object("me")
=> {"id"=>"4492344324865", "email"=>"my_fake_email_address#gmail.com", "first_name"=>"Roman", "gender"=>"male", "last_name"=>"Sotnikov", "link"=>"https://www.facebook.com/app_scoped_user_id/4492344324865/", "locale"=>"en_US", "name"=>"Roman Sotnikov", "timezone"=>6, "updated_time"=>"2015-05-18T05:19:54+0000", "verified"=>true}
Please check https://github.com/arsduo/koala/wiki/OAuth for additional info.

Callback Url is yours applications url -- a GET route -- you want the third party application to redirect to, after its done its work.
So in your routes.rb file simply create a get route
get 'facebook_graph_callback', to: 'controller_name#action'
#A get route which is connected to a controller action
Usually the third party will give you some sort of information back. Quite often its some sort of code. In your controller action you can use find them in params hash.

Related

Where I can take correct API token for requests to Trello behalf on user (ruby-trello)

I am using Ruby on Rails 5.2 and gems: ruby-trello, devise, omniauth-trello.
I want to make authorized requests on behalf of Trello user same as shows here: https://github.com/jeremytregunna/ruby-trello#multiple-users
Example from git docs:
#client_bob = Trello::Client.new(
:consumer_key => YOUR_CONSUMER_KEY,
:consumer_secret => YOUR_CONSUMER_SECRET,
:oauth_token => "Bob's access token",
:oauth_token_secret => "Bob's access secret"
)
My steps:
User (Bob) sign in with Trello and get his own oauth_secret and oauth_token
App creates a Trello::Client for Bob using:
his own oauth data (:oauth_token, :oauth_token_secret)
I got consumer_key from here: https://trello.com/app-key (in the top of page, first block with key field)
consumer_secret was taken from https://trello.com/app-key too, but from the bottom of page, last block with key secret
After this, I'm trying to get any data from Bob's trello account (boards, lists, tasks etc.) but always getting 500 error (invalid token).
Could you explain what I'm doing wrong?
Thank you in advance.
What I did was implementing a session controller to request and authorize access to user's trello and then call Trello::Client with the authorization params inside the callback method on the controller.
Check out this:Trello OAuth 1.0 authorization with Ruby
Then inside the authorization method you can call Trello::Client using :oauth_token and :oauth_token_secret from get_access_token call or store them both on the session object and use them anywhere.

Facebook app: within Canvas, Facebook treats GETs as POSTs?

In my Rails FB app, when running in the canvas, if I go to "/users", instead of GETting the index page, it POSTs and creates a new user.
That only happens when I try to access the URL directly. When I use the "List of users" link on the app, it works as expected.
Why is that?
that's just how FB does it. They post data with each query as well.
Facebook sends everything as POST which brakes RESTful routes. There is a way to fix it though. If incoming POST request contains signed_request parameter you can assume it was converted from GET to POST by Facebook.
Rack::Facebook::MethodFix middleware fixes the problem automagically. You can use it with something like:
# Basic usage
use Rack::Facebook::MethodFix
# Also validate signed_request
use Rack::Facebook::MethodFix, :secret_id => "c561df165eacdd6e32672c9eaee10318"
# Do not apply request method fix to admin urls.
use Rack::Facebook::MethodFix, :exclude => proc { |env| env["PATH_INFO"].match(/^\/admin/) }
or if you are using Rails then
config.middleware.use Rack::Facebook::MethodFix

Using user's token to make requests to Twitter API in Rails

I'm using Omniauth to get credentials from Twitter for a specific User. Part of the OmniAuth object that I get is like this:
credentials=#
<Hashie::Mash secret="XXXX" token="XXXX">
extra=#<Hashie::Mash access_token=#<OAuth::AccessToken:xxxx #token="xxxx", #secret="xxxxx", ..
Right now I'm storing the credentials[token] and the UID for that specific User. At some point I want to fetch the Twitter API using the auth for that specific User to avoid getting the 150 max requests for a specific IP. Right now I'm just doing this:
twitter_user_name = Twitter.user(user_id).screen_name
So, how can I do to make those requests using the Twitter gem using the auth provided by OmniAuth instead of doing requests from my own IP (unauthenticated calls and therefore limited)
After playing with the gem, I've figured how to do it:
You want to create a new API object for a specific User, so you want to do this:
client = Twitter::Client.new(:oauth_token => 'XXXXX', :oauth_token_secret => 'XXXX')
And use this client to do the requests.

get client_id from foursquare by OAuth2 gem

I am trying to get a user venue history from foursquare. I know first of all a user should access to my application. I am using OAuth2 gem. How can I get client_id of the user?
cli = OAuth2::Client.new('CLIENT_ID', :authorize_url => "/oauth2/authorize", :token_url => "/oauth2/access_token", :site => 'https://foursquare.com')
ok, I am just editing my question. I understood why client_id has to be used (thanks to Martin and umesh awasthi). I am asking about why I can't get token of a user? my whole code is;
cli = OAuth2::Client.new(client_id, client_secret, :authorize_url => "/oauth2/authorize", :token_url => "/oauth2/access_token", :site => 'https://foursquare.com')
cli.auth_code.authorize_url(:redirect_uri => "http://localhost:3000")
token = cli.auth_code.get_token('authorization_code_value', :redirect_uri => "http://localhost:3000/person/index")
response = token.get('api/resource', :params => {'query_foo' => 'bar'})
response.class.name
See the answer of Martin client id is a unique id associated with your application.All OAuth service provider need this client id to identity yourself.
I suggest you to first go through some basic understanding of OAuth as this protocol work on 2 major things
1. Client_id: this is a unique id assigned to your application you
create on any Oauth service provider or when you register you application.
2. Secret_key:This is another part of Oauth communication which use to
Authenticate the consumer i.e you application.
Though some Oauth system like Google provides Anonymous calling but that never being encouraged at all.
So whatever OAuth service you are using, you need to register your application with them and get client_key and secret which should be the part of every communication you making with OAuth
here is the quick steps taken from forsquare website
Redirect users who wish to authenticate to
https://foursquare.com/oauth2/authenticate
?client_id=YOUR_CLIENT_ID
&response_type=code
&redirect_uri=YOUR_REGISTERED_REDIRECT_URI
If a user accepts, they will be redirected back to
https://YOUR_REGISTERED_REDIRECT_URI/?code=CODE
once user authorize you OAuth will redirect back with the code which you need to pass them again to get access token
Your server will make a request for
https://foursquare.com/oauth2/access_token
?client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&grant_type=authorization_code
&redirect_uri=YOUR_REGISTERED_REDIRECT_URI
&code=CODE
The response will be JSON
{ access_token: ACCESS_TOKEN }
Save this access token for this user in your database.Hope this swill help you
The client_id is the client_id for your application, which you get when you register an app here. It is not associated with a particular user, but with your application.

Using fb_graph to post to Facebook fan page from Rails 3

I hear that fb_graph is the way to go and I already have my app registered with Facebook but I don't know how to get the access token to post things. I have my app ID and secret but I need to get that access token. All I'm trying to do is post to a Facebook fan page (as the page).
How do I get the access token?
Get the user:
user = FbGraph::User.me(access_token)
user.fetch
To see the users accounts details:
user.accounts
Select the Facebook page that you want to post to:
account = user.accounts.select {|account| account if account.name == "*Your Page Name*"}.first
(account.access_token => the pages access token)
(account.identifier => page id)
Create new page instance:
page = FbGraph::Page.new(account.identifier)
Post to the page:
note = page.note!(:access_token => account.access_token, :subject => "Hello World", :message => "hey, this is a test from rails")
The step-by-step procedure for access token with Oauth 2.0 is found here: http://developers.facebook.com/docs/authentication/. If you require a sample code in Ruby, create a new app and under "Hosting URL", click on "get one" and select Ruby programming language when prompted. It also contains code to pull from Graph API.
I highly highly recommend the new gem Koala for working with facebook.
If you do a call to https://graph.facebook.com/me/accounts
and pass in your access_token it will return data listing all the pages you have access to and the access_tokens needed to post to those walls.#
You get your access token by logging in and the access token is passed back by the login process.

Resources