I am trying to get a request token from twitter, and I've been having some problems with it. I used twitter4J to see if it would work with that and it does, but when I use the twitter oauth tool to get a valid authorization header, and copy and paste it as the authorization header for http://api.twitter.com/oauth/request_token in the twitter developer console I get a 401 error ("failed to validate signature and token"). I have tried this same copy and paste method for other requests that require authentication and it works but it just won't work for this request. Any suggestions as to what is going on?
Ok I figured it out! The problem was that the oauth access token is included in the header when you use the twitter oauth tool, with the access token being that of the twitter account related to your application. But if you are using the request_token url you shouldn't already have that, and that is why it throws the error. Thus the twitter oauth tool is useless for a request to this url.
Related
With LinkedIn's planned deprecation of their JS SDK, is there any way to complete the OAuth2 flow and obtain an access token from the client-side, without using a server-side proxy to exchange the auth code for the token?
According to this SO post, LinkedIn does not allow for an implicit grant flow. It's from 2015, but appears to still be relevant.
Is there any alternative way I can obtain an access token for a user who authenticated with LinkedIn, without hitting a self-hosted proxy? My application only needs basic profile data for the user.
Edit
To provide more context, the error I receive when making the second request to https://www.linkedin.com/oauth/v2/accessToken is No 'Access-Control-Allow-Origin' header is present on the requested resource. The same request made from postman works fine and returns the access token. I understand this CORS issue comes down to browser policy. Right now I'm testing from localhost over https. Once the front end code is deployed to a proper domain, will the error persist? Is there any alternative way to get around this?
Thank you!
I'm using the LinkedIn Javascript SDK on my website in order to allow users to register and log in via Linked In.
I want to achieve this without redirecting the user to Linked In, but instead via the popup window.
The issue is, I'm not sure how to securely get an access token, which I can then use to get the users profile and create an account.
Currently, via the Javascript SDK, I can log the user in without redirection, and receive a oauth_token, which I then post to by backend. My Here is my code:
IN.User.authorize(function(){
$.ajax({
type: 'POST',
url: '/auth/li/'+IN.ENV.auth.oauth_token,
});
});
This succesfuly sends the token to my server, but how do I use it to then get an access token in order to use in the backend?
I tried to simply convert it to one using the LinkedIn API with
https://www.linkedin.com/oauth/v2/accessToken
but I get an error
Unable to retrieve access token: appid/redirect uri/code verifier does not match authorization code. Or authorization code expired.
I sort of understand the error, as with the javascript SDK there is no redirect URI.
With the Facebook SDK/API, on successful authorisation via the Javascript API, a cookie encrypted with my app secret is stored, and my backend can decrypt and read it, and then finally create an account.
Is there something like that in LinkedIn that I missed?
I have the same issue, with Google and Facebook SDK I can get access_token but linkedin SDK auth_token is not working. I think we need access_token but don't know how to get that with linkedin SDK.
I have come up with a solution. I ended up not using the javascript API. What I did was generate a login URL on my server and retrieved it via AJAX. I then created a javascript popup window and aimed it at the login url. One the user authenticates, linkedin redirects to my selected redirect URL within the popup, and I can then authenticate on my side (and close the popup).
I am trying to practice the examples in the book "mining the social web". Unlike the applications I had created in twitter and facebook, the Oauth token and secret in the linkedin never show up. I only see my client ID and client secret.
by the way, since I do not have any personal url, can someone explain to me what is the appropriate URL I should enter? In the twitter and facebook applications, I just randomly entered some URL, like www.twitter.com, and it worked. In this application for linkedin, I entered www.linkedin.com, but no Oauth token comes out.
I know this question is too basic for you guys, sorry for posting this. I did google the solution for a while, but it seems like no one has ever posted this question.
You can't directly get an OAuth Token. You have to follow the authentication procedure to receive an OAuth Token.
Steps involved:
Configure your LinkedIn application with a valid callback url which your server is listening to.
Request an Authorization Code
Exchange Authorization Code for a Request Token
This LinkedIn link will help you on what parameters to send in each request and the URL for the same.
https://developer.linkedin.com/docs/oauth2
I have had a search around stackoverflow, but was unable to find an answer to my question, so I thought I'd ask.
I'm currently working on an iOS app where I would like to get a feed of a public timeline without the user of the app being required to have a twitter account.
I am successfully able to do this using twitters v1.0 of the API and all works perfectly. Simply making a request to http://api.twitter.com/1/statuses/user_timeline.json?screen_name=username retrieves all the information that I require.
However, since v1.0 has been deprecated and V1.1 requires authentication for each request, I get a bad authorization error using this API. Having looked at the Twitter documentation and how to generate OAuth request headers, I don't fully understand the "Getting a signing key" section of the documentation in the link below. (this is my first time working with Twitter's API and OAuth, I'm trying to gain a good understanding, before I start the implementation)
https://dev.twitter.com/docs/auth/creating-signature
As I understand it, the consumer secret can be found when logging into twitter.com/apps but I'm not sure where I would get the "OAuth Token Secret" in order to generate a valid signing key.
Since this is an iOS app, I know I could use the TWRequest class, but to my understanding, this would require the user to have twitter setup on their device.
I hope the above makes sense and any help would be appreciated.
Thanks
If you go to the Twitter application you have set up https://dev.twitter.com/apps
You should see your Access token secret under the heading Your access token. If you don't see this then you probably haven't generated an access token yet.
I am writing a custom API for twitter which will be used in Twitter for iPhone. what's the response my third-party API gives to twitter can make twitter think the user is logged in.
I know the twitter for iPhone auth step is using XAuth to /oauth/access_token, when it is set my API, I will gives the response 'oauth_token=191074378-1GWuHmFyyKQUKWV6sR6EEzSCdLGnhqyZFBqLagHp&oauth_token_secret=NpCkpRRC5hGEtikMLnQ2eEcEZ0SIVF5Hb2ZgIwmYgdA&user_id=191074378&screen_name=oauth_test_exec&x_auth_expires=0' directly to twitter for iPhone. but twitter tells me server intern error rather than a correct response. what is the incorrect part ?
Now that you have revealed your OAuth tokens anyone can copy them and use them to violate the Twitter TOS. You should go to dev.twitter.com and reset your OAuth tokens immediately. This is why it is called and OAuth Secret.