Referring to this old april 2009 thread at twitter-dev; I am currently extracting the twitterid from the access token. The thread says that twitter will soon move to provide the twitterid & screenname to the callback url directly but as of today, that is still not the case. Are you still extracting the twitterid from the access token ? Is there another more future-proof way to get the twitterid/screenname given that you have the access token ?
Once you have access token, why not call verify credentials method which would give you the user's detailed information?
Related
I’m updating a third party app that currently integrates with Twinfield using the session’s method with username and password to use the oAuth method.
In confused by the documentation though... do I still need to use the sessions or when using oAuth do I just call the endpoint(s) by passing the access token in the header as normal?
Also their Soap definition has four properties, the usual ClientID and Secret but also accessSecret? What’s that?
TLDR: you no longer need to use the sessions and SelectCompany; when you have the access token you can use that and the company code directly in the header.
You can obtain the access token as described here.
The documentation is a bit unclear on how to use the access token in your calls.
In the old username/password/session flow, you referred to a SessionID in the SOAP Header, and you would do a SelectCompany call to select the relevant target ("administratie").
In the OAuth flow, the SessionID is no longer relevant. Once you obtained a valid access token, you should set that in the header using the AccessToken field.
Instead of the old SelectCompany call, you can set the CompanyCode directly in the header. So if you have obtained an access token eyWhatANiceToken, and want to retrieve data for company "My Company BV [130001]" you have set AccessToken to eyWhatANiceToken and CompanyCode to 130001 in the header.
You can request the available codes using the list offices call
I am working with the Slack oAuth API.
When I do a GET on https://slack.com/oauth/authorize passing my client_id, and the scope, I get html reponse asking for workspace URL.
After that I need to sign in and provide my password before code is returned which I can use to renew my temporary token
My question is: How can I automate the process of providing workspace URL, username and password? I need to get the code return after authentication (the temporary token) so that I can call https://slack.com/api/oauth.access to renew my token
My reasoning is that if I have access (from the app I created) to: App ID, Client ID, Client Secret, Signing Secret and Verification Token there should be a way for me make simple API call to get code or is my understanding of the slack OAuth flow wrong?
NB: I have taken a look at https://api.slack.com/docs/oauth but I was not able to get it done. I am also aware that I can make the /signin and /checkcookie to get this done but it involves parsing HTML response for parameter values needed to make subsequent calls. I just feel there a simpler way to do it.
This Stackoverflow question is not a duplicate because is it mainly referred to a case of not having an app created; In my case, I have an app created.
I have made a slack app in which I have a bot. I have selected channels:history, channels:read, channels:write under my permission scope, and also I have passed scopes
"scope":"bot channel:history channel:read channel:write"
while doing my oauth2 verification (using python), and I got a response where the scope is
"scope":"identify,bot,channels:history,channels:read,channels:write"
along with client and bot access tokens.
Now when I do an api call to fetch history of a channel in which my bot is invited to, I get
{
ok: false,
error: 'missing_scope',
needed: 'channels:history',
provided: 'identify,bot:basic'
}
Can someone please tell me where I am going wrong. How can I PROVIDE the channels:history scope in my api call. This is really driving me nuts. Should I be using the client access token, ie xoxp-xxxx, instead of bot token, ie xoxb-xxxx ?'
Thanks!
For people having this problem in the future;
your integrated bot has full access to the slack api, whereas a bot in a slack app don't, as it will used publicly. When you successfully finish oauth2, you should get 2 tokens, user access token and bot token. The user token is used to read history from any channel/groups, and the bot access token is used to write to them. This means you constantly have to be switching from user token to bot access token in your app.
Also, remember that bot-user MUST be a member of a private channel which you want him to connect to.
Hope that helps.
Ps, if any found a better way going about this, feel free to answer below.
Since you did not mention it: You also need to specify all required scopes on the admin page for your Slack app under "Oauth & Permission Scopes".
I have an application registered with https://apps.dev.microsoft.com with Microsoft Graph Permissions including: Mail.ReadWrite, Mail.ReadWrite.Shared, and User.Read. Ultimately, I need to read mail and move it to other folders using a daemon task. I am using the Microsoft OAuth2 endpoint to obtain an access token using grant_type=password. This call is working in that I get back a token with scope=Mail.Read, but I need Mail.ReadWrite. Is it possible to obtain a Mail.ReadWrite token using grant_type=password?
My call looks like this:
resource=<myresource>&client_id=<myclientid>&grant_type=password&username=<myusername>&password=<mypassword>&scope=openid
I have also tried altering the scope to include Mail.ReadWrite, but that does not seem to work.
I managed to get this working. After editing permissions for the application, there must have been a window of time where the settings did not yet take effect. I manually signed into my app a few more times and was eventually prompted to accept the new permissions. The next time I made the OAuth request, I got back a Mail.ReadWrite token.
I'm trying to integrate Future Payments in my iOS using Ruby SDK on server. According to instructions at https://developer.paypal.com/docs/integration/mobile/make-future-payment/ I follow the following procedure:
I receive OAuth2 token from mobile client.
I use FuturePayment.exch_token(oauth2_code) to exchange it for refresh and access token.
I expect a response similar to what's mentioned in https://github.com/paypal/PayPal-iOS-SDK/blob/master/docs/future_payments_server.md
But I receive just a string which is similar to access token. This is what I got in one of the calls: A015IvJ2HjzJgSI-Qve0VXT3LNKEi67KBGplwkGEptj3DCg
I tried using this token immediately to create a FuturePayment object and I succeeded eventually. But the problem is, since I dont get a refresh token, how would I be able to process/create FuturePayments for the same account in later future?
This looks like a bug in ruby SDK. Please open an issue on github.
Until fix is released, you can make future payment calls.
Exchange authorization code with Tokeninfo object that has both refresh token and access token by calling create_from_authorization_code(). Use create_from_refresh_token() if you have a refresh token and want to retrieve an access token with it: https://github.com/paypal/sdk-core-ruby/blob/master/lib/paypal-sdk/core/openid_connect.rb#L60