"Invalid left-hand side in assignment" when receiving response from Facebook API - javascript

I'm trying to get an extended access token for one of my apps using the Javascript API (I know I should do this server side, but I'm the only one using this app and I have some reasons for not doing it server side this time)
Anyway, when I receive a call back from Facebook, I get an Invalid left-hand side in assignment error.
I don't have any weird if's or anything like that and it only happens when I get the response back from Facebook - so it has nothing to do with the code I've written I don't think.
Anyway, here's the itty-bitty script I'm running.
var token = response.authResponse.accessToken;
FB.api(
'/oauth/access_token',
'GET',
{
'grant_type': 'fb_exchange_token',
'client_id': 'XXX',
'client_secret': 'XXX',
'fb_exchange_token': token
},
function(response) {
console.log(response);
}
);
My token variable is set correctly, so that's not the issue.
If I remove any of the data sent in the array, I get an expected error response, but with it set up this way I just get that error mentioned above and this response from Facebook.
Object {error: Object}
error: Objectmessage: "unknown error"
type: "http"
So I'm kind of stumped on this.
What could I be doing wrong?

Here's what I ended up with.
Not ideal as it doesn't use the Faceook SDK, but it works.
$.get('https://graph.facebook.com/oauth/access_token', {
'grant_type': 'fb_exchange_token',
'client_id': 'XXX',
'client_secret': 'XXX',
'fb_exchange_token': token
}).done(function(data) {
var response = data.split('&');
var result = {};
for (i=0;i<response.length;i++) {
var this_one = response[i].split("=");
result[this_one[0]] = this_one[1];
}
console.log(result);
});
This ends up with an object with the token and expiration time.

Related

Auth0 returning 401 unauthorized when requesting new auth token

I am trying to request an authorization token through auth0 using an M2M application with the code:
var axios = require("axios").default;
var options = {
method: 'POST',
url: 'https://chaptify.us.auth0.com/oauth/token',
headers: { 'content-type': 'application/x-www-form-urlencoded' },
data: {
grant_type: 'client_credentials',
client_id: 'KbFUk08Qq24VA03i1mVAkLc3uPKc6V79',
client_secret: process.env.AUTH0_M2M_CLIENT_SECRET,
audience: process.env.AUTH0_AUDIENCE
}
};
axios.request(options).then(function(response) {
console.log(response.data);
}).catch(function(error) {
console.error(error);
});
which is pulled straight from auth0's website. but every time I've gotten a 401 error so far I've tried
using different M2M applications
making sure all the M2M applications are authorized and trying again
checking the Token Endpoint Authentication Method is set to None
checking all the fields are correct
googling to see if I can find absolutely anything to help
pasting in the values directly
unauthorizing the M2M shutting down the application, waiting a while then starting it up again, nothing

urlFetchApp.fetch() seems to be failing silently when attempting a JSON POST to Discord Webhook

I'm attempting to post a message from a Google Apps Script to a discord server.
Attempting to debug by using logs reveals that the script seems to fail at the key line
var response = UrlFetchApp.fetch(discordUrl, params);
The logs are empty from that point, ('hi' never appears in the logs) leaving me stumped with how to proceed with error identification.
How can I discover why the call to UrlDetchApp.fetch() is apparently failing?
I have redacted the actual webhook url in the example below.
function postMessageToDiscord() {
message = "Hello World!";
Logger.log("trying to post message: " + message);
var discordUrl = 'https://discordapp.com/api/webhooks/[id]/[token]';
var payload = JSON.stringify({content: message});
var params = {
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
method: "POST",
payload: payload,
muteHttpExceptions: false
};
Logger.log('params set');
var response = UrlFetchApp.fetch(discordUrl, params);
Logger.log('hi');
Logger.log(response.getContentText());
}
EDIT using console.log has allowed me to identify that I'm missing some scopes from my project, I have now added these and authorised the app by calling the function in an installed onEdit trigger direct from the script screen.

Invalid input response and secret when verifying google reCaptcha

I am really struggling to get a successful response when doing a post request to the google recaptcha api. I am receiving the following response:
{
"success": false,
"error-codes": [
"invalid-input-response",
"invalid-input-secret"
]
}
I had a look at reCAPTCHA - error-codes: 'missing-input-response', 'missing-input-secret' when verifying user's response (missing details on POST) and followed the answer as closely as possible but with no success.
Here is my file below:
var request = require('request');
module.exports = {
verifyCaptcha: function(req, res) {
var secret = 'SECRET_KEY';
var response = JSON.stringify(req.body.response);
request({
url: 'https://www.google.com/recaptcha/api/siteverify',
method: 'POST',
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: `secret=${secret}&response=${response}`,
}, function (err, response, body) {
if (err) {
res.status(500).send({
error: "Could not verify captcha"
});
} else {
res.status(200).send({
message: body
});
}
});
},
}
If anyone has a solution to this problem please let me know!
Due to the docs: https://developers.google.com/recaptcha/docs/verify
invalid-input-secret: The secret parameter is invalid or malformed.
Maybe you have mixed the site_key and the secret_key.
You need to add the user remote IP address.
var user_ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress;
request({
url: 'https://www.google.com/recaptcha/api/siteverify',
method: 'POST',
headers: { "Content-Type": "application/x-www-form-urlencoded" },
body: `secret=${secret}&response=${response}&remoteip=${user_ip}`}...
Another thing I see that you are not using template literal, you should change the quotes to ` instead of '.
OR, You should use a ready-made module for reCaptcha, like this one:
https://www.npmjs.com/package/recaptcha
For reCAPTCHA Enterprise, check the official docs: https://cloud.google.com/recaptcha-enterprise/docs/create-assessment.
In short, you need to use the library that Google provides:
const { RecaptchaEnterpriseServiceClient } =
require('#google-cloud/recaptcha-enterprise');
const client = new RecaptchaEnterpriseServiceClient();
const [ response ] = await client.createAssessment({...});
RecaptchaEnterpriseServiceClient requires a service account to be created beforehand as described here. The key for that account with the right roles set can then be read by the app. Check the arguments of the constructor to see the available options to pass the data if the file cannot be retrieved automatically.
var response = JSON.stringify(req.body.response);
The stringifying here is probably the cause of the invalid-input-response error.
If your body is something like {"g-recaptcha-response": "..."}, you need to pull out the response value and pass that directly in your post.
Regarding invalid-input-secret, if you have set up your key and secret through the classic interface at https://www.google.com/u/1/recaptcha/admin/create, then you shouldn't have a problem.However if you set up a key with recaptcha Enterprise on Google Cloud, then it requires that you do Oauth authentication to the Google Cloud API and then use the create.assessment endpoint to get back information on the validity of the user. As Yuuhn implied, the Google provided library makes interaction with recaptcha Enterprise easier, without a lot of documentation digging to find where your REST API calls need to go.

User credentials required: Google Cloud Print Submit API

I am trying to access the Submit API that is apart of the Google Cloud Print however I am running into the error "User credentials required".
I am able to get all the way through authentication and am able to retrieve my access token. I was following this guide https://developers.google.com/cloud-print/docs/appDevGuide
I do not know where it is going wrong. Does anyone know where the credentials are supposed to be inputted?
Here is my code for this portion:
function submitPrintJob(token){
try{
var params = {'printerid':'PRINTER_ID','title':'Test Print Job','ticket':{"version": "1.0", "print": {}},'contentType':'application/pdf'};
var response = https.post({
url: 'https://www.google.com/cloudprint/submit',
body: params,
headers: {'Authorization':'Bearer ' + token}
});
log.debug('submitPrintJob','Response - ' + response.body);
}catch(e){
log.error('submitPrintJob','Error - ' + e.message);
}
}
This code is being in done in Netsuite which is where the https.post API is coming in. I also am aware that I am not sending a document through but I at least need to get past this step. I am getting this error using Postman as well.
Editing to add the portion where I get the token:
I send a request to: https://accounts.google.com/o/oauth2/v2/auth
Parameters:
response_type: code,
scope: https://www.googleapis.com/auth/cloud-platform.read-only,
state: state_parameter_passthrough_value,
redirect_uri: scriplet url
client_id: client id
Google oauth returns a authorization code. I exchange the code for a token this way:
function getToken(code){
try{
var params = {'code':code,'client_id':CLIENT_ID,'client_secret':CLIENT_SECRET,'redirect_uri':REDIRECT_URI,'grant_type':'authorization_code'}
var response = https.post({
url: 'https://www.googleapis.com/oauth2/v4/token',
body: params,
headers: {'Content-Type':'application/x-www-form-urlencoded'}
});
var token = response.body.access_token;
submitPrintJob(token);
}catch(e){
log.error('getAuthCode','Error - ' + e.message);
}
}
As I thought, the problem is how you are getting the access token. In order to get a valid access token to do your cloud print business, you need to include the proper scope. That means that your params object should like like this:
var params = {'code':code,'client_id':CLIENT_ID,'client_secret':CLIENT_SECRET,'redirect_uri':REDIRECT_URI, 'scope': 'https://www.googleapis.com/auth/cloudprint', 'grant_type':'authorization_code'}
This should give you a valid access token to interact with Google Cloud Print. I hope it helps!

JQuery to Web API: IE9 POST always returns 'Access is Denied'

I've got a Web API web service that accepts a POST request. It works in Chrome, IE10+, but in IE9 it ALWAYS returns 'Error: Access is denied'. I have already read through this post several times, and I tried everything suggested in it, but I continue to get the same access is denied error. I just ran Fiddler on the test machine, and when I attempt to make the service call, IE9 isn't even sending out a request, it's just going right to the error block in the code.
Here's the jquery function that makes the call:
function Login (username, password, appId, org, callback) {
var response = {};
var loginRequest = {
Organization: org,
ApplicationId: appId,
UserName: username,
Password: password
};
$.ajax({
type: 'POST',
url: "theurl",
data: '=' + JSON.stringify(loginRequest),
success: function (data) {
response = {
status: data.status,
info: data.user
};
return callback(response);
},
error: function (error) {
response = {
status: false,
info: error.statusText
};
return callback(response);
}
});
}
I know the data looks a little funky, but it's due to a weird Web API issue that is explained here. I just want to reiterate, this function works fine on all other browsers except IE9. I am already referencing the jquery.xdomainrequest.js file in my html file, but it doesn't solve this issue for me. I've tried specifying the dataType and the contentType in this function, but those cause additional errors.
EDIT: Forgot to mention, this web app is running on a secure (https) port, and the Web API service it is using to login is also running on a secure port, but they are on different machines and different sub-domains (same domain).
I have worked on this for days and I am stumped. Your help is GREATLY appreciated!

Categories

Resources