I'm successfully using Paypal Express Checkout in a marketplace web app passing for every seller the three parameters to the PaypalExpressGateway (login, password and signature).
So, I see that Shopify lets the seller set only the e-mail address of the Paypal account requesting to grant scott_api1.jadedpixel.com as the API Partner Username.
I could't find anything in the ActiveMerchant doc on how I can do it...Someone can help?
Thanks a lot,
zetarun
We use PayPals "Accelerated Boarding" method of setup for Express. They should send you an email after the first attempted sale with a link that automatically sets up the correct API settings.
To manually set them up, you can follow the instructions listed in our PayPal wiki, http://wiki.shopify.com/PayPal which are as follows:
Third-party authentication: Grant Shopify the appropriate API authentication permissions
1. Log in to your PayPal account and click the Profile subtab.
2. Click the API Access link in the Account Information column.
3. Click the Grant API Permission link.
4. In the Enter an API Partner Username field, enter scott_api1.jadedpixel.com.
5. Check the following API permissions:
* Express_Checkout
* Direct_Payment
* Admin_API
* Auth_Settle
6. Click the Save button.
Best regards,
Mike # Shopify
Ask the client to grant permissions on paypal and pass in the client's paypal email as :subject when creating an instance of the gateway:
ActiveMerchant::Billing::PaypalExpressGateway.new(
:login => '...', :password => '...', :signature => '...',
:subject => 'client#example.com')
Related
I am following the official Microsoft instructions in Sign in with Linkedin (there are also the Linkedin instructions here), which also link here for the authorization code flow. As instructed, I have set up a linkedin application and used the client id and secret to initiate an oAuth 2 flow, requesting the r_liteprofile and r_emailaddress scopes.
Instead of getting the login form, I am redirected to my callback url with the following params:
error: unauthorized_scope_error
error_description: Scope "r_liteprofile" is not authorized for your application
state: cfa970987c9a3c2178dddeda0d81dab3e00dce4c683098d6
This is the list of default scopes (which, as per the documentation, are the ones granted if you don't specify a list of scopes yourself), and the r_liteprofile is not in there.
Is the documentation out of date, or am I overlooking something?
We have to enable "Sign In with LinkedIn" under the products tab, only then you can avail that scope (r_liteprofile and/or r_emailaddress) and services.
This goes for the review process(System takes max 60 mins to approve) and If your request has been approved, the relevant product will be moved to the "Added products" section.
This happened to me the other day but somehow I was able to get around the issue. The new Microsoft API docs for LinkedIn are up to date. The docs on LinkedIn Developers portal will soon be outdated:
Important update: All developers need to migrate to Version 2.0 of our APIs and OAuth 2.0 by March 1, 2019.
A few things to try:
Register a new LinkedIn OAuth 2.0 developer application - newly registered applications have access to the new V2 API
Try removing the r_liteprofile scope or revert back to r_basicprofile
My little contribution in 2021.
It seems like Linkedin keeps changing the value for scopes.
On the Linkedin developer portal looking under OAuth 2.0 scopes section in the Auth tab, I found the values that finally worked for me.
PS: Make sure to enable Sign-in from the product Tab.
Navigate to Products in the LinkedIn Developer Console and select Sign in with LinkedIn.
The verification process takes a few moments and then r_emailaddress and r_liteprofile should appear under your permissions.
Solution for me was to click "select" next to "Sign In with LinkedIn" on the LinkedIn developers console for my app.
We must add a product with Sign In with LinkedIn (click on select): Product menu with "Sign in with linkedin" selected.png.
Then, in the auth menu: OAuth 2.0 scopes, we get this : Auth menu scope.png
I have a rails application in which I wanted to send email using Gmail API(using google-api-client for ruby). I have created one application in google developers and I have generated a service account key. I am using google specification for storing that credential JSON file(storing in /home/user/.config/gcloud/applicaton_default_credentials.json).
For starters, I wanted to fetch user labels below is my code
require 'google/apis/gmail_v1'
gmail_v1 = Google::Apis::GmailV1
service = gmail_v1::GmailService.new
service.authorization = Google::Auth.get_application_default([gmail_v1::AUTH_SCOPE, gmail_v1::AUTH_GMAIL_COMPOSE, gmail_v1::AUTH_GMAIL_MODIFY, gmail_v1::AUTH_GMAIL_READONLY])
user_id = 'me'
result = service.list_user_labels(user_id)
But this is giving me Google::Apis::ClientError: failedPrecondition: Bad Request error.
My end goal is to send email using an email for which I have generated the credentials JSON file, as I don't want to put my username and password in the smtp config of the ActionMailer.
Remember Service accounts isn't YOU. A service account is a dummy user who has a Google drive account and a google calendar account and probably a few more. However it does not have a gmail account.
user_id = 'me'
Will not work with a Service account.
Note: You cant use service accounts with normal gmail user accounts.
If this is a domains account user then you can take the service account email address and add it as a user on your domains admin account. Granting it permission to access the users gmail accounts. Then you will need to do something like
user_id = 'user#domain'
After many hours of debugging, I finally found a working solution. DalmTo is right about the concept that a service account can't access Gmail as Gmail requires a User account, but we can leverage the power of impersonation in this case. The steps to do impersonation are:
Go to your service account.
Give permission to the user you want to impersonate.
We need to change our code for this setup like below
service = gmail_v1::GmailService.new
service.authorization = Google::Auth.get_application_default([gmail_v1::AUTH_SCOPE, gmail_v1::AUTH_GMAIL_COMPOSE, gmail_v1::AUTH_GMAIL_MODIFY, gmail_v1::AUTH_GMAIL_READONLY])
auth_client = service.authorization.dup
auth_client.sub = 'user#domain'
user_id = 'me'
result = auth_client.list_user_labels(user_id)
Note: For this, to work, we need to go to our G-suit account and give proper permission to our service account.
I'm building an application where a user can connect their own Paypal account through Paypal Permissions SDK (https://github.com/paypal/permissions-sdk-ruby). I was able to successfully get permission from the user and was able to store the tokens that were returned from the Paypal Permissions SDK. Now, I am using the following gem for Express Checkout (https://github.com/nov/paypal-express). But the documentation for Paypal Express Checkout on behalf of a user is not clear on how we should use the tokens to invoke a call for Express Checkout.
I have the following codes
#api = PayPal::SDK::Permissions::API.new({
token: #credential.paypal_access_token,
token_secret: #credential.paypal_secret_token
})
Where #credential is my object stored in the database that has the tokens from the Paypal Permissions SDK.
Now after getting, I can use the #api object to get Paypal Username, Password, and Signature
request = Paypal::Express::Request.new(
:username => #api.config.username,
:password => #api.config.password,
:signature => #api.config.signature
)
Now, my problem is that the money isn't going directly to the users paypal account but it is going to our account (we made an account so that we can create a Application in the Classic API part of Paypal).
Is there anyone who can help me? or point me to the right direction?
When calling API on behalf of other account, you need to add parameter "subject" to indicate the account that you are calling API for. The value of "subject" could be the account primary email address or payerID. Then the money will go to the account which was the value of subject.
Yihui gave the right answer. But I wanted to explain/post here what I did to fix my problem (using Yihui's guidance).
You need to get the Payer ID from the 3rd Party Permissions SDK of Paypal. So you will need to ask for the following "ACCESS_BASIC_PERSONAL_DATA", "EXPRESS_CHECKOUT", and "REFUND".
Then you will need to use the NVP (Name Value Pair) SDK of paypal to perform Express Checkout on behalf of another party/merchant.
For more information, we followed the following article of Paypal
https://developer.paypal.com/docs/classic/express-checkout/ht_ec-singleItemPayment-curl-etc/
Everything worked well until today when I received an email from LinkedIn indicating some significant API changes. And subsequently I was seeing Exceptions while authenticating users via. LinkedIn.
Following is the exception from logs
OAuth::Problem (Scope NOT_AUTHORIZED : r_fullprofile):
oauth (0.4.7) lib/oauth/consumer.rb:178:in `request'
oauth (0.4.7) lib/oauth/consumer.rb:194:in `token_request'
oauth (0.4.7) lib/oauth/consumer.rb:136:in `get_request_token'
OAuth logic to get request token.
consumer = OAuth::Consumer.new(LINKED_IN_API_KEY, LINKED_IN_SECRET_KEY,
{
:site => "https://api.linkedin.com",
:scheme => :header,
:http_method => :post,
:request_token_path => "/uas/oauth/requestToken?scope=r_fullprofile",
:access_token_path => "/uas/oauth/accessToken",
:authorizeEmapath => "/uas/oauth/authorize"
})
### Exception occurs at this call.
request_token = consumer.get_request_token(:oauth_callback => callback_url)
Email from LinkedIn
My Analysis till now
If I change the scope to r_basicprofile it works fine but then I don't get skills info of the authenticated linkedin user.
What should be the additional changes I need to do to suffice the API change ?
Starting from May 12, 2015, Linkedin has limited the open APIs.
Access to r_fullprofile scopes requires that you apply for and are granted access to this information from LinkedIn. The full profile fields are only available to applications that have applied and been approved for the Apply with LinkedIn use case.
SOLUTION:
Apply for partner status with LinkedIn, explaining what your integration is and how it works. If it meets the criteria of "we feel that they’re providing value to members, developers and LinkedIn," then some or all of the restricted endpoints will remain open for that app, and ONLY that app.
Member profile fields
The following selection of profile fields are available to all LinkedIn developers:
Basic Profile Fields
Location Fields
Position Fields
Member profile fields available to Apply with LinkedIn developers:
The following selection of profile fields are only available to applications that have applied and been approved for the Apply with LinkedIn use case:
Full Profile Fields
Contact Info Fields
Company Fields
Publication Fields
Patent Fields
Language Fields
Skill Fields
Certification Fields
Course Fields
Education Fields
Volunteer Fields
Check out this linkedin page for more details on which fields are available to all the developers and which are not.
I tried this https://api.linkedin.com/v1/people/~:(id,first-name,skills,educations,languages,twitter-accounts)?format=json at https://apigee.com/console/linkedin.
It is giving skills at apigee, but here https://developer.linkedin.com/docs/fields , Skills are something you would need to be approved by Linkedin.
I am using linkedin login for one of my websites, however regardless of what "members permission" (OAuth User Agreement) I set for my Linkedin application which used linkedin to login, when the user enters my application it only displays
The application like to acess some of your linkedin info:
1-YOUR PROFILE OVERVIEW
2-YOUR EMAIL ADDRESS
3- NETWORK UPDATES
I however want my application ask for
4- YOUR CONNECTIONS
as well!
But even if I select all the (member permissions [as show in image below]) it again only lists the three items above to the user! Any tips please?
You don't mention any language/library you're using. We use the ruby devise gem for LinkedIn Oauth which has a config setting for config.omniauth which is passed a scope, e.g.:
:scope => 'r_basicprofile r_emailaddress r_contactinfo r_network'
The LinkedIn API documents the passing of scope with you auth request here:
https://developer.linkedin.com/documents/authentication