I'm trying to use the oauth-ruby gem (https://github.com/oauth-xx/oauth-ruby/) in my Rails application to let users authenticate with a 3rd party API, but I'm having problems getting the oauth_callback to work properly when using get_request_token. Here is the code that keeps failing:
#request_token = oauth_consumer.get_request_token(:oauth_callback => "http://myurl.com")
This results in a 400 Bad Request "OAuth::Unauthorized" error everytime. However when I remove that from my code it returns a request token fine:
#request_token = oauth_consumer.get_request_token()
The problem I'm facing is that when doing this I am not able to be redirected back to my application once the user has authenticated with the 3rd party. Is this an issue with my code or something to do with how the 3rd party handles oauth_callbacks?
Thanks,
Chris
That error probably become because the API you requested needs you to save at least one callback URL. Review the API and add your test/production callback url from your dashboard, then the API could validate it on every request you do.
Related
We integrated a Rails app with linkedin authentication, using devise and the linkedin gem.
It works fine and able to register/sign in with linkedin, however an odd thing happens when you press 'back' on the browser after signing in/up:
It goes back to linkedin with the same request URL and the error shown is:
The partner did did not properly implement the authentication protocol. in RED
This looks quite bad and we'd like to have a better way of handling this, but no idea where to start; any idea what could trigger this and is there any way we can prevent it?
You will need to build your service for every new request.You might have same access code for diff-2 request.
Try to generate it for every http auth request.
service = new ServiceBuilder()
.provider(LinkedInApi.class)
.apiKey(API_KEY)
.apiSecret(API_SECRET).debug()
.build();
I am able to access a user picture in a web browser without providing an access token, using the url:
http://graph.facebook.com/ID/picture
I know it performs a redirection, but it works.
However, when trying to access the same url in an iOS HttpRequest, I get an "invalid_token" response.
Is it possible to get a picture from an ID, in iOS without a token? If so, how do I achieve this? If not, how is it possible using the web browser?
Thanks!
In case anyone else is stuck with this, apparently under some conditions you get an "invalid token" response from the facebook (graph api) if you use a POST and not a GET http request method. Switching to GET solved the problem for me.
I'm trying to get a iOS client to make use of Yammer's Oauth2 to validate a user. I first tried the GTM-OAuth2 code, but I cannot get it to understand the response from Yammer. It appears that the GTM code is expecting the access_code as a query parameter, where as Yammer is returning it as a uri fragment. I hack he GTM code to see the fragment, but now it appears to be thinking that there is an error because the code and message fields are not in the response from Yammer.
I've also tried to use OAuth2Client api but the problem there is that Yammer does not seem to want to use the redirect_uri I pass to it, so Safari never gets the custom url and therefore never calls back to the app.
Does anyone have a working example of using Yammer's OAuth2?
I would also be interested if anyone has got GTM-OAuth2 to work with Facebook?
Yeah Yammer has a shitty implementation of oAuth. Looks like each service has taken its own implementation of oauth. anyway yammer requires the user to copy a 4-digit code from its website, go back to your service paste that code in your website. Only then you can request for access code.
check this - http://www.tutorialjinni.com/2011/04/yammer-api-example.html (its in php but hope you can get the gist).
Nothing you can do about it but a fun read - Yammer API sucks
I've recently enabled the Facebook Open Graph stuff on my web app (so and so has just read this and that on here and there). Now I post the request to Facebook when a user posts something, as part of the page load in the controller. The problem is I receive the following error:
HTTP 500: Response body: {"error":{"type":"Exception","message":"Could
not retrieve data from URL."}}
My first thought is that the open request to load the page is blocking any FB scraping of OG information, as it seems after it's been cached I no longer receive this error.
Is this likely? If so, what's the best way to work around it?
WHY THIS HAPPENS:
I had this same problem today, and it is because your Koala script (assuming you're using koala - if not, you should try it out because it's great) sends its request to Facebook before your URL is up. This means that when Facebook registers the post, it comes to the URL you specified to pick up the meta tags. Unfortunately, the page itself hasn't been loaded yet, giving it a 500 error
HOW TO SOLVE IT:
Use the delayed_job gem to prevent your post call from occurring before the page loads, which allows facebook to scrape your metatags correctly.
FOR EXAMPLE:
def post_to_facebook([ACCESS_TOKEN])
graph = Koala::Facebook::API.new([ACCESS TOKEN])
graph.put_connections("me", "[APP NAMESPACE]:[ACTION]", :[OBJECT TYPE] => [OBJECT_URL])
end
handle_asynchronously :post_to_facebook
I am using the ruby twitter gem and oauth to gain access to users twitter accounts. In my code, I have:
unless #user.twitter_authd?
oauth = Twitter::OAuth.new('token', 'secret')
session[:twitter_request_token] = oauth.request_token.token
session[:twitter_request_secret] = oauth.request_token.secret
#twitter_auth_url = oauth.request_token.authorize_url
end
where token and secret have my actual token and secret inserted. When I click on the link to the #twitter_auth_url, I am taken to twitter and asked to grant access. I click allow and then twitter redirects me to my callback URL http://www.mydomain.com/twitter_callback/?oauth_token=fmy2aMvnjVgaFrz37bJ4JuB8r5xN79gsgDQRG4BNY which then hits this code:
oauth = Twitter::OAuth.new('token', 'secret')
logger.info("session[:twitter_request_token] = #{session[:twitter_request_token]}")
logger.info("session[:twitter_request_secret] = #{session[:twitter_request_secret]}")
oauth.authorize_from_request(session[:twitter_request_token], session[:twitter_request_secret])
session[:twitter_request_token] = nil
session[:twitter_request_secret] = nil
#user.update_attributes({
:twitter_token => oauth.access_token.token,
:twitter_secret => oauth.access_token.secret,
})
redirect_to root_path
The twitter request token and secret are being set just fine. However I end up with an authorization error:
OAuth::Unauthorized in MainController#twitter_callback
401 Unauthorized
RAILS_ROOT: /Users/TAmoyal/Desktop/RoR_Projects/mls
Application Trace | Framework Trace | Full Trace
/Library/Ruby/Gems/1.8/gems/oauth-0.3.4/lib/oauth/consumer.rb:167:in `token_request'
/Library/Ruby/Gems/1.8/gems/oauth-0.3.4/lib/oauth/tokens/request_token.rb:14:in `get_access_token'
/Library/Ruby/Gems/1.8/gems/erwaller-twitter-0.6.13.1/lib/twitter/oauth.rb:29:in `authorize_from_request'
/Users/TAmoyal/Desktop/RoR_Projects/mls/app/controllers/main_controller.rb:70:in `twitter_callback'
The code is failing at this line:
oauth.authorize_from_request(session[:twitter_request_token], session[:twitter_request_secret])
when it tries to get an access token. You can see the source code of authorize_from_request here. I am not sure why this is happening. Anyone have ideas?
A bit late to the party but just ran into the same issue myself. I tracked the issue down to the setup of my OAuth app in Twitter. I had initially not specified a callback URL as I was unsure of it.
Once I had setup my rails app I went back to find Twitter had assumed I was a desktop application as I hadn't specified a callback URL. Once I changed this to website and entered a callback URL I stopped getting 400s.
If you're getting error 401 - OAuth::Unauthorized, make sure you edit the settings of your Twitter application as follows:
Application Type: Browser
Callback URL: http://127.0.0.1:3000/auth/twitter/callback
this is an issue about time synchronization of your system with twitter server.
Twitter doesn't allow localhost as part of a valid callback URL.
Instead use http://127.0.0.1:3000/auth/twitter/callback
Hope this helps
This was one of the most annoying things to debug that I have come across. I was outputting in a couple places by accident because the URL's are dynamic and they happened to not be defined in my test case (i use this to display chart data and there is not enough right now so the google chart api URL's are blank). This caused my browser to make multiple requests to my localhost when some pages were loaded. Somehow that made the oauth process crap out. Obviously there is no way for people on S.O. to know about my application specific issue so I had to answer my own question.
I had this same problem and none of the suggestions in this thread worked for me.
I found the problem for me was the TIMESTAMP on my request. The mobile device I was running my scripts on had a jacked up clock. When I updated the system time on my device to the correct time (i.e. now), all of my requests came back "200 OK" instead of "401 Unauthorized".
This problem seems to be caused by twitter not being able to handle connection keep-alive correctly. Make sure you set connection=close http header in the request to twitter. Wasted a weekend debugging this.
not enough info for me, but when was twitter gem last updated? twitter changed their oauth 'stuff' in mid may approx. perhaps you have an old one. I'd update your question to show the callback_url, and make sure you have the right token and secret, which it looks like you don't have.
also, did you put the right callback url in your twitter app page? alot of times that screws you up too.
if that fails use mbleighs twitter_auth instead. it worked for me and is pretty slick.