The scenario is I want to post some details on a facebook page created by me from my other app. So want to know how can we give access to app through access token means how can we get the access token for this?
Thank You
Regards
Yes, take a look at the following URL and the "Page Access Tokens" section for information on how to do obtain a token.
API - Obtain Page Token
Note, however, that there is a known issue when trying to use the links api point, if you intend to define your own link in the post.
Bug report
You'll probably want to use the feed API point instead. I've not actually managed to get this working yet though, and I'm awaiting feedback from FB themselves. I'll update you if/when I hear something useful back.
Good luck.
You can get the access_token for you page by enabling the manage_pages permission, and then calling the API endpoint: /me/accounts to get the access_token for all the pages you manage.
You can then use this access token to post to your page using the Graph API call: /{page_id}/feed
Related
When using MS-Graph oauth flow "Get Access without a user", Microsoft responds with a GET request of the following structure (from the example in the linked page):
GET https://localhost/myapp/permissions
?tenant=a8990e1f-ff32-408a-9f8e-78d3b9139b95
&state=12345
&admin_consent=True
Is there anyway to verify that the response came from Microsoft?
In our application we're using the state to link an internal tenant-id with the Microsoft tenant-id. If the above response can be forged, an adversary may link his own tenant-id to the victim's Microsoft tenant-id.
You don't really need to check for this step (3) in the doc, because if the admin didn't consent, you would not be able to get an actual token for your app in step 4. However, you might be able to get the Referrer, if it's important to know which page the user came from to get back to your 'https://localhost' page.
You generate something before the redirect, like a guid. Save it on the server, and use it to query the data from before the redirect.
See it as a temporary key that you can set and save in the server memory or in a database.
The state is something you specify before redirecting. And after the admin consent it’s returned to the browser.
I am trying to disable my logic app via a Http post from within the workflow, but I can't seem to get the authorization to work with my AD.
It says I need the Authorization Bearer token header, but when I fill the information in the fields marked with the red star it always fails.
Either I input the wrong information or I am doing something else wrong.
Where do I get all the information for the fields for the OAuth to work?
Also isn't some of these for using against a web application like an API?
In that case how do I do this only in relation to the resource explorer API?
UPDATE
So i have tried to put it as a web application in my AD and that doesn't work either, is there ANY documentation about this anywhere??
OK, so i found a workaround or maybe this is even the right way to do it.
Now using a HTTP Post Connector in Logic apps is probably the right way to do it when you have for example a API registered as an application in you AD that has the right permissions. what i did was:
First: Using/Created the Azure Resource Management Connector i didn't know excised, called "Invoke Recource Operation".
Second: After it propted you to login (with for example a service account), this layout is show to fill in the same inputs as in the request POST URL in the above connector.
Shown below:
This worked and disabled the LA perfectly.
I have seen other posts that are very similar, but I don't find a real answer. Some say "it is coming", those are old.
I am authenticating with the Admin credentials to our O365 and trying to pull calendar information. The Scope has Calendars.ReadWrite (which falls under App-Only and Delegate as far as scopes), but it always returns a 403. ErrorAccessDenied, "Access is denied. Check credentials and try again"
The Graph doc for calendar views shows it can send in users/{id} in the request, and the id's came back when I listed all the users. Of course if I use mine, it works.
If there really is an App-Only scope vs a Delegate scope for this same scope name, how do you specify that?
Is there something I have to specify in O365 for my admin user so it has rights? I can delete or create any user with that account in O365, so it appears it should have what it needs.
Thanks
So, App-Only has a slightly different flow.
First, instead of authenticating the user at "https://login.microsoftonline.com/common/oauth2/v2.0/authorize", you authenticate them at "https://login.microsoftonline.com/common/adminconsent".
Second, you pass in the same parameters minus "scope". Scope is determined by your Application Permissions defined in you application that you registered at apps.dev.microsoft.com.
Third, when you receive your callback you will not have a "code" to use to go and retrieve your Access and Refresh tokens. Instead, you will receive a "tenant" property and an "admin_consent" property. "admin_consent" will tell you whether you have the rights or not.
Fourth, when requesting your access token, you will not supply the "scope" or "code" parameters, but you will provide a "resource" parameter, with the value "https://graph.microsoft.com".
Lastly, the URL you contact to get the token will change from "https://login.microsoftonline.com/common/oauth2/v2.0/token" to "https://login.microsoftonline.com/{tenant}/oauth2/token", where {tenant} will be the value returned.
Please note that in the URL that "v2.0" is missing. That isn't a typo. If you do not remove that from the path you will get errors about an invalid or missing "scope" parameter.
Once it successfully returns your Access and Refresh token, the flow seems to follow normal delegated access.
Here are a couple of links that Microsoft gave me, with their guidance to help figure this out.
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-scopes#using-the-admin-consent-endpoint
https://developer.microsoft.com/en-us/graph/docs/authorization/app_only
(Big Thanks to Jeff at Microsoft)
Latest doc is here: https://learn.microsoft.com/en-us/graph/auth-v2-service
I followed it and I was able to read/write other's calendar with permission Calendars.ReadWrite.
I may be missing something simple, but I am having difficulty in getting information about the logged in user. I've successfully authenticated using OAuth and have obtained an access_token. I understand that a user_key is required to get access to private data. I don't seem to be able to figure out how to get this. I'm just starting with EventBrite integration so I'm not completely familiar with it. I've integrated with Facebook in the past. Any help would be appreciated.
See the bit about access_tokens and request headers here:
http://developer.eventbrite.com/doc/authentication/
Or, use one of the API client libraries to make the request for you:
http://developer.eventbrite.com/doc/libraries/
I'm trying to get a iOS client to make use of Yammer's Oauth2 to validate a user. I first tried the GTM-OAuth2 code, but I cannot get it to understand the response from Yammer. It appears that the GTM code is expecting the access_code as a query parameter, where as Yammer is returning it as a uri fragment. I hack he GTM code to see the fragment, but now it appears to be thinking that there is an error because the code and message fields are not in the response from Yammer.
I've also tried to use OAuth2Client api but the problem there is that Yammer does not seem to want to use the redirect_uri I pass to it, so Safari never gets the custom url and therefore never calls back to the app.
Does anyone have a working example of using Yammer's OAuth2?
I would also be interested if anyone has got GTM-OAuth2 to work with Facebook?
Yeah Yammer has a shitty implementation of oAuth. Looks like each service has taken its own implementation of oauth. anyway yammer requires the user to copy a 4-digit code from its website, go back to your service paste that code in your website. Only then you can request for access code.
check this - http://www.tutorialjinni.com/2011/04/yammer-api-example.html (its in php but hope you can get the gist).
Nothing you can do about it but a fun read - Yammer API sucks