I have successfully setup a Sandbox Environment for WeChat with a URL for my API Config and a JS API Secure Domain. These work as intended, allowing me to receive messages from Followers and calling APIs from Javascript pages.
However, when attempting to retrieve a user profile via the web using OAuth2 I encounter an 'Oops. Something went wrong!' message. If I use one of the supplied example links it works as intended.
http://admin.wechat.com/wiki/index.php?title=User_Profile_via_Web
Is it possible to test User Profile via Web in a Sandbox Environment?
Related
So I am working with google sheets API , where I need to authorize the credentials before I can hit api for my account , for that OAuth2 client provides an auth URL which opens in browser and there I have to login in Gmail account and then accept the permissions and then it redirects to a redirect URI and in it's URL there is a code.
But I want to get all this done automatically as this will be part of my backend code , and I want it be automated without me going to browser and logging in . Can this be done using puppeteer ? or anything else ?
The only option to avoid user interaction is to use a service account with domain-wide delegation. And to use this, you need to be a Workspace domain admin, and you can only act on behalf of users in your Workspace domain.
If you are not a domain admin, there's no way to avoid the workflow you mentioned, with user interaction.
Reference:
Using OAuth 2.0 to Access Google APIs
Apps Script keeps asking for offline permission with Youtube's API
In Google Apps Script, access to YouTube Reporting API is Forbidden
These are very similar questions however, I am logged in as the owner. The script is in the owner's drive.
My problem
I have been trying to access YouTube Analytics Reports from the Content Owner using GAS(Google Apps Script). There are two accounts a Brand account (holds the data i.e. the video content) and a User account. They both use the same credentials(email & pwd). When authorizing as the user, I get a 403(forbidden). When authorizing as the brand, I am asked to authorize offline access again and again, stopping me from ever being able to make a request.
What I've tried...
Running from Node, using OAUTH Playground tokens, and it works. But I need to stick with GAS.
Using google-script-oauth2: to hard code credentials (similarly to the Node solution) but I couldn't set the refresh token. I got a 401(invalid credentials) - I believe the bearer token was expired
Setting up credentials for and enabling both youtube and youtube analytics APIs
scrapping old credentials and attaching a new project to GAS
removing auth in privacy settings and re-authenticating
toggling a use unsafe scripts option and repeating step 3
switching between contentOwner and channel parameters for the ids param
NOTE: I have two OAUTH2 credentials app script and the web client both are set as Web Applications.
GAS Code
function test(){
YouTubeAnalytics.Reports.query("contentOwner==id", "2017-03-01", "2017-03-31", "likes");
}
Final Thoughts
I believe there is a disconnect between the Brand and the user such that the brand is not given the same access to the OAUTH 2 token. Therefore, it never generates a refresh token. So, the request sees that I am the authorized channel owner but it can't finish the OAUTH flow.
If this is true, why, and how do I fix it? If not, what do you think could be the error?
I just realized the script is in the user account and not the brand account. Would that affect the validation?
Also on the actual channel, the user is listed as the Primary Owner.
I think the problem has to do with Apps Script's limited OAuth scopes. Open the Script Editor and navigate to Resources->Advanced Google Services and you'll see that YouTube's Reporting API is not supported. However, you can get around this by using Service Accounts. They are a pain to set up but once you get them up and running you can explicitly request the scopes required to make authorized calls on the API from GAS.
Here are a few links to get you started:
Using OAuth 2.0 for Server to Server Applications
OAuth 2.0 Scopes for Google APIs
For Using OAuth 2.0 for Server to Server Applications you'll want to scroll down to the section titled Preparing to make an authorized API call. Select the HTTP/REST tab and it should walk you thru the steps you'll need to setup a service account (you'll need to create a JWT - JSON Web Token from your Google console for use in your API calls). You'll also need to retrieve the needed OAuth scope urls for YouTube's Reporting API from the second link provided. Once you're all set up you'll be able to make requests to the API directly from Apps Script using URLFetchApp. Best of luck with your project.
One more thing. Check out Google's API Explorer listing for the YouTube Reporting API. You can get the URL endpoints (and request methods) you'll need to use in your UrlFetchApp calls by playing with the Explorer.
UPDATE 4/28/2017
Also be sure to enable the YouTube Reporting API from your Google API Console.
A few web-based applications I maintain have been using JavaScript on the page to fetch posts from Instagram* through their API, only authenticating with a client_id. With the Instagram API changes recently (applications are sandboxed until approved) this no longer works.
Is this kind of application allowed by Instagram? Or is it considered a security risk to expose the client_id in the Javascript that performs the request? If it matters, the application is for internal use by a few employees only.
* Specifically, the 10 last posts from a fixed user.
All instagram API endpoints now require a valid access_token rather than client_id. The search endpoint is an example of one that didn't previously require an access_token. You can find this in the Change logs
All API endpoints require a valid access_token
All API endpoints require a specific permission scope granted by the user
You can authorise your own account and grab the last 20 posts, but for any more than that you will need to submit your app for review
Try to create a new app.. My app was deleted instead of going to sandbox mode.
As you need 10 last posts, this should work on sandbox mode.
Content Display for Personal Website. If you are a developer and you want to showcase Instagram content on a website, then you do not need to submit your app for review. By using a client in sandbox mode, you will still be able to access the last 20 media of any sandbox user that grants you permission.
My current project constists of 2 components:
a WCF server application
a purely client-sided (javascript, jQuery, TypeScript etc) website which consumes the service.
When the client saves data to my database via the WCF service, I need to log who made the last modification to that data.
To do this I need the username of the account the client website's browser is running under.
Browser support needs to be:
Chrome
Firefox
IE 10/11.
I don't want to create a login form for my website, I want the user to be able to open the website and be logged on using their Windows/Citrix account.
Javascript can't get to the account username because of security concerns obviously.
Any suggestions?
I have a experimental answer for you. Not sure but posible to work correctly. I think, you can activate impersonation and basic authentication on iis. Then client(browsers) ask credentials to client. In service layer, you can enable impersonation too. but only iis impersonation may enough.
I have tried using the node-xmpp package and blather gem. I got the furthest with blather, but succeeded with neither.
Blather attempt:
https://github.com/adhearsion/blather/issues/119
Node-xmpp attempt:
https://github.com/astro/node-xmpp/issues/149
From the Facebook API Docs:
Authenticating with Username/Password
The DIGEST-MD5 SASL mechanism is available to support traditional XMPP
or multi-protocol IM clients that are not customized for (or even
aware of) Facebook. This mechanism requires prompting the user for his
or her password; therefore, it should only be used when necessary. In
particular, it MUST NOT be used for any client that:
Proxies the XMPP connection (the connection must be directly from the user's computer to Facebook).
Reports messages or any other information about user activity to a third party (including the client developer).
Integrates with Facebook, or has a Facebook Application ID. If your application does any of the above, you must use Facebook Platform authentication instead.
I think your application is doing one of the following, correct me if I'm wrong but based on the links you provided for your blather and node-xmpp issues I think you may be trying to violate the third criteria.
Integrates with Facebook, or has a Facebook Application ID. If your application does any of the above, you must use Facebook Platform authentication instead.
Link: https://developers.facebook.com/docs/chat/