I want to store the access token and refresh token in a database, so I need to know how big to make the fields.
eBay says about access tokens at https://developer.ebay.com/devzone/guides/features-guide/content/basics/Tokens-About.html:
It can be up to 2KB in length and is base 64 encoded
It can contain: a to z, A to Z, 0 to 9, asterisk, slash, plus ( * / +)
But actually, access tokens look like this:
v^1.1#i^1#f^0#r^0#p^3#I^3#t^H4sIAAAAAAAAAO[TRUNCATED FOR SECURITY]4fT+OfsMt2898RAAA=
There's a lot of characters at the start that don't match [A-Za-z0-9*/+], and an = at the end, although it looks like the middle does actually match that. So how long can it be, really?
And what about refresh tokens?
The authorization code is a maximum of 1024 characters in length.
Related
Basic question but couldn't find an answer to this.
There is fake API testing tool located here
https://jsonplaceholder.typicode.com/todos
When I add a query like this
https://jsonplaceholder.typicode.com/todos?userId=4
I get a response
When I change the query to this
https://jsonplaceholder.typicode.com/todos?userId<4
it returns null
How would I query in the url userId that is less than 4?
You need to encode the '<' sign as a special character with its hexadecimal code ('<' is 3c) so your query becomes:
https://jsonplaceholder.typicode.com/todos?userId%3c4
Any special character in a url can be coded as % followed by its two-digit hexadecimal code.
EDIT: After trying the URL with my change, I was able to get the '<' sign decoded as I mentioned above. However, it doesn't seem to provide the expected return (all user IDs less than 4). It returns more user IDs than this. Maybe need to check the API docs to make sure that 'userId<4' is a correct field definition.
I have a method. The language for this question unimportant, but here are the stubs in Java and Python so people have something to relate to:
Token getToken(long seconds){
...
}
def get_token(seconds):
...
The documentation for this method reads:
Get the current token, or a new one.
Guarantees that the returned token will be valid for at least the given amount of seconds.
Since I am not a native english speaker, the two things are puzzling me.
I would like to name the argument for my method something more saying than seconds, but it should not be too long.
I have considered the following (Python styled):
timeout_seconds
minimum_timeout_seconds
minimum_timeout
required_timeout
required_timeout_seconds
I don't think any of them are spot on, and the two of them are a bit long for my taste.
What do people prefer?
Is there a word that can express the purpose better than the ones I have used?
Secondly, the documentation for the argument reads:
The number of seconds there should at least be left until the current token expires.
If there is less than this number of seconds left until expiration, the token will be renewed automatically.
I don't feel the wording here is right. Any thoughts?
As you are dealing with tokens I'd Take the JSON Web Token (JWT) RFC as inspiration. Hence I would use
expires_in_seconds
as the variable name if keeping with Python styling.
The word "timeout" is more commonly used when an operation ceases to try to succeed in whatever it is trying to do, whereas "expires" indicates that the subject (in this case a token) is coming to the end of its period of validity.
As for the documentation I'd rather:
The number of seconds for which the token is valid.
However it does feel like the code you are using maybe trying to create it's own web token standard, which is something I would warn against! e.g. "If there is less than this number of seconds left until expiration, the token will be renewed automatically" seems odd.
I'm using the goo.gl link shortener API in my app to send urls to twitter along with a link. I've been allowing users to submit 119 characters, appending a space, and then the URL because I was under the impression that they were always 19 characters. This should leave me with one to spare.
Unfortunately I've been getting some "tweet is too long" errors and I can't seem to find any documentation about the possible range of goo.gl url lengths. Does anyone know what the max is or know where some reliable documentation on it is?
Twitter now automatically shortens all links by itself, using t.co. Don't do it by yourself.
Read: https://dev.twitter.com/docs/tco-link-wrapper/faq#How_do_I_calculate_if_a_Tweet_with_a_link_is_going_to_be_over_140_characters_or_not
If you are not using the opt-in features, only links shorter in length
than a t.co URL will be wrapped by t.co. All links t.co-length or
longer should be considered as t.co's maximum length. For example, if
help/configuration reports 20 characters as the maximum length, and a
user posts a link that is 125 characters long, it should be considered
as 20 characters long instead. If they post a link that is 18
characters long, it's still only 18 characters long.
At the moment short_url_length is equal 22 (https://api.twitter.com/1/help/configuration.json)
I am using Google Chart API in my Application and generating graph using URL "http://chart.apis.google.com"
I am getting error "The requested URL is too large to process", when I provide large set of parameters to this URL.
What I can do in this situation?
The Google Charts API FAQ offers this advice:
Is there a limit on the URL length for the Google Chart API? What is the maximum URL length?
The maximum length of a URL is not determined by the Google Chart API, but rather by web browser and web server considerations. The longest URL that Google accepts in a chart GET request is 2048 characters in length, after URL-encoding (e.g., | becomes %7C). For POST, this limit is 16K.
If URL length is a problem, here are a few suggestions for shortening your URL:
If you are using a text encoding data format, remove leading zeros from numbers, remove trailing zeros after decimal points, and round or truncate the numbers after decimal points.
If that does not shorten the URL enough, use simple (1 character) or extended (2 character) encoding.
Sample data less frequently; i.e., reduce granularity.
Remove accoutrements and decorations, such as colors, labels, and styles, from your chart.
also found this but there doesn't seem to be an answer/solution.
http://groups.google.com/group/google-chart-api/browse_thread/thread/b47c1588b39d98ce
In case it is a browser error - browsers have their maximum URL length limitations (IE 6/7 has 2,083 limit):
What is the maximum length of a URL in different browsers?
I'm getting HTTP 414 but my URL length is not an issue (it is 1881 characters), and I have tried both GET and POST. My guess is that Google will also return this error when the chart you are requesting is too "expensive" to generate.
A method that worked well for me was to divide all values by 10 or 20 and converting the results to int (no commas), but I kept the numbers on the axis. This way, it's a little less accurate but reduces the amount of characters used in the URL.
Code example:
$newSalesrank = $rank/20;
$rankdata .= intval($newSalesrank);
This solved my problem, I got no more "url too long" errors and it still looks good on my charts - because it still looked the same, the numbers just were simply scaled down.
How to encrypt a nsstring and store it in a file, and how to decrypt the same.
Please suggest me wat api's i shld use...
This is the function i used for encryptiong.
DES_cfb64_encrypt( ( unsigned char * ) pchInputData, ( unsigned char * ) pchOutCipher,
size, &schedule, &ParityKey, &no, DES_ENCRYPT );
I had to convert this to base64 so that i can store it in a file.
pstrResult = Base64encoding(size,( unsigned char * )pchOutCipher);
You can use gpgme
If you only need to support 10.5 or higher you can use the CommonCryptor API. The first comment to this post shows an example category for encrypting/decrypting NSData's:
http://iphonedevelopment.blogspot.com/2009/02/strong-encryption-for-cocoa-cocoa-touch.html
While not an API call, you could implement a simple XOR cipher. This is quick and simple to implement and depending on the characteristics of your string (i.e. if it is of fixed length) can be very secure. If you have a variable length string XOR encryption may not be secure enough depending on your needs. Have a look at the Wikipedia article.
If you are storing a password first decide whether or not you need to re-use the password or whether you just need to check that the user has entered the correct password.
If you just need to verify that the user has entered the correct password, then store the password using a hash, and compare the hash of the user input with the hash you have stored. If both hashes are equal, then the user has [probably] typed it correctly. See more information about hashes at Wikipedia.
If you need to re-use the password (i.e. for authenticating with other services, such as connecting to an Internet service), use Apple's Keychain service. If you are targeting the iPhone, then check out this related document.