Find out scope for a Pinterest access_token - oauth-2.0

I'd like to ask for write permissions using the Pinterest api only when they're required, so I'd like to query the current access_token and find out all the scopes that the token grants.
I can't see anything on the docs about this.

There is a currently undocumented /v1/oauth/inspect endpoint you can use. Try this.
https://api.pinterest.com/v1/oauth/inspect?access_token=<token>&client_id=<app-id>
If you don't need to do it programmatically, you can use the Token Debugger.

Related

Authenticate into Twitch API using a given token

i am currently searching for a way to login into the Twitch-API using an already given id-token (oauth or even better oidc) with or without a NodeJS backend.
Background: I am using firebase connecting to various services next to Twitch-API such as Youtube (Google API), Twitter and Co. I want to use my id-token for each service.
The official documentation doesn't tell if that is possible or maybe i just couldn't find it.
Hopefully there is a solution just not yet documented.
I will struggle with the same problem using the other services aswell.
Thanks alot
You absolutely would need to create your own OAuth token as it is tied to the same Client-ID as the account that generates it.
https://dev.twitch.tv/console
Authentication has it's own flow and endpoints with the way kraken v5 and helix work.
https://dev.twitch.tv/docs/authentication
With the latest changes to the API everything now requires both the Client-ID and OAuth before it will return the requested values.
https://discuss.dev.twitch.tv/t/requiring-oauth-for-helix-twitch-api-endpoints/23916
I'm not sure exactly what "id-token" is but i'm going with "twitch-user-id and access-token".
If you have a valid access token, you have access to whatever the scopes were defined when that token was generated, you can update the token with the refresh token if you need to.
You would need to supply the Client-ID of the application the token was generated for aswell.
Unless "id-token" is meant for a different system.

Jive API. Unknown error occured when trying to obtain oauth2 access token using authorization grant flow

You can see the video of the request I made to get the access token using Oauth2.0 Authorization Code grant flow. Although I am able to get code using the step 1, I could not get access token as described in the api documentation.
Find the jive api documentation at
https://jive.com/developer/
Find the video of the request I made using Postman at
https://youtu.be/b7B49n7sbpg
I think I see the issue. In both requests I make for the token I am not including any scopes. Now this will work for implicit Grant Flow but it will not work with the Auth Code flow. So in the initial requests be sure to add at least one valid scope or both public scopes like this:
https://auth.jive.com/oauth2/v2/grant?response_type=code&client_id=c7959b3f-b7a6-451b-8c98-252fcf950271&redirect_uri=https://promodaddy.com&scope=users.v1.lines.read%20calls.v2.initiate

OneDrive OAuth 2.0 and Postman Sanity Check

I am trying to generate a OAuth Token for OneDrive by using Postman. I just wanted to ask for clarification as to what the Auth URL, Access Token URL and scope would be?
I have tried it with:
Auth URL: https://login.microsoftonline.com/common/oauth2/v2.0/authorize
Access Token URL: https://login.microsoftonline.com/common/oauth2/v2.0/token
Scopes: wl.signin
However, I keep getting an error around the scope is not correct. Just for sanity check are these the correct settings?
Please refer to https://dev.onedrive.com/auth/msa_oauth.htm for full documentation of the possible auth flows, scopes etc.
auth URL: https://login.live.com/oauth20_authorize.srf
token URL: https://login.live.com/oauth20_token.srf
Valid scopes can be:
offline_access
onedrive.readonly
onedrive.readwrite
onedrive.appfolder
Documentation of the OneDrive API in general, including the above link, can be found here: https://dev.onedrive.com/README.htm
From the Auth/Token URLs, it looks like you're trying to use the unified consumer / work OAuth 2.0 end point for Microsoft Graph. The wl.signin scope isn't a valid scope for that end point. That scope is only available for the Microsoft Account (consumer only) authentication.
With those URLs, you'll want to use the User.Read scope, which grants you the ability to sign-in and read the signed in users basic profile. Additional scopes available on that end point are documented here: https://graph.microsoft.io/en-us/docs/authorization/permission_scopes. Since you mentioned OneDrive, you'll probably want to include Files.ReadWrite as one of your scopes as well, so your app can access the user's OneDrive files.

What is the purpose of OAuth User Token and OAuth User Secret I get from LinkedId when creating an application

When creating a new application in LinkedIn, I get 4 separate codes:
API Key
Secret Key
OAuth User Token
OAuth User Secret
I'm using the first two in the OAuth flow. What is the purpose of the last two?
After reading some more, I figured it's my own user's token and secret. The reason they are provided is to simplify the initial calls to LinkedIn API.
The closest thing to documentation I found is this forum post from a LinkedIn employee. However, this post does not clarify everything, such as: Will this token ever expire? Does this token have all member permissions?
Based on a little experimentation, I suspect the answers are no and yes. But I'm not sure.
This is basically use for the API testing purpose before you move forward to implement your application, you make sure the linkedin API working fine.
For more you can see this link https://github.com/saranpal/linkedin-api-quick-start-php, here is simple example for fetching company information.
Cheers!

alternatives to accessing google reader with oauth?

I'm really new to this oauth stuff. I want to access a user's google reader liked items feed.
This blog says that oauth doesn't work (yet) with google reader. The working way seems to be to get the user's google credentials (email, password) directly, and login directly to google. This also gives me access to the rest of their services.
Is there a better way? I sure hope so, because ClientLogin is captchad. Not to mention I don't want the user to have to trust me with their google credentials.
Yes, there is a way ... but you still need the user's Google credentials to access the API. On the server-side, you can GET a secure token and authentication key ... these are then passed along with GET and POST requests to the Google Reader API to do whatever you want.
Here's a fairly robust C# tutorial (read the comments to make sure you're doing authentication right).
Here's an open-source PHP library that partially implements the Google Reader API without oAuth.
Authentication to Google Reader with Oauth is now available.

Resources