I'm using Sorcery gem with External submodule. For some reason I'm not getting an email back from Facebook and I'm pretty sure I have things configured correctly. I'm trying to troubleshoot this further but I can't figure out how to read what data IS being returned via oauth to verify where things are breaking down. Where can I pry in and read this info? Thanks!
Here is my sorcery config.
Rails.application.config.sorcery.submodules = [:external]
Rails.application.config.sorcery.configure do |config|
config.external_providers = [:facebook, :google]
config.facebook.key = "#{Rails.application.secrets.sorcery_facebook_key}"
config.facebook.secret = "#{Rails.application.secrets.sorcery_facebook_secret}"
config.facebook.callback_url = "#{Rails.application.secrets.sorcery_facebook_callback_url}"
config.facebook.user_info_path = "me?fields=email,first_name,last_name"
config.facebook.user_info_mapping = {:email => "email"}
config.facebook.access_permissions = ["email"]
config.facebook.scope = "email"
config.facebook.display = "popup"
config.facebook.api_version = "v2.5"
config.user_config do |user|
user.authentications_class = Authentication
end
config.user_class = User
end
Well, technically this answers the question of how to find out what is being returned.
Inside your oauth controller if you call access_token.get('me?fields=email') or whatever fields you're wanting you'll get a response with a URL field set. Copy that URL into a browser and you'll get a JSON list of your data. In my case I get nothing with email but I'm able to return first_name, last_name, name. Not quite sure why I still can't get email, but hopefully this helps somebody troubleshoot in the future.
Another way would be to build the URL yourself if you have the access_token available.
https://graph.facebook.com/me?access_token=<access token goes here>&fields=first_name,last_name,email
Access token is retrievable with #access_token.token from oauth controller.
UPDATE
So silly...I had the config correct, but apparently had never logged out of Facebook since I'd made the proper corrections. Logging out and having oauth connect again seems to have fixed things.
Related
I am trying to use etsy API and validate with oauth gem. I have successfully got a successful token by doing this in the first request url:
scopes = ["email_r", "feedback_r", "listings_r", "transactions_r"]
oauth_consumer = OAuth::Consumer.new(Rails.application.secrets.etsy_api_key,
Rails.application.secrets.etsy_api_secret,
site: "https://openapi.etsy.com/v2"
)
oauth_consumer.options[:request_token_path] = "/oauth/request_token?scope=#{scopes.join('%20')}"
request_token = oauth_consumer.get_request_token(oauth_callback: new_etsy_authentication_url)
redirect_to request_token.params[:login_url]
Then the user passes the etsy validation pages and on callback url I have the following:
current_user.update(etsy_auth: {
oauth_token: params["oauth_token"],
oauth_verifier: params["oauth_verifier"],
oauth_created_at: Time.current.to_i
})
Where I save etsy oauth_token and oauth_verifier successfully.
The problem starts after that. I've tried many things to do a request to user but I always got oauth_token=rejected. Here a sample of what I've done so far:
oauth_consumer = OAuth::Consumer.new(Rails.application.secrets.etsy_api_key,Rails.application.secrets.etsy_api_secret,site: "https://openapi.etsy.com/v2")
access_token = OAuth::AccessToken.new(oauth_consumer, oauth_token: current_user.etsy_auth["oauth_token"], oauth_secret: current_user.etsy_auth["oauth_verifier"])
access_token.request(:get, "/users/__SELF__")
Should I do another request before that, to actually got another temporary oauth_token and oauth_secret?
I've tried doing this:
request_token = oauth_consumer.get_request_token and I got a temporary oauth_token and oauth_token_secret as well oauth_consumer_key (which I am not sure how I should use). I got the temporary tokens and tried many combinations without much success, I am always getting oauth_token=rejected . I've still haven't figured out if and where should I use oauth_consumer_key and if oauth_verifier is actually the oauth_secret.
What am I missing? Any help is appreciated.
I finally managed to find what needed to do. After the initial request to Etsy, I have to store oauth_token and oauth_secret. Then Etsy returns as well the oauth_verifier.
For fetching and doing each request after that, you need to send all three of them to work.
I need to put on a website the complete instagram feed of my customer. I have tried several ways to access to instagram and get the whole feed, but I get some errors.
Using the gem "instagram" (the easiest and simplest method) i got the following error when I try to get the access token.
Instagram::BadRequest: POST https://api.instagram.com/oauth/access_token/: 400: OAuthException: Matching code was not found or was already used.
I tried to follow the indication on the instagram documentation https://www.instagram.com/developer/authentication/ using my browser and I can get the access token, but I am not able to do the http calls manually in ruby.
I need to download all the data and keep it inside my database (as I always done) so I need everything in the controller.
my code is very simple:
accessToken = Instagram.get_access_token(Instagram.client_id, :redirect_uri => CALLBACK_URL)
client = Instagram.client(access_token: accessToken)
response = client.user_recent_media
#other code to cycle inside posts and put everything in db
i'm sure to have included the same redirect_url in my instragram registration app and in my code.
As shown in the sample application in the gem's repo, you will need to call authorize_url first:
Instagram.authorize_url(:redirect_uri => CALLBACK_URL)
and then you will get request on the CALLBACK_URL, where you should have an action with the code that you provided:
response = Instagram.get_access_token(params[:code], :redirect_uri => CALLBACK_URL)
client = Instagram.client(:access_token => response.access_token)
# do stuff with the client
SOLVED!
I have misunderstood the usage of the api.
I got my access token following this https://elfsight.com/blog/2016/05/how-to-get-instagram-access-token/
and i can access my posts using in my model:
access_token = Instagram.access_token
client = Instagram.client(access_token: access_token)
response = client.user_recent_media
and in my config file:
Instagram.configure do |config|
config.client_id = "CLIENT_ID"
config.client_secret = "CLIENT_SECRET"
config.access_token = "ACCESS_TOKEN"
end
thanks a lot for your support
you should get the token when processing the callback in the omniauth.auth hash: request.env['omniauth.auth']['credentials']['token']
Our Rails 3 app uses facebook-omniauth, allowing users to authenticate with facebook.
It'd be nice to use as much of the web based authentication system as possible, so I tried following the answer (the one that hasn't been down-voted) to this SO question but I can't get it to work.
The gist of the answer is:
omniauth-facebook will handle requests to the callback endpoint with an access_token parameter without any trouble. Easy :)
So to test this, in my browser I'm issuing the following request:
/users/auth/facebook_api/callback?access_token=BAAB...
But in my server log, I see:
(facebook) Callback phase initiated.
(facebook) Authentication failure! invalid_credentials: OAuth2::Error, :
{"error":{"message":"Missing authorization code","type":"OAuthException","code":1}}
I can't figure out what I'm doing wrong. Is the fact that I'm trying to do this through the browser to test messing something up? Any other ideas on how I can reuse my www based auth logic for my ios app?
UPDATE:
I'm not sure, but I'm following this guide in order to have multiple facebook omniauth strategies, one for www and another for mobile.
I never found a solution in line with what I was asking originally, but here is how I solved it: Take the access token you get on the iPhone and send it up to your server and perform the login manually.
def facebook_login
graph = Koala::Facebook::API.new(params[:user][:fb_access_token])
profile = graph.get_object('me')
omniauth = build_omniauth_hash(profile)
#user = User.find_or_create_for_facebook_oauth(omniauth)
end
On www we already had a method called find_or_create_for_facebook_oauth, and that took the result from Omniauth and either found the user or created a new one. In order to utilize that method for mobile, I had to build up a similar structure by hand so I could pass it as an argument.
def build_omniauth_hash(profile)
struct = OpenStruct.new
struct.uid = profile['id']
struct.info = OpenStruct.new
struct.info.email = profile['email']
struct.info.image = "http://graph.facebook.com/#{profile['id']}/picture?type=square"
struct.info.first_name = profile['first_name']
struct.info.last_name = profile['last_name']
struct.info.bio = profile['bio']
struct.info.hometown = profile['hometown']['name'] if profile['hometown']
struct.info.location = profile['location']['name'] if profile['location']
struct
end
We have been connecting to Linkedin for awhile now successfully. However, we get some errors from time to time and I'm hoping someone can help shed some light on this. Here's our code:
def linkedin_login
request_token = Linkedin.client.request_token(oauth_callback: "http://#{SITE_URL}/linkedin/auth/")
session[:linkedin_request_token] = request_token.token
session[:linkedin_request_secret] = request_token.secret
redirect_to request_token.authorize_url
end
def linkedin_auth
raise "Don't have proper session or oauth_verifier" if session[:linkedin_request_token].blank? or session[:linkedin_request_secret].blank? or params[:oauth_verifier].blank?
access_token = Linkedin.client.authorize_from_request(session[:linkedin_request_token], session[:linkedin_request_secret], params[:oauth_verifier])
raise "Nil access token" if access_token.blank?
redirect_to linkedin_process_path(token: access_token.first, secret: access_token.second)
end
We're hitting the "raise 'Don't have proper session or oauth_verifier'" more than I would expect. When looking at the ENV for the errors, those people don't have the session values set from the original method. We have before_filters set on the application controller so initialize the session, so I know it's active.
My next thought was whether "request_token" was generating a value request_token, and I've tried many times and they all bring something back. We get many of these a day. After the error, if the user tries again, it works fine, which is why I'm so confused.
any thoughts on what could cause this?
Based on your code, it looks like you're making the request token call every time the user logs into your application. That's not the proper method to authenticate. You really only need to fetch the request token once, then use that to upgrade for an access token (as you're doing in your linkedin_auth method). From there, just save the access token and secret in your DB and fetch it anytime you need to make an API call for that particular user.
Our authentication is described more in detail here: https://developer.linkedin.com/documents/authentication
Also, this is just a personal preference, but I like using the OAuth gem for Rails as opposed to using a LinkedIn wrapper. It's easy to use and light weight.
Just as an example, you could do your auth this way:
require 'oauth'
def auth
api_key = 'XXXXXXXXX'
api_secret = 'XXXXXXXXX'
configuration = { :site => 'https://api.linkedin.com',
:authorize_path => 'https://www.linkedin.com/uas/oauth/authenticate',
:request_token_path => 'https://api.linkedin.com/uas/oauth/requestToken',
:access_token_path => 'https://api.linkedin.com/uas/oauth/accessToken' }
consumer = OAuth::Consumer.new(api_key, api_secret, configuration)
#Request token
request_token = consumer.get_request_token
# Output request URL to console
puts "Please visit this URL: https://api.linkedin.com/uas/oauth/authenticate?oauth_token=" + request_token.token + " in your browser and then input the numerical code you are provided here: "
# Set verifier code
verifier = $stdin.gets.strip
# Retrieve access token object
#access_token = request_token.get_access_token(:oauth_verifier => verifier)
end
You would only need to invoke this method when the user first authorizes your app. Save their access token then use it for subsequent API calls. Note, my example makes use of the console to enter the PIN verifier. In a real world example you'd want to programmatically save the PIN in a session variable or in memory, then use it to get the access token.
I'm setting the oauth_callback URL in the request header, when I do this in Twitter, it works fine and the user is redirected to the callback URL. But using Tumblr's API, the callback URL is ignored and the user is redirected to the default URL. Has anybody else experienced this? Is there anywhere else other than the header that I should be setting this? I tried passing it in as a parameter but that didn't really work either.
Any help would be appreciated.
According to Tumblr's developer blog, this was a bug in Tumblr's API and has been fixed.
Many of you have been dismayed that you could not override the
callback url when a user was attempting to authorize their
application. Good news: we’ve patched the bug that was causing this
particular issue.
Now, you can pass a url with the oauth_callback parameter and we will
redirect the user to that endpoint once you’re done.
Let’s go over a quick example.
When the user is presented with the screen to authorize your app, you
should be able to override your default callback with the
oauth_callback parameter in your url.
http://www.tumblr.com/oauth/authorize?oauth_token=your_token&oauth_callback=http%3A%2F%2Fmysite.com/oauth_callback/testing
The above url will redirect the user to
mysite.com/oauth_callback/testing and let you know if the user has
approved or denied your app.
Update March 14, 2013:
Starting today, Tumblr is no longer respecting the oauth_callback parameter. The blog post that I previously linked to has been deleted. I ended up using a variation of the accepted answer to work around it.
If you are trying a embed userid in callback url then this post can help you.
You can save your oauth token in a session and later on callback you can retrieve user from session.
on token request:
def ask_access
tumblr_consumer = get_consumer
if tumblr_consumer
#1. get a request token
request_token = tumblr_consumer.get_request_token
session[:request_token] = request_token
session[:user_token] = "#{request_token.params[:oauth_token]}_#{current_user.id}"
#2. have the user authorize
redirect_to request_token.authorize_url
else
render :text=> "Failed to acquire request token from Tumblr."
end
end
on call back:
def call_back
if params[:oauth_token] && params[:oauth_verifier]
request_token = session[:request_token]
user_id = session[:user_token].split("_")[1]
user = UserProfile.find user_id
##3. get an access token
access_token = request_token.get_access_token({:oauth_verifier => params[:oauth_verifier]})
user.tumblr_token = access_token.params[:oauth_token]
user.tumblr_secret = access_token.params[:oauth_token_secret]
user.save!
end
end
Tumblr does this (I assume) for security. They require that the callback URL is defined on application registration and they will not let it be overridden during implementation.
The security issue is to make sure that no one can steal your Application Token and try to use it to use your reputation to get access to customer's data. By forcing all callbacks to go to the default URL, they can guarantee that only your application is able get the Access Tokens.
The two ways to handle this are:
1) Have the default URL do a redirect to where you want it to go based on cookie or some other data
2) Have different application tokens for different callback URLs.
I can't respond to Jonathan Tran's answer, since my account is young, but posting the callback URL in the authorization URL no longer works, as he says. I asked on Twitter, and here was John Bunting's response:
https://twitter.com/codingjester/status/313248230987157505
I successfully was able to reroute my callback URL using the following (here in Python), after assigning all the proper keys:
consumer = oauth.Consumer(consumer_key, consumer_secret)
client = oauth.Client(consumer)
resp, content = client.request(request_token_url, "GET")
resp, content = client.request(request_token_url, "POST", body=urllib.urlencode({"oauth_callback": "[your own URL here]"}))
Tumblr implements this behavior differently from Twitter, so the same use of the Ruby OAuth library yields different results.
For your value of #callback_url, this works in Twitter:
#request_token = #oauth.get_request_token({
oauth_callback:#callback_url
})
redirect_to #request_token.authorize_url
But for Tumblr, you will be redirected to your default URL. To specify a different URL, you should do this:
#request_token = #oauth.get_request_token
redirect_to #request_token.authorize_url + '&' + { oauth_callback:#callback_url }.to_query
This is consistent with their documentation/blog post (cited in another answer). I have not checked to see if this is "correct" according to the OAuth 1.0a specification.