Hi I'm new to Ruby/Rails and I had a question about handling an OAuth response with the Ruby version of GitHub's Octokit. After reading the documentation I'm a little confused about how to follow best practices with the wrapper vs with RestClient. When I authorize my app the response returns a "code" which I'm supposed to exchange for an access token.
In the GitHub API documentation it shows a Sinatra example of this with Restclient, which is currently in my create action of the sessions controller. However, it says you should approach it differently when building an app and that you should use the Octokit library, but I can't find any documentation on exactly how to exchange the code for an access token with Octokit.
My goal is to be able to crete a new member for the app via a user's GitHub account, save that info, & then sign them in with that account, rather then ever creating a username/password. I've pasted my new.html.erb code below to show the request that I am making as well. Really appreciate any help, thank you!
Sessions Controller
class SessionsController < ApplicationController
def new
#client_id = Octokit.client_id
end
def create
# CHANGE THIS TO USE OCTOKIT INSTEAD
session_code = request.env['rack.request.query_hash']['code']
result = RestClient.post('https://github.com/login/oauth/access_token',
{:client_id => Octokit.client_id,
:client_secret => Octokit.client_secret,
:code => session_code},
:accept => :json)
access_token = JSON.parse(result)['access_token']
end
end
OAuth Request
<p>
Sign In with GitHub
</p>
<p>
Click here to begin!</a>
</p>
As it doesn't explicitly state this in the README. What I recommend is always going through the source code to get a better understanding of how a gem works. Often you will find that the gem's creator(s) have written great code that is self-explanatory, and sometimes even commented to provide more info as in the situation below. Here is the method you're looking for, good luck on your journey to learn to Ruby/Rails and welcome! Let me know if you have any more questions and run into any more issues getting this to work.
# Retrieve the access_token.
#
# #param code [String] Authorization code generated by GitHub.
# #param app_id [String] Client Id we received when our application was registered with GitHub.
# #param app_secret [String] Client Secret we received when our application was registered with GitHub.
# #return [Sawyer::Resource] Hash holding the access token.
# #see http://developer.github.com/v3/oauth/#web-application-flow
# #example
# Octokit.exchange_code_for_token('aaaa', 'xxxx', 'yyyy', {:accept => 'application/json'})
def exchange_code_for_token(code, app_id = client_id, app_secret = client_secret, options = {})
options.merge!({
:code => code,
:client_id => app_id,
:client_secret => app_secret,
:headers => {
:content_type => 'application/json',
:accept => 'application/json'
}
})
post "#{web_endpoint}login/oauth/access_token", options
end
Related
I am trying to create an API for an application (both in Rails), but I have many doubts regarding authentication through an API.
Contextualizing a bit what I'm doing.
To create the API in Rails I'm using the rails-api and
devise_token_auth gems.
For the application that will consume the API's services I'm using
the httparty gem.
Now the question I have is with respect to login, the description in devise_token_auth about the sign_in path is:
Email authentication. Requires email and password as params. This route will return a JSON representation of the User model on successful login along with the access-token and client in the header of the response.
The problem is that I don't know how to handle the access-token, for example, if I execute this:
#result = HTTParty.post('url_of_my_api_on_heroku/auth/sign_in', :body => {"email": "someemail#example.com", "password": "ABCDEFGHI"}.to_json, :headers => { 'Content-Type' => 'application/json' })
On the application that will consume the API's services and I display the value of #result I can see the user data successfully... BUT I don't know how to get the access-token, nor use it.
I need some help, please.
This is how you get the access-token:
#result = HTTParty.post('url_of_my_api_on_heroku/auth/sign_in', :body => {"email": "someemail#example.com", "password": "ABCDEFGHI"}.to_json, :headers => { 'Content-Type' => 'application/json' })
#access_token = #result_login.headers["access-token"]
Now #access_token will have the current value of the access-token.
Forgive me if this is a stupid question, novice programmer here.
I am trying to use the Soundcloud API to authenticate users in my Rails 3.2.14 app. I'm using the code directly from the Soundcloud developer docs, like so:
client = Soundcloud.new(
:client_id => 'MY_CLIENT_ID',
:client_secret => 'MY_CLIENT_SECRET',
:redirect_uri => 'http://localhost:3000/auth/soundcloud/callback'
)
# redirect user to authorize URL
redirect_to client.authorize_url(:scope => 'non-expiring')
And when I GET the callback URI:
client = Soundcloud.new(
:client_id => 'MY_CLIENT_ID',
:client_secret => 'MY_CLIENT_SECRET',
:redirect_uri => 'http://localhost:3000/auth/soundcloud/callback'
)
# exchange authorization code for access token
code = params[:code]
access_token = client.exchange_token(:code => code)
Everything works fine (I am taken to the Soundcloud page to give my app permissions) but when I am sent back to the callback URI I receive the following error:
SoundCloud::ResponseError at /auth/soundcloud/callback
HTTP status: 401 Unauthorized Error: invalid_grant
I've obviously googled this and the only suggestion made was that my token is expiring. That doesn't make sense to me because I'm not reusing the access_token later, I'm just doing the initial authentication. Just in case I included the scope => non-expiring parameter when I redirected to Soundcloud, which made no difference.
Any suggestions? Has anyone had success integrating Rails with Soundcloud recently? All of the resources I've found seem quite outdated.
I got this error, when I was not exchanging the :code for the access_token correctly. Check your variables using pry and make sure your :code is not nil
its also shows up when the access_token has expired, I know you are passing in :scope => 'non-expiring', but perhaps it loses the parameter at some point
I am using Rails 3 + fb_graph to post to my own Facebook page. I have code that works, but it uses an access token that only works for a couple of hours. And it is very annoying to refresh this access token a couple of times a day. So I registrated for a FB app. I now have:
my_app = FbGraph::Application.new("App ID");
acc_tok = my_app.get_access_token("App Secret");
me = FbGraph::User.me(acc_tok)
me.fetch
me.accounts
account = me.accounts.select {|account| account if account.name == "BoaJobs.com"}.first
page = FbGraph::Page.new(account.identifier)
note = page.note!(:access_token => account.access_token, :subject => #title, :message => #message, :link => #url)
But I am getting an error on the me.fetch line:
OAuthException :: An active access token must be used to query information about the current user.
Can somebody post some code that helps me solve this problem. Thank you very much in advance.
ill refer you to https://github.com/nov/fb_graph/wiki/Page-Management
where nov states: You need the page’s access token to manage your page.
Your (an user’s) access token doesn’t work here.
follow his link to the facebook developers site for more info
you'll need the users access_token and i do this through omniauth-facbook https://github.com/mkdynamic/omniauth-facebook
which you retrieve the use by first inputting this initializer into your app
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'],
:scope => 'email,user_birthday,read_stream', :display => 'popup'
end
(note you can change the permissions on the scope here check facebook developers login permissions for more
there are some inner workings to omniauth and omniauth-facebook but the jist is
when you get the callback from facebook you have a rack omniauth hash from the request
omniauth = request.env["omniauth.auth"]
from that has you can access the users access token like this
facebook_user_token = omniauth['credentials']['token']
you can then feed that token into your fb_graph page call
page = FbGraph::Page.new('FbGraph').fetch(
:access_token => facebook_user_token,
:fields => :access_token
)
you will then simply be able to create a note by calling your desired method without a reference to the access token
note = page.note!(:subject => #title, :message => #message, :link => #url)
Can someone post an example of creating a record in quickbooks online / intuit anywhere, using ruby and httparty?
I am working on an integration to a ruby on rails app using intuit anywhere, and am running into an issue with my POST request when attempting to create a new record. I have been able to successfully retrieve data (customers) using a POST command that doesn't require XML data in the body of the request, but am running into trouble when trying to create new records that have required fields that need to be passed in XML in the body of the request.
I get the same flavor of error in any entity for which I try to create a record for: an invalid or missing required field. It seems to me that the XML in the body (where the data for the required fields is added) is either being ignored (incorrect formatting?) or is not being attached.
I was hoping the someone else familiar with ruby could post an example of a record creation using httparty. If I could see how to correctly pass the XML using httparty, I can fix my problem myself.
I have been using the customer.com example (https://code.intuit.com/integration/viewvc/viewvc.cgi/IntuitAnywhere-Ruby/customer.com/?root=intuitanywhere&system=exsy1003) mostly as posted, with a few irrelevant modifications needed to get it to work in Rails 3.1. I am using the data pull and handling provided in the example, which looks like a pretty standard API wrapper built using httparty.
I am using a pull similar to the one found in the company_controller customers method. Here are two different ways I have tried submitting the XML:
#########################################
#Example 1 - XML
e = #company.intuit_token.post("https://qbo.intuit.com/qbo1/resource/account/v2/#{#company.realm}",
{ :body =>
"<Account xmlns:ns2=\"http://www.intuit.com/sb/cdm/qbo\" xmlns=\"http://www.intuit.com/sb/cdm/v2\">
<Name>Test Account 2</Name>
<Desc>Test Account</Desc>
<Subtype>Savings</Subtype>
<AcctNum>5001</AcctNum>
<OpeningBalanceDate>2010-05-14</OpeningBalanceDate>
</Account>",
:headers => {
"Content-Type" => "application/xml"
}}
)
#########################################
#Example 2 - hash
e = #company.intuit_token.post("https://qbo.intuit.com/qbo1/resource/account/v2/#{#company.realm}",
{ :body => {
:Account => {
:Name => "Loan Account 2",
:Desc => "Loac Account 2",
:Subtype => "Savings",
:AcctNum => "5001",
:OpeningBalanceDate => "2011-04-22"
}
},
:headers => {
"Content-Type" => "application/xml"
}}
)
I incorrectly assumed the customer.com example provided by intuit was using the httparty gem to make the POST call, so I was using the wrong syntax. They are actually using the OAuth gem's POST call, who's syntax can be found here: http://oauth.rubyforge.org/rdoc/classes/OAuth/AccessToken.html
I also had to modify the headers to get the Intuit Anywhere service to accept the XML body. Here is the code that finally worked for me to create a record in quickbooks online using intuit anywhere:
e = #company.intuit_token.post("https://qbo.intuit.com/qbo1/resource/account/v2/#{#company.realm}", "<Account xmlns:ns2=\"http://www.intuit.com/sb/cdm/qbo\" xmlns=\"http://www.intuit.com/sb/cdm/v2\"><Name>Test Account </Name><Desc>Test Account</Desc><Subtype>Savings</Subtype><AcctNum>5002</AcctNum><OpeningBalanceDate>2010-05-14</OpeningBalanceDate></Account>", {"Content-Type" => "application/xml", "standalone" => "yes", "encoding" => "UTF-8"})
i am getting the following url information and need to parse it within rails. i already checked request and params but it is not there.
the "#" character seems to f*ck up things.
here's the url:
http://foo.bar.me/whoo#access_token=131268096888809%7C2.5BRBl_qt4xJ08n88ycbpZg__.3600.1276880400-100001151606930%7C0kJ1K-qoGBbDoGbLx6s4z5UEaxM.
thanks for any pointers.
You won't be able to access the part after the '#' character as the browser doesn't send it to the server. You can use it on the client side with javascript though.
It seems that you're trying to use the javascript based authentication which is not what you really want.
I didn't have any problems using this oauth2 library. Then you only need to check for params[:code] within your callback action.
UPDATE:
This is a simplified version of the code I used in my experiments with the new facebook graph API:
# Accessible as facebook_url:
# routes.rb: map.facebook '/facebook', :controller => 'facebook', :action => 'index'
def index
oauth2 = OAuth2::Client.new(FB_API_KEY, FB_API_SECRET, :site => 'https://graph.facebook.com')
if current_user.facebook_token
# The user is already authenticated
fb = OAuth2::AccessToken.new(oauth2, current_user.facebook_sid)
result = JSON.parse(fb.get('/me'))
elsif params[:code]
# Here we get the access token from facebook
fb = oauth2.web_server.get_access_token(params[:code], :redirect_uri => facebook_url)
result = JSON.parse(fb.get('/me'))
current_user.facebook_id = result["id"]
current_user.facebook_token = fb.token.to_s
current_user.save
else
# The user is visiting this page for the first time. We redirect him to facebook
redirect_to oauth2.web_server.authorize_url(:redirect_uri => facebook_url, :scope => 'read_stream,publish_stream,offline_access')
end
end
You don't really need anything else for it to work.