I have an iOS application that I'm logging to Facebook to ask for an access_token.
Then I pass this access token to my server and I want to get the '/me' information, using my appsecret_proof but I noticed that I can do it without appsecret_proof:
curl "https://graph.facebook.com/me?access_token=THE_ACCESS_TOKEN"
{"id":"658267751","name":"Ricardo Otero",
"first_name":"Ricardo","last_name":"Otero",
"link":"https:\/\/www.facebook.com\/oterosantos",
"hometown":{"id":"107911285910314","name":"Coimbra, Portugal"},
"location":{"id":"110432202311659","name":"Lisbon, Portugal"}...
Although I have set the option "App Secret Proof for Server API calls" to true:
So, shouldn't the requests require the app secret? I don't get it!
Every access_token depends on app and user so for different app and user combination you will have different access token so you don't need to worry. though I am no sure why are you doing it this way
http://m-farhan.com/2014/03/ios-facebook-sdk-tutorial/
is the right way of doing this.
I am also navigating through the Facebook API "appsecret_proof" parameter -- here are the official docs on Facebook Developers Website:
https://developers.facebook.com/docs/graph-api/securing-requests#appsecret_proof -- it looks like this example PHP call can help you out:
$appsecret_proof= hash_hmac('sha256', $access_token, $app_secret);
Here's the Example Command-Line call they display:
curl \
-F 'access_token=<access_token>' \
-F 'appsecret_proof=<app secret proof>' \
-F 'batch=[{"method":"GET", "relative_url":"me"},{"method":"GET", "relative_url":"me/friends?limit=50"}]' \
https://graph.facebook.com
Here's someone who made a similar call with a Node.JS Server(dosen't look there is speciifc FACebook/API/SDK referecne though... :
Get signed_request in Node.js (Express) Facebook canvas app
Related
I am trying to use the Instagram OAuth using the developer documentation at
https://www.instagram.com/developer/authentication/.
Step 1 and 2 are working without any problems, so I have my Client-ID, the Client-Secret, the Redirect-URI and the code.
But every-time I am trying to get the Acces Token I get the following error:
{
"code": 400,
"error_type": "OAuthException",
"error_message": "Matching code was not found or was already used."
}
Any tips how to solve this?
We are experiencing the same issue. It appears that logging out of Instagram, then attempting to use Instagram OAuth through our site after we are logged out of Instagram is a workaround.
We're experiencing the same issue since yesterday (after months of working fine) - have reported it as an issue yesterday via the 'Report Issue' function on https://www.instagram.com/developer/clients/manage/ and I'd encourage you to do the same.
Yet to hear back, but seems likely it's their end having issues rather than something we're doing.
EDIT: It's also working fine for us on our development servers (which use different IPs for interacting with IG's API) but not working on our production server from any of the IPs we have available on the production server.
EDIT2: (July 2016) Just tested and it's mysteriously started working again on our production servers. No reply to the support ticket from Instagram as yet.
EDIT3: (December 2016) And now it's failing again with the same message... Seems like it's Instagram's end again. Nothing much we can do. Frustrating.
Logging in to Instagram, then complete Step 1 from the API Docs (https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=code), then follow the redirect and copying the code from the URL, then logging out of my account, then completing Step 3:
curl -F 'client_id=CLIENT_ID' \
-F 'client_secret=CLIENT_SECRET' \
-F 'grant_type=authorization_code' \
-F 'redirect_uri=AUTHORIZATION_REDIRECT_URI' \
-F 'code=CODE' \
https://api.instagram.com/oauth/access_token
That worked for me.
We are also experiencing the same issue from yesterday, looks like clearing browser (or new incognito window) do the trick. Although, the mobile app where we are authenticating through mobile browser, working fine.
Update: Deleted all my browsing history, cleared cache, etc. Like it was a brand new browser and now it works with no issue.
I've been hammering on the auth URL for weeks now. Testing and using the same stored token to re-authorize. Maybe stored tokens have a limit to the number of times they can be re-used?
======
Having the same issue as of today. Authorization was working fine earlier - now I'm getting the same 'Matching code...' response.
Signed in and out of my Instagram account repeatedly, created a new app id and disabled/enabled Implicit Oauth - all with no success.
The 'Authorized Applications' view in my Instagram account reports that my application has indeed been authorized, but I can't make calls to the API. Authenticating through an Incognito window returned a successful response but it's not a solution.
Tried reporting to Instagram through their 'Report Issue' form, but it won't allow me to submit the form.
I got the same error message. After 2 hours trying every workaround, I realized that I was using FB secret code instead of IG. Double check it first before trying any other solutions.
SOLVED! Just log out of Instagram and try again. That worked for me.
I solved this by creating a service on the backend/server side that authorised the user.
My backend API is a ruby on rails app. Here is a code snippet to understand.
def token
#response = Instagram.get_access_token(params[:code], redirect_uri: mobile_token_url)
instagram_user = InstagramUserCreator.new(user_params)
if instagram_user.find_or_create
redirect_to "taddarmobileapp://?token=#{instagram_user.user.token}"
else
redirect_to 'taddarmobileapp://'
end
end
I just store the token on the phone and use it to authorise the user to my backend API.
After following instruction on how to integrate Twilio in ROR apps, I have an issues when making a curl request:
curl -X POST http://localhost:3000/twilio/voice -d 'foo=bar'
Return me:
<html><body>You are being redirected.</body></html>
Thanks!!
Twilio developer evangelist here.
It looks like your /twilio/voice path is lying behind some user authentication. Your controller is being interrupted and sending you to the sign in page instead. You probably don't want user authentication in front of your Twilio routes.
Your app seems to require login before using the service. If you are trying to check using curl , please disable sign_in check. After testing you can enable it again.
I am pretty newbie using Spree and I am just playing around with the 3.0 stable version.
I would like to log a user account into the store through API (or something like that) using the chrome app called "Advanced REST client", then visit the store and see the account logged there.
I couldn't find any reference for this kind of actions which involve users or accounts through API in https://guides.spreecommerce.com/api/. However, I noticed that if you make a POST request to localhost:3000/login sending the account details, you get the html code of the store which says that your were successfully logged.
After that I checked my browser cookies and the store session cookie was also created successfully. Finally, when I redirect the browser to the store (localhost:3000), the account is not logged in but the cookie still remains there.
I think is something related to the guest token generated by Spree, but I don't understand exactly why it doesn't work.
I would appreciate any help to clear this, also if you have any idea about how to get my goal it also would be appreciated.
In order to use a REST client, such as the Chrome app you mentioned, you have to authenticate against Spree's REST API. You need a spree api token to authenticate future request.
Have a look at the Spree Api Auth Gem. It allows you to you receive an api token like this:
\curl -v -H "Accept: application/json" -H "Content-type: application/json" -X POST -d ' {"user":{"email":"camelmasa#gmail.com", "password":"camelmasa"}}' http://localhost:3000/api/users/sign_in
You can also create new user account using this gem. Since Spree is using devise underneath, you can also use devise directly to authenticate your user.
How can I create a Zendesk ticket with a subject using a URL?
We have a customer support center using Zendesk. We also have a VoIP phone system that can fire off a URL when a call comes in. I understand that using the Zendesk API I can create tickets, but to do that I need to authenticate using JSON. My VoIP system doesn't have that option so I would have to build a web app that takes in a URL and converts it in to a secure JSON connection. Instead, I'd like to have our agents logged in to Zendesk and then have the phones launch a simple URL with the caller ID upon incoming call.
In Zendesk I see this URL:
https://mydomain.zendesk.com/agent/#/tickets/new/1
But I haven't found any documentation regarding adding a subject and/or description.
What URL can I use to create a new Zendesk ticket and supply arguments (using a GET request) to fill out the subject and/or message?
In general, it isn't possible with a GET request. Their API requires POST http://developer.zendesk.com/documentation/rest_api/tickets.html#creating-tickets
What I would do is host a server/application on a network server that has a simple API - django has simple URL parsing. The phone would create a URL like this yourinternaldomain.org/ticketspawner/create/[number]/name/[caller_id_name]
The app parses [number] and [caller_id_name] from the URL and can create a new ticket based on the phone number and caller_id_name (perhaps you want to create the user first). You can use python or curl or whatever you like.
From their page:
curl https://{subdomain}.zendesk.com/api/v2/tickets.json \
-d '{"ticket":{"requester":{"name":"The Customer", "email":"thecustomer#domain.com"},
"submitter_id":410989, "subject":"My printer is on fire!", "comment": { "body":
"The smoke is very colorful." }}}' \
-H "Content-Type: application/json" -v -u {email_address}:{password} -X POST
I want to get all my home timeline updates in my windows command line. I can provide the username and password in php code.
How is it possible to get a number of updates when I use following in my command prompt ?
php -f my_tweets.php
Since it's your home_timeline, you need to be authenticated via twitter's website using PIN-based authorization, twitter has stopped using the username:password thingy. This is very possible, you need to set up an app as a desktop client in twitter's developer page then work with Oauth. See
Have you tried Quitter? It's a command line twitter client. There are also several others.