Trying to finish an OAuth2 flow, but keep getting an uncaught referenceerror. Fairly new to Node.js and cant seem to find out what's going on.
// require the blockspring package.
var blockspring = require('blockspring');
var request = require('request');
// pass your function into blockspring.define. tells blockspring what function to run.
blockspring.define(function(request, response) {
// retrieve input parameters and assign to variables for convenience.
var buffer_clientid = request.params["buffer_clientid"];
var buffer_secret = request.params["buffer_secret"];
var redirectURI = request.params["redirectURI"];
var tokencode = request.params["tokencode"];
request({
method: "POST",
url: "https://api.bufferapp.com/1/oauth2/token.json",
headers: {
'User-Agent': 'request',
},
body: client_id=buffer_clientid&client_secret=buffer_secret&redirect_uri=redirectURI&code=tokencode&grant_type=authorization_code
}, function(error, response, body){
console.log(body);
// return the output.
response.end();
});
});
That's not valid JavaScript syntax:
body: client_id=buffer_clientid&client_secret=buffer_secret&redirect_uri=redirectURI&code=tokencode&grant_type=authorization_code
I'm assuming you are trying to concatenate your variable values to a string? Try this instead:
body: "client_id=" + buffer_clientid + "&client_secret=" + buffer_secret + "&redirect_uri=" + redirectURI + "&code=" + tokencode + "&grant_type=" +authorization_code
Strings in nodejs need to be quoted. In your request function, you're passing a key of body, with a value of what appears to be a giant variable. Because there are no quotes around client_id=buffer_clientid&client_secret=buffer_secret&redirect_uri=redirectURI&code=tokencode&grant_type=authorization_code, it's trying to treat this as a variable. When the parser gets to the = sign, it's trying to then set client_id = the following. This is throwing the error.
Simply quote the entire string or if you need to use variables concat using 'string' + variable + 'string'.
Judging by your variable names, you can simple rewrite it as follows:
request({
method: "POST",
url: "https://api.bufferapp.com/1/oauth2/token.json",
headers: {
'User-Agent': 'request',
},
body: 'client_id=' + buffer_clientid + '&client_secret=' + buffer_secret + '&redirect_uri=' + redirectURI + '&code=' + tokencode + '&grant_type=authorization_code'
}, function(error, response, body){
console.log(body);
// return the output.
response.end();
})
Related
I am trying to call the Asana Events API - https://developers.asana.com/reference/getevents
This endpoint uses a 'Sync' token to track when you last called it, each call returns a new sync token which can then be stored and used for the next call to only retrieve events since the last call.
If you do not provide a sync token the API will return an 'invalid token' response and give you a new token to get started with.
However, I cannot seem to get it beyond the initial 'invalid token' call, when I used the token in the following call it still returns 'invalid token'
This is using Google's Apps Script, which is basically just JavaScript with some built-in Google functions
Here is my code:
This function makes a call without the ‘sync’ parameter, uses muteHttpExceptions to get the full response text, and sets the sync token as a property in Apps Script (just a key/value pair)
var asanaBaseUrl = 'https://app.asana.com/api/1.0'
function getSyncToken() {
var url = asanaBaseUrl + '/projects/' + asanaProject + '/events'
var headers = {
'Authorization': 'Bearer ' + asanaPAT
}
var options = {
'method': 'GET',
'headers': headers,
'muteHttpExceptions': true
}
var r = UrlFetchApp.fetch(url, options)
var data = JSON.parse(r.getContentText())
var newSyncToken = data.sync
userProps.setProperty('syncToken', newSyncToken)
}
This function uses the properties service to pull the sync token set in the previous call and makes a new call with the sync parameter
function asanaEventCall() {
var url = asanaBaseUrl + '/projects/' + asanaProject + '/events'
var syncToken = userProps.getProperty('syncToken')
var headers = {
'Authorization': 'Bearer ' + asanaPAT
}
var options = {
'method': 'GET',
'headers': headers,
'sync': syncToken,
'muteHttpExceptions': true
}
var r = UrlFetchApp.fetch(url, options)
var data = JSON.parse(r.getContentText())
return data
}
The second function always returns the following
{sync=[SYNC TOKEN HERE], errors=[{message=Sync token invalid or too old. If you are attempting to keep resources in sync, you must fetch the full dataset for this query now and use the new sync token for the next sync.}]}
I’ve confirmed that the token is being set, retrieved, and sent correctly using the logs.
I’ve confirmed the flow above works by manually using the URL, like this:
Go to https://app.asana.com/api/1.0/projects/[PROJECT GID]/events
Copy sync token
Go to https://app.asana.com/api/1.0/projects/[PROJECT GID]/events?sync=[SYNC TOKEN]
Events show properly
I've looked for other answers but haven't found anything specific that helped, and I asked on the Asana forum but haven't got an answer in a few days.
I'm sure I'm missing something painfully obvious here but just can't see it!
From Go to https://app.asana.com/api/1.0/projects/[PROJECT GID]/events?sync=[SYNC TOKEN] of I’ve confirmed the flow above works by manually using the URL, like this:, in your script, it seems that it is required to add 'sync': syncToken, as the query parameter. So, how about modifying your asanaEventCall() as follows?
Modified script:
function asanaEventCall() {
var syncToken = userProps.getProperty('syncToken')
var url = asanaBaseUrl + '/projects/' + asanaProject + '/events' + '?sync=' + syncToken;
var headers = {
'Authorization': 'Bearer ' + asanaPAT
}
var options = {
'method': 'GET',
'headers': headers,
'muteHttpExceptions': true
}
var r = UrlFetchApp.fetch(url, options)
var data = JSON.parse(r.getContentText())
return data
}
Note:
In this modification, it supposes that your values of asanaProject, asanaPAT and syncToken are valid values. Please be careful about this.
I'm trying to send an HTTP POST request through Node js.
Here's my code:
var tentativa = "{ id:'" + result.rows[i][0] + "', timestamp:'" + result.rows[i][1]+"', application: '"+ applicationName +
"', type:'Log', source: '" + result.rows[i][2] + "', " + string+ " }";
request({
uri: "http://localhost:5000/logs",
method: "POST",
form: tentativa,
headers: { 'Content-Type' : 'application/x-www-form-urlencoded' }
}, function(error, response, body) {
console.log(body);
});
When I send the "tentativa" variable in the form, the request its sent but not saves anything. But when I send the output of the "tentativa" variable it work fine. Shouldn't it be the same?
this is not a valid json
var tentativa = "{ id:'" + result.rows[i][0] + "', timestamp:'" + result.rows[i][1]+"', application: '"+ applicationName +
"', type:'Log', source: '" + result.rows[i][2] + "', " + string+ " }";
the last value miss the key property, this is probably why it's not sending the object along with the request.
And since it looks you want to send a plain json, you can just put the object inside the body.
request({
uri: "http://localhost:5000/logs",
method: "POST",
body: tentativa,
json: true,
headers: { "Content-Type": "application/json"}
}
}, function(error, response, body) {
console.log(body);
});
Thanks so much for the help.
Solved the problem using a javascript object instead of that string, like #varbrad said.
This is my first time working on HMAC,
I have this method to create hash string for HMAC:
var msg = method + publicKey + path + privateKey
//like:
var msg = 'GET' + 'MY-PUBLIC-KEY' + '/api/account' + 'MY_PRIVATE_KEY';
I'm using this library for converting msg to md5.
in the backend code I see
string expectedValue = Hashing.GetHashHMACCMD5OfString(msg, PublicKey)
....
public static string GetHashHMACCMD5OfString(string value, string key)
{
using (var cryptoProvider = new HMACMD5(Encoding.UTF8.GetBytes(key)))
{
var hash = cryptoProvider.ComputeHash(Encoding.UTF8.GetBytes(value));
return Convert.ToBase64String(hash);
}
}
I don't know about .net, is it enough just to convert msg as
var md5Msg = md5(msg, publickey);
// and request
$http({
url: url,
method: 'GET',
headers: {
'Authentication': md5Msg + ' ' + publickey
}
});
in javascript or I need any other conversion (like toBase64) to do?
I have an js function that is collecting data and sending it to a php file.
I am trying to submit an array as part of the post:
function send_registration_data(){
var string = "{username : " + $('#username').val() + ", password : " + $('#pass1').val() + ", level : " + $("#userrole").val() + ", 'property[]' : [";
var c = 0;
$('input[name=property]:checked').each(function(){
if( c == 0){
string +="\"" +this.value+"\"";
c=1;
} else {
string +=",\""+this.value+"\"";
}
});
string+="]}";
$('#input').html( JSON.stringify(eval("(" + string + ")")) );
$.ajax({ url: './php/submit_registration.php',
//data: { username : $('#username').val() , password : $('#pass1').val() , email : $('#email').val() , level : $("#userrole").val() },
data: JSON.stringify(eval("(" + string + ")")) ,
type: 'post',
success: function(output) {
$('#output').html( output );
}
});
};
On submit my php file returns an the POST array as NULL. I am not sure what I am doing wrong here.
EDIT: IT is the same weather I try to convert the string to json or not.
ALso, the inputs contain just text names.
string keyword
Do not use the "string" keyword.
eval
Eval is evil - use it with caution.
strict mode
Make sure always to work in the "strict mode" by placing this line at the beginning of your code:
'use strict'
Building your response object
You do not have to glue your post object manually. Just do it this way:
var post = {
'username': $('#username').val(),
'password': $('#password').val(),
'myArray[]': ['item1', 'item2', 'item3']
};
jQuery the right way
Avoid messing up with unnecessary syntax.
$.post(url, post)
.done(function(response){
// your callback
});
Conclusion
'use strict'
var url = './php/submit_registration.php'; // try to use an absolute url
var properties = {};
$('input[name="property"]:checked').each(function() {
properties.push(this.value);
});
var data = {
'username': $('#username').val(),
'password': $('#pass1').val(),
'level': $('#userrole').val(),
'property[]': properties
};
// submitting this way
$.post(url, data)
.done(function(response) {
// continue
})
.fail(function(response) {
// handle error
});
// or this way
$.ajax({
type: 'POST',
url: url,
data: JSON.stringify(data), // you'll have to change "property[]" to "property"
contentType: "application/json",
dataType: 'json',
success: function(response) {
// continue
}
});
You need to get from php://input if you are not using multipart/form-data, so, application/json
$myData = file_get_contents('php://input');
$decoded = json_decode($myData);
If you're sending this up as json, your $_POST variable will continue to be NULL unless you do this.
I'm currently working on incorporating an authorization feature for Twitter following the approach described here: https://dev.twitter.com/docs/auth/implementing-sign-twitter. I'm using Ajax to send my POST 'http' request, but I've been constantly running into a '401: Unauthorized' error. My code is below:
function getTweets() {
var time = generateTimestamp();
var nonce = generateNonce();
var signature = generateSignature(time, nonce);
var headers = {
"Authorization": 'OAuth oauth_callback="http%3A%2F%2Fwww.google.com%2F", oauth_consumer_key="eEeAAz9fakedtAOlIUhPgQ", oauth_nonce="bbc34b2ca6faabogus6dfc025907fa334", oauth_signature="' + signature + '", oauth_signature_method="HMAC-SHA1", oauth_timestamp="' + time + '", oauth_version="1.0"'
};
$.ajax({
type: "POST",
url: "https://api.twitter.com/oauth/request_token",
dataType: "text",
headers: headers,
success: function(data) {
alert("Success!");
console.log(data);
},
error: function(jq) {
alert("Request Failed.");
console.log(jq.statusText);
}
});
}
function generateTimestamp() {
var currentTime = new Date;
currentTime = Math.floor(currentTime.getTime() / 1000);
return currentTime;
}
function generateNonce() {
var code = "";
for (var i = 0; i < 20; i++) {
code += Math.floor(Math.random() * 9).toString();
}
return code;
}
function generateSignature(timestamp, nonce) {
var http_method = "POST";
var base_url = "https://api.twitter.com/oauth/request_token";
var consumer_key = "eEeAAz9hUKtdjunkeIUhPgQ";
var consumer_secret = "c7wHxnjubxVDcc5hYFqnotactuallymysecretWs2XazUFde0lPRBtBQ";
var signature_method = "HMAC-SHA1";
var token = "609493744-kNPzLKSI4Hg9NWQnopeFPb91eXFUutFm1nZ2hDk2";
var token_secret = "15WOJS9Ji1AXsKRkyAZrxKdsalted5Gj5ZyEAb9aVrJxI";
var version = "1.0";
var parameter_string = "oauth_callback=" + encodeURIComponent(base_url) + "&oauth_consumer_key=" + consumer_key + "&oauth_nonce=" + nonce + "&oauth_consumer_key=" + consumer_key + "&oauth_signature_method=" + signature_method + "&oauth_timestamp=" + timestamp +"&oauth_version=" + version;
var base_string = http_method + "&" + encodeURIComponent(base_url) + "&" + encodeURIComponent(parameter_string);
var signing_key = encodeURIComponent(consumer_secret) + "&";
var signature = encodeURIComponent(window.btoa(CryptoJS.HmacSHA1(base_string, signing_key)));
alert(signature);
return signature;
}
Feel free to post below if there's any other information that would make this error clearer. Thanks.
I created a node.js library to mess around with the Twitter OAuth dance and API. Code is here, tweeter.js
You're welcome to walk through the logic for creating the header and signature (starting at line 348 )
One thing I don't see in the code you've posted and which will make a huge difference is that the signature string must be generated to include the original header, then the header must be rebuilt with the generated string. It's a huge pain and it took me a while to figure it out.
Although the code I wrote is geared toward node.js, you should be able to reuse a lot of the logic to meet your needs.
EDIT
I found a site called hueniverse documented OAuth very well. In fact, there is a utility here to build your own headers for validating your logic (select the 'Create your own' radio button).
EDIT 2
To better explain including the oauth_signature value in the header, suppose you have all of the data up to this point:
var headerObj = {
oauth_consumer_key="123456789",
oauth_token="11111",
oauth_nonce="asdfghjkl%3B",
oauth_timestamp="1341852000",
oauth_signature_method="HMAC-SHA1",
oauth_version="1.0"
};
You create the HMAC-SHA1 signature and receive: "jBpoONisOt5kFYOrQ5fHCSZBGkI%3D"
You would then add that return value to headerObj, giving you:
headerObj = {
oauth_consumer_key="123456789",
oauth_token="11111",
oauth_nonce="asdfghjkl%3B",
oauth_timestamp="1341852000",
oauth_signature_method="HMAC-SHA1",
oauth_version="1.0",
oauth_signature="jBpoONisOt5kFYOrQ5fHCSZBGkI%3D"
};
And this modified version of headerObj is what you build your HTTP headers from.
GET / HTTP/1.1
Host: api.twitter.com:443
Authorization: OAuth realm="https://api.twitter.com/",
oauth_consumer_key="123456789",
oauth_token="11111",
oauth_nonce="asdfghjkl%3B",
oauth_timestamp="1341852000",
oauth_signature_method="HMAC-SHA1",
oauth_version="1.0",
oauth_signature="jBpoONisOt5kFYOrQ5fHCSZBGkI%3D"
NOTE: I didn't verify the host/realm/port, so these are probably wrong. Check the API for those.
The reason this is done is that on Twitter's side (this is an OAuth implementation detail), the oauth_signature value is removed and the rest of the header is hashed and its return value is compared to the value sent in oauth_signature. It's sort of like a wax seal on an envelope... if the hash of the rest of the header doesn't match the hash value you sent in oauth_signature, Twitter knows not to trust the sender or the contents.
EDIT 2.5
I'm moving this from the comment to the answer.
If you check out this line in tweeter.js, you'll see the logic.
var signature = self.oauthSignature(method, path, headerObj, query);
headerObj.oauth_signature = qs.escape(signature);
// concat the header object into a csv string
var header = 'OAuth realm="Twitter API",';
var oauthParts = [];
for (var h in headerObj) {
oauthParts.push(h + '="'+headerObj[h]+'"');
}
header+= oauthParts.join(',');
//...
return header;
This bit of code does as I've explained in EDIT 2, by converting a JSON object into key="value" strings stored in oauthParts[], then joins each element in that array into a single comma-separated string which begins with OAuth realm="Twitter API",