I waited around 2 months for eBay to enable oAuth 2.0 for my developer account. Now that it is enabled there is a problem.
When the user clicks "I Agree" to complete the oAuth process, they are redirected to the success url specified in my runame, but no code query parameter is present. In fact, there are no query parameters at all.
Has anyone successfully integrated with oAuth 2? Does it sound like I'm missing something?
This guide from ebay might answer your question.
All I get, when I try, is an "Authorisation Cancelled" page:
Related
I am working on allowing users to log in to my website using Yahoo. I have intermittent problems with Yahoo Oauth2. I will generate the url to request the authorization code and it will get to the Yahoo login sometimes. Other times I will get the window with "Uh oh Looks like something went wrong. Please try again later. Developers: Please specify a valid request and submit again." and the url will have error=invalid_request&error_description=invalid+redirect+uri
My request url is configured on the yahoo console. Also I am using https on a server connected to the internet (not a local machine)
My request authorization was created using the one in https://developer.yahoo.com/sign-in-with-yahoo
I have
https://api.login.yahoo.com/oauth2/request_auth?
client_id={MY CLIENT D}
&scope=openid
&nonce=4c29ac770b9b1d795b
&prompt=consent
&response_type=code
&redirect_uri=https%3A%2F%2F{MY WEB SITE}%2Fcallback_yahoo.php
I am out of ideas at this point.
Thank you
Apparently (maybe) something was wrong on Yahoos side. I created another application with the SAME configuration and the problem seem to have gone away.
I've gone through the Okta SSO configuration described here: https://www.twilio.com/docs/flex/flex-identity-provider-integration-for-okta. I've pasted in all the relevant links and have configured both Okta AND Twilio Flex exactly per the instructions. All the users from Okta are supposed to pull through to the Twilio Flex app, but none are. The only account showing is my Twilio user account which was set up when I clicked the setup link to jumpstart my Flex installation.
When I attempt to login I DO get Okta's SSO login and I AM able to login with my Okta credentials, but after the successful login I'm given the following message:
{"code": 70002, "message": "no RelayState provided and no default redirect URL", "more_info": "https://www.twilio.com/docs/errors/70002", "status": 400}
It's interesting to note that Flex is now in GA (General Availability), but the set up instructions still say to point the flex app urls to preview.twilio.com/iam/....
I feel like I'm missing a very simple, but incredibly crucial step.
Can anyone help? I'm now over 24 hours from when I first requested help from Twilio with zero response.
First, find your runtime domain here: https://www.twilio.com/console/runtime/overview
Next, on the SSO page here: https://www.twilio.com/console/flex/users/single-sign-on
Fill in DEFAULT REDIRECT URL field with https://flex.twilio.com/{myRuntimeDomain}
This should fix the error.
Yet another issue with LinkedIn OAuth2.
For a few days now, we have been receiving dozens of OAuth2 responses every day with an empty code parameter (as per https://developer.linkedin.com/docs/oauth2).
There is no error parameter provided, which means that the application has been approved by the user. Only an empty code parameter, and the state parameter (which is not empty and seems ok).
Has anyone encountered this issue? What should we do to fix that? Can we even? It is having a very bad impact on our website, as LinkedIn is the only registration method that we chose to offer, for quality reasons.
Cheers,
I used this guide to built a showcase - sign in with LinkedIn into a specific site.
Everything worked perfectly until I demonstarted it in front of a wide audience and it broke down :-( It was a great FAIL and I want to know why. Here is what I do:
1.On the sign in page the user may click a Sign in with LinkedIn button and is redirected to similar link:
https://www.linkedin.com/oauth/v2/authorization?redirect_uri=[my_callback]&client_id=[my_client_id]&response_type=code&state=[securely_random]&scope=r_basicprofile%20r_emailaddress
2.The user allows the application and is sent back to my_callback
3.In my_callback I make a POST to https://www.linkedin.com/oauth/v2/accessToken in order to obtain an access token. I use the code sent by LinkedIn, correct client ID and secret. Everything is OK, e.g the response might be:
{
"access_token": [access_token],
"expires_in": 5184000
}
4.I make authenticated requests to fetch the profile data from endpoint https://www.linkedin.com/v1/people/~:(firstName,lastName,email_address)
Headers:
x-li-format: json
Authorization: Bearer [access_token]
I started to get an error 401 occasionally, e.g.:
{
"errorCode": 0,
"message": "Unable to verify access token",
"requestId": "YX21AN6NZG",
"status": 401,
"timestamp": 1483732371224
}
It seems that some of the requests randomly passed nevertheless...
Additional details:
The user is logged in LinkedIn
The user is administrator for the LinkedIn application
I have checked the limitations (throttle limits) at in the application. Available at https://www.linkedin.com/developer/apps. Everything which can be seen is green.
I have tried all advices and hacks from this question
My app is not live
I'm puzzled!
Question: Any obvious mistake?
Question: Is there any hidden throttle limits (or security instruments) for the limitation of the number of access tokens for specific user/app combination? (I'm always using the same user and I tested pretty aggressively before the big FAIL)
UPDATE: In the next two days the Sign in started working smoothly again as described above. No 401-s anymore... :-X I've made no changes to the code base. So is this some kind of throttle limit or just LI was in a bad mood on Friday?
In case someone is curious I got an answer to my problem from LI support:
Unfortunately, we really can't assist with API issues and 3rd party apps. My guess is that there was a hiccup on Friday and you were the victim of bad timing.
I accept the explanation that I was a victim so this answers my question...
I have an access-token that worked to get data through the API, however now it has stopped working. I've carefully read LinkedIn's documentation: https://developer.linkedin.com/docs/oauth2 and have come up with why this can happen.
The docs state, that the user's session is linked with the access-token. Therefore, logging out of the session means the access-token is invalidated. This makes sense because it's exactly what I see happening.
The oauth2 expired-at is just a timestamp of the ultimate time this access-token will be valid. But it can be invalidated at any moment apparently.
Other oauth2 implementations show features for refreshing the access-token, Linkedin does not provide such feature. Therefore a user has to refresh it manually every time. Not sure if this is by design or they haven't got around to it yet. Overall their API feels pretty out-dated.
Friends,I got a question,and I have googled it,but I didn't find the answer.
I create an iOS twitter app,and apply for a twitter API.
I used my API key in my app,Xcode returns error.
Just like this: http://tinypic.com/r/262ksnk/8
("Failed to validate oauth signature and token")
and this picture is my twitter api status
(sorry,I do not have enough coin to upload a pic,so post my pic here. )
what is wrong with my twitter api,can anyone help me?
Thanks very much.
What is wrong?
Best regards.
This error message relates to a HTTP 401 response.
Please make sure you are properly signing your OAuth requests. This guide will help you with the common pitfalls: Troubleshooting OAuth 1.0A.
In particular, if you are using valid keys and properly signing your OAuth requests but still receiving 401 errors, please check your system time. Since the OAuth signature relies on the current time, it must be in sync with the one from Twitter servers (exposed in all Date response headers from the Twitter API).
The "performance issues" described on the Twitter API status page apply to Twitter as a whole, and have nothing to do with your application. If you are having issues interacting with the Twitter API, we cannot diagnose those from the information provided ("error 3").