Hi have been having issues authenticating Flickr with OAuth, everytime i make a request i get the following Error.
oauth_problem=signature_invalid&debug_sbs=GET&https%3A%2F%2Fwww.flickr.com%2Fservices%2Foauth%2Frequest_token&oauth_callback%3Dhttp%253A%252F%252Facornsnoaks.dev%252Fadmin%252Foath%252Fflickr%26oauth_consumer_key%3D_MY_KEY_%26oauth_nonce%3D143594012893179%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1435940128%26oauth_version%3D1.0
This is my URL
https://www.flickr.com/services/oauth/request_token?oauth_nonce=143594012893179&oauth_timestamp=1435940128&oauth_consumer_key=_MY_KEY_&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=c3ec087c68536274f49e272179c321b8&oauth_callback=http%3A%2F%2Facornsnoaks.dev%2Fadmin%2Foath%2Fflickr
Please could i be doing wrong?
Flickr API states that arguments should be sorted alphabetically? Did you do that before generating the HMAC-SHA1 signature for your call?
Related
I am trying to Authorize via OAuth with Trello and I can't seem to get it right, even in postman.
I have followed their API docs and have got myself a developer key and I have used a little link they have in this article to get a valid auth token.
I tried including the API key and Auth token in the header and (in a separate test) in the body, as per their documentation.
Everything I try results in "unauthorized permission requested".
What am I doing wrong?
Ok so I had obviously made a mistake when trying the Header route.
It works now if I provide a header key called Authorization and the API key and Auth Token in the following format OAuth oauth_consumer_key="{{apiKey}}", oauth_token="{{apiToken}}".
Cheers everybody,
we have been deeply reading google documentation on exchanging access_token from google in order our (delphi)desktop application to SSO with google from server side. Here is the payload we send first look like:
https://accounts.google.com/o/oauth2/v2/auth?client_id=1000217514248-t1lojs6f8ed7l9ocrpbm98leahtum8n1.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&state=E1DF2FBA-0A66-4D69-B594-5EB8F7828AF7&scope=openid+profile&include_granted_scopes=true&code_challenge=C832DA50-E55A-499D-89B8-493BB4123C94&login_hint=test#Speelkriebel.be
Normally after this it redirects me to login in to our test user and after this according to the documentation we send a POST request to the end point token in order to get the access_token and refresh_token...: 'https://oauth2.googleapis.com/token
with the following parameters, the 'code' is generated we also send it as follow:
client_id=1000217514248-t1lojs6f8ed7l9ocrpbm98leahtum8n1.apps.googleusercontent.com
grant_type=authorization_code
client_secret=******
code= 4/1AY0e-g4GlavO38PI5Oo3vq04Pc4lMWN77et-02UiVWOsT-IyRQnU1lq19qo
redirect_uri = urn:ietf:wg:oauth:2.0:oob
The response is always
{
"error_description": "Missing code verifier.",
"error": "invalid_grant"
}
We have tried to send the client secret id also, Does it have to do with our code_challenge ? are the end points url and initial url okay? What are we missing? We are using CEF4Delphi as "browser like experience in order for the user to type in their google credentials. We have been reading this: https://developers.google.com/identity/protocols/oauth2/web-server#offline
We were also trying the playground :https://developers.google.com/oauthplayground/
we were sending the initial url in a chrome which generated a "code" and in the playground we inserted the code, and still got the same error of missing code verifier.
Thanks Guys
You seam to have URL encoded a lot of the values try not doing that. Also try using the basic call, before you start adding everything else. It should help you figure out which one of those extra parameters you are sending that's causing your issues.
https://accounts.google.com/o/oauth2/auth?client_id={clientid}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=profile&response_type=code
Also make sure that the client id is from an installed / other type client
This may also help Google 3 Legged OAuth2 Flow
For installed apps, the code challenge and verifier are parameters for enhancing the security of the OAuth flow through PKCE [1].
There is additional documentation about generating a code challenge and verifier here [2].
[1] https://www.rfc-editor.org/rfc/rfc7636
[2] https://developers.google.com/identity/protocols/oauth2/native-app#step1-code-verifier
When i am sending BitCoins using the send:to:withNotes:withHandler: method , the failure block gets invoked with error localised description mentioning error 403 forbidden.
A 403 response from the Coinbase API usually means your API key or OAuth token is lacking the required scopes for the specific request you are making.
Based on the name of the method, it sounds like it would be the Send Money request, which requires the wallet:transactions:send scope/permission.
You can check with permissions you have for an API key, or OAuth token using the Show Authorization Info request.
I am using the below format for generating the request token.I am getting bad request when
using the above code.What should auth_callback should i use.
https://oauth.intuit.com/oauth/v1/get_request_token?
&oauth_timestamp=1202956957
&oauth_consumer_key=123456891011121314151617181920
&oauth_signature_method=plaintext
&oauth_signature=abcdef
&oauth_version=1.0
&xoauth_lang_pref="en-us"
&oauth_callback="http://yoursite.com/callback".
This signature:
&oauth_signature=abcdef
Is no where near a valid signature.
You need to use an OAuth library, and generate a valid OAuth request and signature before you send the request to Intuit.
I also highly doubt your consumer key is correct.
Flickr started to support oAuth just few weeks ago and there is no up to date documentation.. I was able to pass oAuth authentication process but I am unable to upload a photo through API.
I am supposed to sign all parameters except photo parameter. This is my signature base:
POST&http%3A%2F%2Fapi.flickr.com%2Fservices%2Fupload%2F&oauth_consumer_key%3D...6b%26oauth_nonce%3D90660%26oauth_signature_method%3DHMAC-HA1%26oauth_timestamp%3D1309888296%26oauth_token%3D72157626975786735-ed7eccb40ffcc69e%26oauth_version%3D1.0d
And I use "consumer_secret&token_secret" to sign it.
It's all written in AS3 with oAuth library but I think it doesn't matter. The response I get is:
"Invalid API Key (Key has invalid format)"
I don't think there is a problem with API key..
Any suggestions guys??
Thanks
It looks like you're using the incorrect Path. The latest Oauth docs are here:
http://www.flickr.com/services/api/auth.oauth.html
you can learn more about signing requests here:
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
and I'm not sure what language you're using but here is an example in Ruby:
https://gist.github.com/383159
and Python:
http://web.archive.org/web/20120919234615/http://mkelsey.com/2011/07/03/Flickr-oAuth-Python-Example.html