If I am an admin of a page. I create an app which able to post to my own page. What I have done before, I use "Graph Explorer Tool" to extend the "offline_access" then I get the token code to use when post. It work fine in the past.
Now, when I click on "Get Access Token" , goto Extended Permission, then check "offline_access", click ok. It is not remember the offline_access.
And there are no "deprecate offline_access" in advance of the app.
If someone can make it work, please share! would appreciate! Thanks
EDITED: Jan 09, 2013
After i make it work, I post the solution if someone have same problem as me.
Tool:
1- Debugger (https://developers.facebook.com/tools/debug)
2- Graph Explorer (https://developers.facebook.com/tools/explorer)
Requirement:
You can manage an app and facebook page
To do:
1- Enable App to Manage Page: Goto "Graph Explorer", Select your application, Click on "Get Access Token", Go to "Extended Permission" check on "manage_page"
2- Exchange the short-lived token for long-lived token: This can be done by open this link on browser. But before you do, you need to replace your own information.
https://graph.facebook.com/oauth/access_token?client_id={YOUR_OWN_APP_ID}&client_secret={YOUR_OWN_APP_SECRET}&grant_type=fb_exchange_token&fb_exchange_token={YOUR_OWN_SHORT_LIVED_TOKEN}
After you open this link, if everything is ok, you will get new access token code. Use Debugger to check this token, you will see this token can live in 2 months.
3- Get Page Access Token: Copy the token code from step 2 to Access Token: Box, Then Query "me/accounts", you will see your page show as JSON data on the box on the right. You will see "access_token". Copy that access_token code and use debugger tool you will see that the Expires should show Never. Use that token when you create post to facebook page with life time access.
Now, when I click on "Get Access Token" , goto Extended Permission, then check "offline_access", click ok. It is not remember the offline_access.
That’s because offline_access does not exist any more.
And there are no "deprecate offline_access" in advance of the app.
The migration is not available any more, because the process of deprecation has been finished with removal of the permission.
If someone can make it work, please share!
Please do some research!
The deprecation of offline_access and how to handle it has been discussed here over and over again.
Start here, https://developers.facebook.com/roadmap/offline-access-removal/, and then search SO or the web if there are still things unclear to you.
Related
I am creating an internal project application with the YouTube Data v3 API. Following the tutorial given in this post, I am trying to add "https://developers.google.com/oauthplayground" as a link under "Authorized redirect URIs" when editing the client_id and client_secret entry.
When I go into the console and edit the credentials, I cannot find this option anywhere. See the screenshot below to see what I see when I edit the Oauth 2.0 Client IDs.
Does anyone have an idea about why I cannot see this option or where I have to go in order to find it?
Screenshot of what I see
I found out why. It's because I had set my credentials to "Other (Windows)". When I created new credentials with "Web server" selected instead, the option started showing.
I am facing an issue regarding account linking in Actions on Google:
I am able to authenticate the user and access his email address and username however after this how can I redirect the user back to the google assistant and close the browser where he was authenticated?
Any help will be appreciated!
Update: Hey Prisoner thanks a lot for that.
I did what you said and yeah now it does redirect to google.com but without result_code=SUCCESS when I test it in the simulator.
The link is:
https://www.google.co.in/?gws_rd=cr&dcr=0&ei=z77fWbjQGIXxvATs_oqwBA
Now if I type talk to... again it shows me the message you need to link your account!
In the device the browser automatically closes and it shows SIGNING_IN however when I type an intent it is not recognized.
It would be great if you could point me in the right direction! (I am not sure but I might be at the token exchange stage that you mentioned, but I don't have a clue how to proceed!)
Update 2: As requested the entire flow that I am following:
This is the URL that I receive from debugInfo:
https://assistant.google.com/services/auth/handoffs/auth/start?account_name=cha***#gmail.com&provider=***_dev&scopes=email&return_url=https://www.google.com/
When I paste this in the browser the request that I receive at the authorization endpoint is:
ImmutableMultiDict([
('response_type', 'code'),
('client_id', ****.apps.googleusercontent.com'),
('redirect_uri', 'https://oauth-redirect.googleusercontent.com/r/****'),
('scope', 'email'),
('state', ' CtcCQUxWM2ROU3hNMjl4LUItVXhQSGd4THRMLU4yNExnb3lYbGRKQnQwa3NwTVFva19NUWpYNE5jNGJURzIyZFN3RDBXd2d4enFGVWJGb0Q0ZW1vaS1OaFdkaHdhb05HZ2xlWTR6SllKVlRWYktwd09faklyUTVheFhQbGw2dmVKYzVFTk05N3B1QkxaZG41RVdHN0wyTktvRFdCYzFPVFBzM1dQUlFtN2RmM1VtRU4****(state)')
])
The response (redirect_url) that I send back:
https://accounts.google.com/o/oauth2/v2/auth?scope=email&response_type=code&redirect_uri=https%3A%2F%2F******.herokuapp.com%2Fcallback%2Fgoogle&client_id=****.apps.googleusercontent.com
When it reaches my endpoint again the request arguments are:
ImmutableMultiDict([
('code', '4/***********')
])
Now I am able to access the email address and other details
The url that I redirect to from here:
https://oauth-redirect.googleusercontent.com/r/****?code=abcdefgh&state=CtcCQUxWM2ROU3hNMjl4LUItVXhQSGd4THRMLU4yNExnb3lYbGRKQnQwa3NwTVFva19NUWpYNE5jNGJURzIyZFN3RDBXd2d4enFGVWJGb0Q0ZW1vaS1OaFdkaHdhb05HZ2xlWTR6SllKVlRWYktwd09faklyUTVheFhQbGw2dmVKYzVFTk05N3B1QkxaZG41RVdHN0wyTktvRFdCYzFPVFBzM1dQUlFtN2RmM1VtRU4****(state)
This redirects me to :
https://www.google.co.in/?gws_rd=cr&dcr=0&ei=5c_fWdfKNYndvASO7o6ACA
Edit 3: I checked the network logs:
result_code=FAILURE&result_message=Account+linking+failed
I also added /token/google as the token URL in AoG. It is detected in heroku however I never receive this request in my code.
Note: I am using python flask and hosting my app on heroku
Once you have authenticated the user, you'll need to return a temporary auth code back to Google. Later, Google will exchange this auth code for an access token and a refresh token, but you're not there yet. The important part is that this code needs to be unique and that, later, you'll be able to recognize what user it is for. The code should be valid for a limited time - 10 minutes is a generally accepted time frame.
In the request Google sent to you as part of the login, they've provided a redirect_uri and a state as parameters. You'll need to use these in your reply. (state can be anything - you shouldn't care what it is, you're just going to send it back with your redirect. Its purpose is to improve security by preventing replay attacks.)
Verify that the redirect_uri has the form
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID
Where YOUR_PROJECT_ID is... you guessed it, the ID of your project. You can find this in the cloud console.
You'll then redirect the user to this URL with a few additional parameters:
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID?code=AUTHORIZATION_CODE&state=STATE_STRING
Where YOUR_PROJECT_ID is as noted above, AUTHORIZATION_CODE is the code you've generated, and STATE_STRING is the value of the state parameter that you were sent in the request.
For details, you can see https://developers.google.com/actions/identity/oauth2-code-flow#handle_user_sign-in
I am working on an application that integrates with Instagram API to access the user information. I successfully fetch the Access Token using the authorize url but unable to fetch the userId using access_token url:
i am tried both the endpoints:
https://api.instagram.com/oauth/access_token?client_id=48275564e2c445f6b8e1356djfha3e0c&client_secret=ab2062da9f314e3489dke7ae9cbe6e5d&redirect_uri=http://localhost&grant_type=authorization_code
https://api.instagram.com/oauth/access_token
with the post body as:
client_id=48275564e2c445f6b8e1356djfha3e0c&client_secret=ab2062da9f314e3489dke7ae9cbe6e5d&redirect_uri=http://localhost&grant_type=authorization_code&code=1351860224.4827556.5dc92c4d15ea4a4ea1b0d33eaf0eef19
(The data in the request is modified), But i am getting the follwing
{
"code": 400,
"error_type": "OAuthException",
"error_message": "No matching code found."
}
I have seen tons of queries and questions but could not find any solution to the problem.
The couple of questions i have is:
1) is the field code in the URL is same as access_token, if not how could i get the code field's value.
2) is there any other mechanism(API) to fetch the user details given the username is not known.
Please help me as i am completely stuck and running out my deadlines.
For me unchecking Disable implicit OAuth in instagram developer -> manage clients fixed the issue
I found that using either form-data or application/x-www-form-urlencoded works fine. The most important is the code you get from redirect uri is only used by one request. It means you could request the access token once for the code. If the you request more than one time with same code, you'll get the error like this:
{
code: 400,
error_type: "OAuthException",
error_message: "Matching code was not found or was already used."
}
Wish you all the best ;)
Try to urlEncode the redirect_uri param to
http%3A%2F%2Flocalhost
And your code param contains the "." character which might be a error.
code=1351860224.4827556.5dc92c4d15ea4a4ea1b0d33eaf0eef19
might caused the problem
"error_message": "No matching code found."
"5dc92c4d15ea4a4ea1b0d33eaf0eef19" seems to be the correct code
I got same error. It seems that instagram's spam system disable user's access to any non-official application. Just change user's password. In my case it was help.
Also try create another application.
UPD
From my answer to another question
It looks like users get more than one code, and you see first code, but need second. Try relogin users, if you gets error. User will not see instagram page with confirm button, just redirections.
Possible algorithm of error:
1. User click auth link.
2. Get first code.
3. User click auth link (twice, redirection problem, public auth system, etc.)
4. Get another code (even on the same client_id, redirect_uri).
5. You get first code.
6. But first code already doesn't exists.
The problem is here that need redirect url set as http://localhost/signin-instagram
signin-instagram part is very important
So go to Instagram.com/developer ->Manage Client-> Security -> Valid redirect URIs set with that end http:/../signin-instagram
Off late instagram python snippet fails due to missing content-type HTTP header
response, content = http_object.request(url, method="POST", body=data,headers = {"Content-type": "application/x-www-form-urlencoded"})
adding application/x-www-form-urlencoded worked for me
I will mention what worked for me.
Step 1. Generate a new client secret from you panel.
Step 2. Follow the step 1 mentioned here to obtain the code again.
Step 3. Send the request again with the changed parameters.
Make sure you are logged in the browser when you send the request. You will get the required response.
Go into Facebook for Developers > Your app. Click on "Roles" and add an Instagram test-account under "Instagram Testers".
Log into instagram.com and go to: Settings > Security > Apps and Websites, where you will accept the test invitation.
Prepare your URL link, which you will paste into the web browser. Make sure to use a valid redirect URI from "Valid OAuth Redirect URIs" from the Instagram Basic Display settings.
If you did everything right, the Instagram tester account for the app, will have the option to gain access to user_profile,user_media. Continue the process to get the code which you can exchange for a short-lived access token.
The scenario is I want to post some details on a facebook page created by me from my other app. So want to know how can we give access to app through access token means how can we get the access token for this?
Thank You
Regards
Yes, take a look at the following URL and the "Page Access Tokens" section for information on how to do obtain a token.
API - Obtain Page Token
Note, however, that there is a known issue when trying to use the links api point, if you intend to define your own link in the post.
Bug report
You'll probably want to use the feed API point instead. I've not actually managed to get this working yet though, and I'm awaiting feedback from FB themselves. I'll update you if/when I hear something useful back.
Good luck.
You can get the access_token for you page by enabling the manage_pages permission, and then calling the API endpoint: /me/accounts to get the access_token for all the pages you manage.
You can then use this access token to post to your page using the Graph API call: /{page_id}/feed
I have set my application permissions as "read, Write, Direct Messages" as shown in the figure
I have saved these settings.
But when i authenticate my app. it shows that my application will not be able to access direct messages.As shown in the figure
Please help me, i am stuck with this problem from many days.
I am using abraham oauthtwitter api
from here https://github.com/abraham/twitteroauth
You need to call Authorize Url. This issue can apear if you call "Authenticate Url".
if you have changed your settings you'll need to regenerate the keys