i am doing a project on oauth for different providers.MSN live is one of them.
i have used the scribe oauth code for all of the providers. For google,twitter,facebook,linkedin i am able to get the callback url as http://localhost:8080/ and it is returning well with the verification code.
But with the MSN it is asking the domain name(it is not allowing me to type the localhost:url and it is asking clerly that i should give valid domain name while in registration.
So i gave my blogsite name as valid url.
when i run my application i am getting callback as http:myname.blogspot.in/code="somecode"
Now i should use the code dyanamically in programming to verify the code so that i get the user resources.
Alternatively can we change our localhost application to domain application so that in the registration of the msn site also it should show valid domain and we can get the data from msn to our localhost application.
Some steps are given in the following link
http://complete-concrete-concise.com/web-tools/how-to-change-localhost-to-a-domain-name
But the fake url (means the localhost application which is converted as domain url).....can it be identified by msn as valid domain is still not understandable.
if anybody has some knowledge on this, can you some light on this.
Thank you in advance.
This is simple after Mr.Umesh Awasthi gave the clue.
Firstly,go to the below site.
http://24sevenpost.com/tech-gizmo/windows-7-step-step-guide-edit-hosts-file-system32/
take a new line the hosts file and type like this.
127.0.0.1 www.babc.com
then you have your own domain.
Give the domain name as http://www.babc.com:8080/ in the registration form domain name text box.
Thats it.
run the apache tomcat
run the application.
you will get a message like this. www.babc.com:8080/code="somecode"
Thank you.
But i have small problem. i have to give the Url for protected resources.
i have tried with giving the url as https://apis.live.net/v5.0/me
400
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid URL</h2>
<hr><p>HTTP Error 400. The request URL is invalid.</p>
</BODY></HTML>
i do not understand what the problem exactly is.Is my urls for resources not a correct urls?
can anybody help me in this......
Related
ive been doing a stephen grider course and he creates a google oauth client id with authorised js orgins as http://localhost:5000 and authorised redirect URI as http://localhost:5000/* and google accepts it. But when i try the same it throws me an error for redirect URI as Invalid redirect: Cannot contain a wildcard (*). And im not sure without this , further it will cause problems.Any way to solve this. Ive typed http://localhost:5000/ as a temp solution. Kindly suggest.
What ever course you are following must be very old I have been developing with Google for five years a wildcard redirect uri has not been allowed in that time.
Authorized redirect URIs
For use with requests from a web server. This is the path in your application that users are redirected to after they have authenticated with Google. The path will be appended with the authorization code for access. Must have a protocol. Cannot contain URL fragments or relative paths. Cannot be a public IP address.
Redirect uri must be a path to the file you wish to use to handle your authorization.
The redirect URL you configure to the API console must be an exact string match to the redirect URL you use in your app. So for example, http://localhost:5000 does not match http://localhost:5000/ or https:5000//localhost. Thus a wildcard will never work.
Furthermore, it's very unusual for a redirect URL to not have a path component. So something like http://localhost:5000/myoauth is more conventional. That's not to say that an empty path is impossible, simply that it's so unusual that it's more probable you have misunderstood OAuth somewhere.
However, note that you can configure several redirect URLs, so http://local:5000 and https://localhost:5000 and https://myliveservice.com/redirect
There are template witch are written by admins. And in mail there possibility to enter link (not the rails way). There is editing menu, what generates following, basic html code:
company’s profile
where user.owner_name - domain.com/user/user_name
I don't talk about localhost because it possible will not work. So I'm talking about production server.
I receive email, with broken link (if I click on it - it's not opening) but if copy link:
x-webdoc://73A3A2DC-F22E-4558-8853-C6A57985EE7C/mydomaine.com/user/
Why this appears?
EDIT
It seems it's realeted to MacOs. It prbolem appears when I view letter thorought Mail App, or Safari browser.
Now, I need any advise how to avoide this prob.
I would argue that example.com/user/user_name is not a useful URI in the context of an email, because it is missing a protocol (like: http://example.com/user/user_name). Without the protocol it could be misunderstood as a relative URL, which may lead to security issues or at least is useless in the context of an email client.
From that point of view, it is not surprising to me that some email clients or web mailers are trying to be smart and protect the user by annotating the URL in some way.
In this example the added x-webdoc: indicates that the user has to make the decision on what application to use to open that link because without a proper protocol it is not obvious what application will be able to handle the URI. See What is x-webdoc?
We integrate with YAMMER using OAuth2.0 Server-side flow.
Some of our clients have subdomains so our redirect URI has to be dynamic. We set up the yammer-app to have a dynamic redirect URI as specified in the documentation. Our redirect URI looks like this:
https://example.com
Problem:
It works not every time! Some redirects to the YAMMER user authentication page are getting this error:
invalid redirect_uri
The URL looks like this:
https://www.yammer.com/dialog/oauth?client_id=XXX&redirect_uri=http://www.examle.com/yammer/callback
The error only happens some times so it is hard to reproduce or trace the reason.
I tried to remove the redirect url form the app setup on YAMMER. The error still occurs!
Does anybody encountered this problem as well?
What could we do wrong?
Appreciate your help!
I found the solution. According to the documentation my first approach was correct. To use a dynamic redirect URL input the domain like this:
https://example.com
You can try to redirect to the default (http://yammer.com/). In the past you didn't need this parameter and it would always redirect to http://yammer.com.
See these out-dated docs:
https://developer.yammer.com/oauth2-quickstart/
Why do I continuously receive "The provided value for the input parameter 'redirect_uri' is not valid."?
My site is hosted in Azure. I'm trying to Login via the Microsoft sign-in button. I haven't really made many changes from the default ASP.Net MVC out-of-the-box template. All I've really changed was to uncomment the app.UseMicrosoftAccountAuthentication line and add the clientId and clientSecret.
Do I have the Redirect URL set up incorrectly?
Site: http://mysite.azurewebsites.net
Redirect URL: http://mysite.azurewebsites.net/
I read somewhere that you need to specify a Redirect URL in the form of http://www.mysite.azurewebsites.net. Can anyone confirm or deny that? I do not need the www in my current set up.
The error I consistently receive is:
https://login.live.com/err.srf?lc=1033#error=invalid_request&error_description=The provided value for the input parameter 'redirect_uri' is not valid. The expected value is 'https://login.live.com/oauth20_desktop.srf' or a URL which matches the redirect URI registered for this client application.&state=SomeLongPossiblyEncryptedString
This message is displayed on the page returned after an attempt to login:
Microsoft Account
We're unable to complete your request
Microsoft account is experiencing technical problems. Please try again later.
3/26/2014 Update: No luck so far, here's some screen shots of my settings in case it helps.
Basic Information
API Settings
Is this a problem on Microsoft's side or am I doing something wrong?
From the default MVC what works for me (just tested about 5 minutes ago) for the redirect URL is
http://testcrap.azurewebsites.net/signin-microsoft
All the documentation I've found says to use
http://testcrap.azurewebsites.net/login/microsoftaccount
But that doesn't work for me...
signin-microsoft does
OR if that doesn't work then use something like firebug to see what the request to the oauth provider looks like and then whatever the redirecturi is inside of that request is what you need to use..
For web application you need to set the redirect url in the Live Connect Developer Center.
In API Settings->Redirect URLs you must set:
http://www.yourdomain.com/signin-microsoft
Hope it's helpful :)
You need to provide the redirect url in the Live Connect Developer Center. I've attached a screenshot. This is part of the application validation to prevent malicious applications.
It seems Microsoft change the url again. This what works for me
.auth/login/microsoftaccount/callback
My redirect url is
https://yyyyyyyy.azurewebsites.net/.auth/login/microsoftaccount/callback
To get this url, use Fiddler or any http debug tool and look for request to login.live.com. The redirect_url is in the query string.
https://login.live.com/oauth20_authorize.srf?client_id=00000000551716B9&redirect_uri=https%3A%2F%2Fyyyyyyyyyy.azurewebsites.net%2F.auth%2Flogin%2Fmicrosoftaccount%2Fcallback&response_type=code&scope=wl.basic+wl.offline_access+wl.signin+wl.birthday+wl.calendars+wl.calendars_update+wl.contacts_birthday+wl.contacts_create+wl.contacts_calendars+wl.contacts_photos+wl.contacts_skydrive+wl.emails+wl.events_create&state=nonce%3Dfe7e6b678b8844f48f079cceadf1f426_20151206145117%26redir%3D%2F
Since I need 3 more reputation points to write a comment to your post I have to ask it here. Sorry about that.
Are you getting this error while trying it out on the real domain or while testing it from your localhost?
If the second is the case you need to setup a DNS entry for a dummy hostname in your local host file that points to 127.0.0.1 and use that dummy name when registering with live. Furthermore it needs IIS, not IIS Express.
Not sure if it is a clean way nor if it is complete, but it is the furthest I got when trying out the new ASP.NET Identitiy Provider. Sadly there is only a example in the official documentation which shows how to use it with google...
I, too, would appreciate a clean answer to this.
Redirect URIs are "SSL sensitive" and you probably always want the SSL version.
I am trying to install openID into my web site project that is using ASP.NET MVC, specifically with Yahoo
Yahoo keeps giving me this :
"Warning: This website has not confirmed its identity with Yahoo! and might be fraudulent. Do not share any personal information with this website unless you are certain it is legitimate."
However I have followed the setup procedures I have a Yardis document setup and the following in the header of my realm URI
<meta http-equiv="X-XRDS-Location" content="http://www.daimokuchart.com/yadis" />
My Yardis document is as follows
<?xml version="1.0" encoding="UTF-8"?>
<xrds:XRDS
xmlns:xrds="xri://$xrds"
xmlns:openid="http://openid.net/xmlns/1.0"
xmlns="xri://$xrd*($v*2.0)">
<XRD>
<Service priority="1">
<Type>http://specs.openid.net/auth/2.0/return_to</Type>
<URI>http://www.daimokuchart.com/Users/Authenticate</URI>
</Service>
</XRD>
</xrds:XRDS>
This is getting rather frustrating as I am not sure what else I can be missing.
Note: The domain given in this example isn't actually live at this time... I am however testing it on a live site I just can not give out the URL at this time as we are not done developing the site yet.
Update 3/4 I did find a Yadis testing site, and it passed so the problem is Yahoo is not discovering it for some reason.
Update 3/5 Still no luck I talked with someone and they said this
needed to be in my root url so I did that now yahoo reports something is wrong with the site... but not sure what the problem is...
Check that your openid.return_to parameter is found in your YADIS/XRDS document, including matching capitalization.
My first thought is that your realm URL (http://www.daimokuchart.com/yadis), seems to redirect to http://blog.daimokuchart.com/yadis when I attempt to browse there. The following writeup (linked from Yahoo's OpenID FAQ) mentions that the realm URI can't redirect:
Why Yahoo! says your OpenID site's identity is not confirmed
Yahoo! OpenID - FAQ