I'm having problem creating the POST request (to tweet) in twitter.
I dont want to use any library.
I have all the oauth required parameters but still unable to do a valid request
when i'm doing
curl "https://api.twitter.com/1/statuses/update.json?oauth_signature=NCs%2B1unOYZQW%2BNCTmsRwmiqtrZQ%3D&oauth_version=1.0&oauth_nonce=-619997894&oauth_signature_method=HMAC-SHA1&oauth_consumer_key=gGrr4khdilkzano8gYxK4Q&oauth_token=146439820-n07FzSB78bDWEUzPPP9WZnwdnwW917FyJi1gwKWM&oauth_timestamp=1341309839" -d 'status=hello'
then i'm getting
"Could not authenticate you.","request":"/1/statuses/update.json"
I know that the OAuth parameters are right coz i'm able to do GET request like
https://api.twitter.com/1/statuses/public_timeline.json?oauth_signature=NCs%2B1unOYZQW%2BNCTmsRwmiqtrZQ%3D&oauth_version=1.0&oauth_nonce=-619997894&oauth_signature_method=HMAC-SHA1&oauth_consumer_key=gGrr4khdilkzano8gYxK4Q&oauth_token=146439820-n07FzSB78bDWEUzPPP9WZnwdnwW917FyJi1gwKWM&oauth_timestamp=1341309839
and its working just fine.
So please help me to resolve the issue.
Your second request works because it doesn't require authentication.
When you have to authenticate a request, you should do this with a HTTP header called Authorization as described here : https://dev.twitter.com/docs/auth/authorizing-request
Related
I want users to request Uber rides from my app.
https://developer.uber.com/docs/rides/authentication
Under OAuth 2.0 section at the above url, there are 6 steps :
1. Authorize (done)
2. Receive Redirect (done)
3. Get an Access Token ('invalid_grant' error)
The following screenshot is from Postman.
I tried passing client_id, client_secret, grant_type, redirect_uri and code as params, form-data and x-www-form-url-encoded. But everytime it returns the same error.
I have put 'http://localhost:3000/auth/uber/callback' as redirect url in my Uber App dashboard.
I have even tried the following curl command in the terminal,but it returns the same 'invalid_grant' error
Can someone help me with this issue.
Your postman request looks correct to me. My best guesses at whats going on:
1) You have multiple redirects set up, and you're using one redirect url when you do the authorization phase and a different one when you try and do token exchange
2) You're doing authorization for one client_id, and trying to do token exchange for another
3) You're authorization code has already been used / expired. Keep in mind its only good for one request.
Could you try the following and tell me what happens:
1) Do the authorization flow and pay special attention that the client id and redirect uri you put in your authorization URL are correct
2) After your browser redirects, copy the authorization code out of the redirect URL
3) Put the authorization code into the postman request / curl statement and make sure that the client id / redirect URI is correct when you do it.
Status Code: 401 Unauthorized
{
"error": "invalid_grant"
}
You are using an invalid refresh_token. You can generate multiple
access tokens, but you can only use the latest generated
refresh_token.
You supplied an invalid code when exchanging an authorization code
for an access_token.
I'm currently working on an app that needs to integrate Vimeo. I'm therefore adapting my working OAuth2 client to allow authorization to Vimeo it's new beta API.
However, there are some things that are unclear to me, and the documentation is a bit vague on the matter.
Should I get the client authorized before authentication?
The user authentication url is https://api.vimeo.com/oauth/authorize, should I send a GET or POST request to this URL with the required parameters?
Should I send a basic authorization header (Authorization : basic base64(client_id:client_secret) along with authentication or should it be unauthenticated authorization header (Authorization : Bearer unauthenticated_access_token)?
Should I handle the authentication dialog through a UIWebView or through Safari?
Furthermore, I seem to get the error: { "error": "An unknown error has occured. Please let us know!"} when handling authentication through Safari. Does anyone have a clue on what actually went wrong or provide a way to find out? (Seems Vimeo improved their error displaying overnight ;))
The actual error I get is that the redirect_uri and client_id are missing, but I'm reasonably sure they get provided in the request body when doing a POST, or in the parameters when doing a GET. Any pointers?
Client authorization is not necessary to generate User authentication. Client authorization is only necessary to make unauthenticated api requests.
You don't make a request to api.vimeo.com/oauth/authorize, you send your user there. You should create a link, and put it on a page for your user to click. They will make a GET request to that endpoint, but it should not happen through your server.
Since your client is making a request to /oauth/authorize, there is no way you can define the headers. You will need to provide an authorization header to /oauth/access_token, and this should be Authorization : basic base64(client_id:client_secret)
We did fix a bug last night in our oauth error reporting :D. Sorry for the temporary confusion.
Without more information I can't really answer your error message. I'll add some comments, and then update this answer with more information.
I have been trying with the simple REST Client as well as the REST Plugin for Mozilla. I am getting
"HTTP/1.1 401 Unauthorized" response with
"{"error":"unauthorized_client","error_description":"the client is not authorized"}" in the body.
I have been successful in getting the auth code, and the below is the POST request for access token, (Scope is r_fullprofile)
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&code=AQTQeBxBzbU2aNWaQM6Ff3Z3bUd8Gyg10W9G2DdqXgWiP0q7-M55c5PLtppP7Ni3Y-6A9C8yDkj9K4VfJ7QkRUFjuV-3AknA5jAahpsFJv3wYfr8XD8&redirect_uri=https://www.google.com&client_id=75wl6j5zndvfkp&client_secret=secret
The redirect_uri=https://www.google.com is the one used for getting auth code as well.
Do we need to perform any URL encoding before making the POST request?
When I log into the linked in to my app, it has the below tokens,
OAuth User Token: c3ae4cee-1b23-xxx-9d2a-206f578dee4d
OAuth User Secret: 76bc48cc-c94f-xxx-bf9d-a663f7003383
I am not sure where it is used. we are using API & secret key to get auth code.
Thanks in Advance.
This is a 2-step process.
First, go to:
https://www.linkedin.com/uas/oauth2/authorization?response_type=code&client_id=YOUR-API-ID&scope=r_basicprofile&state=STATE&redirect_uri=YOUR-ENCODED-REDIRECT-URI
Then, within 10 secs of receiving the response, go to:
https://www.linkedin.com/uas/oauth2/accessToken?grant_type=authorization_code&redirect_uri=YOUR-ENCODED-REDIRECT-URI&client_id=YOUR-API-ID&client_secret=YOUR-API-ID&code=THE-CODE-OBTAINED-IN-FIRST-STEP
The response of the second request will have the actual access token you need to use.
When I followed the two steps I faced an issue where I got an error as
{"errorCode":0,"message":"Access to posting shares denied","requestId":"TYWULO2WPZ","status":403,"timestamp":1497353538016}
So I had to remove the &scope=r_basicprofile since it was preventing reading all the Default Application Permissions
I faced a similar problem and the problem was with the initial authorization code. You should mention the scope=rw_company_admin or whatever it is that you want to authorize to while doing the initial redirect URL call. Something like this -
https://www.linkedin.com/oauth/v2/authorization?response_type=code&client_id=your_client_id&redirect_uri=https%3A%2F%2Fwww.google.com/&state=12345&scope=rw_company_admin%20r_emailaddress%20w_share%20r_basicprofile
I know same question has been asked many times but even after following each and every post as well trying various suggestions, I am still facing invalid_request error.
I am able to get code successfully from Google API and when I am trying to access accessToken , I am getting this error and HTTP code being sent from Google API is 400.
I have already tried and compared my data with oauthplayground and seems everything is same
Following data is being sent from my Application to Google API
https://accounts.google.com/o/oauth2/auth?
scope=openid+profile+email
&response_type=code
&redirect_uri=http%3A%2F%2Fsavealifetoday.org%2Fblood_donors%2FoAuthCallBackAction%3Fservice_provider_name%3D
&approval_prompt=force
&client_id=193214746340-ea0nq5alpst82n2fno13s9j21pn4f4pf.apps.googleusercontent.com
Access Token URL
https://accounts.google.com/o/oauth2/token?
scope=openid+profile+email
&client_secret=***********
&grant_type=authorization_code
&redirect_uri=http%3A%2F%2Fsavealifetoday.org%2Fblood_donors%2FoAuthCallBackAction%3Fservice_provider_name%3D
&code=4%2F8veoAnihzkao58oWvZaRShn5nhYg.0to7Or-lHPwRXE-sT2ZLcbTblHXFhgI
&client_id=193214746340-ea0nq5alpst82n2fno13s9j21pn4f4pf.apps.googleusercontent.com
But When Application is trying to fetch data over the network, I am getting exception
SEVERE: Error while fetching access token for Google..
OAuthProblemException{error='invalid_request', description='null', uri='null', state='null', scope='null', redirectUri='null', responseStatus=0, parameters={}}
I am using URLConnectionClient to establish network connection
Go through the OAuth flow using the OAuth playground https://developers.google.com/oauthplayground/.
Then compare what is being sent with your own.
Note that it needs to be an HTTP POST. The code you posted looks like a GET.
Also, your redirect URL looks a little odd. Is that exactly the same URL that you registered in the API console? This is isn't your current error, but will probably become your next one ;-)
It seems that you forgot to send 'state' parameter here (it is mandatory!):
https://accounts.google.com/o/oauth2/auth?
scope=openid+profile+email
&response_type=code
&redirect_uri=http%3A%2F%2Fsavealifetoday.org%2Fblood_donors%2FoAuthCallBackAction%3Fservice_provider_name%3D
&approval_prompt=force
&client_id=193214746340-ea0nq5alpst82n2fno13s9j21pn4f4pf.apps.googleusercontent.com
In Java code you can generate it in a way like this:
String state = new BigInteger(130, new SecureRandom()).toString(32);
So you request should look like this:
https://accounts.google.com/o/oauth2/auth?
scope=openid+profile+email
&response_type=code
&redirect_uri=http%3A%2F%2Fsavealifetoday.org%2Fblood_donors%2FoAuthCallBackAction%3Fservice_provider_name%3D
&approval_prompt=force
&client_id=193214746340-ea0nq5alpst82n2fno13s9j21pn4f4pf.apps.googleusercontent.com
&state= {insert_here_generated_state}
And also I don't know if it is necessary to send a 'scope' parameter in "Access Token URL".
I am trying to integrate twitter using Twitter Api me 1.8 . When i try to authorize using OAuth the login Screen look like below .Some invalid charecters are showing.please help me to identify the problem
thanks
Try with BIS. It works fine with BIS. Else you can call HTTP GET and POST methode to the following urls.
For request token call https://api.twitter.com/oauth/request_token (HTTP GET with key , secret, and signature).Then you will get the request token
For Authorization call this link in your browser https://twitter.com/oauth/authorize?oauth_token=your request token
For access token call https://twitter.com/oauth/access_token (HTTP POST with key , secret, signature , token) . Then you will get the access token and secret.
If the login page content is not displayed properly in BlackBerry, then follow this link.
Please, use BrowserFieldOAuthDialogWrapper in place of BrowserContentManagerOAuthDialogWrapper class. It works fine for me.
http://kenai.com/projects/twitterapime/forums/forum/topics/523812-A-test-for-invalid-characters-on-Blackberry#p571144
I got this success by the help of #ernandesmjr Ernandes Mourao Jr
If any find any issue. please let me know.