I have a problem and found several resources to solve this one, but nothing seems to work (see below for the resource).
I want a possibility to auto-Post content I save in my Rails application to a connected Facebook fanpage.
Furthermore, I don't want the user to login to Facebook within the Rails application.
Nearly all available resources are a bit cumbersome.
http://blog.bignerdranch.com/1469-how-to-update-a-facebook-page-status-using-the-facebook-api/
http://talkweb.eu/posting-to-facebook-fan-page-wall-as-an-admin-using-facebook-api/
How to use fb_graph gem to post from app on my page wall?
I want to store some kind of token in the Rails-App which identifies the Fanpage.
Is there anything out there which does this kind of job easily?
Thanks in advance!
Ok,
after nearly one day of Googling and trial and error I've found a solution for this one.
I've built a function which only needs the Facebook page_id and the Facebook page_access_token (using the koala-Gem).
def self.post_on_facebook(body, facebook_page_id, facebook_page_access_token)
#user_graph = Koala::Facebook::API.new(facebook_page_access_token)
page_token = #user_graph.get_page_access_token(facebook_page_id)
#page_graph = Koala::Facebook::API.new(page_token)
#page_graph.get_connection('me', 'feed')
#page_graph.put_wall_post(body)
end
This guide will enable you a way to get a non-expiring access-Token for your page.
http://aseriesoftubes.com/articles/obtaining-facebook-page-access-tokens-the-4-step-program/
After doing so I can post on the pages-Wall.
Related
I am using instagram to recieve the list of people i follow and although api returns the status code 200 I recieve absolutely no data.I tried using postman client instead of my code and even from there no data is being returned I am hitting the following service.
https://api.instagram.com/v1/users/self/follows?access_token=token
one thing to be noted is my application is in sandbox mode and this same access token is working and fetching other information about the user including media shared by the user and its basic information etc and user follows and is followed by several users.
Please suggest the solution thanks in advance.
I may have answer to this question since I was facing the same issue on my WinRT project yesterday.
You may need the relationship scope instead of 'follower_list' scope.
I am assuming that you have provided the scope as 'follower_list' in the authorization URL and logged in as yourself or through your own Instagram account(the same account with which you have created your Instagram app). And now if you are hitting the above service it will return nothing in data since you are requesting if the user is following you or not(so obviously you are not following yourself)!! So if you try logging in with someone else's Instagram account and hit the above service with follower_list scope it will return your Instagram account in data if the logged in person is following you.
EDIT
The above service will return all the users that are following you AND present in your sandbox users list. (Or at least that is my conclusion on this)
For further clarification try https://apigee.com/console/instagram for hitting this service there they are using the relationship scope.
I know that there is Koala gem for Rails to work with Facebook. I need to make clear 2 things:
How to check if some access_token is valid in Rails using Koala (or something else)?
How to generate some real access token (using some settings of my app or my login/password) for testing through RSpec?
Thanks in advance.
For #1 Use the Tool https://developers.facebook.com/tools/debug if you don't want to code a test. Otherwise hit this API and verify the response.
https://graph.facebook.com/oauth/access_token_info?client_id={APP_ID}&access_token={ACCESS_TOKEN}
For #2, Koala has a good API for accessing Facebook Test Users, which I recommend for use in Rspec.
We also support the test users API, allowing you to conjure up fake
users and command them to do your bidding using the Graph or REST API:
#test_users = Koala::Facebook::TestUsers.new(:app_id => id, :secret => secret)
user = #test_users.create(is_app_installed, desired_permissions)
user_graph_api = Koala::Facebook::API.new(user["access_token"])
# or, if you want to make a whole community:
#test_users.create_network(network_size, is_app_installed, common_permissions)
You can also create Test User in the App Settings from Facebook, and view thier details from this API :
https://graph.facebook.com/{APP_ID}/accounts/test-users?%20access_token={APP_TOKEN}
I'm developing a Shopify App with Rails and have been using the query-string to detect which shop is accessing it. This seems vulnerable as users could alter the url to access someone else's settings.
Here's an example:
I click on the preferences link on my app and get redirect to http://example-app.com/preferences?shop=example.myshopify.com and get a page of settings related to the the store: example.myshopify.com
So what's to stop the user from changing the querystring to http://example-app.com/preferences?shop=notmystore.myshopify.com and logging in to a store that they don't own?
Should I use an authentication gem (https://www.ruby-toolbox.com/categories/rails_authentication) and make each user create a username and password to prevent spoofing attacks?
Interesting. There were live production Shopify App store Apps that did what you did Paul. When I found an App like that, I informed Shopify and they promptly knuckle wrapped the App developer. He learned his lesson pretty quick and was hopefully very embarrassed.
Shopify Partner accounts (free to get) provide you with a nice API token and a corresponding secret for your App that you can use to ensure when you get a merchant trying to access your App that the incoming shop
is actually a shop that installed your App and,
they have the right to use your App
You should really check that out.
I found the solution is to always retrieve the shop url from your session variables and not from the query string:
session[:shopify].url
also make sure this is at the top of each of your controllers to ensure the shopify session exists:
around_filter :shopify_session
as shown in this: https://github.com/Shopify/shopify_app/blob/f9aca7dfc9c29350f7f2c01bb72f77a54ece2b77/lib/generators/shopify_app/templates/app/controllers/home_controller.rb
This question may be too localized, but I'll try to give you a direction.
If you are using the query string as the only authentication method, then yes, you will get hacked/spoofed, etc. You need to do some form of authentication. - Shopify provides an API that can probably handle some/most of this for you.
https://github.com/shopify/shopify_api
I am currently trying to use this gem http://github.com/pengwynn/linkedin. Everything works fine (i.e. authentication and calling the method which gets the profile), except that the profile object only contains the first name and the last name.
I'm trying to get my own profile info through the LinkedIn API, So the necessary information is there. How to do that?
Thank you.
I just found out that in order to get more info rather that first name and last name, one needs to pass in the :fields param specifying the desired fields.
Link LinkedIn into your next Ruby application
Example from the site:
# get a profile for someone found in network via ID
client.profile(:id => 'gNma67_AdI', :fields => %w(first-name, last-name, headline, positions, education))
By design, the LinkedIn api does not give you the person's email address. (Unlike the Google oauth api).
What you can get from the LinkedIn api is information about the person's connections (friends) and more. See overview. Their profile api
Added: could be that the Rails LinkedIn gem does not yet expose all of the LinkedIn Profle api. That api has changed relatively recently. It may be that you'll need to find another gem or write you own sw to do it. Check on the LinkedIn api forum
I am using the ruby twitter gem and oauth to gain access to users twitter accounts. In my code, I have:
unless #user.twitter_authd?
oauth = Twitter::OAuth.new('token', 'secret')
session[:twitter_request_token] = oauth.request_token.token
session[:twitter_request_secret] = oauth.request_token.secret
#twitter_auth_url = oauth.request_token.authorize_url
end
where token and secret have my actual token and secret inserted. When I click on the link to the #twitter_auth_url, I am taken to twitter and asked to grant access. I click allow and then twitter redirects me to my callback URL http://www.mydomain.com/twitter_callback/?oauth_token=fmy2aMvnjVgaFrz37bJ4JuB8r5xN79gsgDQRG4BNY which then hits this code:
oauth = Twitter::OAuth.new('token', 'secret')
logger.info("session[:twitter_request_token] = #{session[:twitter_request_token]}")
logger.info("session[:twitter_request_secret] = #{session[:twitter_request_secret]}")
oauth.authorize_from_request(session[:twitter_request_token], session[:twitter_request_secret])
session[:twitter_request_token] = nil
session[:twitter_request_secret] = nil
#user.update_attributes({
:twitter_token => oauth.access_token.token,
:twitter_secret => oauth.access_token.secret,
})
redirect_to root_path
The twitter request token and secret are being set just fine. However I end up with an authorization error:
OAuth::Unauthorized in MainController#twitter_callback
401 Unauthorized
RAILS_ROOT: /Users/TAmoyal/Desktop/RoR_Projects/mls
Application Trace | Framework Trace | Full Trace
/Library/Ruby/Gems/1.8/gems/oauth-0.3.4/lib/oauth/consumer.rb:167:in `token_request'
/Library/Ruby/Gems/1.8/gems/oauth-0.3.4/lib/oauth/tokens/request_token.rb:14:in `get_access_token'
/Library/Ruby/Gems/1.8/gems/erwaller-twitter-0.6.13.1/lib/twitter/oauth.rb:29:in `authorize_from_request'
/Users/TAmoyal/Desktop/RoR_Projects/mls/app/controllers/main_controller.rb:70:in `twitter_callback'
The code is failing at this line:
oauth.authorize_from_request(session[:twitter_request_token], session[:twitter_request_secret])
when it tries to get an access token. You can see the source code of authorize_from_request here. I am not sure why this is happening. Anyone have ideas?
A bit late to the party but just ran into the same issue myself. I tracked the issue down to the setup of my OAuth app in Twitter. I had initially not specified a callback URL as I was unsure of it.
Once I had setup my rails app I went back to find Twitter had assumed I was a desktop application as I hadn't specified a callback URL. Once I changed this to website and entered a callback URL I stopped getting 400s.
If you're getting error 401 - OAuth::Unauthorized, make sure you edit the settings of your Twitter application as follows:
Application Type: Browser
Callback URL: http://127.0.0.1:3000/auth/twitter/callback
this is an issue about time synchronization of your system with twitter server.
Twitter doesn't allow localhost as part of a valid callback URL.
Instead use http://127.0.0.1:3000/auth/twitter/callback
Hope this helps
This was one of the most annoying things to debug that I have come across. I was outputting in a couple places by accident because the URL's are dynamic and they happened to not be defined in my test case (i use this to display chart data and there is not enough right now so the google chart api URL's are blank). This caused my browser to make multiple requests to my localhost when some pages were loaded. Somehow that made the oauth process crap out. Obviously there is no way for people on S.O. to know about my application specific issue so I had to answer my own question.
I had this same problem and none of the suggestions in this thread worked for me.
I found the problem for me was the TIMESTAMP on my request. The mobile device I was running my scripts on had a jacked up clock. When I updated the system time on my device to the correct time (i.e. now), all of my requests came back "200 OK" instead of "401 Unauthorized".
This problem seems to be caused by twitter not being able to handle connection keep-alive correctly. Make sure you set connection=close http header in the request to twitter. Wasted a weekend debugging this.
not enough info for me, but when was twitter gem last updated? twitter changed their oauth 'stuff' in mid may approx. perhaps you have an old one. I'd update your question to show the callback_url, and make sure you have the right token and secret, which it looks like you don't have.
also, did you put the right callback url in your twitter app page? alot of times that screws you up too.
if that fails use mbleighs twitter_auth instead. it worked for me and is pretty slick.