I want to provide a "Login with twitter" functionality for my web application.When the user logs in, I want to request him to share specific information about his profile and tweets as I want to read that information and build some recommendations based on that. However, I do not know what all information can be had from this twitter for that user. Can you please point me to some code/docs that help me do this.
Thanks
kabir
<?php
require_once('config.php');
// Get consumer key and consumer secret from config file
// retrieve access token stored in database
require_once('twitteroauth.php');
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, OAUTH_TOKEN, OAUTH_TOKEN_SECRET );
$response = $connection->get('account/verify_credentials');
// This returns an object with the following info (user account info)
// [https://dev.twitter.com/rest/reference/get/account/verify_credentials][1]
$response2 = $connection->get('statuses/home_timeline');
// This returns an object with the following info (user timeline tweets)
//https://dev.twitter.com/rest/reference/get/statuses/home_timeline
?>
Related
I have two related questions and I hope someone help me because I've been stuck for 2 days
First: mobile phone failed to authenticate
Here is what I have done:
1- user signs up
2- token released
3- token saved in user's device
but then when the same user try to do API requests I get
Rooute to sign up :
$api = app('Dingo\Api\Routing\Router');
$api->version('v1', function ($api) {
$api->post('auth/signup', 'App\Api\V1\Controllers\AuthController#signup');
then I get a token , so I guess everything looks great!
then now when the same device sends a post request to laravel I get this message
"message": "Failed to authenticate because of bad credentials or an invalid authorization header."
this is the route to the post request
$api->group(['middleware'=>'api.auth'],
function ($api) {
$api->post('auth/ios', 'App\Api\V1\Controllers\AuthController#create');
Second: is my method right to save data made by a mobile phone?
Since I couldn't test this method I'd like to know if this is at least one of the right ways to receive data and save it. The reason to save it is because I will show it in a control panel.
public function create(Request $request)
{
$user = new User();
$id = Auth::id();
$user->phone = $request->input('phone');
$user->city = $request->input('city');
$user->street = $request->input('street');
$user->save();
return 'Employee record successfully created with id ' . $user->id;
}
I understand that you are authenticate users based on api token.
Here is what you could do :
set up a column called api_token in users table by adding the following migration
$table->string('api_token', 60)->unique();.This generates a random api token for every user.
send the api_token back to the user's device and save it there
Send it back with every request. Preferalbly set it up globally and send it in the request Authentication request header
Get the authenticated user like so$user= Auth::guard('api')->user();
Laravel takes care of all the authentication stuff behind the scenes.
Learn More about this here
I have created webhook project with Microsoft Graph API to monitor Office 365 inbox.
I made a UpdateSubscription action method which renews it for 3 days only as according to the documentation provide on https://graph.microsoft.io/en-us/docs/api-reference/v1.0/resources/subscription
Below is the code snippet of how I'am facilitating the HTTP request to update the subscription
AuthenticationResult authResult = await AuthHelper.GetAccessTokenAsync();
HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", authResult.AccessToken);
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
// Build the request.
string subscriptionsEndpoint = "https://graph.microsoft.com/v1.0/subscriptions/"+id;
var method = new HttpMethod("PATCH");
HttpRequestMessage request = new HttpRequestMessage(method, subscriptionsEndpoint);
//get the current time
var subscription = new Subscription
{
//Id = id,
ExpirationDateTime = DateTime.UtcNow + new TimeSpan(0, 0, 4230, 0)
};
Is there a way to auto update without the user pressing the button to 'update'?
since the authorization-headers requires AuthResult.accessToken which will require the user to sign in to Office365 account.
Please advice
An option available to you is the service or daemon approach (https://graph.microsoft.io/en-us/docs/authorization/app_only). Instead of authenticating with a logged-in user you're able to renew the subscription at the application level using a Bearer token which is in turn generated by the CLIENT_SECRET from Azure AD.
I don't think storing tokens in the database is the right approach here. My understanding is that security tokens are never appropriate for a database.
In fact, I don't quite understand the need to have the user log in at all here, unless there are parts to the program that you didn't mention. A service like the one I mentioned can monitor a mailbox without a user being there, or else if the program requires the user to be there, there really isn't an issue of lost credentials.
You can use this approach to fetch accesstoken from azure using grant_type a password. PLease find the below screenshot.
In my application, the user when installs the app, needs to fill a registration form. I need to save the access_token along with the user instance.
So, if the user is unregistered, I redirect to the signup form ie. I dont save the access_token, but at this time, the app is registered. Which means, suppose when the store admin logs back in to the app, he does not get the auth code again, but gets signed_payload.
Since, I dont want to store, unregistered users on my database, I prefer calling a api, that would grant me auth code and/or access_token.
Is there any such call I can make?
To answer your question, the access token can only be obtained at the point of the initial app install, when the user installs the app for the very first time. This is the only time that BigCommerce will send the information required to obtain the access token.
Therefore your app should always save the access_token at the point of install. Your registration page should be prompted after obtaining and saving the access token. If for some reason the user installs the app and does not complete the registration, then you should simply just check on your end if the registration was finished or not, and if it wasn't then you should display it during the app load phase as a requirement before displaying your main app dashboard.
Since you didn't specify a programming language, I'm going to illustrate one in Python.
There are two parts you mentioned, registration/access token and signed payload.
The initial callback flow would look something like this:
#app.route('/bigcommerce/callback')
def auth_callback():
# Put together params for token request
code = flask.request.args['code']
context = flask.request.args['context']
scope = flask.request.args['scope']
store_hash = context.split('/')[1]
redirect = app.config['APP_URL'] + flask.url_for('auth_callback')
# Fetch a permanent oauth token. This will throw an exception on error,
# which will get caught by our error handler above.
client = BigcommerceApi(client_id=client_id(), store_hash=store_hash)
token = client.oauth_fetch_token(client_secret(), code, context, scope, redirect)
bc_user_id = token['user']['id']
email = token['user']['email']
access_token = token['access_token']
The flow using a signed payload would look something like:
#app.route('/bigcommerce/load')
def load():
# Decode and verify payload
payload = flask.request.args['signed_payload']
user_data = BigcommerceApi.oauth_verify_payload(payload, client_secret())
if user_data is False:
return "Payload verification failed!", 401
bc_user_id = user_data['user']['id']
email = user_data['user']['email']
store_hash = user_data['store_hash']
When initially creating a user in your database, you can also denote the sign up date through a function of your code and then do a periodic cron job to check if they have a registered account with you. There's not an endpoint where we store whether they completed registration with you since that is a function of your app.
I am new to OAuth, and want to get the user ID (an email address) from Google using OAuth.
But I don't want to get the user's Google Contacts Information.
We can get google Email address only not the contacts by making the scope of request token Like :
"https://www.google.com/accounts/OAuthGetRequestToken?scope=https://www.googleapis.com/auth/userinfo#email";
Now do a authorized call to get the response like :
var responseText = oAuthConsumer.GetUserInfo("https://www.googleapis.com/userinfo/email", consumerKey, consumerSecret, token, tokenSecret);
Here by saying authorized call mean to make the HTTP Get request with required paramaters in header.
header string should contain: realm, consumerKey, signatureMethod, signature, timestamp, nounce, OAuthVersion, token
Please refer to http://googlecodesamples.com/oauth_playground to verify your code and to see the correct header string parameters
I am using the php sdk to access a user's albums and photos in a website.
I am able to login and also able to retrieve all the info about the albums and photos.
However, I am not able to display these photos on the webpage.
When I try the graph API, to get the photo / album like below:
https://graph.facebook.com/131833353530147/picture
I get the following error message:
{
"error": {
"type": "OAuthException",
"message": "An access token is required to request this resource."
}
}
But the same is working in while I try to display my profile pic and I do have a valid access token.
Help on this would be greatly appreciated.
There are 3 things you need.
You need to oAuth with the owner of those photos. (with the 'user_photos' extended permission)
You need the access token (which you get returned in the URL box after the oAuth is done.)
When those are complete you can then access the photos like so https://graph.facebook.com/me?access_token=ACCESS_TOKEN
You can find all of the information in more detail here: http://developers.facebook.com/docs/authentication
Try This url with valid userid and access token:
https://graph.facebook.com/{userid}/photos?limit=20&access_token={access_token}
Login to your Facebook.
Go to http://graph.facebook.com
You will find all your feeds with their corresponding access codes. e.g https://graph.facebook.com/me/home?access_token=2227470867|2.AQAQ6FqN8IW-PUrR.3600.1309471200.0-137977022924629|0sbmdhJN6o9y9J4GDWs8xEygyX8
Enjoy!
To get an access token: facebook Graph API Explorer
You can customize specific access permissions, basic permissions are included by default.
To get the actual access_token, you can also do pro grammatically via the following PHP code:
require 'facebook.php';
$facebook = new Facebook(array(
'appId' => 'YOUR_APP_ID',
'secret' => 'YOUR_APP_SECRET',
));
// Get User ID
$user = $facebook->getUser();
if ($user) {
try {
$user_profile = $facebook->api('/me');
$access_token = $facebook->getAccessToken();
} catch (FacebookApiException $e) {
error_log($e);
$user = null;
}
}
Well, you are having a valid access token to access your information and not others( this is because you got logged in and you have given permission to access your information). But the picture owner has not done the same (logged in + permission ) and so you are getting a violation error.
To obtain permission see this link and decide what kind of informations you want from any user and decide the permissions. Later on embed this in your code. (In the login function call)
Thanks