I develop my own backend while trying to implement TradingView's Save and Load Low-Level API, I could not find the way to add my Bearer Token into the LIST CHARTS (charts_storage_url/charts_storage_api_version/charts?client=client_id&user=user_id) or SAVE CHART (charts_storage_url/charts_storage_api_version/charts?client=client_id&user=user_id) request to do authorization on server.
Here is the flow: User logged in -> user draw something on the tradingview chart -> user clicks Save -> post request include Bearer token to authorize on Back End server.
Below is ajax call in trading view chart library
How do you send my Bearer Token in save and load request from the TradingView widget in an ReactJs Frontend?
I tried to find the widget config or the way to override ajax call in library?
Related
I am trying to fetch superset dashboard data over API.
First I am logging into the superset over the API api/v1/security/login, passing the parameters,
`{
"username":"Superset_USERNAME",
"password":"Superset_PASSWORD",
"provider":"db"
}.
I get the access token as the response.
Have used the access token as a bearer token in the request to fetch dashboards from the superset. Dashboard request route api/v1/dashboard/{id}
But I am getting a forbidden response.
Response from superset
I have enabled dashboard RBAC feature flag in "DASHBOARD_RBAC": True, in the superset_config file.
If I disable the Dashboard_rbac or add a public role in the dashboard, I get the API response, and no auth is required, and that leads to a security issue.
Is there any way to fetch the dashboards over API without adding the public role to the dashboard or not disabling the dashboard_RBAC
UIB Sandbox Access request.
The webhook URL will be receiving a webhook payload as an input.
Get the web hook URL from the application you want to send data
use that URL in webhook section of the application you want to receive data from
choose type of events you want to application to notify you about
The goal is to be able to login in mobile app(react native) with:
in app username and password
"Login with LinkedId" feature.
I've researched a lot on this topic, and read the Kévin Chalet's(#Pinpoint) blog series and also cloned the sampels from: https://github.com/openiddict/openiddict-samples
I've created test server app:https://github.com/Jamaxack/OpenIdConnectAuthLinkedIn
I'm able to test the authorization to LinkedIn with https://oidcdebugger.com but now, I'm confused. Without https://oidcdebugger.com how can I test the LinkedIn authorization? for example with Postman? For my case what Auth flow should I use?
options.AllowImplicitFlow()
.AllowPasswordFlow()
.AllowAuthorizationCodeFlow()
.AllowRefreshTokenFlow();
Thanks in advance.
You can use Authorization Code Flow to login using Linkedin and request permission from the member .
If using Postman , you can try below steps :
Add a new request , click the Authorization , choose OAuth 2.0 as TYPE , and set Add authorization data to to Request Headers . If you want to inspect the authorization headers and parameters that Postman generates, click the Preview Request button.
Click the Get New Access Token button . Input the correct callback url, auth url, token url , client id, client secret and scopes , callback url should match the one register in linkedin application portal .
Now you should now see a screen prompting you to login to your LinkedIn account. After click Allow in Application Authorization Confirmation page , you will get token in Postman .
Making a Get request to api https://api.linkedin.com/v2/me with token as authorization bearer token header , and you will get the correct response from linkedin API endpoint .
I want to make the glassware, it can take picture and upload taken picture to Google Plus with location information, insert a new card into timeline.
For the uploading the picture to Google Plus with native code by the the glassware, it need to use oAuth flow with GDK. So, that means our server should have to get "userToken" parameter by redirected callback URL according to the guideline of the authorization with GDK.
I also have to pass the flow of the authorization with Mirror API for getting the location information, inserting a new card into timeline. It means our server should have to get "code" parameter by redirected callback URL according to the Mirror API guideline.
However, when i submit the glassware on glassware's submit web page, i can just insert 1 Client ID into "Client ID" form.
According to the glassware guide line, the GDK have to insert the Client ID of Service and the Mirror API have to insert the Client ID of Web Application.
What i have to insert the Client ID into the submit web page ??
How can pass the authorization flow both the GDK and Mirror API ??
If you want to use both GDK auth and the Mirror API to insert items in the timeline, this is the steps that need to happen:
Create one single API Project in the APIs Console and enable the Mirror API --> seems that you've already done that.
Create client IDs:
Create a "Client ID for Web Application": this is the one you are going to use when inserting items in the timeline through the Mirror API
Create a "Client ID for Service Account": this is the one you are going to use when calling the GDK authentications APIs.
Give the API Project ID to the review team: this is the set of numbers that is in the URL (e.g https://console.developers.google.com/project/<PROJECT_ID>/...).
Give an auth URL to the review team: this should be a URL that points to your web server so you can retrieve the ?userToken query parameter for GDK authentication.
When the user clicks on "Install" in MyGlass and is redirected to your auth URL:
Retrieve and save the ?userToken query parameter.
Redirect the user to the OAuth 2.0 authorization URL (you could use the ?state query parameter to pass along the ?userToken query parameter for later use).
Once the user has approved the scopes and is redirected to your redirect URL, exchange the authorization code for OAuth 2.0 tokens (eventually retrieving the userToken in the ?state query parameter if you've used it in step #2).
Push whatever tokens you need through the GDK authentication API using the saved userToken.
I want to extend HandleErrorAttribute to globally handle a custom error type in my project. This what I was envisioning
Page user makes a request to pull a report from the site
The site (mvc project) needs to talk to a web api using an auth token
The api returns 401 with a body that contains an app code indicated it was because the token has expired
The site sees this and throws a TokenRefreshException
The site handles this globally by retrieving the refresh token from the session and using it to update the user's tokens, save it back to the session and then reattempt the action.
If it isn't able to refresh the token, it kills the session and redirects the user to the login page.
Is this possible and how do I implement this logic without creating an infinite loop (I'm not sure how to keep count)?