I am using scribe 1.3.1.jar.
I have successfully authenticated user with twitter using this jar.
But I am facing problem while authenticating user with linkedin using the same jar.
I am getting this error while obtaining access Token. I have successfully get request token & verifier.But the problem creeps when i tried getting access Token & got following exception:
Response body is incorrect. Can't extract token and secret from this:
oauth_problem=signature_invalid&oauth_problem_advice=com.linkedin.security.auth.pub.LoginDeniedInvalidAuthTokenException%20while%20obtaining%20request%20token%20for%20%3APOST%26https%253A%252F%252Fapi.linkedin.com%252Fuas%252Foauth%252FaccessToken%26oauth_consumer_key%253Dxuk04eooznqu%2526oauth_nonce%253D2417349075%2526oauth_signature_method%253DHMAC-SHA1%2526oauth_timestamp%253D1365577634%2526oauth_token%253D7277829e-e121-4b76-b0f4-8f5e9e6c7be8%2526oauth_verifier%253D66312%2526oauth_version%253D1.0%0AOAU%3Axuk04eooznqu%7C7277829e-e121-4b76-b0f4-8f5e9e6c7be8%7C%2A01%7C%2A01%3A1365577634%3AlCqOvqH1tkJAtpGa58tnEhqwdRQ%3D
I feel really stuck in this.
Please Help!.
Take a look at this blog post: http://www.objectpartners.com/2012/04/03/linkedin-api-in-a-grails-application/
It shows how to use the OAuth plugin which uses the Scribe library. Hope that helps!
Related
Cheers everybody,
we have been deeply reading google documentation on exchanging access_token from google in order our (delphi)desktop application to SSO with google from server side. Here is the payload we send first look like:
https://accounts.google.com/o/oauth2/v2/auth?client_id=1000217514248-t1lojs6f8ed7l9ocrpbm98leahtum8n1.apps.googleusercontent.com&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&response_type=code&state=E1DF2FBA-0A66-4D69-B594-5EB8F7828AF7&scope=openid+profile&include_granted_scopes=true&code_challenge=C832DA50-E55A-499D-89B8-493BB4123C94&login_hint=test#Speelkriebel.be
Normally after this it redirects me to login in to our test user and after this according to the documentation we send a POST request to the end point token in order to get the access_token and refresh_token...: 'https://oauth2.googleapis.com/token
with the following parameters, the 'code' is generated we also send it as follow:
client_id=1000217514248-t1lojs6f8ed7l9ocrpbm98leahtum8n1.apps.googleusercontent.com
grant_type=authorization_code
client_secret=******
code= 4/1AY0e-g4GlavO38PI5Oo3vq04Pc4lMWN77et-02UiVWOsT-IyRQnU1lq19qo
redirect_uri = urn:ietf:wg:oauth:2.0:oob
The response is always
{
"error_description": "Missing code verifier.",
"error": "invalid_grant"
}
We have tried to send the client secret id also, Does it have to do with our code_challenge ? are the end points url and initial url okay? What are we missing? We are using CEF4Delphi as "browser like experience in order for the user to type in their google credentials. We have been reading this: https://developers.google.com/identity/protocols/oauth2/web-server#offline
We were also trying the playground :https://developers.google.com/oauthplayground/
we were sending the initial url in a chrome which generated a "code" and in the playground we inserted the code, and still got the same error of missing code verifier.
Thanks Guys
You seam to have URL encoded a lot of the values try not doing that. Also try using the basic call, before you start adding everything else. It should help you figure out which one of those extra parameters you are sending that's causing your issues.
https://accounts.google.com/o/oauth2/auth?client_id={clientid}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=profile&response_type=code
Also make sure that the client id is from an installed / other type client
This may also help Google 3 Legged OAuth2 Flow
For installed apps, the code challenge and verifier are parameters for enhancing the security of the OAuth flow through PKCE [1].
There is additional documentation about generating a code challenge and verifier here [2].
[1] https://www.rfc-editor.org/rfc/rfc7636
[2] https://developers.google.com/identity/protocols/oauth2/native-app#step1-code-verifier
I'm trying to get request_token from https://api.twitter.com/oauth/request_token. But I always got following error.
"Failed to validate oauth signature and token"
Below is my signature_base:
POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_callback%3Dhttp%3A%2F%2Fwww.google.com%26oauth_consumer_key%3DydxYUl45Mleo5LNyoExnAF4mY%26oauth_nonce%3D9C918901-EF8A-4B84-BDF5-B7E754C46397%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1415174195%26oauth_version%3D1.0
The auth header generated is:
{
Authorization = "OAuth oauth_version=\"1.0\",
oauth_nonce=\"9C918901-EF8A-4B84-BDF5-B7E754C46397\",
oauth_signature_method=\"HMAC-SHA1\",
oauth_consumer_key=\"ydxYUl45Mleo5LNyoExnAF4mY\",
oauth_timestamp=\"1415174195\",
oauth_callback=\"http://www.google.com\",
oauth_signature=\"j6k3CY4Fr40SKAWiG%2B5%2BwkErdYc%3D\"";
}
I verified the signature with my secret key and it's correct. Really can't figure out where the problem is...
One clue is that when oauth_callback is not used at all, I'm able to get request token... Please help!
Thanks,
Lee
Edit:
If I don't use oauth_callback, I'm able to get request token and the callback I set in dev twitter website is used. However, I can't set it to URL Scheme of my app since it's not valid url...
You are not encoding the oauth_callback url correctly.
In the signature base it should be encoded as:
oauth_callback%3Dhttp%253A%252F%252Fwww.google.com
and then in the Authorization header as:
oauth_callback="http%3A%2F%2Fwww.google.com"
The same problem i was struggling as well.
Approach that help is bellow.
Using Twitter to authenticate is quite uncomfortable to do due to the errors and bad documentation. I will defiantly recommend you, to use one of the two approaches that are : Github library that is well documented and easy to implement. Or use iOS Social framework to write own logging.
I have been trying with the simple REST Client as well as the REST Plugin for Mozilla. I am getting
"HTTP/1.1 401 Unauthorized" response with
"{"error":"unauthorized_client","error_description":"the client is not authorized"}" in the body.
I have been successful in getting the auth code, and the below is the POST request for access token, (Scope is r_fullprofile)
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=AQTQeBxBzbU2aNWaQM6Ff3Z3bUd8Gyg10W9G2DdqXgWiP0q7-M55c5PLtppP7Ni3Y-6A9C8yDkj9K4VfJ7QkRUFjuV-3AknA5jAahpsFJv3wYfr8XD8&redirect_uri=https://www.google.com&client_id=75wl6j5zndvfkp&client_secret=secret
The redirect_uri=https://www.google.com is the one used for getting auth code as well.
Do we need to perform any URL encoding before making the POST request?
When I log into the linked in to my app, it has the below tokens,
OAuth User Token: c3ae4cee-1b23-xxx-9d2a-206f578dee4d
OAuth User Secret: 76bc48cc-c94f-xxx-bf9d-a663f7003383
I am not sure where it is used. we are using API & secret key to get auth code.
Thanks in Advance.
This is a 2-step process.
First, go to:
https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=YOUR-API-ID&scope=r_basicprofile&state=STATE&redirect_uri=YOUR-ENCODED-REDIRECT-URI
Then, within 10 secs of receiving the response, go to:
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&redirect_uri=YOUR-ENCODED-REDIRECT-URI&client_id=YOUR-API-ID&client_secret=YOUR-API-ID&code=THE-CODE-OBTAINED-IN-FIRST-STEP
The response of the second request will have the actual access token you need to use.
When I followed the two steps I faced an issue where I got an error as
{"errorCode":0,"message":"Access to posting shares denied","requestId":"TYWULO2WPZ","status":403,"timestamp":1497353538016}
So I had to remove the &scope=r_basicprofile since it was preventing reading all the Default Application Permissions
I faced a similar problem and the problem was with the initial authorization code. You should mention the scope=rw_company_admin or whatever it is that you want to authorize to while doing the initial redirect URL call. Something like this -
https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=your_client_id&redirect_uri=https%3A%2F%2Fwww.google.com/&state=12345&scope=rw_company_admin%20r_emailaddress%20w_share%20r_basicprofile
When I tried connecting to Yahoo via Oauth authentication using scribe java library, I get the error message "oauth_problem=consumer_key_rejected" I tried different sets of API keys but same error message is shown...How do I fix this?
Check with Yahoo for your application consumer key, otherwise you can ask to renew a new consumer key.
Flickr started to support oAuth just few weeks ago and there is no up to date documentation.. I was able to pass oAuth authentication process but I am unable to upload a photo through API.
I am supposed to sign all parameters except photo parameter. This is my signature base:
POST&http%3A%2F%2Fapi.flickr.com%2Fservices%2Fupload%2F&oauth_consumer_key%3D...6b%26oauth_nonce%3D90660%26oauth_signature_method%3DHMAC-HA1%26oauth_timestamp%3D1309888296%26oauth_token%3D72157626975786735-ed7eccb40ffcc69e%26oauth_version%3D1.0d
And I use "consumer_secret&token_secret" to sign it.
It's all written in AS3 with oAuth library but I think it doesn't matter. The response I get is:
"Invalid API Key (Key has invalid format)"
I don't think there is a problem with API key..
Any suggestions guys??
Thanks
It looks like you're using the incorrect Path. The latest Oauth docs are here:
http://www.flickr.com/services/api/auth.oauth.html
you can learn more about signing requests here:
http://hueniverse.com/2008/10/beginners-guide-to-oauth-part-iv-signing-requests/
and I'm not sure what language you're using but here is an example in Ruby:
https://gist.github.com/383159
and Python:
http://web.archive.org/web/20120919234615/http://mkelsey.com/2011/07/03/Flickr-oAuth-Python-Example.html