I have a problem signing an HTTP post request with the UrlFetchApp in Google App scripts. I only need to sign the request with my consumerKey, I do not need complete authorization with callback and everything. How would I be able to sign the request using OAuth encoding? Do I simply add the OAuth as parameters or as headers? I am very new to this and would appreciate any advice.
Thanks
Here is an Update on the situation: Google just added 2-legged support to their OAuth1 library. See https://github.com/googlesamples/apps-script-oauth1.
If you are using Google App Script and that library, update it to version 11.
I simply changed the access token in the example to empty string. Now everything works just fine.
Thanks!
Related
Cheers everybody,
we have been deeply reading google documentation on exchanging access_token from google in order our (delphi)desktop application to SSO with google from server side. Here is the payload we send first look like:
https://accounts.google.com/o/oauth2/v2/auth?client_id=1000217514248-t1lojs6f8ed7l9ocrpbm98leahtum8n1.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&state=E1DF2FBA-0A66-4D69-B594-5EB8F7828AF7&scope=openid+profile&include_granted_scopes=true&code_challenge=C832DA50-E55A-499D-89B8-493BB4123C94&login_hint=test#Speelkriebel.be
Normally after this it redirects me to login in to our test user and after this according to the documentation we send a POST request to the end point token in order to get the access_token and refresh_token...: 'https://oauth2.googleapis.com/token
with the following parameters, the 'code' is generated we also send it as follow:
client_id=1000217514248-t1lojs6f8ed7l9ocrpbm98leahtum8n1.apps.googleusercontent.com
grant_type=authorization_code
client_secret=******
code= 4/1AY0e-g4GlavO38PI5Oo3vq04Pc4lMWN77et-02UiVWOsT-IyRQnU1lq19qo
redirect_uri = urn:ietf:wg:oauth:2.0:oob
The response is always
{
"error_description": "Missing code verifier.",
"error": "invalid_grant"
}
We have tried to send the client secret id also, Does it have to do with our code_challenge ? are the end points url and initial url okay? What are we missing? We are using CEF4Delphi as "browser like experience in order for the user to type in their google credentials. We have been reading this: https://developers.google.com/identity/protocols/oauth2/web-server#offline
We were also trying the playground :https://developers.google.com/oauthplayground/
we were sending the initial url in a chrome which generated a "code" and in the playground we inserted the code, and still got the same error of missing code verifier.
Thanks Guys
You seam to have URL encoded a lot of the values try not doing that. Also try using the basic call, before you start adding everything else. It should help you figure out which one of those extra parameters you are sending that's causing your issues.
https://accounts.google.com/o/oauth2/auth?client_id={clientid}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=profile&response_type=code
Also make sure that the client id is from an installed / other type client
This may also help Google 3 Legged OAuth2 Flow
For installed apps, the code challenge and verifier are parameters for enhancing the security of the OAuth flow through PKCE [1].
There is additional documentation about generating a code challenge and verifier here [2].
[1] https://www.rfc-editor.org/rfc/rfc7636
[2] https://developers.google.com/identity/protocols/oauth2/native-app#step1-code-verifier
I'm trying to get request_token from https://api.twitter.com/oauth/request_token. But I always got following error.
"Failed to validate oauth signature and token"
Below is my signature_base:
POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Dhttp%3A%2F%2Fwww.google.com%26oauth_consumer_key%3DydxYUl45Mleo5LNyoExnAF4mY%26oauth_nonce%3D9C918901-EF8A-4B84-BDF5-B7E754C46397%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1415174195%26oauth_version%3D1.0
The auth header generated is:
{
Authorization = "OAuth oauth_version=\"1.0\",
oauth_nonce=\"9C918901-EF8A-4B84-BDF5-B7E754C46397\",
oauth_signature_method=\"HMAC-SHA1\",
oauth_consumer_key=\"ydxYUl45Mleo5LNyoExnAF4mY\",
oauth_timestamp=\"1415174195\",
oauth_callback=\"http://www.google.com\",
oauth_signature=\"j6k3CY4Fr40SKAWiG%2B5%2BwkErdYc%3D\"";
}
I verified the signature with my secret key and it's correct. Really can't figure out where the problem is...
One clue is that when oauth_callback is not used at all, I'm able to get request token... Please help!
Thanks,
Lee
Edit:
If I don't use oauth_callback, I'm able to get request token and the callback I set in dev twitter website is used. However, I can't set it to URL Scheme of my app since it's not valid url...
You are not encoding the oauth_callback url correctly.
In the signature base it should be encoded as:
oauth_callback%3Dhttp%253A%252F%252Fwww.google.com
and then in the Authorization header as:
oauth_callback="http%3A%2F%2Fwww.google.com"
The same problem i was struggling as well.
Approach that help is bellow.
Using Twitter to authenticate is quite uncomfortable to do due to the errors and bad documentation. I will defiantly recommend you, to use one of the two approaches that are : Github library that is well documented and easy to implement. Or use iOS Social framework to write own logging.
I have an iOS application which authenticates with Google's servers via OAuth 2.0. I have just one problem, my app doesn't seem to respond to the callback URL. I have set the callback URL correctly in my code but no response.
I was just wandering if anyone knows how to change the callback URL on the Google OAuth API Console because right it is some random URL which doesn't seem to work for me:
urn:ietf:wg:oauth:2.0:oob
You can use the oob URI with an embedded view, or you can rely on the user to copy and paste the code.
But on iOS you have a better option, you can use a custom scheme based on the bundle id (or on the client id):
https://plus.google.com/111487187212167051233/posts/AztHNnQh7w6
There are no clear docs or anything. shadowhand's demo repo is broken. How to actually use Twitter Oauth provider in Kohana 3.0?
It's a bit complicated, but the steps basically are:
Build an OAuth_Consumer
Build a OAuth_Provider (twitter)
Get a request token
Redirect them to the authorize_url
Get the callback
Exchange the request token for an access token
Make API calls
Here's an example controller that does all of that: https://gist.github.com/1267793
Flickr started to support oAuth just few weeks ago and there is no up to date documentation.. I was able to pass oAuth authentication process but I am unable to upload a photo through API.
I am supposed to sign all parameters except photo parameter. This is my signature base:
POST&http%3A%2F%2Fapi.flickr.com%2Fservices%2Fupload%2F&oauth_consumer_key%3D...6b%26oauth_nonce%3D90660%26oauth_signature_method%3DHMAC-HA1%26oauth_timestamp%3D1309888296%26oauth_token%3D72157626975786735-ed7eccb40ffcc69e%26oauth_version%3D1.0d
And I use "consumer_secret&token_secret" to sign it.
It's all written in AS3 with oAuth library but I think it doesn't matter. The response I get is:
"Invalid API Key (Key has invalid format)"
I don't think there is a problem with API key..
Any suggestions guys??
Thanks
It looks like you're using the incorrect Path. The latest Oauth docs are here:
http://www.flickr.com/services/api/auth.oauth.html
you can learn more about signing requests here:
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
and I'm not sure what language you're using but here is an example in Ruby:
https://gist.github.com/383159
and Python:
http://web.archive.org/web/20120919234615/http://mkelsey.com/2011/07/03/Flickr-oAuth-Python-Example.html