I'm trying to create a signup functionality with Facebook JS SDK, But i got different type of records, than i search a lot and come to know that Facebook update his app policy's, they release v2.0 for apps.
Now it sending different response on login
Object {authResponse: Object, status: "connected"}
authResponse: Object
accessToken: "CAATZCeMqNYsABADVG3lHL1WYJiwnZASJIBzUtkfB4MFyFUC21g6myDeAP6WDSKkd8ZAnggffW5sIJzSDqmqxxvRgdeT7MKRXJ0L8Logg57PYwawEBSbgqz9I5qGU9Oo7uvaRN5MupjCfvo5w4bfCDZA5uvMkg7AK8DbwhXW4WoGHZBgG6EsmDDWZCnbVpUxWUZD"
expiresIn: 4562
signedRequest: "GXGqWXN9C5IzSy6jf2NOOQK7-ZK9JisKBCLEBHbaoIc.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUE5c21GSWZ1dXoxMnpvNVV0MGdYYXNXclI1blJXZXh1NElGWHFFMHhnUDM3T0pScUJyaDhZeEo2YWt5aHlJYXUzc3UyU2hhZVczUzh1aHRheWJGX3N3aWtfSmVfUDRwallOeV9IX1JpTEs2ZWZKNlpETDQ5MC1OVUxKSzN4SWw2QmtfVXJER2ZrVE1uV1haZFY3LU02Y19xMjRwWjJUOEo2anB6djNGQ0Z0YUs5bW5fMVVobThycjRlVmlQOVVtVVNMZXA5NTg1X1ZhSHg2YkUyTEFBMUl3OUdfQXJnb2JRSldQaERXczlTSDdONzNzS1dlakQ3MDNsTmhpblhjbUt0RXU1NmpvTnVMODhvME9ZUXVtVEFfbzF4SEJ5YndSbDU4ekVrWEpMdVUtVFZfejY5UW9KekFMeFRCekNBUHBXcEQtVzUyVHlKd0tJNjBMTU5Qbjg0bCIsImlzc3VlZF9hdCI6MTM5OTI3NTgzOCwidXNlcl9pZCI6IjEwMDAwMDAxNTU5MzEwNyJ9"
userID: "100000015593107"
__proto__: Object
status: "connected"
__proto__: Object
}
as in last SDK we get email using
response.email
but in new one we got only userID which is also app specific and
response.authResponse.signedRequest
So i search how we can extract the "signedRequest" because i think the rest value surely encrypted in this code ..
So i used
$signed_request= $_POST['maindata'];
if (isset($signed_request))
{
$data_signed_request = explode('.', $signed_request); // Get the part of the signed_request we need.
$jsonData = base64_decode($data_signed_request['1']); // Base64 Decode signed_request making it JSON.
$objData = json_decode($jsonData, true); // Split the JSON into arrays.
}
print_r($objData);
but its again send me
Array
(
[algorithm] => HMAC-SHA256
[code] => AQA9smFIfuuz12zo5Ut0gXasWrR5nRWexu4IFXqE0xgP37OJRqBrh8YxJ6akyhyIau3su2ShaeW3S8uhtaybF_swik_Je_P4pjYNy_H_RiLK6efJ6ZDL490-NULJK3xIl6Bk_UrDGfkTMnWXZdV7-M6c_q24pZ2T8J6jpzv3FCFtaK9mn_1Uhm8rr4eViP9UmUSLep9585_VaHx6bE2LAA1Iw9G_ArgobQJWPhDWs9SH7N73sKWejD703lNhinXcmKtEu56joNuL88o0OYQumTA_o1xHBybwRl58zEkXJLuU-TV_z69QoJzALxTBzCAPpWpD-W52TyJwKI60LMNPn84l
[issued_at] => 1399275838
[user_id] => 100000015593107
)
I'm wondering how we can get the email address , Please if you have some idea please let me know
You can use the acquired access_token and use the Facebook API endpoint GET /me and pass the access_token the response of the said endpoint will allow you to obtain the email address given that the email address being associated to the Facebook is account is still valid.
Related
I was hoping that someone could help me out here.
I am creating a small Fantasy Football Premier League app using React.
There is user specific information that needs authentication before requesting information from the Fantasy Premier League API.
The idea is for the app to start with a login page, where the user inputs their username and password. The app will then post this information to the login URL and return a token, that can be used to retrieve information that requires authentication.
previously, I created the app in python which worked, below was the code:
'login':USERNAME,
'password':PASSWORD,
'redirect_uri': 'https://fantasy.premierleague.com/',
'app':'plfpl-web'
}
s = requests.session()
s.post("https://users.premierleague.com/accounts/login/", data=payload)
myData = s.get('https://fantasy.premierleague.com/api/me').json();
How I know this worked is that when authorized, the variable myData can successfully access 'https://fantasy.premierleague.com/api/me' and gets assigned to all of my authorized information. When my details are incorrect (not authorized), the myData variable is "null" (the values of the keys are of nullType).
Using this method, I can request all Authorized information off of the 's' variable.
Now when converting the code to React, I am struggling to successfully Authenticate.
I print out the response from a GET call to the "https://fantasy.premierleague.com/api/me" API url and I get the NULL values like I was talking about above. My username and password is correct.
Below is the current code.
formData:any = {
'login': USERNAME,
'password': PASSWORD,
'app': 'plfpl-web',
'redirect_uri': 'https://fantasy.premierleague.com/'
};
login = async (username:string = this.formData.login,password:string = this.formData.password) => {
return axios
.post("https://cors-anywhere.herokuapp.com/https://users.premierleague.com/accounts/login/", this.formData).then((response)=>
{
axios.get("https://cors-anywhere.herokuapp.com/https://fantasy.premierleague.com/api/me")
.then(result => {
console.log(result);
});
});
Please could someone help me out with the following:
What am I doing wrong and how do I successfully login to FPL via react?
Once I successfully achieve authentication, I have heard that I may need to retrieve a token number to use in my succeeding calls. How would I do this?
Any help would be greatly appreciated.
Thank you
I'm working with an unofficial n26 API (https://github.com/PierrickP/n26/tree/develop). The api requires the email and password to login to the account.
I don't want the user to login every single time so I need to store these information somehow.
I can't find any way to get a session token or something for later use from the api. (maybe someone of you can find it??)
So my question: How do I store Email/Password for later use in a secure way?
const N26 = require('n26');
// Log into the account
const account = new N26('example#mail.com', 'password');
// Get the last 10 transactions
account.then(account => account.transactions({limit: 10}))
.then(transactions => {
// Do something with it
});
http://www.passportjs.org/ Check out this package.
things to consider:
- json web tokens with refresh token
- API-keys
I am trying to get the 10 latest instagram photos of a public profile in my nodejs app:
const request = require('request');
const accessToken = '1234567890123456789012345678901234567890';
const url = `https://api.instagram.com/v1/users/1470414259/media/recent/?access_token=${accessToken}&count=10`;
request.get(url, { json: true }, (err, res, body) => {
console.log('print the body: ', body);
});
my attempt is not successful, and i get no results.
Could somebody help me get this going?
i am trying to follow the example here : https://www.instagram.com/developer/endpoints/users/#get_users_media_recent
update:
i updated the username to user ID, but i am still getting no response:
{ meta:
{ code: 400,
error_type: 'APINotFoundError',
error_message: 'this user does not exist' } }
update 2:
actually i realize that my access token has some restrictions:
{"meta": {"code": 400, "error_type": "OAuthPermissionsException", "error_message": "This request requires scope=public_content, but this access token is not authorized with this scope. The user must re-authorize your application with scope=public_content to be granted this permissions."}}
why is this happening? i am just trying to get some public profile feeds.
update 3:
is there any other way to bypass these access token permissions and just get the 10 media of a public user?
take a look at the json that this link is returning:
https://www.instagram.com/aa/?__a=1
body.user.media[0] will give you the last photo object
body.user.media[1] will give you the photo before the last one object
.. and so on.
what you have to do here is change aa in the url I provided to your desired username.
ps. you might use some json viewer tools to organize the json if you browser doesn't support that
You have two problems there:
First of all the endpoint receives the user ID as param (not the username):
const url = `https://api.instagram.com/v1/users/${userId}/media/recent/?access_token=${accessToken}&count=10`;
Besides that, the endpoint responds with an object that has only one element: data, that is an array. So I don't know what data you are trying to get but you won't get it in body.user, you should go through the array and ask for the user in the corresponding position, for example try this: console.log(body.data[0].user).
And you of course must define a valid access token!
I am trying to get a person's first name and last name when the person would like to sign up through Facebook, but wondering if there can be some security issue.
Based on the document from Firebase, the answer from Stack Overflow, and the explanation about parameters from Facebook website, I wrote the following codes:
firebase.auth().getRedirectResult().then(function(result) {
var token = result.credential.accessToken;
FB.api('/me', {fields: 'last_name', access_token: token}, function(response) {
console.log(response);
})
})
My main concern is that according to Facebook, it says:
One parameter of note is access_token which you can use to make an API call with a Page access token. App access tokens should never be used in this SDK as it is client-side, and your app secret would be exposed."
It looks like I cannot use this approach to get a user's first and last name.
Starting with Firebase 4.0.0, additional IdP data will be directly returned in the result of type UserCredential. You shouldn't need to make an additional API call to Facebook to get data like first/last name:
firebase.auth().getRedirectResult().then(function(result) {
if (result.user) {
// Additional user info like first name, last name,
// Facebook account url, gender, etc.
console.log(result.additionalUserInfo.profile);
// Facebook access token returned in the process
// for the scopes requested.
console.log(result.credential.accessToken);
}
});
I am using Nodejs + javascript SDK, in which I am creating a new customer using predefined customer ID, which is working fine.
Now, using the same customer Id, I am generating a token at the backend and send it to the client. Now at client I am running .
var card = {
number: '4111111111111111',
cvv: '832',
expirationMonth: '10',
expirationYear: '2020',
cardholderName: 'Ankur Agarwal',
billingAddress: {
postalCode: '560076'
},
};
var client = new braintree.api.Client({clientToken: clientToken});
client.tokenizeCard(card, function (err, nonce) {
// Got Error "Unable to tokenize card"
})
Here is the http response it originally got from the server.
/**/callback_json1({"error":{"message":"User does not have the required permissions for this action"},"fieldErrors":[],"status":403})
I have enabled the API access for the account in the sandbox
There are some extra parameters which are not in docs, due to which its givng such a response. Once I removed the extra parameters from the request, its working fine.
I encountered similar error and it was caused by invalid client token. I was passing MerchantId instead of MerchantAccountId as a parameter.
Gateway.ClientToken.generate(new ClientTokenRequest()
{
MerchantAccountId = "Your MerchantAccountId" // NOT MerchantId
});
To manage your merchant accounts login to your Braintree control panel, go to Settings -> Processing and scroll down to Merchant Accounts