Using yahoo api with Oauth ruby - ruby-on-rails

Everything's going well (using endpoints here http://developer.yahoo.com/oauth/guide/oauth-guide.html), getting an access_token.
Then it gets very confusing, let's say, just to identify the main user (wich domain ? - there are a lot in yahoo webservices) and then maybe access other services (read delicous, for example).
Why on earth is delicious giving explanations about connecting to it with oauth ( http://www.delicious.com/help/oauthapi) ?!!
Not experienced enough to know where to look at, to get a correct orientation to use it.
It is very confusing compared to the use of other webservices, if anyone has clues, experiences.
Thx.

Have you seen YDN's Ruby Developer Center: http://developer.yahoo.com/ruby/

Related

Google YOLO stop working : The client origin is not permitted to use this API

I assume it has something to do with this:
For me Google one Tap stopped working on all my sites that previously worked. I added API HTTP refer to restriction in console.developer.com, but I still get a warning message "The client origin is not permitted to use this API." any thoughts? If you go to the page https://www.wego.com/ you can see that Google one tap still works...
https://news.ycombinator.com/item?id=17044518#17045809
but Google YOLO stop working for everyone. I use it like many people for login and it just stop work.
My domain are obviously added on console.developers.google.com
Any ETA for fix this? Some information would be great for people who rely on it.
Google YOLO is not disabled. It is open to a small list of Google Partners.
The reason you were able to access it earlier was because it was open for a short period of time but the whitelist is now readded/enabled.
Reference:
https://twitter.com/sirdarckcat/status/994867137704587264
Google YOLO was put on whitelist after a client-side exploit became clear to google.
People could cover the login button of the prompt with something like a cookie consent (which we all know people automatically accept).
Therefor people could easily steal their gmail or other details due to this google decided to put it on whitelist and review the sites that are using this technology in order to ensure that they are using it as they should.
Google retroactively labeled One-Tap as a "closed beta".
https://developers.google.com/identity/one-tap/web
The beta test program for this API is currently closed. We are improving the API's cross-browser functionality and will provide updates here in the coming months.
The link for the entire project is currently 404, but the beta statement is visible on the wayback machine.

Is it possible to post a Twitter "tweet" from an small embedded system?

Everything I can find assumes I can use some "large" Twitter API, or run PHP code. I have a very small platform based on an ARM M0+ bare metal (no OS) and would like the device to post "tweets".
For example, everything I see implies I must connect with SSL -- on this small processor, that is probably possible, but not very realistic. Nor is dealing with OAuth and such.
My leaning is to create my own "service" on my home server that can accept a username and password and tweet, then do all the heavy lifting to post on behalf of the embedded device but this seems like a cop out to me.
Is it really that hard to post to Twitter?
[Edit: I'm writing the code myself in C at a very low level]
If I were you I'd start here: https://dev.twitter.com/docs/api/1.1/post/statuses/update
Well, it looks like the answer is: "suck it up princess" - there isn't a well known, light, tweet maker out there.
I'll have to decide if I should proxy my posting through a PC or attempt to support SSL on my wee little board and support the Twitter API.
Thanks for your consideration!

OAuth2.0 "No Flow" server on Restlet

Man, what a nightmare!
Can anybody PLEASE point me in the direction of any kind of a proper tutorial or example of how to implement an OAuth2.0 server on Restlet (2.2 or 2.1.1). The only thing resembling a tutorial that I managed to find is this one here, but don't get too excited just yet, because it seems that the code in the framework is being changed more frequently than this tutorial is being updated.
Aside from the above mentioned article, there seems to be a near complete absence of any useful search results on this matter on Google. Surely someone out there must have got this right and is using OAuth2.0 on Restlet?
I did in fact manage to get my OAuth2.0 server as far as to return an access token to me (after spending hours analyzing the source code of the AccessTokenResource.java file), but it seems that it is only validating the client id and not the client secret. Assuming I can sort that out, I am still faced with the task of actually protecting the resources (which should be the job of the OAuthAuthorizer, but that appears to no longer even be present after 2.1.1).
Any help would be greatly appreciated!!
This extension is a work in progress. Please note that OAuth 2.0 has only recently been finalized.
We are currently updating the 2.2 branch to a very recent draft (31). The code has been updated and the documentation indeed needs to follow.
2.2 is still under development and isn't ready for production. We are looking for testers and contributors (code and doc) at this point.
In 2.2 OAuthAuthorizer has been split.
See this issue for additional details:
https://github.com/restlet/restlet-framework-java/pull/644

Google Docs upload works on some accounts but not others

I have written a client in C to upload files to Google Docs, I get an authentication token, and use it for the upload. However, I have 4 Google accounts, the upload worked on 2 accounts, but not the other 2. And now, it only works on one account.
On authentication, all accounts behave the same, and ClientLogin issues an "Auth=xxx" token. I use the token 100% successfully on one Google account, it used to work on another, and has never worked on the other 2.
The only error is "HTTP/1.1 401 Token invalid".
One account used to work, and now does not, which does not make much sense. The ClientLogin calls never seem to ask for a CAPTCHA.
Currently I can't invest the time to move to the Drive API, and that may present the same issues anyway.
Any thoughts?
Thank you
Garry
Try them individually first, if this works you can start combining untill all 4 works,
doing it step by step is the way to succes, I can't help you with programming code, according to the fact that I'm just a noobie :) tho I thought myself PHP by just doing it step by step, if you got 1 done, then it's just copy/paste and change abit :)
Goodluck tho :)
You should move your code away from ClientLogin and use OAuth 2.0 instead. You didn't mention what language your script uses but Google has some samples for performing OAuth 2.0 at:
https://developers.google.com/google-apps/documents-list/#authorizing_requests_with_oauth_20
and
https://developers.google.com/api-client-library/
Jay

How does the Opensocial pageViewer/pageOwner concept work?

My Problem might be simple, but i just dont know how the pageViewer/pageOwner concept work or its better to say i dont know how i can get rid of this system.
I just want to make a Gadget, which handles all Oauth-authentifications for Networks like Twitter, Google+ etc.
So basicly i want to let the User say how many Networks he wants to access and then i make all Oauth-authentifications, i use Liferay and Opensocial for that task but get this error:
OAuth error: UNKNOWN_PROBLEM: Client state belongs to a different person (state owner=G-10180, pageViewer=10196) ==== Original request: GET /m8/feeds/contacts/default/base?alt=json Host: www.google.com X-Shindig-AuthType: oauth X-Forwarded-For: 87.139.78.177 X-shindig-dos: on ====
I guess i have to change something in the shindig.properties file, but this is where i need your help.
-------------------------------UPDATE----------------------------------
I know that the first part of my Authentication works because i get a authentication token, but it is invalid. I assume that the gadget expects a token identical to the token the owner stored.
It would be perfect if you have a little code example for me to identify the viewer as new user if he isnt already a member. Please tell me where i have to put this code in my gadget because the documentation of opensocial costed much lifetime til now, but i cant find an answere to this issue :).
Thanks in advance
Please see my response to your other question: link
You're basically encountering the same problem where the viewer is not the page owner. As I mentioned in your other question, the page viewer must be the page owner for OAuth gadgets (in other words, you must add the OAuth gadget to a page you own).
I'm hoping that a future version of Shindig will fully support adding OAuth gadgets to pages where the viewer != owner, but I'm having difficulty getting feedback from the Shindig community (see here)

Resources