My callback url is only receiving oauth_acccess_token and oauth_bridge_code. How do I get the secret from these?
It is usually supplied to you. Go to your app settings at https://dev.twitter.com/
You will see your oAuth Secret Key
Related
I am building my REST API to be used with my IOS app. I have a little problem...
How do I implement the "resource owner password credentials grant"? I cannot store the client credentials in the IOS app code (not secure) so I have no idea how to secure the API.
So basically, I would be using HTTP Basic Authentication over SSL which would return a token. However, this means that anyone can make a simple post request to my API endpoint from wherever and also obtain a API access token. Basically I'd have a open API.
What do you recommend?
you can actually use keychain to store the data you need .. it's totally secure.. but sure don't store password in it, it will be a deal breaker for you :)
you can request with the password of the user an access_token from the oAuth as you've suggest
and store the access token into the keychain.. it proved that it's secure for me .
It looks like Twitter changed terminology over the years and did not update their docs appropriately, which leads to confusion (at least on my part).
According to https://dev.twitter.com/docs/auth/authorizing-request I need to use oauth_consumer_key and oauth_token.
At this time I want to access the account that is owned by the website that is making the request, so I am not trying to get a token for a website user, but instead use the tokens provided by Twitter for the Application.
In the Application details page, I have values for API key, API secret, Access token, and Access token secret
Can you tell me how these keys/secrets map to the oauth_consumer_key and oauth_token? And what are the other two used for?
Thanks!
OK, I figured it out.
It looks like Consumer maps to API and Access Token maps to OAuth Token, so to clarify:
oauth_consumer_key : API Key
oauth_token : Access Token
Consumer secret : API Secret
OAuth token secret : Access Token Secret
We have a desktop app (Delphi XE2) that gets an oauth request token from Intuit and fires off the URL call to Intuit where the user authorizes our app. This half of the oauth dance seems to be working.
The problem we are running into is getting the Access Token and Access Token Secret. We never seem to get it.
Details:
This is for QuickBooks v3 API.
We have a web service setup to handle the callback whose URL we pass along when we make the call to get with request token to https://appcenter.intuit.com/Connect/Begin
That opens the Intuit web page with our test company and our app listed. When we grant access to our app from the Intuit site the web browser is redirected to our callback URL and that contains an oauth token (which I'm not really sure is our access token) but we never get the access secret. That's the missing thing for us.
Is the token we are getting in the callback our access token?
If so how do we get the access secret? Is that token another token to be used to make another call to https://oauth.intuit.com/oauth/v1/get_access_token where we would obtain our access token and secret?
I tried using the token returned to our callback URL as a token for the "get access token" url and that gave me unauthorized errors.
If the token returned to our callback URL is not the access token where/how the heck do we get it?
Any help or direction is appreciated.
UPDATE:
So, it turns out I was missing one entire step of the OAuth dance.
After the user authorizes access and that passes the original request token and a verifier key to our web service. That verifier key is used with the original token in yet another call to Intuit to get the access token and access token secret.
Cheers!
TJ
The initial callback returns to you a request token, which you then have to send back to Intuit via the get_access_token URL to get an access token and secret.
Intuit instructions:
Implement OAuth in Your App
The OAuth spec it refers to is RFC 5849.
You can refer the sample V3 APP.
https://github.com/IntuitDeveloperRelations/QuickbooksV3API-Java
To be specific, please refer
OAuthController.java and OAuthHelper.java
Thanks
When creating a new application in LinkedIn, I get 4 separate codes:
API Key
Secret Key
OAuth User Token
OAuth User Secret
I'm using the first two in the OAuth flow. What is the purpose of the last two?
After reading some more, I figured it's my own user's token and secret. The reason they are provided is to simplify the initial calls to LinkedIn API.
The closest thing to documentation I found is this forum post from a LinkedIn employee. However, this post does not clarify everything, such as: Will this token ever expire? Does this token have all member permissions?
Based on a little experimentation, I suspect the answers are no and yes. But I'm not sure.
This is basically use for the API testing purpose before you move forward to implement your application, you make sure the linkedin API working fine.
For more you can see this link https://github.com/saranpal/linkedin-api-quick-start-php, here is simple example for fetching company information.
Cheers!
I want to provide OAuth protocol to my own application using webservices for credentials.
How to get the secret key and consumer key to my application.
If it's your application, then you need to be able to generate the tokens on your server.