I try to use a server (hibiscus) via a rest api from my rails code. The hibiscus api has, as far as I see, no login method or similar. When I make a call:
class Hibiscus < ActiveResource::Base
self.site = "https://10.0.0.128:8080/webadmin/rest/hibiscus/umsaetze/query/Telekom"
end
test = Hibiscus.find(1)
I only get:
ActiveResource::UnauthorizedAccess: Failed. Response code = 401. Response message = Unauthorized.
Since hibiscus is a online banking app, there has to be some kind of login. In my browser I can open the according links, as soon as I logged into the system.
How can I make an authorization like the browser does in rails?
Or is there an even more elegant solution?
If some one will have this again in the future: You only have to provide Basic Auth with you login credentials you have to enter, when you login to the browser.
In Postman it looks like this
Related
I've been trying to use my RoR app to connect to the Facebook API for a day without any luck. I'm using Ruby on Rails and Koala.
If I try to connect as follows:
graph = Koala::Facebook::API.new(User_Token)
Then there is no problem. (Where user token was obtained from https://developers.facebook.com/tools/access_token/)
The problem is that the user token expires. I am aware that there is a way to extend the app User Token, but I would rather not resort to this.
Rather, I am trying to authenticate my app to obtain an APP ACCESS TOKEN which I can use in lieu of the User Token (as per https://developers.facebook.com/docs/facebook-login/access-tokens#apptokens. Please note this refers to the App Access Token, not the App Token which was referred to in the first link).
In order to obtain the App Access Token, I have followed a tutorial and provided this code in my controller:
id = <my app id>
secret = <my app secret>
callbackUrl = "http://localhost:3000/events/appcallback"
#ouath = Koala::Facebook::OAuth.new(id, secret, callbackUrl)
redirect_to #oauth.url_for_oauth_code()
in my routes.rb I have:
match "events/appcallback" => "events#appCalledBack", via: :get
This is purely to test that the callback worked.
My intention was then to do something like:
App_Access_Token = #oauth.get_access_token(params[:code])
But instead I get an error:
NoMethodError in EventsController#index
undefined method `url_for_oauth_code' for nil:NilClass
Please note that I am not interested in obtaining an access token for a user; I want one for my app, so that I can connect to the api a la:
graph = Koala::Facebook::API.new(App_Access_Token)
Any help would be greatly, greatly appreciated.
So it seems that your route is wrong, since it goes to EventsController#index. Can you post some logs and the relevant routes?
I'm trying to use the oauth-ruby gem (https://github.com/oauth-xx/oauth-ruby/) in my Rails application to let users authenticate with a 3rd party API, but I'm having problems getting the oauth_callback to work properly when using get_request_token. Here is the code that keeps failing:
#request_token = oauth_consumer.get_request_token(:oauth_callback => "http://myurl.com")
This results in a 400 Bad Request "OAuth::Unauthorized" error everytime. However when I remove that from my code it returns a request token fine:
#request_token = oauth_consumer.get_request_token()
The problem I'm facing is that when doing this I am not able to be redirected back to my application once the user has authenticated with the 3rd party. Is this an issue with my code or something to do with how the 3rd party handles oauth_callbacks?
Thanks,
Chris
That error probably become because the API you requested needs you to save at least one callback URL. Review the API and add your test/production callback url from your dashboard, then the API could validate it on every request you do.
We integrated a Rails app with linkedin authentication, using devise and the linkedin gem.
It works fine and able to register/sign in with linkedin, however an odd thing happens when you press 'back' on the browser after signing in/up:
It goes back to linkedin with the same request URL and the error shown is:
The partner did did not properly implement the authentication protocol. in RED
This looks quite bad and we'd like to have a better way of handling this, but no idea where to start; any idea what could trigger this and is there any way we can prevent it?
You will need to build your service for every new request.You might have same access code for diff-2 request.
Try to generate it for every http auth request.
service = new ServiceBuilder()
.provider(LinkedInApi.class)
.apiKey(API_KEY)
.apiSecret(API_SECRET).debug()
.build();
Trying to write a facebook app and am attempting authentication. This is a rails 3.1 application
The First redirect where I give facebook my api and it returns a code seems to run well. But when I try to take that code and 'exchange it' from a access_token I run into problems.
The access token appears where the iframe aws.
Here is my code.
def index
#Load facebook.yml info
config = YAML::load(File.open("#{Rails.root}/config/facebook.yml"));
# setup client
redirect_to "https://graph.facebook.com/oauth/authorize?client_id=#{config['development']['app_id']}&redirect_uri=#{CALLBACK_URI}"
end
def callback
logger.debug("c")
config = YAML::load(File.open("#{Rails.root}/config/facebook.yml"));
if (!params.key?('access_token'))
logger.debug("A")
redirect_to "https://graph.facebook.com/oauth/access_token?client_id=# {config['development']['app_id']}&redirect_uri=#{CALLBACK_URI}&client_secret=#{config['development']['client_secret']}&code=#{params['code']}"
return
end
logger.debug("B")
access_token = params['access_token']
#me = FbGraph::User.me(ACCESS_TOKEN)
#name=#me.name
end
end
You are not supposed to redirect the user’s browser to the second endpoint (think for a moment, you are putting your app secret into that URL, so it would be easy for everyone to spot it there) – you are supposed to make a server-side call to that endpoint.
The docs clearly say so, https://developers.facebook.com/docs/authentication/server-side/:
“Once the user has authorized your app, you should make a server side request to exchange the code returned above for a user access token.”
The website I'm making makes it possible to connect your account with your youtube account. From localhost, this works perfectly, but from the site, which is step1tuts.appspot.com, it doesn't work. When I redirect the user to the authentication page from my website, I get the following message:
The page you have requested cannot be displayed. Another site was
requesting access to your Google Account, but sent a malformed
request. Please contact the site that you were trying to use when you
received this message to inform them of the error.
The code that handles this authentication looks like this:
client = youtube.get_client()
client.developer_key = 'AI39si759T7YcZ4E3XvICpZr3cGwQ0Ev4AjwyJrVSS6AW6NUc7_t10DX1JsngWzU4YoGjpsjAUTejav0hgXp9vDuM7a83tDXzQ'
client.client_id = 'step1tuts.com'
domain = 'http://' + os.environ['HTTP_HOST']+"/user/youtube_token"
scope = 'http://gdata.youtube.com'
url = client.GenerateAuthSubURL(domain,scope,secure=False,session=True)
self.redirect(str(url))
return
The url I'm redirecting to, ending in /auth_token then processes the token it gets back from youtube, but the error happens here.
Just for clarity, the youtube.get_client method is one that I developed to reuse the process of making the client appengine ready: the code for that is:
def get_client():
client = gdata.youtube.service.YouTubeService()
run_on_appengine(client)
client.developer_key = 'AI39si759T7YcZ4E3XvICpZr3cGwQ0Ev4AjwyJrVSS6AW6NUc7_t10DX1JsngWzU4YoGjpsjAUTejav0hgXp9vDuM7a83tDXzQ'
client.client_id = 'step1tuts.com'
user = users.get_current_user()
if(user and user.yt_token):
client.SetAuthSubToken(user.yt_token)
return client
While pasting in this code, I noticed that I'm duplicating the part where I give my developer key. I don't think that that's the problem, but I'll remove that from the authentication part of my code, and see what happens.
The problem must be tracable by watching the url that the user is redirected to, so just for some extra info, the url that I'm redirected to when I'm using the app on my local machine using the SDK, with which it works:
http://www.youtube.com/auth_sub_request?scope=http%3A%2F%2Fgdata.youtube.com&session=1&next=http%3A%2F%2Flocalhost%3A8081%2Fuser%2Fyoutube_token%3Fauth_sub_scopes%3Dhttp%253A%252F%252Fgdata.youtube.com&secure=0&hd=default
And the url that I'm redirected to when I use the same code on production:
http://www.youtube.com/auth_sub_request?scope=http%3A%2F%2Fgdata.youtube.com&session=1&next=http%3A%2F%2Fstep1tuts.appspot.com%2Fuser%2Fyoutube_token%3Fauth_sub_scopes%3Dhttp%253A%252F%252Fgdata.youtube.com&secure=0&hd=default
Interesting. All other urls work except this one. Probably a bug on youtube side? I just added a '.' at the end of your domain and the request seems to go through. Maybe you can try that?
http://www.youtube.com/auth_sub_request?scope=http%3A%2F%2Fgdata.youtube.com&session=1&next=http%3A%2F%2Fstep1tuts.appspot.com.%2Fuser%2Fyoutube_token%3Fauth_sub_scopes%3Dhttp%253A%252F%252Fgdata.youtube.com&secure=0&hd=default