i'm currently developping an application for twitter, using javascript and OAuth, for a qml environment.
I'm stuck in "request_token" endpoint and i don't understand why.
I only get "failed to validate oauth signature or token" when i send my request !
I've checked my signature generation with http://oauth.googlecode.com/svn/code/javascript/example/signature.html and http://quonos.nl/oauthTester/ and it does appear that my signature and my basestring are both right !
I've tried to send data in "authorization" http header field, and in body.
Here is my basestring :
POST&https%3A%2F%2Fapi.twitter.com%2Foauth%2Frequest_token&oauth_consumer_key%3D26oauth_nonce%3DDbWO0M%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1303129797%26oauth_token%3D%26oauth_version%3D1.0
The part i've sent in header field "Authorization" is :
oauth_consumer_key=&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1303130860&oauth_nonce=UX2kEA&oauth_signature=LizFO9xkre2Kv5A43Oj%2F%2FaY9Wck%3D
If someone can help me with this issue... i've checked every step with OAuth library examples and other tools on the web.
Definitely check out this answer to a similar issue. It may contain your solution:
Twitter OAuth, Error when trying to POST direct message
So it appears that Twitter's implementation of oauth does not need oauth_token to sign the basestring (as said in Twitter's API doc). Further more, you shouldn't write it in your basestring.
Authorization header field should be fill this way :
OAuth oauth_nonce="1Rek6K",oauth_callback="oob",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1303375383",oauth_consumer_key="<YOUR_CONSUMER_KEY",oauth_signature="fgb6sPPR2PHQD%2BinG2KvtvgOtXU%3D",oauth_version="1.0"
The mendatory oauth_callback sould be set as "oob" for desktop applications.
Related
I am trying to call the Text Translate API using the access_token URL param, NOT any HTTP headers, to overcome CORS issues.
I have a valid subscription.
Here's what I'm doing:
Get the access token as described here: https://docs.microsofttranslator.com/oauth-token.html
I can get the token just fine.
I'm calling the Text Translate API endpoint as described here: https://docs.microsofttranslator.com/text-translate.html
Notice the part that says "Pass the access token to the Translator service using the Authorization header or the access_token query parameter."
I'm using this endpoint URL structure: https://api.microsofttranslator.com/V2/Http.svc/Translate?to=ja&text=cat&access_token=[ACCESS_TOKEN_FROM_STEP_1]
What am I doing wrong? The access token works if I use the Authorization header, but I don't want to use that as it breaks CORS.
Immediately after posting this question I found the answer :|
The correct URL structure is this: https://api.microsofttranslator.com/V2/Http.svc/Translate?to=ja&text=cat&appid=Bearer [ACCESS_TOKEN_FROM_STEP_1]
Thanks, MS, for your confusing documentation :( Also, how is the content of the Authorization header an app ID??
Currently i am working on an App which will create groups in Office 365 programatically. I am wondering if this is possible using JavaScript. I also had another question regarding the Authentication and Authorization process. I am able to register the App and fetch the Authorization code. However when i try to fetch the Access token, it throws an error stating that it encountered a bad request. My Authorization URL is of the form:
https://login.microsoftonline.com/common/oauth2/v2.0/authorize?
client_id=<some_client_id>
&scope=openid+profile
&response_type=id_token
&redirect_uri=<some_redirect_url>
&nonce=123456789
And my access token request url is:
https://login.microsoftonline.com/common/oauth2/v2.0/token?
grant_type=authorization_code
&code=<Code_generated_in_above_request>
&redirect_uri=<some_redirect_url>
&resource=https%3A%2F%2Fgraph.microsoft.com%2F
&scope=openid+profile
&client_id=<some_client_id>
&client_secret=<Some_client_secret>
If anyone could help me regarding my doubts, then it would be greatly appreciated. Thanks.
Microsoft Graph from JavaScript
Using Microsoft Graph from JavaScript works. HTTP requests to the REST endpoints with a valid access token will work great. You might also want to check out KurveJS (github:MicrosoftDX/kurvejs) for a simple library (handles authentication and some graph operations).
Authentication
If you are attempting client-side implicit flow, you can pass 'response_type=id_token+token' and avoid the second call. This will return you an access token in the resulting payload.
If you are attempting server-side authentication, you should pass 'response_type=code' and then make the second call for the access token with the resulting code.
References:
v2.0 Protocols - SPAs using the implicit flow
v2.0 Protocols - OAuth 2.0 Authorization Code Flow
I need to make an http request to Twitters REST API and obtain statuses containing a certain word like "#javascript".
I looked at the docs and tried this request:
https://api.twitter.com/1.1/search/tweets.json?q=#javascript
But I got the error: "Bad Authentication data."
Can anyone tell me how to make this request correctly?
It appears that Twitter require an authentication token for you to use their search api. See this page https://dev.twitter.com/rest/public/search
Check this page for what you will need, and how to set it up
https://dev.twitter.com/oauth/overview
We are working on application, where my friend is working on server side (spring) and he created REST api, and I'm creating client with angularJS. REST and client webpage are on different domains, so I had to faced Same-origin policy - I handled this with php proxy and everything works fine. Until yesterday - now we had authentication service (spring-security) and I have no idea how to login into REST. I can login when I simple write service adress into browser, but I cant get response I need when calling from JS.
When I'm sending simple get request, in response I'm getting HTML code with login page. I putted <form> to login on my page (taken from response, so it's exacly the same as on '/login' page, I just added full action adress), but after send data I'm getting error page with this message:
HTTP Status 403 - Invalid CSRF Token 'blah-blah-many-numbers-and-letters' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'.
I'm not changing this CSRF token, so perhaps I don't know the proper way to handle this (now it's sending as paramaeter in POST from form - _csrf is hidden input with value attribute given by server).
So after this too long introduction, my question is: how to login into REST service (through spring-security) from angularJS controller? What is wrong in my way of doing this? (something has to be wrong, because it's not working ;)).
(Sorry for my english mistakes, I'm affraid there are many of them)
Angular have built-in support for CSRF but it use another name for CSRF Token.
If you already have CSRF Token repository in spring webservice, what have you to do is to change CSRF Token header name to XSRF-TOKEN.
You will find whole instruction how to solve your problem on https://spring.io/blog/2015/01/12/the-login-page-angular-js-and-spring-security-part-ii.
You can use Stateless authentication using server signed token i.e.JSON web token(JWT) for securing REST API's and using angularjs for client side implementation.
Please find the below link as reference for implementing the same:
http://blog.jdriven.com/2014/10/stateless-spring-security-part-1-stateless-csrf-protection/
Github:https://github.com/Robbert1/boot-stateless-auth
You need to have custom implementation of class AbstractAuthenticationProcessingFilter to avoid html response when you login into the Rest API.The blog and github reference will guide you in implementating the same.
by documentation (https://dev.twitter.com/docs/auth/application-only-auth) I need to implement an Ajax call to make an app only authentication. I've tried but twitter server respond me ever error 403 forbidden. Can anyone suggest me an Ajax implementation to do this?
Make manually an Ajax call to request an authentication for Twitter is a bit complicate because Twitter needs some parameters in the request header. Plus this parameters needs to be encoded.
To resolve this problem I've found a good library: codebird.js.
Below code to make an authentication and use all twitter api.:
var cb = new Codebird;
cb.setConsumerKey("Yourkey","Yoursecret");
cb.setToken("Access token", "Access token secret");
Yourkey,Yoursecret,Access token,Access token secret are your personal number you can get by your twitter app management.