I'm using the new twitter #anywhere api for logging in on the client using a popup. The api docs are here
https://dev.twitter.com/docs/anywhere/welcome#auth-events
Ive created a very simple example of their api, but after hitting "connect" on the popup, twitter just says "Something is technically wrong" as seen here in this screenshot
http://cl.ly/0A321R1Z2W1o3v0P0t0z
Here is my setup for doing this (note ive already created my app on twitter)
var api = "http://platform.twitter.com/anywhere.js?id={MY_API_KEY}&v=1";
$.getScript(api,function() {
twttr.anywhere(function (tw) {
console.log("tw",tw);
// bind auth compelte event
tw.bind("authComplete", function (e, user) {
console.log("tw auth complete",e,user);
});
// calling sign in triggeers the above event
tw.signIn();
});
});
So it opens the popup, lets me sign into twitter, and then when I hit connect, i get that odd error from twitter.
Any ideas what could be going wrong?
Thanks!
Update - I found this page of people having similar problems, but the solution they offered didn't change anything.
https://dev.twitter.com/discussions/1286
And it might be important to note the domain I'm using is http://changeup.dev its a local domain. I have it setup in my hosts file already.
SO, i Figured it out. You NEED to have a callback URL for your app, (on the developer page) even though it says you don't. The callback URL needs to match your authorized domain as well.
Then, in your app, the URL that the callback is calling, NEEDS to include the twitter api. THEN, and only THEN will the window automatically close and execute the authComplete callback.
I did this on the same page I was logging in from
if(location.hash && location.hash.indexOf("oauth_access_token") != -1) {
Related
I'm migrating a web app that interacts with the google drive js api to the new Google Identity Services API and following this quickstart guide. GIS is mandatory, since the old one will no longer be in use from March 2023.
In this guide, there is only one small note mentionning to preserve the logged in state after page reload:
Note: After the initial user authorization, you can call gapi.auth.authorize with immediate:true to obtain an auth token without user interaction.
However, there's no clear code example how to do that, furthermore one can find in the migration guide, that gapi.auth2.authorize() is deprecated.
Using One Tap (a div with the id "g_id_onload") is not a solution, because I need an extended scope (to access later on google drive)
Storing the access token in localstorage (as mentionned in some threads) is no option, since it violates the oauth model
Calling requestAccessToken() after every page reload without user interaction is not an option, because 1st the popup is not shown at all (blocked in all major browsers) and 2nd if allowed the popup is shown and hiding immediately (bad ui)
Can somebody give me an example where GSI is used via JS that preserves sessions through page reloads?
It seems that Google Identity Services is not yet production ready or am I wrong?
In order to help:
Google 3P Authorization JavaScript Library: in this link we can check all the methods the new library has (it does not refresh token, etc..)
This doc says the library won't control the cookies to keep the state anymore.
Solution
Firstly I need to thanks #Sam O'Riil answer.
As Sam described: "you can somehow save access token and use it to speed-up things after page reload."
Given the the Google's exampe, we should call initTokenClient in order to configure the Google Auth and the requestAccessToken to popup the auth:
tokenClient = google.accounts.oauth2.initTokenClient({
client_id: 'YOUR_CLIENT_ID',
scope: 'https://www.googleapis.com/auth/calendar.readonly',
prompt: 'consent',
callback: tokenCallback
});
tokenClient.requestAccessToken({prompt: ''})
In your tokenCallback you can save the credentials you get somehow, e.g.:
const tokenCallback(credentials) => {
// save here the credentials using localStorage or cookies or whatever you want to.
}
Finally, when you restart/reload your application and you initialize the gapi.server again, you only need to get the credentials again and set token to gapi, like:
gapi.load('client', function() {
gapi.client.init({}).then(function() {
let credentials = // get your credentials from where you saved it
credentials = JSON.parse(credentials); // parse it if you got it as string
gapi.client.setToken(credentials);
... continue you app ...
}).catch(function(err) {
// do catch...
});
});
Doing it, your application will work after the reload. I know it could not be the best solution, but seeing what you have and the library offers, I think that's you can do.
p.s.: the token expires after 1 hour and there is no refresh token (using the implicit flow) so, you will have to ask the user to sign-in again.
I am using instagram to recieve the list of people i follow and although api returns the status code 200 I recieve absolutely no data.I tried using postman client instead of my code and even from there no data is being returned I am hitting the following service.
https://api.instagram.com/v1/users/self/follows?access_token=token
one thing to be noted is my application is in sandbox mode and this same access token is working and fetching other information about the user including media shared by the user and its basic information etc and user follows and is followed by several users.
Please suggest the solution thanks in advance.
I may have answer to this question since I was facing the same issue on my WinRT project yesterday.
You may need the relationship scope instead of 'follower_list' scope.
I am assuming that you have provided the scope as 'follower_list' in the authorization URL and logged in as yourself or through your own Instagram account(the same account with which you have created your Instagram app). And now if you are hitting the above service it will return nothing in data since you are requesting if the user is following you or not(so obviously you are not following yourself)!! So if you try logging in with someone else's Instagram account and hit the above service with follower_list scope it will return your Instagram account in data if the logged in person is following you.
EDIT
The above service will return all the users that are following you AND present in your sandbox users list. (Or at least that is my conclusion on this)
For further clarification try https://apigee.com/console/instagram for hitting this service there they are using the relationship scope.
The website I'm making makes it possible to connect your account with your youtube account. From localhost, this works perfectly, but from the site, which is step1tuts.appspot.com, it doesn't work. When I redirect the user to the authentication page from my website, I get the following message:
The page you have requested cannot be displayed. Another site was
requesting access to your Google Account, but sent a malformed
request. Please contact the site that you were trying to use when you
received this message to inform them of the error.
The code that handles this authentication looks like this:
client = youtube.get_client()
client.developer_key = 'AI39si759T7YcZ4E3XvICpZr3cGwQ0Ev4AjwyJrVSS6AW6NUc7_t10DX1JsngWzU4YoGjpsjAUTejav0hgXp9vDuM7a83tDXzQ'
client.client_id = 'step1tuts.com'
domain = 'http://' + os.environ['HTTP_HOST']+"/user/youtube_token"
scope = 'http://gdata.youtube.com'
url = client.GenerateAuthSubURL(domain,scope,secure=False,session=True)
self.redirect(str(url))
return
The url I'm redirecting to, ending in /auth_token then processes the token it gets back from youtube, but the error happens here.
Just for clarity, the youtube.get_client method is one that I developed to reuse the process of making the client appengine ready: the code for that is:
def get_client():
client = gdata.youtube.service.YouTubeService()
run_on_appengine(client)
client.developer_key = 'AI39si759T7YcZ4E3XvICpZr3cGwQ0Ev4AjwyJrVSS6AW6NUc7_t10DX1JsngWzU4YoGjpsjAUTejav0hgXp9vDuM7a83tDXzQ'
client.client_id = 'step1tuts.com'
user = users.get_current_user()
if(user and user.yt_token):
client.SetAuthSubToken(user.yt_token)
return client
While pasting in this code, I noticed that I'm duplicating the part where I give my developer key. I don't think that that's the problem, but I'll remove that from the authentication part of my code, and see what happens.
The problem must be tracable by watching the url that the user is redirected to, so just for some extra info, the url that I'm redirected to when I'm using the app on my local machine using the SDK, with which it works:
http://www.youtube.com/auth_sub_request?scope=http%3A%2F%2Fgdata.youtube.com&session=1&next=http%3A%2F%2Flocalhost%3A8081%2Fuser%2Fyoutube_token%3Fauth_sub_scopes%3Dhttp%253A%252F%252Fgdata.youtube.com&secure=0&hd=default
And the url that I'm redirected to when I use the same code on production:
http://www.youtube.com/auth_sub_request?scope=http%3A%2F%2Fgdata.youtube.com&session=1&next=http%3A%2F%2Fstep1tuts.appspot.com%2Fuser%2Fyoutube_token%3Fauth_sub_scopes%3Dhttp%253A%252F%252Fgdata.youtube.com&secure=0&hd=default
Interesting. All other urls work except this one. Probably a bug on youtube side? I just added a '.' at the end of your domain and the request seems to go through. Maybe you can try that?
http://www.youtube.com/auth_sub_request?scope=http%3A%2F%2Fgdata.youtube.com&session=1&next=http%3A%2F%2Fstep1tuts.appspot.com.%2Fuser%2Fyoutube_token%3Fauth_sub_scopes%3Dhttp%253A%252F%252Fgdata.youtube.com&secure=0&hd=default
i'm making a program which used twitter connect as its core and it is developed with adobe AIR, the library i used it Tweetr, and everything is perfect until i don't find any example on how to logout and login again. I've used tweetr.destroy() and tweetr.endSession() but there is no effect in the program. Now i'm in very desperate situation, would thanks to anyone that can help me through this.
As far as I'm aware, there is no way to log a user out using Tweetr, because the Twitter API does not provide a method for this. If you need to log in again, you can simply restart the oAuth process, or alternatively you could try pinging http://twitter.com/logout with URLloader to log you current user out of Twitter. This is the URL used on the oAuth popup when the user wishes to change account before authorising an app.
endSession only ends your current API session.
Try tweetr.endSession()
As per the Tweetr documentation:
public function endSession():void
Ends the session of the authenticating user. and Returns a HashData object with the response.
This method requires Authentication
http://tweetr.swfjunkie.com/docs/
Know this is old. But will post the answer anyway.
Try this: htmlLoader.manageCookies=false;
Works for me:
htmlLoader = HTMLLoader.createRootWindow(false, null, true, new Rectangle(0,0, stage.stageWidth, stage.stageHeight));
htmlLoader.stage.nativeWindow.alwaysInFront = true;
htmlLoader.manageCookies=false;
addChild(htmlLoader);
oauth.oauthToken=new String();
oauth.oauthTokenSecret=new String();
oauth.htmlLoader = htmlLoader;
oauth.getAuthorizationRequest();
I have setup an Application that uses #Anywhere from twitter to Authenticate the users.
I moved this away from the older way I was doing it of Sending the user to a new tab, logging in to twitter, clicking authorize, and entering the PIN and username into my system because it was too many steps and users were getting confused.
The Problem I have now is I need to store the oauth_token and oauth_token_secret in the database so that I can get their information and associate it with my own userids allowing the user to reply to tweets inside the application.
However I dont get these fields when I make the call back I get an "ouath_access_token" which doesnt look very similar to the ones I was getting before using #Anywhere and also a "oauth_bridge_code"
I have seen some very vague docs on how to use this to get the real data I would like.
I tried doing something like this from a slide I had seen
$.ajax({
url:'http://api.twitter.com/oauth/access_token',
type:'POST',
data:bridge_code,
success: function(data, jqXHR){
//investigate data returned
console.log(data,jqXHR);
}
});
====================EDIT===================
Now I am getting a specific error when sending the above request
XMLHttpRequest cannot load https://api.twitter.com/oauth/access_token. Origin http://127.0.0.1 is not allowed by Access-Control-Allow-Origin.
POST https://api.twitter.com/oauth/access_token undefined (undefined)
I believe this feature is Deprecated
https://groups.google.com/forum/#!msg/twitter-development-talk/UPzE8ozWtlk/mkot6N2xBRQJ