I have generated the access_token by using the URL provided by GitHub. I am able to do all the GET operations on the api with the URL. What i really wish to do is the POST operation. I wish to create an issue from my Rails app.
Every time i try to do that, i get a 401 unauthorized access by GitHub despite the fact that i am sending the access_token in params on this URL.
I have also tried it with these gems :: Github V3 API and Octopi
There are other questions similar to this, but the solution has not been found it seems.
EDIT :: I wish to add title to create an issue
Related
I am attempting to use the Paw app to test out a REST API build in Rails 4.2.4. I have a create method which expects JSON as input. The request appears to pass the correct information from Paws as structure, but the Rails API is failing with the following error:
422 Unprocessable Entity
Can't verify CSRF token authenticity
When writing the JavaScript front end, the request must have a header appended to the request, of the form:
webix.ajax().headers({'X-CSRF-TOKEN': $('meta[name="csrf-token"]').attr('content')}).post("geo_wells.json", parms), function(text){webix.message("posted");});
That all works fine for getting the CSRF satisfied consistently, although it's the parms I am trying to use Paws to help sort out. But I can't get that meta token in Paws. No idea how to actually add that to the header of the request. Tried creating a cookie and all response cookies, but that didn't do it either.
Any ideas? I'd like to purchase the tool, but if it can't do this, it's not of that much use to me. I would prefer not to up and disable the CSRF as is so often suggested. I'm hoping for a robust answer that would still extend to testing of the fully CSRF enabled API.
This Paw.app article had the answer.
First, install the RegExMatch extension.
See: https://paw.cloud/extensions/RegExMatch
With the Ruby on Rails getting started set up, the regex required to get the csrf token was below:
when I write this
https://api.twitter.com/1.1/search/tweets.json?q=%23baseball&result_type=recent to search for #baseball but then I get a Bad Authentication data.
How do I add the Authentication to the request? I'm asking how do I make the request? Could someone give me an example of how it would look? If I have a Consumer Key and an Access Token?
The 1.1 API assures that all requests made to Twitter are made with some sort of authentication. To try out the API, use the API console here: https://apigee.com/console/twitter
To simply browse the request, use one of the auth methods in the console and pass in your request with GET https://api.twitter.com/1.1/search/tweets.json?q=baseball&result_type=recent
Trying to access files in the private repositories of a Github organization of which I am a member, using the API. Tried a couple different ways so far:
1. If I use the username/password method --
curl -u "sashafklein:mypassword" https://api.github.com/repos/:org/:repo/git/trees/:file_sha
it works fine, but I'm trying to access the repos from a collaborative Rails app, so I don't want to publicize my github login credentials. I suppose creating a dummy GH account with access and using those credentials is possible, but it's definitely not ideal..
2. So I looked at the OAuth2 Secret/Key method in the API docs. But it doesn't work. If I curl the org repo url with my credentials as params in the url:
curl -i "https://api.github.com/orgs/:org/repos?private&client_id=<ID>&client_secret=<SECRET>"
Only the public repos show up. This may be a problem with how I'm passing params (passing "?private=true" should theoretically then return an empty list, but the list is identical and all public repos), but I'm following the docs.
3. So I got frustrated and took a look at these docs for getting a OAuth token, but I'm confused about how to alter it so that there's no user interface -- ie, so that my app has automatic access to the Github Orgs of which I am a member, without users of it having to do anything in particular.
Any ideas what I'm doing wrong with attempt 2, or how to get attempt 3 working automatically? I'm pretty stumped.
EDIT I think my client_id/secret are wrong, cause even when I use Octokit, it can't access the protected repos. Am I understanding this wrong? As me, I created an "Application" on Github for my Rails app, and I'm trying to use those credentials to access the org's private repos (to which I am a contributor) using the API.
In case anyone runs into this problem, here's the solution I found.
Apparently the client credentials I had weren't working. I think I didn't quite understand what they're for. The easiest way I could get this to work (ie, get permission for my rails app to access a private repo of which I was a member) was to use the username:password method (1, above).
So that my personal github credentials wouldn't be available to everyone using the app, I created a new dummy github account with access that serves exclusively as an api credentializer.
I am using Octokit with C# and encountered the same issue. After some investigation I found out it was a problem with my token permissions.
Token have scopes (https://developer.github.com/v3/oauth/#scopes) so to access private repositories you need 'repo' instead of 'public_repo' which I think was default.
This can be easily changed from Settings > Personal Access tokens > edit
I am trying to make a GET request with AFNetworking to facebook's graph api. For various reasons, I'd rather not use the facebook SDK's native objects and would prefer to make those requests via AFNetworking. However, I'm a bit new to the networking side of things and I am unsure how to include the access token along with my GET request. Can anyone point me in the right direction?
I've tried setting the http header field to include this:
Authentication : {my access token}
but that doesn't seem to be working.
You need to add access_token as a URL query parameter for GET requests. See the docs here.
I've been trying to get Rails to play with the new Facebook Graph API. After I get the authorization "code", I need to send another request which returns the access token in JSON form.
It seems to work fine, however I want to fetch the access token JSON without redirecting the user. I'm attempting to use Net::HTTP.get, but I'm not sure how to use it to get a request body, or even if it's the right thing to use to begin with.
Can anyone give an example of performing an HTTP GET?
I've figured out how to do this, the problem was mainly with the fact that I needed an HTTPS connection.
Adapted from http://snippets.dzone.com/posts/show/788:
path = '/oauth/access_token?...'
http = Net::HTTP.new('graph.facebook.com', 443)
http.use_ssl = true
res = http.get(path, nil)
#access_token = res.body
Anyone specifically trying to use the Graph API, note that the value stored in #access_token is in the form of a params string, e.g. "access_token=xxxx&expires=1234".
I got around needing to parse this by just redirecting to another page and using that as the URL params, but there's probably a better way to do this.
SOA#1
However please note that it means that server have to be log onto facebook - while if browser is redirecting it is user who have to be log into server. Hence did your server set the permission?
You can pretend that you are the user. Bad Horrible idea (you have to store passwords in cleartext on you server).
You can use OAuth. Hence you should use OAuth gem instead of Net::HTTP. You will not avoid the redirection - it is part of authorisation process and user must say that he allows to access data (imagine what would be if anyone could access anyone data on facebook). Turorial on writing OAuth clients in rails.