I am trying to build a static web page using pure HTML CSS and JavaScript with the ability to download a file from OneDrive.
On button click event, a JavaScript function should access OneDrive and download Excel file for display on the browser without any user interactions or authentication.
As you know, making an AJAX call to the direct download link of the OneDrive file that looks something like this: "https://onedrive.live.com/download?cid=32...&resid=32...&authkey=AD..." throws Access to download link has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. I tried Using the OneDrive API in JavaScript apps (CORS support) example but that did not work.
I came across HOW TO — Get an Access Token for Microsoft Graph API using Node.JS. I followed the example and I was able to get the Access Token for authentication but this was only possible using Node.JS. I have searched the internet and almost all the example codes online use Node.JS to authenticate Microsoft Graph API.
https://github.com/microsoftgraph/msgraph-sdk-javascript/tree/dev/samples/browser
https://github.com/AzureAD/microsoft-authentication-library-for-js/tree/dev/samples/msal-browser-samples/VanillaJSTestApp2.0
While others required user interaction for authentication which is not what I want.
See: https://gist.github.com/psignoret/50e88652ae5cb6cc157c09857e3ba87f
My question is, using vanilla JavaScript (Not Node.JS), how can I
Log in to Microsoft Work, Office, or Personal Account.
Get the Access Token
Use the token and call Microsoft Graph to download a file from OneDrive
Without any user interaction/authentication?
Related
Is it possible to access 'getBasicProfile' details as in earlier version of platform library without token [Like simple AUTHENTICATION], where i am having my own authserver which will generate token in our own system based on user details from 'getBasicProfile' method. Note that we not using JS and we rely on HTML API, so we would need an HTML API without redirect. Please help if any solution is available
I am trying to load a csv file in the Cumulocity -> Administration - > Management - > File Repository. My objective is to access the file contents in the HTML widget and show the data in tabular or chart format.
I tried using the fetch() method to use csv file url , but it was not able to fetch the file. The file I believe has been locally stored into the Cumulocity platform now. How can I access the file via fetch().
You are trying to abuse the HTML widget for something it wasn't designed for.
Instead of hacking such logic into the HTML widget you should just extend the Cockpit application with your own widget which is honestly not much more difficult using the WebSDK. https://cumulocity.com/guides/web/introduction/
There is a XSRF protection to prevent exactly what you are currently trying: Bringing in custom javascript code into the live application and trying to access the platform API by "hijacking" the cookies of the logged in user (and you would either need the cookies or hardcode some credentials as you cannot access the API unauthenticated).
If you use the SDK there is even a proper Angular service in order to fetch the file for the API.
I am trying to download (backup) images that customers upload for products that take custom logos (these are typically JPG, PNG, PDF, etc.) These customer files are downloadable by clicking on a hyperlink in the BigCommerce admin page for the order in question. The link is not a link to the image path but instead, a link to a service that sends the file to the browser. In other words, you have to be authenticated into the admin site to download the file. The URL looks like this:
https://mystore.com/internalapi/v1/orders/383945/products/251438/attributes/561518/download
https://mystore.com/internalapi/v1/orders/{order id}/products/{lineItem id}/attributes/{option id}/download
These are easily constructed in the API itself for a given order. If I use the link in a browser tab while I'm logged into the admin site, the file downloads.
But what I am trying to write an app to automatically download all the files (there are thousands). When I try to use this URL in an app, I get a authentication error. I tried at first using my regular API credentials but then used the credentials to log into the admin site. Both give me an authentication error.
I could not find anything documented on this so-called "internalapi." Anyone ever try to use this "internal" API that is used by the admin site?
I believe authentication is cookie based for that internal API, but there could be problems with using our non-publicly documented internal APIs in production, i.e. we may make future updates that would be breaking changes.
Images attached to orders through a file upload option also get copied to WebDAV, in the dav/product_images/configured_products folder. Another way to do this could be to use a WebDAV client library like easywebdav to connect and download the files.
I want to use an external software Alteryx to access the api so I can crawl some JSON data. When I call https://www.yammer.com/api/v1/messages.json, it keeps on popping "HTTP/1.1 403 Forbbiden".
I guess there is something wrong with the authentication. Does anybody know how to embed the credentials in the URL? Or is there any other ways to authenticate so an external software can access?
I can do it perfectly with normal browser after logged in.
Thanks
Yammer's Rest API for retrieving data implements OAUTH 2.0. This is because any application trying to access the data is making the request as an "App" which will then have access to a user's specific data.
Yammer's OAUTH flow is decribed here: https://developer.yammer.com/docs/oauth-2
I do not yet know of an easy way to implement the authentication using anything other than development within a browser for this process.
You may be better off exporting the json messages to a file and then importing into your external software.
I'm using Java with Google Plus API. I'm using OAuth 2.0. When a user is authenticated, an access code is returned in a browser. Now, given that the code must accompany a call to the Google Plus API, I currently have to manually copy the code and use it in making calls to the Google Plus API. What I wish to do, however, is to programmatically retrieve this code; eliminate the manual copying.
Any assistance will be highly appreciated. Thanks in advance.
It sounds like you're writing a command line or some other non-web application that uses the Google+ API. This throws a little bit of a wrench into the token delivery via HTTP redirect. Without the redirect there's no way for the OAuth web pages to communicate with your code and hence you must copy and paste it.
There is one work around that seems to work pretty well. You can set up a local web server, such as an embedded Jetty, and complete the OAuth flow by redirecting the user back to their locally running web server.
You can see an example of this implemented in oacurl which is hosted here: http://code.google.com/p/oacurl/