Following Nordigen's Quickstart details here https://nordigen.com/en/account_information_documenation/integration/quickstart_guide/
where my VB.NET desktop calls the Nordigen API, to let my customers choose their account then login so I can retrieve transaction details. My chosen component for the various web requests is Chilkat using Chilkat.Rest objects.
Going well until Step 4.2. I open a browser window with the url provided to me from the API, go through the end-user authentication process but once that is complete I am struggling to return 'control' to my VB.NET application. My redirect uri is http://localhost but I simply get "localhost refused to connect". There's obviously something missing but I'm unsure what. Managed this before with the HMRC MTD API for oAuth where you provide a port on ListenPort and all magically works. No oAuth needed this time however.
Any help/pointers gratefully received
Related
I've been attempting to utilize the Yahoo API to connect to fantasy sports data. I don't have a web URL to connect to when I attempt to create an app, and everything I've read has mentioned that I should select "Installed Application" to avoid using a URL.
This option is not available to me.
Yahoo Developer Screenshot
On the official documentation this is what I see here
Yahoo Developer Documentation
Not sure if it makes a difference but I'm based out of Canada.
Thanks!
It's hard to find the documentation for it, but what you want is called oob (out of bounds, out of band). To get this to work, the steps are a little different (there is no such thing as installed application from what I'm aware of):
Add oob as one of the redirect uris
Make your normal request to the auth/login uri
This will give you a new page that provides you with a token. At this point, you need to manually use this token when you request the /auth/token uri
This last step just replaces the redirect to https://your-redirect.com/token and you will end up in the same position as before.
Now, you still shouldn't put your client_secret in your application if you plan on releasing it, but if you're using it internally or letting others provide their own secret then you should be good.
If you find the original documentation with the PHP source code, you can follow this flow.
I try to migrate from eBay Finding API to Browse API. My technical setting is quiet easy:
A Server searches the Browse API to find products by a keyword. Thats it.
Does anybody know if I need to implement OAuth, a redirection page for eBay-Users to log in etc.? I don't need all those features..
Thanks!
You can use the browse API with the client credential flow that mints the Application access token.
Application tokens are general-use tokens that give access to interfaces that return application data. For example, many GET requests require only an Application token for authorization.
See Documentation
The client credential flow does not require a User to Login via eBay and the redirect etc. However, you can only use the "GET" methods like getItem, getItemByLegacyId or search for example.
If you using NodeJs or Browser you can checkout the "Get Item" example here. (The library will get the Application access token automatically and return the result.)
I would like to develop a desktop application.
Sadly I got stuck at login. I want to use a web view which be SoundClound login end point.
https://soundcloud.com/connect?client_id=my_client_id&response_type=token_and_code&scope=non-expiring
Using the above I received error : "invalid_client: The configured redirect_uri of the client application is invalid."
Would be nice if API would tell you which parameters are required and which are optional. As I read about OAuth 2.0, redirect uri is optional. This caused me confusion when received this error. I also tried curl version, same kind of error.
If I tried to add a random redirect_uri won't pass either. (I'm aware this is about security.)
I found this answer, but I doesn't work and I think is error-prone: it requires 2 text fields and you're asking the user to provide their credentials (then you're able to do what you want with them...)
Soundcloud API authentication without a web browser
I would like to do the flow this way:
Open a web view with SoundCloud login end point.
User is providing his credentials to SoundCloud Server.
SoundCloud Server is sending me a token.
Something similar to OAuth 1.0.
Is possible or is there something similar to achieve my goal?
After another few hours of research and keep trying to login I figured it out.
It works with redirect_uri after I did the setup for it on page "Your apps" on SoundCloud.
I've been reading lots of documentation about Google API access and OAuth flow using it but I don't seem to get it working in my mind, so I want to get some help first in order to have a clear idea about how it works then I can code it using the corresponding API.
What I want to achieve is feed a Java application running in a PC with specific Google user data, like localization through Google Latitude API. In order to get this, OAuth must be used, so I need getting the user consent, then access the user data from the application running in my computer, and I don't know how to manage this.
I've already registered my application with the Google APIs Console and enabled the Google Latitude module. I've also tried the Latitude console application here and it works properly (a browser tab opened asking for a Google user; I entered it and I got the location data), but I'm having problems when trying to adapt the program flow to my needs.
In my application, the 'remote' user is supposed to send a request (a custom JSON message) to the server asking for service enable/disable, like allowing the server to track his/her position through Latitude. Then, AFAIK, the server should send to the user a URL so the user can give the consent, but I don't know how to get this URL and how the server realizes about this consent and gets the token (automatically? Google tracks this authorization process?). Once my server gets the specific user token, then I should be ready to get service data for that user using the received token.
As I said before, I've tried according to different references, but as the documentation seems to be really scattered and much of it is already deprecated, I've been unable to get it working.
Judging from your description, the installed app OAuth2 flow seems to be the right one for you.
At some point, presumably when a user is installing your desktop app, you should fire up a browser - either embedded one in your app or the default browser - and sent them to this Google OAuth2 endpoint. In your request, fill out all the parameters as required by the doc: Latitude API scope, client_id, etc. Google, as an authorization server, will take care of user authentication, session selection, and user consent. If the user grants access to her data to your API, you will receive an authorization code either in the title of the browser window or at a localhost port.
Once you have the code, you can exchange it for an access token and a refresh token. The access token is what you need to call the API and access the user's data. It is short lived though - check the expired_in parameter in the response, I believe it is 3600 sec. - so you will need to periodically ping the token endpoint with your long lived refresh token and exchange it for an access token.
You can find a more thoroough description of this flow in the doc linked above.
This is probably a related question, except it's in Android: How to check WiFi is pass through web page login?
Anyway, my issue is that I need to detect whether the user on my WP7 app is connecting to an access point that requires web authentication. The access point would not provide any Internet connectivity if the user has not authenticated himself.
Is there any way I can detect such a situation? Or perhaps redirecting the user to the access point's authentication webpage before proceeding with the app flow would be nice too!
I'm currently using WCF Data Services btw.
Easy: just make a WebRequest for a url that you know that always return the HTTP response code 200 (the OK code) and if it returns any 30x that will be the router redirecting you elsewhere!
Example: requesting http://www.whatismyip.org/ should return HTTP response code 200!
There is currently no way to detect this.
What I did was to make a HttpWebRequest to the service, and see if it starts off with xmlns using the .Contains() method. If the call is redirected to the WiFi hotspot, then it will return a HTTP response, which is inherently different in nature.
I know this might not be the best of solutions, but it works for me to simply test reachability.