I have set up the real time subscription for facebook, the subscription is done successfully but I am only getting friends updates if friends are added or removed, apart from this I am not getting anything for like "books, checkins, work, education etc...". Facebook is sending the Token to my web server. That is good so far. My server sends back the response to facebook. So far Configuration is done successfully.
Another Issue is - I am not able to see the incomming request in Fiddler. I have tried below to check the incomming request...
if (oSession.host.toLowerCase() == "IP Address:8888")
oSession.host = "IP Address:Port Number";
Sometimes (especially with IE) Fiddler has to be started before you start your debugging session.
Related
I have my own bot running locally and have made it publicly accessible using ngrok
Trying to use the sandbox environment of gupshup to communicate with my bot.
Have hooked my bot using webhook (link your bot)
Have also created a BOT and configured the webhook as a callback POST to my ngrok server.
However when i try replying to a user supplied whats app message after say about 10 min using the Delayed response strategy i.e. by passing the contextobj and message via the send API (http://api.gupshup.io/sm/api/bot/{botname}/msg), I get an error stating "User Not Opted In".
Why isnt the user considered as an Active User since the messaging was initiated by the user and the send API is only replying to that message with 24 hrs ?
How do i simply give a delayed response to the user within 24hrs without forcing the user to opt-in ?
We do this all the time, however we are using the endpoint documented here:
https://www.gupshup.io/developer/docs/bot-platform/guide/whatsapp-api-documentation#OutboundMessage
You have to take the consent of user once before sending messages.
Also while using sandbox the user needs to opt in but for verified user it will be relaxed.
But still you will need to take consent of user at any place (your site, your terms and conditions or anywhere) before sending him anything for the record purposes so that they cannot claim that you are spamming them without consent.
I am facing an issue regarding account linking in Actions on Google:
I am able to authenticate the user and access his email address and username however after this how can I redirect the user back to the google assistant and close the browser where he was authenticated?
Any help will be appreciated!
Update: Hey Prisoner thanks a lot for that.
I did what you said and yeah now it does redirect to google.com but without result_code=SUCCESS when I test it in the simulator.
The link is:
https://www.google.co.in/?gws_rd=cr&dcr=0&ei=z77fWbjQGIXxvATs_oqwBA
Now if I type talk to... again it shows me the message you need to link your account!
In the device the browser automatically closes and it shows SIGNING_IN however when I type an intent it is not recognized.
It would be great if you could point me in the right direction! (I am not sure but I might be at the token exchange stage that you mentioned, but I don't have a clue how to proceed!)
Update 2: As requested the entire flow that I am following:
This is the URL that I receive from debugInfo:
https://assistant.google.com/services/auth/handoffs/auth/start?account_name=cha***#gmail.com&provider=***_dev&scopes=email&return_url=https://www.google.com/
When I paste this in the browser the request that I receive at the authorization endpoint is:
ImmutableMultiDict([
('response_type', 'code'),
('client_id', ****.apps.googleusercontent.com'),
('redirect_uri', 'https://oauth-redirect.googleusercontent.com/r/****'),
('scope', 'email'),
('state', ' CtcCQUxWM2ROU3hNMjl4LUItVXhQSGd4THRMLU4yNExnb3lYbGRKQnQwa3NwTVFva19NUWpYNE5jNGJURzIyZFN3RDBXd2d4enFGVWJGb0Q0ZW1vaS1OaFdkaHdhb05HZ2xlWTR6SllKVlRWYktwd09faklyUTVheFhQbGw2dmVKYzVFTk05N3B1QkxaZG41RVdHN0wyTktvRFdCYzFPVFBzM1dQUlFtN2RmM1VtRU4****(state)')
])
The response (redirect_url) that I send back:
https://accounts.google.com/o/oauth2/v2/auth?scope=email&response_type=code&redirect_uri=https%3A%2F%2F******.herokuapp.com%2Fcallback%2Fgoogle&client_id=****.apps.googleusercontent.com
When it reaches my endpoint again the request arguments are:
ImmutableMultiDict([
('code', '4/***********')
])
Now I am able to access the email address and other details
The url that I redirect to from here:
https://oauth-redirect.googleusercontent.com/r/****?code=abcdefgh&state=CtcCQUxWM2ROU3hNMjl4LUItVXhQSGd4THRMLU4yNExnb3lYbGRKQnQwa3NwTVFva19NUWpYNE5jNGJURzIyZFN3RDBXd2d4enFGVWJGb0Q0ZW1vaS1OaFdkaHdhb05HZ2xlWTR6SllKVlRWYktwd09faklyUTVheFhQbGw2dmVKYzVFTk05N3B1QkxaZG41RVdHN0wyTktvRFdCYzFPVFBzM1dQUlFtN2RmM1VtRU4****(state)
This redirects me to :
https://www.google.co.in/?gws_rd=cr&dcr=0&ei=5c_fWdfKNYndvASO7o6ACA
Edit 3: I checked the network logs:
result_code=FAILURE&result_message=Account+linking+failed
I also added /token/google as the token URL in AoG. It is detected in heroku however I never receive this request in my code.
Note: I am using python flask and hosting my app on heroku
Once you have authenticated the user, you'll need to return a temporary auth code back to Google. Later, Google will exchange this auth code for an access token and a refresh token, but you're not there yet. The important part is that this code needs to be unique and that, later, you'll be able to recognize what user it is for. The code should be valid for a limited time - 10 minutes is a generally accepted time frame.
In the request Google sent to you as part of the login, they've provided a redirect_uri and a state as parameters. You'll need to use these in your reply. (state can be anything - you shouldn't care what it is, you're just going to send it back with your redirect. Its purpose is to improve security by preventing replay attacks.)
Verify that the redirect_uri has the form
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID
Where YOUR_PROJECT_ID is... you guessed it, the ID of your project. You can find this in the cloud console.
You'll then redirect the user to this URL with a few additional parameters:
https://oauth-redirect.googleusercontent.com/r/YOUR_PROJECT_ID?code=AUTHORIZATION_CODE&state=STATE_STRING
Where YOUR_PROJECT_ID is as noted above, AUTHORIZATION_CODE is the code you've generated, and STATE_STRING is the value of the state parameter that you were sent in the request.
For details, you can see https://developers.google.com/actions/identity/oauth2-code-flow#handle_user_sign-in
I am working on an app which needs the authentication. The backend is built with Flask python, and I am using POST request with a JSON to send the username and password. There are two questions I have actually.
First one, is it unsafe to authenticate with POST and JSON?
Second one, how can I keep the status of log in. I mean, like Facebook App, once user logged in, they don't have to input the password again even the app is restarted.
There is nothing wrong with sending your auth credentials with POST, in fact, that's what you should be doing, never send these information via GET
As for how to keep the status, check out Documentation on the class to store your cookies, then check if they exist.
Also, I assume you know the HTTP status code as well? Just to give you more info, just because your cookies exists doesn't mean the user is also logged in, for example, cookies may be expired (time length depends on your server configuration). So in that case you might want to return status error 4xx. HTTP Status Documentation, and maybe presentViewController(logInViewController, animated: true).
I'm currently receiving
{"code": 400, "error_type": "OAuthException", "error_message": "No matching code found."}
while attempting to get a user's access token on one of our servers. This is occurring while using the REST Client Chrome extension and from our web application, on one particular server.
I am able to receive the user's access token from my local machine and a different server using the same code and extension.
Could our IP have been blacklisted from receiving access tokens? Has anyone else run into this issue?
Thanks,
EDIT
Heard back from Instagram support, this was an issue on their end and has been fixed. Thanks for the help.
Yes your intuition is correct. It is likely that you made too many incorrect API calls that Instagram disabled your IP. I started dealing with Instagram API this week, at the beginning it was working but today I started getting the same error you got. The code also works fine locally or on any other machine. The only explanation to this is that my IP is blocked. Just switch your IP and you should be fine!
SOLVED:
The reason for this error is the ip address from which you are trying to connect to Instagram and get access_token. After contacting my network provider and changing my ip everything got fixed.
To figure out if your issue is caused by your local ip (not the server ip) try to connect to your app via mobile network or any other network different from yours:
- If it works you need to change your local ip.
-If it does not work - change your server ip cause it is probably banned by instagram for lots of malicious requests.
I was having the same trouble: users couldn't authenticate through Instagram and the error returned was "OAuthException" and "No matching code found." Started on 4/28/15 but didn't catch until two days later. Only in production, not staging, so it was almost certainly IP.
I posted to the Instagram developer help center (https://help.instagram.com/contact/438525166257277) yesterday at 7pm and the problem was fixed by this morning, with a cryptic email from their support at 11am ("The issue has been resolved").
I have a Mvc-facebook Application. I have configured my Facebook-Sample app in the Facebook Site.
Purpose of Sample Facebook App
Whenever I make some change in the first Name. Facebook should send the changes to my Web-Server in the form of JSon.
I have successfully configured the Subscription.
Facebook sent the token. Matched it with my code and my code sent the same token to Facebook. It's very good so far.
Issues 1 - In my Web-Server, I have Fiddler installed. When Facebook sends token to my Web-Server IIS, Fiddler is not showing the request.
Issue 2 - when I made some changes in my First Name, Facebook is not sending the data to my Web Server.
Please tell me what is missing in these issues.
Code
[HttpGet]
[FacebookSubscriptionVerify("MyToken")]
public void Verify(FacebookClient fb)
{
Response.Write(fb.AccessToken);
var verifiedResult = new FacebookSubscriptionVerifiedResult();
verifiedResult.ExecuteResult(ControllerContext);
}
[HttpPost]
[FacebookSubscriptionReceived]
[ActionName("Verify")]
public void ReceiveUserUpdates(object subscription)
{
}
In my Web-Server, I have Fiddler installed. When Facebook sends token to my Web-Server IIS, Fiddler is not showing the request.
Well, that does not sound as if your debugging/monitoring was successful, does it? You say before, that Facebook has actually sent you the token.
Find other means of debugging, f.e. have a look into the server’s access log.
when I made some changes in my First Name, Facebook is not sending the data to my Web Server.
If you deduce that the same way as you did above, then you probably deduced wrong …?
Be aware, that the POST requests Facebook sends for Realtime Updates are not in the “normal” format you would expect from f.e. an HTML form post, that means not as Content-Type: application/x-www-form-urlencoded.
Use wireshark to check what is sent, that will give you a correct view. Just capture everything and check http protocol.