Iam following these steps https://secure.flickr.com/services/api/auth.oauth.html to implement oauth in my clojure prog.
Everything is working fine to step 3 with the following code. (printlns are just for checking the return values)
(def consumer-key "0000")
(def consumer-secret "0000")
(def consumer (oauth.client/make-consumer consumer-key
consumer-secret
"http://www.flickr.com/services/oauth/request_token"
"http://www.flickr.com/services/oauth/access_token"
"http://www.flickr.com/services/oauth/authorize"
:hmac-sha1))
(def request-token (oauth/request-token consumer "http://localhost:8080/authorize"))
(defn flickrauth []
(def auth-url (oauth/user-approval-uri consumer
(:oauth_token request-token)))
(println (str auth-url "&perms=write")))
After typing the auth-url to my my browser can authorize the access with write permissions.
(defn get-access-token [oauth-token verifier]
(println "CONSUMER: " consumer "REQ TOKEN: " oauth-token "verifier: " verifier)
In the following code i only got "oauth_problem=token_rejected, status 401". So i guess there is a problem with exchanging the request token for an access token...
(def access-token-response (oauth/access-token consumer
request-token
verifier))
(println "ACCESS TOKEN RESPONSE: " access-token-response)
Short summary...
I get a request token and verifier, but in access-token-response is another oauth_token used..and i don't know why.
Thanks for any help and hint!
Related
Here is my work flow for getting access token and refresh token for youtube api. Im generating authorization url with parameters
access_type=offline, response_type=code, redirect_uri=uri, scope=scopes, state=state, client_id=id
from authorization url I´m receiving authentication code, then I´m generating another url to get access_token and refresh_token using code from authorization url with these parameters
code: code, client_id: CLIENT_ID, client_secret: CLIENT_SECRET, redirect_uri: serviceCallback, state: state.callback, grant_type: "authorization_code"
As far as I know user should complete this process only once and then it should be automatic. My problem is that I´m always have to complete authorization and I´m getting always new access_token and refresh_token without forcing it on request.
here is code part where I´m getting authentication url
getAuthUrl: function(scopes, applicationCallback, serviceCallback, siteId,
selectChannel, websiteUrl) {
var requestedClientId = CLIENT_ID;
var scopess =
"https://www.googleapis.com/auth/yt-analytics.readonly https://www.googleapis.com/auth/youtube.readonly https://www.googleapis.com/auth/userinfo.email " +
scopes.replace(",", " ");
return "https://accounts.google.com/o/oauth2/auth?" +
"access_type=offline" +
"&response_type=code" +
/*"&approval_prompt=auto" +*/
"&redirect_uri=" + serviceCallback +
"&scope=" + scopes +
"&state=" + JSON.stringify({
service: NAME,
callback: applicationCallback,
scopes: scopes,
siteId: siteId,
selectChannel: selectChannel,
websiteUrl: websiteUrl
}) +
"&client_id=" + requestedClientId;
},
From there Im getting back code and using that code, clientID and clientSecret to get access token and refresh token
getAuthTokens: function(code, state, res, serviceCallback) {
// Google oAuth endpoint
var endpoint = "https://www.googleapis.com/oauth2/v4/token";
const scopes = state.scopes.split(" ");
// Setup request data
var data = {
code: code,
client_id: CLIENT_ID,
client_secret: CLIENT_SECRET,
redirect_uri: serviceCallback,
state: state.callback,
grant_type: "authorization_code"
};
request.post(endpoint).send(data).type('form').set('Accept',
'application/json').end(function(err, oAuthResponse) {});
},
I was using wrong endpoint url I changed it to different one to one provided by youtube api documentation and removed state parameter from data variable but still doesnt fix the problem
new endpoint url
var endpoint = "https://accounts.google.com/o/oauth2/token";
I´m really confused right now because I´m not forcing authorization and on google apps section there is my app already authorized and it does not update authorization that means it gives permission only first time and after that when I´m pressing allow it doesn´t do anything. OAuth should check if I have refresh token or not, so my conclusion is that I don´t fully understand how it should work or I´m somehow testing everything on debug or test mode where authorization prompt is automatically forced.
I would be really thankful for any kind of help because I feel like I tried everything.
The issue is that the access token that you are using has expired before the next time you use as you have not updated the access token manually using the refresh token.
You need to use the refresh token to update the access token if [ (time you last updated the access token) + (the expiry time) ] has already surpassed.
The concept of refresh tokens is that if an access token is compromised, as it is short-lived, the attacker has a limited time period in which it can be used. Refresh tokens, if compromised, are useless because the attacker requires the client id and client secret in addition to the refresh token in order to gain an access token.
The YouTube API documentation demonstrates the procedure here
By default, the expiry time is around 3 seconds.
This will surely, work in your case.
Adding the following parameter to your authentication object may help...depending on your requirements:
prompt: 'none'
This would mean no consent is gained or needed, after an initial authorization to use the app.
Go to the my accounts settings of google for this account---> go to connected apps and sites ----> manage apps:
Over there can you see the permissions for youtube like this:
I am trying to read tweets related to Zika virus and have created an application in twitter, but not able to connect to twitter through R. I have tried following commands
reqURL <- "https://api.twitter.com/oauth/request_token"
accessURL <- "https://api.twitter.com/oauth/access_token"
authURL <- "https://api.twitter.com/oauth/authorize"
consumerKey <- "my consumer key"
consumerSecret <- "my consumer secret key"
twitCred <- OAuthFactory$new(consumerKey=consumerKey,
consumerSecret=consumerSecret,
requestURL=reqURL,
accessURL=accessURL,
authURL=authURL)
twitCred$handshake()
immediately after this I get this error message:
Error in function (type, msg, asError = TRUE) :
Could not resolve host: api.twitter.com
Please help me I have installed following packages
library("bitops", lib.loc="~/R/win-library/3.1")
library("digest", lib.loc="~/R/win-library/3.1")
library("RCurl", lib.loc="~/R/win-library/3.1")
library("rjson", lib.loc="~/R/win-library/3.1")
library("ROAuth", lib.loc="~/R/win-library/3.1")
library("twitteR", lib.loc="~/R/win-library/3.1")
I think you are making authentication with R and Twitter too complex. From several blogs which I read, all you need to do is make one call to setup_twitter_oauth() and you should be good to go:
consumer_key <- "your_consumer_key"
consumer_secret <- "your_consumer_secret"
access_token <- "your_access_token"
access_secret <- "your_access_secret"
setup_twitter_oauth(consumer_key, consumer_secret, access_token, access_secret)
In order to obtain an access token and secret, you will have to create a Twitter application from the Twitter settings page, and generate them manually.
Please read through this blog for a step-by-step guide on how to do this.
I am using the article located at https://developer-programs.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens to exchange my Javascript access token to a REST OAuth token.
After following the directions here, no matter what I seem to do, I only get a 400 Bad Request response back.
The flow I use for Facebook and want to recreate with LinkedIn is; front end authenticates to LinkedIn and passes an access token to my API, the API then gets all necessary user information and passes my own bearer token back to the client, et voila.
Unfortunately LinkedIn doesn't play so nicely with this, and I need to convert my token to an OAuth token from its Javascript token.
I pass the cookie LinkedIn gives me to my API, it looks something like the below (where OAuthBase is http://oauth.googlecode.com/svn/code/csharp/OAuthBase.cs)
access_token: "oxmKI9aU4RCfksdegZ3obZGHK-vo6Q4-4FSQk"
member_id: "AmjWCF7ExN"
signature: "t8KEbLjJ+r6uM42tUwfJm5yWp70="
signature_method: "HMAC-SHA1"
signature_order: ["access_token","member_id"]
signature_version: "1"
I then am attempting to make a call to https://api.linkedin.com/uas/oauth/accessToken to do the actual exchange. My code for this is:
public async Task<IHttpActionResult> ConvertLinkedInToken(LinkedInCovertTokenObject val)
{
string normalizeduri;
string normalizedparams;
OAuthBase o = new OAuthBase();
string signature = o.GenerateSignature(new Uri("https://api.linkedin.com/uas/oauth/accessToken"), Startup.linkedInAuthOptions.ClientId, Startup.linkedInAuthOptions.ClientSecret, val.access_token, null, "POST", o.GenerateTimeStamp(), o.GenerateNonce(), out normalizeduri, out normalizedparams);
var client = new HttpClient();
var uri = new Uri("https://api.linkedin.com/uas/oauth/accessToken?" +
"oauth_consumer_key=" + Startup.linkedInAuthOptions.ClientId +
"&xoauth_oauth2_access_token=" + val.access_token +
"&signature_method=HMAC-SHA1" +
"&signature=" + signature
);
var response = await client.GetAsync(uri);
return Ok();
}
No matter how I play around all I get back from LinkedIn is a 400 Bad Request without any other useful information.
1) How can I convert LinkedIn JS token to Rest OAuth token in my c# api
This is how I achieved that:
On the frontend:
IN.User.authorize(function(){
// here you can find oauth token
var oauth_token = IN.ENV.auth.oauth_token;
// send this token to your API endpoint
});
On your API (curl example), of course replace OAUTH_TOKEN with token received on the frontend.
curl -X GET \
'https://api.linkedin.com/v1/people/~:
(id,firstName,lastName,siteStandardProfileRequest,picture-url,email-
address)?format=json' \
-H 'oauth_token: OAUTH_TOKEN'
You are looking at old documentation from LinkedIn. Starting from 12th May, LinkedIn has started rolling out new changes in their API which includes authentication. In my knowledge, LinkedIn is not using OAuth anymore, and you need OAuth2.0 henceforth for authentication. You should check this link for more information:
https://developer.linkedin.com/docs/signin-with-linkedin
I am using https://github.com/StepanKuzmin/erlang-dropbox to connect with dropbox api. I can use it from command line. But when I am trying to write all of this into a module and run it I am always getting an authorization error (403).
Here is part of my code:
crypto:start(),
ssl:start(),
inets:start(),
Key = "key",
Secret = "secret key",
[{"oauth_token_secret", TokenSecret}, {"oauth_token", Token}] = dropbox:request_token(Key, Secret),
io:format(Token),
Url = "https://www.dropbox.com/1/oauth/authorize?oauth_token=" ++ Token,
httpc:request(post, {Url, [],"application/x-www-form-urlencoded", []},[],[]).
I am receiving the token but not being able to authorize it from code. I have tried to token data separately but did not work out.
Thanks
Samiul Monir
I am trying to authenticate with the withings api. I have got the consumer key and secret correctly and am able to get to the app page, and I can also authenticate with the api.
The problem is that it is not coming back, instead showing a 404 error: page not found.
I have cross-checked the callback url many times.
Here's the url.
This is the code I am trying to authenticate with: Documentation, Gem1, Gem2.
I want to get the user back to my application.
#callback_url = 'http://127.0.0.1:3000/auth/withings/callback'
#consumer = OAuth::Consumer.new(WITHINGS_KEY, WITHINGS_SECRET, {
:site => 'https://oauth.withings.com',
:request_token_path => '/account/request_token',
:access_token_path => '/account/access_token',
:authorize_path => '/account/authorize'
})
#request_token = #consumer.get_request_token(:oauth_callback => #callback_url)
session[:request_token] = #request_token
redirect_to #request_token.authorize_url(:oauth_callback => #callback_url)
Well. I think, you should not use third-party libraries, because
#request_token.authorize_url(:oauth_callback => #callback_url)
return incorrect url.
Try to make your own implementation of OAuth.
1) Use HMAC-SHA1 algorithm for string:
GET&https%3A%2F%2Foauth.withings.com%2Faccount%2Frequest_token&oauth_callback%3Dhttp%3A%2F%2F127.0.0.1%3A3000%2Fauth%2Fwithings%2Fcallback%26oauth_consumer_key%3D{WITHINGS KEY}%26oauth_nonce%3D{RANDOM STRING}%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D{CURRENT TIME}%26oauth_version%3D1.0
This string contains 3 parts:
{METHOD} + "&" + {ENCODED REQUEST URL} + "&" + {ENCODED REQUEST QUERY PART}
SECRET KEY for signing: {WITHINGS SECRET}+"&"
In result encode this sign.
2) Send request to the URL:
https://oauth.withings.com/account/request_token?oauth_callback=http%3A%2F%2F127.0.0.1%3A3000%2Fauth%2Fwithings%2Fcallback&oauth_consumer_key={WITHINGS KEY}&oauth_nonce={NONCE FROM STEP 1}&oauth_signature={RESULT OF STEP 1}&oauth_signature_method=HMAC-SHA1&oauth_timestamp={TIMESTAMP FROM STEP 1}&oauth_version=1.0
3) Parse response body. Get OAUTH TOKEN and OAUTH SECRET.
4) Use HMAC-SHA1 algorithm for string:
GET&https%3A%2F%2Foauth.withings.com%2Faccount%2Fauthorize&oauth_callback%3Dhttp%3A%2F%2F127.0.0.1%3A3000%2Fauth%2Fwithings%2Fcallback%26oauth_consumer_key%3D{SECRET KEY}%26oauth_nonce%3D{RANDOM STRING}%26oauth_signature_method%3DHMAC-SHA1%26oauth_token%3D{OAUTH TOKEN}%26oauth_timestamp%3D{CURRENT TIME}%26oauth_version%3D1.0
SECRET KEY for signing: {WITHINGS SECRET}+"&" + {OAUTH SECRET}
In result encode this sign.
5) Redirect user to the URL:
https://oauth.withings.com/account/rauthorize?oauth_callback=http%3A%2F%2F127.0.0.1%3A3000%2Fauth%2Fwithings%2Fcallback&oauth_consumer_key={WITHINGS KEY}&oauth_nonce={NONCE FROM STEP 4}&oauth_signature={RESULT OF STEP 4}&oauth_signature_method=HMAC-SHA1&oauth_token={OAUTH TOKEN}&oauth_timestamp={TIMESTAMP FROM STEP 4}&oauth_version=1.0
There are missing oauth_consumer_key, oauth_signature and other oauth fields in the example link.