I am trying to get access token from LinkedIn I am passing All parameters correct but the error 401-invalid signature is still there
code is
<a href="https://www.linkedin.com/uas/oauth/requestToken?
oauth_consumer_key=d84z39zfvu1e&
oauth_signature_method=HMAC-SHA1&
oauth_signature=Z8CFWW1i0mvcW8g6CiY%2BqL%2BfOik%3D&
oauth_timestamp=1330086574&
oauth_nonce=2222&
oauth_version=1.0&
callback=http://localhost:8080/linkedIn/">
That is the request token you are trying to get. A common mistake when getting the request token is using the wrong key when signing the request.
Your HMAC-SHA1 key when signing all requests should look like this:
CONSUMER_SECRET + "&" + TOKEN_SECRET
And since you do not have a token secret yet, the key should be CONSUMER_SECRET + "&"
Related
I need to read and import google people contacts but I get the following error:
"Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project."
"status": "UNAUTHENTICATED"
This is the script (classic asp) I am using:
StrURL="https://people.googleapis.com/v1/people/get"
ApiKey="my api key"
Set objXMLHTTP = CreateObject("Msxml2.ServerXMLHTTP.6.0")
objXMLHTTP.Open "GET", StrURL, False
On Error Resume Next
objXMLHTTP.setRequestHeader "Authorization", "Bearer " & ApiKey
If Err.Number<>0 Then Response.Write "Error:" & Err.Description & "<br>"
On Error GoTo 0
objXMLHTTP.send
content = CStr(objXMLHTTP.ResponseText)
statuscode = objXMLHTTP.Status
How can I get the token using classic asp? Can anyone help me?
objXMLHTTP.setRequestHeader "Authorization", "Bearer " & ApiKey
You appear to be sending an api key. An api key is not a bearer token. Api keys only grant you access to public data, not private user data.
In order to access private user data you need to request authorization from that user to access that data that is done using Oauth2
Once you have been grated consent of the user to access their data you will have an access token. This access token can then be sent to the api in the authorization header.
I haven't used asp classic in years. These videos may help you understand how to make the authorization request.
Google 3 Legged OAuth2 Flow
How to create web app credetinals
Understanding oauth2 with curl
I'm working on a small swift program to work with Yelp API over OAuth-1. I am looking to generate a HMAC-SHA1 signature.
I have the customer key, secret key , token and token secret.
From what I know, to make an API request with OAuth1, we need the following attributes :
1.oauth_consumer_key
oauth_token
oauth_signature_method = (HMAC-SHA1)
oauth_signature
oauth_timestamp
oauth_nonce
I have the first 1,2,3 parts but I don't know how do I generate #4,5,6
I am kind of new to ios/swift3 so please point me into right direction
try to look at that implementation: https://github.com/SwiftP2P/SwiftSSL/blob/master/SwiftSSL/HMAC.swift
I've a problem when trying to do a webrequest to UGC and authenticate using oAuth. I'm making a webrequest such as:-
WebRequest wr = WebRequest.Create("http://ugc.service/odata.svc/Ratings(Id=200)");
wr.Headers["authorization"] = "OAuth " + auth;
Where auth is my token returned from the access_token.svc. According to the documentation the token returned from the service should be something like:-
HufXeuUt%2FYYElA8SYjJOkUkrXxV9dyXRirmKhjW%2Fb%2FU%3D
However, what I'm being returned from access_token.svc is more like:-
{"access_token":"client_id%3dtestuser%26expiresOn%3d1361898714646%26digest%3d%2fW%2fvyhQneZHrm1aGhwOlgLtA9xGWd77hkxWbjmindtM%3d","expires_in":300}
I've parsed the JSON to extract various strings and attempted to pass these through to the authorization but whatever I try I get an error in the logs - "ERROR OAuth2AccessToken - Digest is wrong." Exactly what part of the token and in what format should I be passing through to authorization?
Many thanks
John
Like you mentioned, the protocol is this:
You make a post request to the access token end-point to get a token (you need to provide here your client_id and your client_secret as headers or as query parameters);
You get an answer similar to this: {"access_token":"sometoken","expires_in":300};
2.1 Worth knowing is that the token is url encoded and in UTF-8 format so, on Java side you need to do URLDecoder.decode("sometoken", "UTF-8"); while on .NET side you need to do HttpUtility.UrlDecode("sometoken", System.Text.Encoding.UTF8);;
Your next request needs to include the authorization header. On Java side you do builder.header("authorization", "OAuth " + decodedTokenString); while on .NET side you can use Client.Headers["authorization"] = "OAuth " + DecodedTokenString;
Worth mentioning is that the SharedSecret defined in the cd_webservice_conf.xml (/Configuration/AuthenticationServer/SharedSecret/) of the TokenAccessPoint needs to be the same as the SharedSecret defined in the cd_ambient_conf.xml (/Configuration/Security/SharedSecret/) of the (WebService)EndPoint.
Are you sure you decoded properly the token gotten from the server? Are you sure that you configured the proper SharedSecret in the two configuration files?
Hope this helps.
Getting authentication errors when I try and obtain my upload authorization token
https://developers.google.com/youtube/2.0/developers_guide_protocol_error_responses
Using a packet sniffer, my first error message is>
401 Token invalid - Invalid token: Cannot parse AuthSub token:
In addition to perhaps improperly formatted Auth key value, I'm wondering exactly what headers I should be including for my upload auth request.
I am using the following though think clientId has been deprecated
"Authorization", "GoogleLogin auth=\"" + authToken + "\""
"X-GData-Client", clientId
"X-GData-Key", "key=" + devKey
After changing
"Authorization", "AuthSub token="+authToken
to
Authorization", "GoogleLogin auth="+authToken
in my request I no longer get 'Cannot parse AuthSub token' error message but
I still get
Error #2032: Stream Error. URL: http://gdata.youtube.com/action/GetUploadToken
<errors>
<error>
<domain>yt:authentication</domain>
<code>Unknown</code>
</error>
</errors>
Stumped. Would really appreciate any feedback as I'm not even certain now where my error(s) exist!
ok working but not really sure how:)
Am using these 2 headers in my POST request to
'http://gdata.youtube.com/action/GetUploadToken'
"Authorization", "GoogleLogin auth="+authToken
"X-GData-Key", "key=" + devKey
And also needed to associate my youtube user developer credentials with a channel
https://groups.google.com/forum/#!msg/youtube-api-gdata/76x8vaADJWM/36O05FD7mC0J
A packet sniffer or at least adding support to read the XMl error responses is essential!
I resolved this problem by providing the correct developer key
so, I just need to retrieve user basic info(/verify_credentials(twitter), /me(facebook) so Im trying to roll my own code for now
got it on facebook on second try since all I need is a request to graph.facebook.com/me + access_token
but now trying to do it with twitter has been incredibly painful, I just can't figure it out by the docs, so, please, what does a request to twitter api /verify_credentials look like?
what are the params?
twitter api, y u suck?
Facebook uses oAuth 2.0, which is much easier to implement than oAuth 1.0 (which twitter uses).
An example request to verify_credentials API could look like this:
https://api.twitter.com/1/account/verify_credentials.json?oauth_consumer_key=XXX&oauth_nonce=XXX&oauth_signature_method=HMAC-SHA1&oauth_token=XXX&oauth_timestamp=123456789&oauth_version=1.0&oauth_signature=YYY
oauth_consumer_key is self explanatory
oauth_nonce can be pretty much a random string of characters
oauth_signature_method is always HMAC-SHA1
oauth_token is your access token
oauth_timestamp is current UNIX timestamp (in UTC)
oauth_version is always 1.0
oauth_signature is your generated signature (which twitter will verify by reproducing)
You generate the value of the oauth_signature parameter by constructing a signature base string which consists of the following parts.
HTTP method in upper case (in this case GET)
an ampersand &
URL-encoded base URI (everything from https up to and including verify_credentials.json)
an ampersand &
all request parameters in alphabetical order, url encoded. (oauth_signature should NOT be included in this though)
The pseudo code in the section Signing requests in Twitters documentation describes the signing process elegantly:
httpMethod + "&" +
url_encode( base_uri ) + "&" +
sorted_query_params.each { | k, v |
url_encode ( k ) + "%3D" +
url_encode ( v )
}.join("%26")
And then you sign the resulting base string using the consumer secret, and the access token secret. That's all there is too it :)
But before issuing any requests to the API you will of course need to actually get an access token. Once you grasp the oAuth 1.0 flow, and the signing process. You'll be home. Twitter's documentation does a great job at explaining the process, but it is a quite a bit to wrap your head around. Worth it though.