LinkedIn: Javascript Token and validate user in server - javascript

I have been reading a lot of questions/answers about the LinkedIn login through javascript login and the validation of the user from backend. But I didn't find a solution that worked with current API.
I understood that the JS token is not the same as the Oauth Token and I don't need to save the token for the future use, I only need to validate the user before the signup on the website.
Once the user is authenticated, I'm going to request the basic profile user and api-standard-profile-request
IN.API.Profile("me").fields(
'id', 'first-name', 'last-name', 'email-address', 'api-standard-profile-request')
The apiStandardProfile returns me an object with an url (like this https://api.linkedin.com/v1/people/{id_user}) and an array with headers (like this name: "x-li-auth-token", value: "name:xxxx"). I haven't find in the official docs how to use this, but I receive every time an "Authentication Failed" with status code 200.
So, do I need to rewrite the authentication flow with Oauth2.0, or can I continue to use the Javascript login?
Thanks
P.S.: I found and read the old documentation from this old topic https://web.archive.org/web/20141028192415/https://developer.linkedin.com/documents/exchange-jsapi-tokens-rest-api-oauth-tokens.

I've had the same problem and the only way I found to use the JS token was to use the header oauth_token instead of an Authorization Bearer header when requesting something with Rest API:
POST https://api.linkedin.com/v1/people/~:(id,firstName,lastName,picture-url,email-address)?format=json
Headers {
'oauth_token': JS_TOKEN
}
The JS_TOKEN I'm reading on frontend from IN.ENV.auth.oauth_token.

I have also faced a lot of issues with LinkedIn APIs, I am recommending you to follow the latest development docs in Linkedin's developer site because LinkedIn had been changed their developer programme significantly after Feb 2015, so depending upon the old APIs will be a risk.
I believe following will help you to solve the issues,
Use this link to explore & test the APIs, including profile API.
This is the full list of parameters supported by profile API
If you only need public profile, add this public-profile-url as the comma separated parameter in the API.
https://api.linkedin.com/v1/people/~:(id,num-connections,picture-url,public-profile-url)?format=json
or for siteStandardProfileRequest, use following API
https://api.linkedin.com/v1/people/~?format=json
OAuth vs Javascript SDK:
Javascript SDK
Pros: Easy to integrate, less coding effort, no token management.
Cons - will not support iOS
OAuth
Pros: platform independent
Cons - Token managment, More coding effort

Related

How to use scoped APIs with (GSI) Google Identity Services

Google recently sent me an email with the following:
One or more of your web applications uses the legacy Google Sign-In JavaScript library. Please migrate your project(s) to the new Google Identity Services SDK before March 31, 2023
The project in question uses the Google Drive API alongside the now legacy authentication client.
The table on the migration page (https://developers.google.com/identity/gsi/web/guides/migration) says:
Old
New
Notes
JavaScript libraries
apis.google.com/js/platform.js
accounts.google.com/gsi/client
Replace old with new.
apis.google.com/js/api.js
accounts.google.com/gsi/client
Replace old with new.
I was currently using gapi on the front-end to perform authorization which is loaded from apis.google.com/js/api.js. According to the table I would need to replace it with the new library.
I've tried the following to authenticate and authorize in the same manner that I used to do with gapi:
window.google.accounts.id.initialize({
client_id: GOOGLE_CLIENT_ID,
callback: console.log,
scope: "https://www.googleapis.com/auth/drive.file",
discoveryDocs: ["https://www.googleapis.com/discovery/v1/apis/drive/v3/rest"],
});
window.google.accounts.id.renderButton(ref.current, {
size: "medium",
type: "standard",
});
However, when I try to authenticate with the Google Sign In button, the scope field is not respected and it does not ask the user to authorize the requested scopes. It also doesn't return any form of access token in the Credential Response in the callback.
I'm not sure how else to authorize using the new library.
In the new Google Identity Services, the authentication moment and the authorization moment are separated. This means GIS provides different APIs for websites to call on these two different moments. You cannot combine them together in one API call (and UX flow) any more.
In the authentication moment, users just sign in or sign up into your website (by leveraging the information shared by Google). The only decision users need to make is whether they want to sign in (or sign-up). No authorization-related decision needs to be made at this point.
In the authentication moment, users will see consistent One Tap or button UX across all websites (since the same scopes are requested implicitly). Consistency leads to more smooth UX, which may further lead to more usage. With the consistent and optimized authentication UX (across all websites), users will have a better experience with federated sign-in.
After users sign-in, when you really want to load some data from a Google data service, you can call the GIS authorization API to trigger a UX flow to allow end users to grant the permission. That's the authorization moment.
Currently (August 2021), only authentication API has been published. If your website only cares about authentication, you can migrate to GIS now. If you also need the authorization API, you have to wait for further notice.
To add to the current answer, there is now documentation on how to authorize users with additional scope. From Using the token model.
First you need to init a TokenClient:
const client = google.accounts.oauth2.initTokenClient({
client_id: 'YOUR_GOOGLE_CLIENT_ID',
scope: 'https://www.googleapis.com/auth/calendar.readonly',
callback: (response) => {
...
},
});
Then request for a token:
client.requestAccessToken();
If anyone is interested in where it's mentioned in the migration documentation, last paragraph of this section:
If your use case includes authorization, please read How user authorization works and Migrate to Google Identity Services to make sure your application is using the new and improved APIs.
While their articles are very detailed and good, personally I find them a bit too much for me, so it's simpler for me to just follow the first article mentioned and don't care about migrations at all.

Gmail JS API - OAuth2 Error invalid_scope

I am new to GMail JS API and I was trying to read gmail emails using Javascript according to the quickstart tutorial given explained on below link
https://developers.google.com/gmail/api/quickstart/js
I have followed all the instructions given on the page but I am getting below
error
did I miss something???
Please help me resolve this error
Thanks in advance!!!
You may refer with this thread. Make sure that you are authenticated to the API properly.
To do this, there are two ways:
use OAuth - the Server redirects the user to google's servers, where they can login, grant permission to your app, and pass a token back to
you
Service Accounts. These are a little bit more complicated:
First, you'll have to setup an app (done)
second, you'll have to setup a service account. This is how your app authenticates to google. you've done that, and the certificate
you've got contains the private key to authenticate
third, the user needs to grant your application access to act on behalf of them. This is the point you haven't done yet.
Also, as stated here, certain scopes simply aren't supported for the oauth2 for devices flow.
Additional references:
Invalid scope error when trying to access gmail api
You may refer with this thread.
As per the announcement on May 11, 2017, publicly available applications with access to certain user data must pass review. If you see an access error for your app, submit a request using our OAuth Developer Verification form.
For personal-use apps and those you are testing, join the Google group Risky Access Permissions By Unreviewed Apps, which allows you to approve data access for personal and testing accounts. See the Google API Services User Data Policy for more information.
This blog about how to fix this error might be also helpful.
OAuth invalid scope

Authenticate to google apps script given oauth access tokens

I have seen google apps script's tutorial to migrate from oAuthConfig to oauth1 here
But what if I have the access tokens with me already?
I checked the oauth1 library code here and could not find a way to include access token here.
Is there any alternative way?
Also note that I have 4 things with me: Consumer Key, Consumer Secret, Token and Token secret.(Note: I have 2 things in access token, not only a single token).
As mentioned here(read the Warning on that link), OAuth1 was shut down on April 20 this year. So I am assuming/hoping that you're using OAuth2 instead. If not, I would suggest you to migrate soon as possible.
When working with access tokens, it is important to remember that they have limited lifetimes. Hence, always remember to add them "programmatically". Depending on the API you're trying to access, access tokens are appended to the request as the value of the access_token query parameter of your request. Here are a couple of examples:
Plus API:
GET https://www.googleapis.com/plus/v1/people/userId?access_token=1/fFBGRNJru1FQd44AzqT3Zg
Youtube API:
https://www.googleapis.com/youtube/v3/channels?part=id&mine=true&access_token=ACCESS_TOKEN
So look up the Google Developers documentation for the particular API you're using for help on what the exact request will be like. Here are a few samples for using OAuth2 with Google App Script. Hope this helps.
EDIT:
A little correction. For OAuth1, the access token is passed using oauth_token. For clarity of how the process flows, refer to the subheadings 6.1 to 6.3.2 in this link and the former one for how it is done on Google's end.
Also, quoting this link:
"April 20, 2015: OAuth 1.0 is shut down. A static error page will be displayed on all requests. Make sure you have migrated well before this date."
If that hasn't already happened, it might happen anytime as currently OAuth1 is "officially" shut down.

No Authentication Pop up with Tumblr Like <a> link

As of now I am building out a custom Tumblr page which is basically aggregating post content into 1 page.
Problem is, we can't use the Tumblr tags for the Like, we have successfully gotten the Reblog to work, but when ever I try and use an hrefed to this pattern,
'http://www.tumblr.com/like/'+oath+'?id='+id'
and /unlike/ for unliking the post.
I can't get anything but an access denied page to come up.. Shouldn't I at least be seeing an authentication pop-up of some kind? Not sure what else to do here. Need to get this LIKE functionality working, and using the Tumblr {like button} is not an option since we aren't using a {posts block} rather pulling all our content in via JSON API.
Found an answer!
So let me break it down for you all.. I am just going to run down all the issues and caveats that were discovered while I was hacking away at the Tumblr API. In most cases you will not find any of these answers on the inter webs. If you do, they most likely will just be my answers to my own questions that I posted to the Forums.
A Tumblr Application is defined by any page template either hosted
by Tumblr or not that will be using the Tumblr API. Applications
must be registered with Tumblr at:
https://www.tumblr.com/oauth/apps
All Tumblr Applications upon creation are given a set of keys for
accessing the Tumblr API. OAuth Consumer Key aka API Key Secret Key
The Tumblr API is divided mainly into two different types of
methods. The third being “Tagged” which is for pulling tagged posts
from the Blog or the User.
“Blog Methods” which only require the submission of the Consumer
Key. “User Methods” which require a full OAuth signed request which
meets the OAuth 1.0a Protocol. The “User Likes” returns a maximum of
50 records at a time. This is not documented in the Tumblr API
docs.
Currently the Tumblr API documentation directs developers to use one of the many open source API clients. However, all these clients seem to be Server Side applications. For providers, such as Tumblr, which support only OAuth1 or OAuth2 with Explicit Grant, the authentication flow needs to be signed with a secret key that may not be exposed in the browser.
HelloJS gets round this problem by the use of an intermediary webservice defined by oauth_proxy. This service looks up the secret from a database and performs the handshake required to provision an access_token. In the case of OAuth1, the webservice also signs subsequent API requests.
HelloJS - http://adodson.com/hello.js/ is the only client-side Oauth library that was available and free. There are many services out there that charge on a per-api hit basis to serve as a proxy.
The HelloJS OAuth Proxy is available at: https://auth-server.herokuapp.com/
Login to the OAuth Proxy is done using one of the following social account credentials: Google, Windows Live, Facebook, or Yahoo.
OAuth Proxy serves as a secure “man in the middle” allowing for the “Secret Key” to be securely stored while still allowing for Client-Side OAuth authentication.
HelloJS features a special Tumblr Module - http://adodson.com/hello.js/demos/tumblr.html
HelloJS utilizes the new Javascript Promises asynchronous functions specification - https://www.promisejs.org/
Javascript Promises have some unique rules when it comes to passing objects received from an asynchronous AJAX call.
With everything is done in the callback.
What jQuery calls a promise is in fact totally different to what everyone else calls a promise.
Hope this helps for future Tumblr integrations.
John

What is OAuth authentication?

I am developing an iGoogle Gadget. I have to access the spreadsheet data of logged in user. How do I implement an OAuth for it?
You have to become an OAuth Consumer of the Google services - they are the OAuth provider in your case.
There are a lot of open source implementations of the protocol in various languages, but I would suggest to read through the RFC if you want to implement it - it's clearly written and not very long.
The official site has good reads and links too:
http://oauth.net/
Basically it's a protocol that exchanges a little bit of data between you (your application aka the consumer), the provider and your user with internal HTTP requests between you and the provider (exchanging tokens) and some redirects through the user's browser between you and the provider again.
Also, you as a consumer will have to store some tokens and data regarding these interactions. It's not very complicated and in the same time is very interesting thing to implement. I learned things about security, request signing, some http details and headers. And if you already know these things, then you will do it a lot faster than I did :)
OAuth is just an API that Google gives out to developers to let them authenticate Google accounts in other manners other than just going on google.com - for example through a programmatic way.
Authentication is the basis of it, but through OAuth you're able to retrieve lots of information from a specific Google account (calendar info, contacts etc.)
To implement this you would need to read more on their website:
https://developers.google.com/identity/protocols/OAuth2

Categories

Resources