I've used the v1 of the Dribbble's API to show all my shots on my portfolio page. It requires the Client Access Token and nothing more. A few days ago I updated Client Access Token and got the error which says that v1 API is deprecated and I must use the v2. I read the documentaion and didn't find any approaches to use the API without OAuth 2.
Is it possible to use updated Dribbble's API without OAuth 2? According to the docs I can't show shots in my portfolio as I did before.
You will need to use OAuth and if you notice v1 will be deprecated come March 2018. At first I was somewhat confused by v2 documentation in obtaining an access token but after spending a little time experimenting I was able to figure out how to get an access token.
First you will need to Register Application. Do note what you put in the Callback URL because it's important later.
For example, my callback url is http://grim.com
Referencing OAuth on my Mac in the terminal I ran a curl:
curl GET https://dribbble.com/oauth/authorize?client_id=CLIENT_ID_FROM_APPLICATION
After running the curl I copied the link returned from the response and ran open URL which in the browser I was prompted a sign in. After sign in I was asked if I wanted accept, then I was redirected to the Callback URL. In the browser copy the last part of the code from the redirect, the URL will look like this:
http://grim.com?code=sadhjsahdjksahdjsahdjsahdkjsa
After copying the code (?code=sadhjsahdjksahdjsahdjsahdkjsa) I opened Postman and changed it to Post from Get.
I passed:
https://dribbble.com/oauth/token?client_id=CLIENT_ID&client_secret=CLIENT_SECRET&code=sadhjsahdjksahdjsahdjsahdkjsa
I was returned:
{
"access_token":"1323213h23h2131j2h3jk12",
"token_type":"bearer",
"scope":"public",
"created_at":13211421
}
Using the token in the terminal we can do:
curl "https://api.dribbble.com/v2/user?access_token=1323213h23h2131j2h3jk12"
and a return of the user should be in the terminal. There might be a better solution out there but hope this helps.
Related
After months of developing a Web App under Firebase suddenly these days we have a problem with the Authentication, it returns this console.alert only with Facebook and google login (email/pass login works fine):
[firebase-auth] Info: The current domain is not authorized for OAuth
operations. This will prevent signInWithPopup, signInWithRedirect,
linkWithPopup and linkWithRedirect from working. Add your domain
(front.qualify.mx) to the OAuth redirect domains list in the Firebase
console -> Auth section -> Sign in method tab.
The App uses 3 different sub-domains, and in all 3 we can access over email/pass but not Facebook nor google.
We tried updating the Firebase initialization script, nothing. We have checked the API keys (in the Google APIs Credentials) and there was a new "Server key (auto created by Google Service)" which no one told us it was generated (Jan. 18th), so we edited it to include the domains as the original API key in different ways (w/wo * and /*), nothing. We deleted this new Server Key, suddenly something different, now the console includes a 403 error before the alert stated above and returns auth/timeout code inside the object.
We also found the Identity Toolkit API has detected many errors, so we tried to add the URLs for login, logout and email, but nothing happens when trying to save.
What are we missing?
The solution was adding my-app.firebaseapp.com (being my-app the unique identifier of our Firebase App) to the HTTP referrers in the Browser-Key Credentials from the Google APIs console and wait some time to propagate.
After many months of development the app never had a problem, and we are sure we never removed such referrer (if it was ever there).
Anyway... it's done and learned.
The simple way I was able to solve this issue I had with my ionic project was by following the instructions in the log, if you don't see any message try console log the response from firebase.
So what I simply did was follow the url: https://console.developers.google.com/apis/api/identitytoolkit.googleapis.com/overview?project='projectId'
*projectId = the Id of your project
and enable the Identity API something it brought up. Finish, and it worked instantly.
The problem:
I have a app on google script's platform, that's meant to allow uploads to Google Drive without using any account. The upload feature works well but I'm having issues with very long/big uploads. I'm trying to solve this since a week now, mostly because I need to test the expiration of the tokens.
When a user tries to upload a big file (20/30 GB) to the server, the Auth token expires Error Screenshot 1 and then I get this error Error screenshot 2.
So, what I need is to use a token that would expire in more than 5 hours. I did try to use a refresh token but I ended up very confused. I did created the refresh token in OAuth 2.0 Playground.
Things I've tried:
Pass the refresh token in the setOAuthToken. (Rejected by the function)
Use the refresh token to use setOAuthToken but it failed.
Questions
Can I permanently authorize the app access to Picker? (since it's always the same user accesing the drive on the server side code)?
Should I use a refresh token to obtain an Auth token?
Original Code:
var a = (new google.picker.PickerBuilder)
.addView(t)
.enableFeature(google.picker.Feature.NAV_HIDDEN)
.setOAuthToken("<?= ScriptApp.getOAuthToken(); ?>")
.enableFeature(google.picker.Feature.MULTISELECT_ENABLED)
.hideTitleBar()
.setSize(DIALOG_DIMENSIONS.width - 2, DIALOG_DIMENSIONS.height - 2)
.setCallback(pickerCallback).setOrigin(config.FORM_EMBED_DOMAIN)
.build()
Any help will be extremely appreciated.
afaik, the Picker can't take a Refresh Token and use this to renew its Access Tokens. This is almost certainly by design, since Refresh Tokens should never be on an insecure device such as a browser.
The only approach I can suggest would be to:-
A 1. have a Refresh Token on a secure server
implement your own endpoint to return an Access Token using the stored refresh Token
or
B 1. Use gapi, immediate=true (or however you currently obtain an Access Token)
Have a setTimeout/setInterval function which every 59 minutes, gets a new Access Token using option A or B
Poke this into the Picker object by finding the internal property where the Access Token is stored.
This is fugly and fragile, but I honestly can't think of a better answer.
You can dispose created picker object after 1hr, and create a new one with freshly obtained access_token
https://developers.google.com/picker/docs/reference#picker
Look at method dispose in API description
The suggested solutions did not solve the problem.
I tried the same using Google forms, I tried to upload the same files I used to test the error described in the original question. It turns out, I have the exactly same error!
So, I think is a case of "worked as design". I already sent a error report to Google, we have a G Suite Account, I hope we receive some feedback. But I think is not something easy to solve.
The main problem with the google form alternative, is that it requires a Gmail/Google account, and if the files you want to upload are bigger than your free quota, the upload will fail. I'm trying with a personal account with 21 GB (the uploader) and an unlimited G Suite account (receiver and form owner).
So,
After a lot of testing different options, the easiest/fastest solution is to limit the clients to upload up to 3 files (because you can upload 3 files at the time during the beginning of the process). When you try to upload the 4th file you'll get an authentication error.
Case closed!
So I'm out of ideas, I don't know what to check or debug anymore, but on the exception I get this:
string(188203) "Facebook\FacebookAuthorizationException Object
(
[statusCode:Facebook\FacebookRequestException:private] => 400
[rawResponse:Facebook\FacebookRequestException:private] => {"error":{"message":"Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request","type":"OAuthException","code":100,"fbtrace_id":"DqCCKoiN0r4"}}
[responseData:Facebook\FacebookRequestException:private] => Array
(
[error] => Array
(
[message] => Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request
[type] => OAuthException
[code] => 100
[fbtrace_id] => DqCCKoiN0r4
)
)
[message:protected] => Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request
[string:Exception:private] =>
[code:protected] => 100
You can set redirect URI in
Go to https://developers.facebook.com/apps
Select your app.
Under Products > Facebook Login > Settings
Enable Embedded Browser OAuth Login
Set Valid OAuth Redirect URIs
You can Validate Redirect URI with Redirect URI Validator.
You can only use https URIs.
Also set App Domain in Settings > Basic > App Domains
Try / at the end of redirect URI
In my case I was using https://localhost everywhere but somehow when getting access token specifying https://localhost/ worked.
As absurd as it sounds, verify you're using the correct app_secret.
Facebook will give you this instead of just saying "invalid secret" in the response
I believed you have used different redirect_uri in your facebook app settings and Oauth API code. thats why you got this error.
For facebook login you must set same redirect_uri into both place.
Make sure to have it exactly as in your FB settings.
For me, I had https://localhost:3000/ in my settings but https://localhost:3000 in my get access token call and this was the source of the error!
I had the same issue and non of the answers helped me, then I tried to make another Facebook app, and it solved my issue!
I mean you have to use one application for Facebook OAuth and make another to use for Instagram oauth. seems Facebook has an issue with using both functionalities in one app.
After engaging in the problem for more than a day, found my mistake to be one '/' (slash) in app url at the end.
incase anyone else is having this issue and can't figure it out, your redirect_uri needs to have a "/" at the end. Facebook adds one automatically when you put your redirect_uri in the app settings. If you don't add the "/" in your code when you're trying to get the token, it will give you this error. That's what was going on with mine.
Ex: redirect_uri = "https://myserver.com:4429"
should be
redirect_uri = "https://myserver.com:4429/"
It means the redirect URI you pass to FB (usually in the query string) does not match what you have set in the app settings.
It can also be because of multiple slashes, for ex:
https://yoursite.com/auth/facebook/callback -> that's the one you added in the app settings
https://yoursite.com//auth/facebook/callback -> that's what you actually send
For me, it worked by replacing
callbackURL: "api/auth/facebook/redirect/",
to
callbackURL: "http://localhost:3000/api/auth/facebook/redirect/",
in the new FacebookStrategy
Was stuck in the same problem for a long time .
You will get this error when the redirect url is mismatching or does not exist or is wrongly formatted in the field (additional spaces or // ) , either the facebook app setting or while you are calling the API .
Solution
What worked for me was when ever you add a redirect URl you can check it in the valid redirect auth field uf it doesnot show valid when pressed check than that url is not the correct one
I finally managed to get this to work, in my case, I was using the Instagram Oauth API but I believe the logic is the same and you can find the complete flow here : https://developers.facebook.com/docs/instagram-basic-display-api/guides/getting-access-tokens-and-permissions.
So here is the basic flow :
Generate an authorization which will provide you with a code (the user will get redirected to Instagram in order to accept/deny the requested authorizations)
This code can be used in order to generate a 'short lived access token' and this is where the troubles arise.
For the first point, you need to provide Instagram with a redirect_uri. When you want to complete the second point, you'll need to make a POST request to Instagram, with a redirect_uri as well.
I thought that both redirect_uri's could be different between the 2 steps, but they don't. And this is simply where my error was : I wanted something like that for the first step : https://my.domain/short-lived-token and something like this for the 2nd : https://my.domain/short-lived-token but when I tried both with https://my.domain/generate-access-token, for instance, it worked.
Hope it helps you guys because I couldn't find anything on the internet.
LATEST FIX:
After sending 3 hours, I found a solution to this error.
This happened due to 2 reasons.
As we can see in response. Just Make sure you set the same URL in the developer portal and code
IMP: FACEBOOK needs to change the API response. 2nd reason is that you make sure that using Instagram App Secret and app ID. I was getting the same error bcoz I was using the wrong app secret.
Must Follow: Official FB Docs
I'm at a total loss here. I believe I'm right in thinking there is no longer any JS API for twitter which just sucks hugely.
However I realise looking at this I could just use ajax and react to the responses from this:
https://dev.twitter.com/rest/reference/post/statuses/update
OAuth Signature Generator
Example Request POST
https://api.twitter.com/1.1/statuses/update.json?status=Maybe%20he%27ll%20finally%20find%20his%20keys.%20%23peterfalk
However when I post to that url I get the following:
{"errors":[{"code":215,"message":"Bad Authentication data."}]}
Bad Authentication data -> this is very self explanatory: Your Authentication is Bad; in other word, you are not authorized to use that API method.
Since you use POST method, make sure you set your APP access level to Read & Write.
Sign in to apps.twitter.com, and in the Applications Management page for your app, click the Permissions tab. There you can change your access level.
For further reading, please see this answer.
My web app in importing Evernote notebooks of a user to visualize them as a network.
Everything works fine with a sandbox version, but once I try to do it on the production server, when I do
noteStore.listNotebooks
I get the following err:
{ errorCode: 8,
message: 'authenticationToken',
rateLimitDuration: null }
You can see the code on https://github.com/noduslabs/infranodus/blob/evernote/routes/imports.js#L428
My developer API is activated on the main server (at least I requested it a few months ago and received a confirmation of that). My developer API username is infranodus.
ALso, the oAuthAccessToken also seems to be obtained and transmitted inside my app.
Could you please tell me why this error pops up and how can I extract the notebook list – both private and public ones for the user?
Thank you for your help!
How did you get the token ? Is it a dev token or an oauth one ?
In both cases make sure that they were issued by the production server and not the sandbox one (i.e. you can't use a sandbox token in production environment).
If it's a prod token, I'd suggest to open a support ticket asking the Evernote team to check your credentials : https://dev.evernote.com/support/ (manage an api key)
Another suggestion : get a prod token (https://www.evernote.com/api/DeveloperToken.action) and use it instead of your oauth token. If it works then you have a problem with your API key (and you should open a support ticket as suggested above). If it does not work then there's an issue with your code.