I have created a custom API page for YouTube/Google, but whenever they 'consent' to the API it gives me "The session state did not match."
Any help?
You can try it for yourself: http://apply.goaerox.com
You get the error in this lines:
if (isset($_GET['code'])) {
if (strval($_SESSION['state']) !== strval($_GET['state'])) {
die('The session state did not match.');
}
.......
}
There is really not enough info to answer on your question. So can you add var_dumps:
var_dump($_SESSION['state']);
var_dump($_GET['state']);
on the vars and provide it below in comment.
I suppose you should compare:
if (strval($_SESSION['state']) !== strval($_GET['session_state']))
Be sure to use session_start() in your script. That was my issue.
Related
I'm trying to find all the information from the users such as profile picture etc via the LinkedIn SDK, I currently got the following but i'm a bit stuck on how to get more information out of it .. Any idea?
$('.btn_linkedin').click(function(e){
e.preventDefault();
console.log('Apply');
IN.Event.on(IN, "auth", getProfileData);
})
// Handle the successful return from the API call
function onSuccess(data) {
console.log(data);
}
// Handle an error response from the API call
function onError(error) {
console.log(error);
}
// Use the API call wrapper to request the member's basic profile data
function getProfileData() {
IN.API.Raw("/people/~").result(onSuccess).error(onError);
}
Found it, adding more arguments did the trick :). To get aditional field you can add them as query parameter. ex.
https://api.linkedin.com/v1/people/~:(id,num-connections,picture-url)?format=json
I just started learning MeteorJS and after completing the tutorial, I decided to play around with the Twitter API. Initially, I followed this tutorial
http://artsdigital.co/exploring-twitter-api-meteor-js/
Once completing that, what I wanted to do is scrape data from a tweet and display it on the client side.
N/A = proper authentication
Here's the code I've written:
if (Meteor.isClient) {
Session.setDefault('screen_name', 'John');
Template.hello.helpers({
screen_name: function () {
return Session.get('screen_name');
}
});
Template.hello.events({
'click button': function () {
T.get('search/tweets',
{
q: '#UCLA',
count: 1
},
function(err,data,response) {
var user_name = data.statuses[0].users.screen_name;
Session.set('screen_name', user_name);
}
)
}
});
}
if (Meteor.isServer) {
Meteor.startup(function () {
// code to run on server at startup
var Twit = Meteor.npmRequire('twit');
var T = new Twit({
consumer_key: 'N/A', // API key
consumer_secret: 'N/A', // API secret
access_token: 'N/A',
access_token_secret: 'N/A'
});
});
}
What I believe the problem is that, the 'click button' function, the 'T' is seen to be undefined so the compiler doesn't know what that is or where it came. That thought did spark a thought in my mind to move what I have written inside the
if (Meteor.isServer) to if (Meteor.isClient)
But to no avail. It didn't work. What my reasoning is that once Meteor starts, the server starts, so if the server declares the variable T, shouldn't we be able to access it on the client side too?
I'm not sure if my approach is correct/don't know the conventions of Meteor/Meteor NOOB..so if someone could please help me, that will be highly appreciated!
Thanks!
You put a "var" declaration in front of your "T" variable. This binds the scope to the server side context of the app. I bet if you got rid of the var and made "T" global, then you would be able to access it from the client side as well.
I'm trying to use Slack's users.info API to retrieve users information, but I need to find users by email, is there a way to do that?
Yes!
https://slack.com/api/users.lookupByEmail
Using this we can find a user if email id is available.
More : https://api.slack.com/methods/users.lookupByEmail
Currently you can only look up users with users.info by their ID.
An alternative solution to your problem would be to call users.list and filter within your client by the profile.email for whichever email you're looking for.
An undocumented API can do this job:
https://slack.com/api/auth.findUser?team=&email=&token=xoxp-XXXXXXXXX
If this is being done on behalf of a Slack slash command, one can configure the command to expand #username, #channels, etc...
This can be done under the command section of the Slack app. See the following screenshot:
You should use this scope users:read.email, the users:read is no longer a sufficient scope for email field.
Check this to get more infos: https://api.slack.com/scopes/users:read.email
That's worked for me as wanted !
This was useful for me.
My setup: I am part of an enterprise, so the legacy token does not have users:read.email scope to it.
Solution: I created an app with users:read.email scope and other scopes needed. Got the app approved from my admin, installed the app to my workspace, retrieved the OAuth token, used it with https://slack.com/api/users.lookupByEmail.
you can get the userid with message.user from main calling method
getUsername(userID).then((output) => { username = output.user.name });
function getUsername(userid){
return new Promise((resolve, reject) => {
//get token from https://api.slack.com/methods/users.info
options.uri = "https://slack.com/api/users.info?token=********&userid=" +userid+ "&pretty=";
rp(options).then(function (body) {
resolve(body);
console.log('Retrieved Info slack --- ' + JSON.stringify(body));
})
.catch(function (err) {
resolve(err);
console.log('aborted - slack ' + JSON.stringify(err));
});
});
}
refer link : https://github.com/hassifow/Slack.API-User.info/blob/master/LambdaFunction.js
https://api.slack.com/methods/users.lookupByEmail
POST https://slack.com/api/users.lookupByEmail?email=seunggabi#gmail.com
form-data
token=xoxb-############-#############-$$$$$$$$$$$$$$$$$$$$$$$$
I have vague idea on keychain that it is used for password management for ios. As proper documentation about it are not available I am coming here to you for help.
Can anybody clarify the purpose of getForKey() command?
Here, you have an easy to understand example. I focused on the Get function and left out the set and remove callback - as they are not needed if you understand GetSuccess callback.
First we set a key named coins to 600, then we retrieve(get) that key, which triggers our GetSuccess callback, passes the value and should fire an alert.
// init
var kc = new Keychain();
// Set key
kc.setForKey(SetSuccess, failure, 'coins', 'servicename', '600');
// Get key
kc.getForKey(GetSuccess, failure, 'coins', 'servicename');
// Get Success Callback
function GetSuccess(value) {
alert("GET SUCCESS - Coins Value: " + value);
};
// Delete key
kc.removeForKey(RemoveSuccess, failure, 'coins', 'servicename');
[...]
If you have any questions, ask.
It sounds like you're using Shazron Abdullah's Keychain Plugin. If so, the API is very straightforward but the documentation can be a little confusing at first. The API relies on asynchronous callbacks, so you need to plan your code accordingly.
The parameters of getForKey are a success callback, a failure callback, a key name and a service name. I provide the name of my app as the service name.
Here's a small sample that should get you started (assuming that the plugin is installed):
(function(){
// Create a new keychain object...
var keychain = new window.Keychain();
// Assign the value 'mysecret' to 'mykey'...
keychain.setForKey(function() {
console.log('key set succeeded');
// Retrieve the value for 'mykey' and output to the console...
keychain.getForKey(function(value) {
console.log('key get, value = ' + value);
}, function() {
console.log('key get failed');
}, 'mykey', 'myservice');
}, function() {
console.log('key set failed');
}, 'mykey', 'myservice', 'mysecret');
})();
If your app has the plugin and is running on the iOS Simulator, you can open Safari's debug window and paste this code in for a quick demo.
So I've got an question about authentication and have been wondering how other people might handle this situation. I'm currently running an Angular app that is built on a Rails API.
So far for authentication I have a form that does a post to the Rails side which logs the user in and then sends them back to the Angular app on success. Once the cookie is set and the user is logged in, I'm able to access a user.json file which contains all the User information one might expect (Id, username, roles, rights, etc). Since verification all happens on Rails, if the user logs out then this information is removed. So the two states look like so...
Logged in
{
id: 99384,
name: "Username",
url: "//www.test.com/profiles/Username",
timezone: null,
rights: [ ],
roles: [
"admin"
],
}
Logged out
{
error: "You need to login or join before continuing."
}
So far I've seen all these millions of different ways to do auth for Angular, but it seems like nothing fits this type of method. So my question is, since the server is handling all of the verification, is there a way to just check if they user.json file is empty (displaying the error message) and if it is send the Angular app to the Rails login page? Is there really any point messing with Cookies, Tokens, etc when I can base it all on the JSON file?
You are already using cookies - the server is setting them. What you have done is a fairly standard way of doing things.
To check the json file, you can do something like this stub shows in your controller:
app.controller('AppControl', function($scope, $http, $location){
// Get the JSON file.
$http.get('/path/to/json/file')
.then(response){
if(response.data.error){
// redirect to login
$location.path('login');
}
else{
$scope.user = response.data;
// your app code here.
}
})
.catch(function (error){
// unable to reach the json file - handle this.
});
});
Of course, you should really move this out into a service so you can re-use it, and also cache the data, rather than getting the user every time you change route/page, but this gives you a vague idea.
EDIT Example factory:
.factory('User', function( $http ){
// Create a user object - this is ultimately what the factory will return.
// it's a singleton, so there will only ever by one instance of it.
var user = {};
// NOTE: I am assigning the "then" function of the login promise to
// "whenLoggedIn" - your controller code is then very easy to read.
user.whenLoggedIn = $http.get('user.json')
.then(function(response){
// Check to see if there is an error.
if (response.data.error !== undefined) {
// You could be more thorough with this check to determine the
// correct action (examine the error)
user.loggedIn = false;
}
else {
// the user is logged in
user.loggedIn = true;
user.details = response.data;
return user;
}
}).then; // <-- make sure you understand why that .then is there.
return user;
})
Usage in the controller
.controller('ExampleController', function($scope, User){
// It's handy to have the user on the scope - you can use it in your markup
// like I have with ng-show on index.html.
$scope.User = User;
// Do stuff only if the user is loggedin.
// See how neat this is because of the use of the .then function
User.whenLoggedIn( function (user){
console.log(user.details.name + " is logged in");
});
});
Because it's on the scope, we can do this in the html:
<body ng-controller="ExampleController">
<h1 ng-show="User.loggedIn == null">Logging in..</h1>
<h1 ng-show="User.loggedIn == true">Logged in as {{ User.details.name }}</h1>
<h1 ng-show="User.loggedIn == false">Not logged in</h1>
</body>
Here is an example on plunker where this is working.
Note the following:
If the user is/was already logged in, when you inject the service in the future, it won't check the file again. You could create other methods on the service that would re-check the file, and also log the user out, back in, etc. I will leave that up to you.
There are other ways to do this - this is just one possible option!
This might be obvious, but it's always worth saying. You need to primarily handle authentication and security on the server side. The client side is just user experience, and makes sure the user doesn't see confusing or conflicting screens.