I have to work on mobile api ,the purpose is to use facebook connect to login and send required data to access the api.
For testing now user provides us with hard coded values of auth token and Uid,so how can i create a session for the user.I'm using facebooker gem ,rails 2.3.4 and ruby 1.8.7.
For this you have to need the access_token with offline_access permission, because these access_token hasn't expires time. In PHP, there is a function named setAccessToken(), in this you can set your access token(which has offline_access permission). Below is the code for PHP( Sorry, I don't know about the RoR)
require "facebook.php";
$facebook = new Facebook(array(
'appId' => YOUR_APP_ID,
'secret' => YOUR_APP_SECRET,
));
$facebook->setAccessToken("...");
Related
I am working on script to get google contacts using google contacts api gem. I am able to access the token successfully using this code:
require 'rubygems'
require 'launchy'
require 'oauth2'
require 'googlecontacts'
require 'google_contacts_api'
# Get your credentials from the console
CLIENT_ID = 'your Id'
CLIENT_SECRET = 'your Secret'
OAUTH_SCOPE = 'https://www.google.com/m8/feeds'
REDIRECT_URI = 'urn:ietf:wg:oauth:2.0:oob'
client = OAuth2::Client.new(CLIENT_ID, CLIENT_SECRET,site: 'https://accounts.google.com',token_url: '/o/oauth2/token', authorize_url: '/o/oauth2/auth')
url = client.auth_code.authorize_url(scope: OAUTH_SCOPE, redirect_uri: REDIRECT_URI)
Launchy.open(url)
$stdout.write "Enter authorization code: "
code = gets.chomp
token = client.auth_code.get_token(code, :redirect_uri => REDIRECT_URI)
PROBLEM:
I know that this is not the best way to do it, because it is tiring. every time I run the script the user has give access instructions. And also I have to manually copy paste the token from the browser to the terminal.
QUESTION:
How can be able to store the retrieved token, and when it expired how can I refresh it?
It looks like you're using the oauth2 library to get the access token. The AccessToken class has to_hash() and from_hash() methods, which you can use to serialize and deserialize the token once you've gotten it, as well as a refresh() method to refresh the access token once it's expired. If this is a command line script you can use a hidden file in the user's home directory to store the serialized token.
During the first authentication, you got an authorization token and a refresh token.
Store the refresh_token (in session if it's a web app, or any other "volatile" persistence scheme, or in last case in database).
Using the refresh_token, ask for a new token like described in Google OAuth2 WebServer documentation.
If this is not a webserver application, maybe you should consider use other OAuth2 authentication flows.
In order to receive a refresh token, you need to alter the url.
in OAuth2:
url = client.auth_code.authorize_url(scope: OAUTH_SCOPE, access_type: "offline", redirect_uri: REDIRECT_URI)
Then it will be available like Erik Koleda mentions.
I'm planning to use rails-api for providing JSON API for iOS mobile application to consume. The process:
User open the mobile app
User taps on Facebook connect
Mobile app get fb_access_token and post it to API server to identify the user
API server get user profile on Facebook by using fb_access_token
API server either create and look up the user, then response with a api_token for this particular user
Mobile app use the api_token response for all communication afterward.
Which authentication should be the best option for this app? oAuth2 or BasicAuth? I tried rails-api with doorkeeper, but it doesn't work out of the box because doorkeeper need some assets.
I am doing a basic authentication for this integrated with devise.
First i get the post parameters from the mobile application (the access_token and other stuff).
Then I use open-api to get the user details from facebook:
url = "https://graph.facebook.com/me?access_token="
begin
content = open(URI.encode(url + params[:user][:access_token]))
rescue OpenURI::HTTPError #with this I handle if the access token is not ok
return render :json => {:error => "not_good_access_token" }
end
Now Facebook returns the response
status = content.status[0]
content = ActiveSupport::JSON.decode(content)
if status == "200"
#get the email and check if the user is already in the database. If there is not email, check by the facebook id
#If the user exists return the user. If the user does not exists create new
Hope this helps
Than you can user the same code also for google, just change the url to "https://www.googleapis.com/oauth2/v2/userinfo?access_token="
I'd give omniauth-facebook at try, as it uses OAuth2 and is pretty easy to use. All omniauth strategies are rails middleware, so you just need to add gem 'omniauth-facebook' to your gemfile and add the following to config/initializers/omniauth.rb and you will be able to use /auth/facebook to log in via facebook and /auth/facebook/callback to create the user session (you might want to alter the :display key-value as pop-ups in mobile might not be aesthetically pleasing):
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, ENV['FACEBOOK_KEY'], ENV['FACEBOOK_SECRET'],
:scope => 'email,user_birthday,read_stream', :display => 'popup'
end
The facebook auth token will be in the request.env['omniauth.auth'][:credentials][:token] that gets returned to your callback endpoint, which you can integrate into your mobile authentication strategy. see the above link and the omniauth main page for more details.
I am having trouble figuring out how to make a request to the Google Contacts API after a successful authentication.
provider :google_oauth2, "key", "secret", :scope => "userinfo.profile,https://www.google.com/m8/feeds", :approval_prompt => 'auto'
This successfully authenticates the user with permission to access the contact api.
My question is - how do I make the next request to actually get the contacts using the refresh token and other information provided by:
request.env['omniauth.auth']
I've read that you need to specify specific headers like GData-Version => 3.0 but can't seem to figure out how the entire request would look like.
Thank you!
I'm building a rails app that uses the Twitter Ruby gem to call the Twitter API. I've authorized the app myself so I get more than the normal 150 (I think I get 350) calls per hour, but in production this still may not be enough. What are my options to avoid rate-limiting besides caching (already doing it) and requiring the user to log in themselves?
You need to get the user oauth_token and the user oauth_token_secret, and then you do the requests on his behalf (so you don't have the limit).
So, assuming that you have the token and secret_token, you can do this:
#client_twitter = Twitter::Client.new(
:oauth_token => token,
:oauth_token_secret => secret_token
)
And just do the request with that #client_twitter. For example:
#client_twitter.profile_image(uid)
So, you might be asking: How do I get the oauth_token and oauth_token_secret? They need to give permissions to your app to do so. You can use OmniAuth, and you will see both the token and secret token in the hash that is coming back once they have authenticate.
I'm learning about OAuth with the goal of allowing visitors to my website the ability to sign in with Twitter. I've been using the Python based oauth2 library as a learning tool, and I think I get most of it.
I understand that after the user authenticates with the service (Twitter in this case) the user is sent to the callback URL with the parameters oauth_token and oauth_verifier.
What I fail to understand is the proper way of storing this information in the users browser. How do I identify these values during subsequent requests? Am I required to create a session system as with a normal website, or is there some magic in OAuth that makes this unnecessary?
How you handle client sessions of people who visit your website is not covered by OAuth, that remains up to you (and the usual session management frameworks).
All OAuth does is tell you that the user really is the Twitter user he claims to be. You can then associate this piece of information with the user session on your site (just like you would if the login screen was on your own page).
there are two types of oauth_token and oauth_verifier in twitter API
first is request token that always come different on each process, that can be save into session using getRequestToken method
i m telling in PHP view , but logic are same in any language
/
* Get request token */
$request_token = $connection->getRequestToken(OAUTH_CALLBACK);
/* Save request token to session */
$_SESSION['oauth_token'] = $token = $request_token['oauth_token'];
$_SESSION['oauth_token_secret'] = $request_token['oauth_token_secret'];
another is accesstoken: that is retrived via getAccessToken method
$access_token = $connection->getAccessToken($_REQUEST['oauth_verifier']);
Array
(
[oauth_token] => 223961574-mEctH7SHai######
[oauth_token_secret] => G7Buyxn4okF31Ln3ulAh#####
[user_id] => 223961574
[screen_name] => ltweetl
)
these token are same which is in your registered application on twitter
and already given at below page...
http://dev.twitter.com/apps/{your_app_id}/my_token.