I Had the following code
$client->setClientId('39605174446-s067746s1jur731n49fujigfh8occ5pa.apps.googleusercontent.com');
$client->setClientSecret('MYCLIENTSECRET');
$client->setRedirectUri('http://examplesss.com/oauth2');
$client->setScopes('https://picasaweb.google.com/data');
$client->setAccessType("offline");
I did authenticate
At my Google Console API, I set it for "Web Application", Authorization Javascript origins I leave it blank.
Authorization Redirect URI I set it as
http://example.com/oauth2
I went to the following site to get my authorisation code
https://accounts.google.com/o/oauth2/auth?access_type=offline&approval_prompt=&client_id=39605174446-s067746s1jur731n49fujigfh8occ5pa.apps.googleusercontent.com&redirect_uri=http://example.com/oauth2&response_type=code&scope=https://picasaweb.google.com/data&state=state
When I went into the site, I press ok to grant "offline access" . After that I am redirect to an none existent site which I use that is example.com and then the URI was something like
http://example.com/oauth2?state=stat&code=4/qWt9q19VtilG6Iw6HFte4RnpiXR0a5q80_zQAU-hNqc#
$client->authenticate('4/qWt9q19VtilG6Iw6HFte4RnpiXR0a5q80_zQAU-hNqc#');
Then I get my refresh token code
$client->refreshToken('1\/vYnZlRcvaY2nD0yh5LhU9paLZZggMArGOo-3rEJHGCM');
But when I run the code it say...
PHP Fatal error: Uncaught exception 'Google_Auth_Exception' with message 'Error refreshing the OAuth2 token, message: '{
"error" : "invalid_grant"
Wonder what went wrong, I just want to access my picasa web album.
Thanks
It can be 2 things. One, is the incorrect use of the versions of the Google API client or the one I think that is the problem, it's on the refresh token and how you're passing the token. It's a problem with the / character in the string, json enconding and how it's passed. Put the refresh token in double quotes and send the variable. If all the data is correct and authorized via Google, it should work.
Related
I managed to set up a developer account to get API responses working on the API explorer. However, I'm trying to connect to Postman and have been getting the following error messages.
I have gotten my user access token as follows:
The Callback URL: I have used the RuName (eBay Redirect URL name)
Auth URL: I have used https://auth.sandbox.ebay.com/oauth2/authorize (https://developer.ebay.com/api-docs/static/oauth-consent-request.html#configure)
Access Token URL: I have used the https://api.sandbox.ebay.com/identity/v1/oauth2/token (https://developer.ebay.com/api-docs/static/oauth-authorization-code-grant.html)
ClientID and Client Password I've used the credentials from my developer account
This returns the following token:
As you can see a USER ACCESS TOKEN.
When I go to use the request in an API put request I always get the following error:
The token seems to be right.
I try the same call in the built in API explorer and it works.
Please could someone advise its driving me crazy, probably something I've done wrong but any ideas?
During Authentication the following happens it prompts me to login and then shares the oath code (it doesn't tell me to accept the application as stated in document not sure why though)
I was trying to publish something to Facebook page.
From this article, it seemed really easy to publish using Facebook API
So, I create a Facebook page and made sure that I have all the required permission for the given auth token, opened by Postman and created a POST request to following URL (along with attaching my access token bearer)
https://graph.facebook.com/2984640844138/feed?message=HeyWhatever
This is giving me following error
{
"error": {
"message": "(#200) If posting to a group, requires app being installed in the group, and \\\n either publish_to_groups permission with user token, or both manage_pages \\\n and publish_pages permission with page token; If posting to a page, \\\n requires both manage_pages and publish_pages as an admin with \\\n sufficient administrative permission",
"type": "OAuthException",
"code": 200,
"fbtrace_id": "D1z1soQbTE2"
}
}
I am not sure about what I am doing wrong, perhaps my request is incorrect or I am not using postman correctly.
This is what I am doing in Postman (screenshot below), can someone point me out what I am doing wrong? Also, suggestions are also welcome
I would recommend you use the Facebook Graph API Explorer, which provides you with the tools to generate the access token with appropriate permission and also craft your HTTP requests with ease. Visit the same, generate a token, then head to the Access Token Debugger to double check the scopes of the token.
I am trying to do Facebook authentication in same window of my web application's login page.
I am using following code when user clicked login button to go to authentication page.
function loginUsingOAUTH()
{
top.location = 'https://graph.facebook.com/oauth/authorize?client_id=839846246064537&scope=email&redirect_uri=http://www.olcayertas.com/testqa/result.html';
}
1) After authentication Facebook redirects me to my redirect url and returns a parameter "code".
At this point I want to access Facebook user information but I don't know how to do that.
What is this "code" parameter for?
2) Is there any other way to access user information?
3) Do you have any other advice facebook authentication with same window login?
Thank you in advance for your help
When you get the code you should make a server side request to get an access token and than pass the access token to user. It is explained in Facebook Developer page:
Exchanging code for an access token
To get an access token, make an HTTP GET request to the following
OAuth endpoint:
GET https://graph.facebook.com/v2.3/oauth/access_token?
client_id={app-id}
&redirect_uri={redirect-uri}
&client_secret={app-secret}
&code={code-parameter}
This endpoint has some required parameters:
client_id. Your app's IDs
redirect_uri. This argument is required and must be the same as the original request_uri that you used when starting the OAuth login
process.
client_secret. Your unique app secret, shown on the App Dashboard. This app secret should never be included in client-side code or in
binaries that could be decompiled. It is extremely important that it
remains completely secret as it is the core of the security of your
app and all the people using it.
code. The parameter received from the Login Dialog redirect above.
Response
The response you will receive from this endpoint will be returned in
JSON format and, if successful, is
{“access_token”: <access-token>, “token_type”:<type>, “expires_in”:<seconds-til-expiration>}
If it is not successful, you will receive an explanatory error
message.
I'm developing a node.js app which manages a Facebook page among other functionalities.
To comment on user submitted posts, I use the following code in node.js:
FB.api(object + '/comments','post',
{ message: COMMENT_I_WANT_TO_SUBMIT, access_token: MY_PAGE_ACCESS_TOKEN },
function(res){
// deal with res
}
);
When using my short-lived Facebook page access-token (which I get from Graph API Explorer) the comment submitted is shown as a comment submitted by the page itself (what I want), but when I use my permanent token it is shown as submitted by myself (page owner).
To get this permanent token I followed these instructions:
https://stackoverflow.com/a/28418469/4713311
The token has my name associated to it since I had to grant permissions to manage the pages I own to generate the token.
I believe this token has the proper permissions since the token debugger shows the following permissions in scope: "manage_pages, publish_pages, publish_actions, public_profile"
Is there any way I can use this never expiring token to comment on posts with the page name instead of my own?
A Page Access Token should have not only "User ID" but also "Profile ID" associated, which wasn't the case for the extended page access token.
A Page Access Token isn't "extendable", to get a permanent page access token I had to request one with a permanent User Access Token, as explained here
Using as short-lived access token I got from Graph API Explorer (Select App -> Get Token -> Select permissions manage_pages, publish_pages, publish_actions and other you may need -> Grab the token that fills the "Access Token" text box) I made the following call to extend the token.
https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id={app-id}&client_secret={app-secret}& fb_exchange_token={short-lived-token}
Using the token returned, you can simply call /me/accounts and copy the page's access_token
This token is a permanent Page Access Token, to confirm you can use the token debugger and verify it has your "User ID" and your page's "Profile ID"
i'm currently developping an application for twitter, using javascript and OAuth, for a qml environment.
I'm stuck in "request_token" endpoint and i don't understand why.
I only get "failed to validate oauth signature or token" when i send my request !
I've checked my signature generation with http://oauth.googlecode.com/svn/code/javascript/example/signature.html and http://quonos.nl/oauthTester/ and it does appear that my signature and my basestring are both right !
I've tried to send data in "authorization" http header field, and in body.
Here is my basestring :
POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_consumer_key%3D26oauth_nonce%3DDbWO0M%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1303129797%26oauth_token%3D%26oauth_version%3D1.0
The part i've sent in header field "Authorization" is :
oauth_consumer_key=&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1303130860&oauth_nonce=UX2kEA&oauth_signature=LizFO9xkre2Kv5A43Oj%2F%2FaY9Wck%3D
If someone can help me with this issue... i've checked every step with OAuth library examples and other tools on the web.
Definitely check out this answer to a similar issue. It may contain your solution:
Twitter OAuth, Error when trying to POST direct message
So it appears that Twitter's implementation of oauth does not need oauth_token to sign the basestring (as said in Twitter's API doc). Further more, you shouldn't write it in your basestring.
Authorization header field should be fill this way :
OAuth oauth_nonce="1Rek6K",oauth_callback="oob",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1303375383",oauth_consumer_key="<YOUR_CONSUMER_KEY",oauth_signature="fgb6sPPR2PHQD%2BinG2KvtvgOtXU%3D",oauth_version="1.0"
The mendatory oauth_callback sould be set as "oob" for desktop applications.