by documentation (https://dev.twitter.com/docs/auth/application-only-auth) I need to implement an Ajax call to make an app only authentication. I've tried but twitter server respond me ever error 403 forbidden. Can anyone suggest me an Ajax implementation to do this?
Make manually an Ajax call to request an authentication for Twitter is a bit complicate because Twitter needs some parameters in the request header. Plus this parameters needs to be encoded.
To resolve this problem I've found a good library: codebird.js.
Below code to make an authentication and use all twitter api.:
var cb = new Codebird;
cb.setConsumerKey("Yourkey","Yoursecret");
cb.setToken("Access token", "Access token secret");
Yourkey,Yoursecret,Access token,Access token secret are your personal number you can get by your twitter app management.
Related
Currently i am working on an App which will create groups in Office 365 programatically. I am wondering if this is possible using JavaScript. I also had another question regarding the Authentication and Authorization process. I am able to register the App and fetch the Authorization code. However when i try to fetch the Access token, it throws an error stating that it encountered a bad request. My Authorization URL is of the form:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id=<some_client_id>
&scope=openid+profile
&response_type=id_token
&redirect_uri=<some_redirect_url>
&nonce=123456789
And my access token request url is:
https://login.microsoftonline.com/common/oauth2/v2.0/token?
grant_type=authorization_code
&code=<Code_generated_in_above_request>
&redirect_uri=<some_redirect_url>
&resource=https%3A%2F%2Fgraph.microsoft.com%2F
&scope=openid+profile
&client_id=<some_client_id>
&client_secret=<Some_client_secret>
If anyone could help me regarding my doubts, then it would be greatly appreciated. Thanks.
Microsoft Graph from JavaScript
Using Microsoft Graph from JavaScript works. HTTP requests to the REST endpoints with a valid access token will work great. You might also want to check out KurveJS (github:MicrosoftDX/kurvejs) for a simple library (handles authentication and some graph operations).
Authentication
If you are attempting client-side implicit flow, you can pass 'response_type=id_token+token' and avoid the second call. This will return you an access token in the resulting payload.
If you are attempting server-side authentication, you should pass 'response_type=code' and then make the second call for the access token with the resulting code.
References:
v2.0 Protocols - SPAs using the implicit flow
v2.0 Protocols - OAuth 2.0 Authorization Code Flow
I need to make an http request to Twitters REST API and obtain statuses containing a certain word like "#javascript".
I looked at the docs and tried this request:
https://api.twitter.com/1.1/search/tweets.json?q=#javascript
But I got the error: "Bad Authentication data."
Can anyone tell me how to make this request correctly?
It appears that Twitter require an authentication token for you to use their search api. See this page https://dev.twitter.com/rest/public/search
Check this page for what you will need, and how to set it up
https://dev.twitter.com/oauth/overview
We are working on application, where my friend is working on server side (spring) and he created REST api, and I'm creating client with angularJS. REST and client webpage are on different domains, so I had to faced Same-origin policy - I handled this with php proxy and everything works fine. Until yesterday - now we had authentication service (spring-security) and I have no idea how to login into REST. I can login when I simple write service adress into browser, but I cant get response I need when calling from JS.
When I'm sending simple get request, in response I'm getting HTML code with login page. I putted <form> to login on my page (taken from response, so it's exacly the same as on '/login' page, I just added full action adress), but after send data I'm getting error page with this message:
HTTP Status 403 - Invalid CSRF Token 'blah-blah-many-numbers-and-letters' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'.
I'm not changing this CSRF token, so perhaps I don't know the proper way to handle this (now it's sending as paramaeter in POST from form - _csrf is hidden input with value attribute given by server).
So after this too long introduction, my question is: how to login into REST service (through spring-security) from angularJS controller? What is wrong in my way of doing this? (something has to be wrong, because it's not working ;)).
(Sorry for my english mistakes, I'm affraid there are many of them)
Angular have built-in support for CSRF but it use another name for CSRF Token.
If you already have CSRF Token repository in spring webservice, what have you to do is to change CSRF Token header name to XSRF-TOKEN.
You will find whole instruction how to solve your problem on https://spring.io/blog/2015/01/12/the-login-page-angular-js-and-spring-security-part-ii.
You can use Stateless authentication using server signed token i.e.JSON web token(JWT) for securing REST API's and using angularjs for client side implementation.
Please find the below link as reference for implementing the same:
http://blog.jdriven.com/2014/10/stateless-spring-security-part-1-stateless-csrf-protection/
Github:https://github.com/Robbert1/boot-stateless-auth
You need to have custom implementation of class AbstractAuthenticationProcessingFilter to avoid html response when you login into the Rest API.The blog and github reference will guide you in implementating the same.
I am currently integrating Stripe Connect with an Ember.js 1.7.0-beta.4 application (which supports query params). Per Stripe documentation, I need to receive a GET Redirect from Stripe in my Ember.js application, and use the query params to make a final POST request.
So far, I've captured the query params and am attempting to make an AJAX POST from the same controller, but the AJAX POST returns an error because apparently Stripe's API no longer supports CORS - despite a 2-year-old Stripe blog entry saying otherwise:
XMLHttpRequest cannot load https://connect.stripe.com/oauth/token. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin is therefore not allowed access.
The current Stripe docs say to use JSONP, noting in that same blog post that "since JSONP only supports GET requests, but our API uses a variety of request methods, we had to implement HTTP method override support with a _method query parameter."
Unfortunately, I don't know how to integrate the JSONP approach into the Ember.js application.
Stripe's docs instruct me to "Add this script tag to your page to get started with Stripe.js."
<script type="text/javascript" src="https://js.stripe.com/v2/"></script>
Do I just paste this verbatim into a Handlebars.js template? Then how do I make the required POST request with query params? And where?
Bottom Line: How do I integrate Stripe's JSON approach to enable Stripe Connect in my Ember.js application?
I haven't tested it with stripe but i'll break apart your question into 3 parts and try to answer each part.
1) Where to put the script tag?
the script tag would go in the header
<script type="text/javascript" src="https://js.stripe.com/v2/"></script>
2) How to make a JSONP request?
You would make a reqular request using $.getJSON all you need to do is make sure that the contains ?callback=? see: http://api.jquery.com/jquery.getjson/#jsonp
3) How to do a GET request using _method to override the method.
You would do something like
$.getJSON('http://connect.stripe.com/whatever-the-correct-url-is?callback=?', {
_method: 'POST'
})
If you made a request like that the server should process it as a POST
To Tie it all together you should need to do something like in step 3 but also add in the rest of the params that stripe requires.
You can do it all server side, there is no need to work it into Ember.
The workflow is you redirect a user to the stripe server with your client id. It redirects the user back to an endpoint on your server with a code. You make a call to stripe with that code to obtain a token. After (or during if you want to be cool and async) you redirect the user back to the appropriate ember endpoint. The Stripe js file isn't necessary at all for this portion.
https://stripe.com/docs/connect/oauth#token-request
i'm currently developping an application for twitter, using javascript and OAuth, for a qml environment.
I'm stuck in "request_token" endpoint and i don't understand why.
I only get "failed to validate oauth signature or token" when i send my request !
I've checked my signature generation with http://oauth.googlecode.com/svn/code/javascript/example/signature.html and http://quonos.nl/oauthTester/ and it does appear that my signature and my basestring are both right !
I've tried to send data in "authorization" http header field, and in body.
Here is my basestring :
POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_consumer_key%3D26oauth_nonce%3DDbWO0M%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1303129797%26oauth_token%3D%26oauth_version%3D1.0
The part i've sent in header field "Authorization" is :
oauth_consumer_key=&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1303130860&oauth_nonce=UX2kEA&oauth_signature=LizFO9xkre2Kv5A43Oj%2F%2FaY9Wck%3D
If someone can help me with this issue... i've checked every step with OAuth library examples and other tools on the web.
Definitely check out this answer to a similar issue. It may contain your solution:
Twitter OAuth, Error when trying to POST direct message
So it appears that Twitter's implementation of oauth does not need oauth_token to sign the basestring (as said in Twitter's API doc). Further more, you shouldn't write it in your basestring.
Authorization header field should be fill this way :
OAuth oauth_nonce="1Rek6K",oauth_callback="oob",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1303375383",oauth_consumer_key="<YOUR_CONSUMER_KEY",oauth_signature="fgb6sPPR2PHQD%2BinG2KvtvgOtXU%3D",oauth_version="1.0"
The mendatory oauth_callback sould be set as "oob" for desktop applications.