Facebook auth api callback access token - javascript

I am accessing facebook's api via this url as I need to do manual login for the users:
https://www.facebook.com/dialog/oauth?client_id=123456&scope=publish_actions&redirect_uri=http://localhost:4004/auth/callback
I get the popup for authentication without a problem, give fb access and then my callback url is accessed with the url:
http://localhost:4004/?login#_=_
Normally I would expect an access token so I could post on the users behalf.
I'm writing my code in node and using the node npm fb package to help me post

Turns out you also need to tell facebook what you would like returned add this as one of the query parameters:
response_type=token
Then you'll get back the token in the url
complete url
https://www.facebook.com/dialog/oauth?client_id=123456&scope=publish_actions&redirect_uri=http://localhost:4004/auth/callback&response_type=token

Related

How to use Chrome extension get Laravel passport token?

I'm working on using Chrome extension access Laravel passport API. Currently, the Laravel passport API is setup and working. I tried to use chrome.identity.launchWebAuthFlow to get passport token but not working. There is an example provided by Google, it is different from my use case.
I have two questions:
According to the Laravel document, the first step is request an authorization code, the API end point is /oauth/authorize. What the redirect_uri should be since it is a chrome extension but not a website?
After the user approve the request, I'm using chrome.identity.launchWebAuthFlow to get the access token from Passport. In laravel it is a POST request, the end point is /oauth/token. But I tried chrome.identity.launchWebAuthFlow, it is a GET request.
I can make this whole process working using PHP but not Chrome Extension. Any suggestions?
As per the launchWebAuthFlow docs:
When the provider redirects to a URL matching the pattern https://app-id.chromiumapp.org/*, the window will close, and the final redirect URL will be passed to the callback function.
As an example, you could use the following code:
let redirectUrl = chrome.identity.getRedirectURL('redirect');
chrome.identity.launchWebAuthFlow({
url: `https://my.app.domain.com/oauth/authorize?client_id=xxx&response_type=code&scope=&redirect_uri=${redirectUrl}`
}, (redirectUrl) => {
console.log(redirectUrl) // Redirect URL with oauth query params added
})

How to get around auth level when testing API on laravel project?

I am using the basic Auth from laravel that you get from running the following command.
php artisan make:auth
I have an API written so that the backend on the server can update/create services and statuses. The issue i'm running into is that the Admin also has a UI on the web app and can create a service, or update its status manually. Therefore, I have an Auth level on the methods where you have to be logged in to use them.
Now when I call the method in postman it redirects me to the login page, I was wondering if there was a way around this Auth level strictly for an API?
I was told of a way to do pre-request scripts directly in postman but i'm fairly lost when it comes to the whole java script part of that and feel like there is an easier way to do it. I also already tried to do 'basic auth' with the username and password, it didnt seem to work though.
Thank you for the help in advance!
Edit: Here is the screenshot from my header.
I am presuming if you have the API in place you have an api_token set for the specific user. You can use that inside Postman in one of two ways.
You will goto the Headers tab and add:
Key: Authorization
Value: Bearer API_TOKEN_VALUE
Edited: Added the screenshot of postman
You can amend the url for the request and add the token:
url_to_api_endpoint?api_token=API_TOKEN_VALUE
On the api routes if you have ->middleware('auth:api') Laravel will read the authorization token from the header or using the query parameter and check it to the database value.
Adding the api_token to the user table
If you don't have an api_token field in your user table then add one. It is not the same as remember_token, they are different. So add to your user migration the following:
$table->string('api_token', 60)->unique();
You will need to update the users api_token using something like the following:
$user = User::find(1);
$user->update(['api_token' => str_random(60)]);
That 60 character string you will use where I put VALUE_OF_TOKEN_FROM_DB

How to use my long (60day) access token to get user data from facebook (offline)

I cannot find any example on facebook dev. or here on stackoverflow so I need to make this post which i didn't thought i had to.
I have a website which uses the facebook JavaScript SDK to login users into it.
When I log in users I uses the
FB.login(), scope:{'email, offline_access'}
When the login in done i get the short lived access token and passes it to:
https://graph.facebook.com/oauth/access_token?
grant_type=fb_exchange_token&
client_id=APP_ID&
client_secret=APP_SECRET&
fb_exchange_token=SHORT_LIVED_ACCESS_TOKEN
So i get the long lived, 60day, token in response. This is done server-side and i save the new long lasting token in my database along with facebook id etc.
Now to my problem. Every day at a certain time I want to update the users data in my database using the access token, which i have read that could. But how do i do that?
I'm used to do like this after the FB.login() but now when the user do not login I don't know how to do the call to FB.api using my persisted token?
FB.api(/me....)
Regards,
Kristoffer
As you have to synchronize/update information when user is not logged in you will have to use server side interaction.
You may use your saved Extended Access Token and set it into Facebook PHP SDK using setAccessToken() method.
$facebook->setAccessToken($extended_access_token);
After this you may call $facebook->api(...) method to perform the task that you intend to.

How to get twitter oAuth token of a logged in user

I'm trying to set up a javascript function to post a status to a twitter account using POST statuses/update, details here: https://dev.twitter.com/docs/api/1/post/statuses/update. The goal is a Twitter post similar to the open graph actions on Facebook.
I'm using jQuery ajax to make the post request, here's what I have so far:
$.ajax
({
type: "POST",
url: "https://api.twitter.com/1/statuses/update.json",
headers: jsonData,
data: {},
dataType: "jsonp",
success: function( data )
{
}
});
I believe that I need to generate a header something like this for security:
Authorization: OAuth oauth_consumer_key=consumerKey, oauth_nonce=nonce,
oauth_signature=signature, oauth_signature_method="HMAC-SHA1",
oauth_timestamp=timestamp, oauth_token=userToken, oauth_version="1.0"
I have the consumer key for my app, I can generate a nonce, I'm generating the signature and timestamp using the methods from this question Twitter OAuth authentication in javascript. The only thing I have left is th oauth_token, which I believe is the token of the user whose feed I wish to post to. Please correct me if I'm wrong about that.
The problem is, I have absolutely no idea how to get this token from the user in order to post to their feed. I've spent the last 2 hours running around in circles through Twitter's oAuth documention without finding anything that looked useful; everything I've found was either flowcharts with no code examples or predicated on my code already having the user's oAuth token.
My question is this: how can I get the logged in user's oAuth token using javascript?
If that is not possible, I have another page where I am currently storing the user's twitter id in the database with their permission, getting their token and databasing it in PHP would also be satisfactory, assuming it doesn't change very frequently.
In order to obtain the oauth_token you need to follow the authentication process. Your application needs to be authorized to act on the behalf of the user.
I would recomend to take some time first and learn how OAuth exactly works (there is a lot of information available) and then implement it in your app. (http://hueniverse.com/oauth/)
You could also benefit from a library which will make your life easier. (in your case, look at: https://dev.twitter.com/docs/twitter-libraries#php).
Hope this has been useful.
Here is example for get twitter oauth token and post tweet in twitter .
Code sample is in php .
http://www.phpgang.com/how-to-post-tweet-on-twitter-with-php_414.html
1) to obtain the oauth token you need to follow the authentication process.
2) and your application needs to be authorized to act on the behalf of the user.
you can also see this twitter example for better understanding how it works
In this use can see the process of authorized user and post and get json result.
https://dev.twitter.com/rest/tools/console
I hope this will help you.
thanks

Facebook graph api call to get app access token returns "unknown error"

I am building a web app integrating with Facebook. I have on Facebook an app id and app secret already.
I'd like to use javascript to retrieve my app's access token to make further app-to-user app requests. I'm following the instructions here
However, I could not make my FB.api call working. I tried
FB.api('https://graph.facebook.com/oauth/access_token','get',
{client_id:'XXXXX', client_secret:'XXXXX',grant_type:'client_credentials'},
function(response) {
alert(JSON.stringify(response));
});
and
FB.api("/oauth/access_token?client_id=XXXXXX" +
"&client_secret=XXXXXXXX&grant_type=client_credentials",
function(response) {
alert(JSON.stringify(response));
});
but only to get {"error":{"type":"http","message":"unknown error"}}
Do I use FB.api incorrectly? At this time, I could not find further documentation showing what I did wrong.
On the other hand, I can manually request it from my browser with the url like:
https://graph.facebook.com/oauth/access_token?client_id=XXXXX&client_secret=XXXXXX&grant_type=client_credentials
So, what is missing in my code? Thanks a lot for your help.
you dont need to expose your app secret.
Instead you can use the app token directly in your calls (App token does not expire until you reset the secret key).
Facebook Documentation Reference link access tokens and types
Have Fun!!!
Regards,
hbk

Categories

Resources