I try to use Invidious API with authenticated route. For this, i've generated new token with this URL : https://invidio.us/authorize_token?scopes=GET:preferences.
The response is like this : {"session":"v1:XXXXX","scopes":["GET:preferences"],"signature":"XXXX"}
But, the token generated (session) don't work. I try with simple GET on preferences route, and i've an error Request must be authenticated :(
Anyone have already use their API and work with auth route ?
Thank you !
I've actually been struggling with this the past week, and I even deployed a self hosted instance because I thought that would fix it... I was wrong of course.
Here's how the Authentication header should look like:
Authentication: {"session":"v1:XXXXX","scopes":["GET:preferences/*"],"signature":"XXXX"}
The full token is the json that is provided.
The scope needs to include a * or a specific identifier for example in the case of playlists as mentioned in the examples here . So your authorize_token request should look like:
https://invidio.us/authorize_token?scopes=GET:preferences*
or
https://invidio.us/authorize_token?scopes=GET:preferences/*.
If you want all scopes that would be :*. Make sure not to forget the colon.
Related
I made a node application based on storefront API of shopify. However there are rate limit per ip address imposed. Due to this I can execute certain Graphql queries a set amount of time. For example, password reset only works 2 times and after that it show Limit Exceeded error, after which I need to wait for 60 seconds.
The issue is I have deployed application as lambda function and the IP will always be the same. I found the solution on storefront API stating I need to use delegate token and user IP to as header while sending the request. But I did not quite understand.
Can someone please help me how should I use delegate token in my node application, so that the whenever a request is sent it uses the client browser IP instead of the AWS server!
Ok, believe I figured it out.
First thing you to do is create a delegate token using this endpoint (POST).
https://{{shopify_store_name}}.myshopify.com/admin/access_tokens/delegate.json
Your POST should look something like this:
{
"delegate_access_scope": ["unauthenticated_write_checkouts"]
}
I suggest you go into your shopify store front API and view which permissions the storefront API has and use something similar. Note that your admin API needs to at least have those permissions to grant them.
Also note that the customerRecover needs the "unauthenticated_write_checkouts" permission to be called.
After you created that token (And this was the problem I had) REMOVE the X-Shopify-Storefront-Access-Token from your header, and REPLACE it with Shopify-Storefront-Private-Token
Remove:
X-Shopify-Storefront-Access-Token : {{{Storefront Token}}}
and Replace with:
Shopify-Storefront-Private-Token : {{{Your delegate token}}}
You will also need to forward your customers API address in the header by grabbing it out of the context and putting into the header as well
Shopify-Storefront-Buyer-IP' : this.sourceIp
After I did this, I noticed my rate limiting on forgot password was IP based on the client hitting it and not the servers IP being throttled.
Hope this helps!
I'm using Ember.js in conjunction with Ember-Auth. While uploading files via Jquery-File-Upload, I need to send the authenticity token through the headers. I'm approaching this like so:
didInsertElement: ->
$('#image_upload').fileupload
headers:
'X-CSRF-Token': Whistlr.Auth.authToken
Unfortunately, Whistlr.Auth.authToken is undefined. I'm not even sure this is where Ember-Auth stores the auth token, though it seems like a likely candidate. Similarly, other attributes are undefined, such as user and userId. Aside from this, Ember-Auth seems to work fine, and it sends the auth token with every request. It's only when trying to manually retrieve it that I have this problem. Any advice as to what's happening?
I don't know Ember-Auth, but to access properties in objects.
You have to use the get method.
Whistlr.Auth.get('authToken')
I hope it helps.
I’ve a Flickr which I’m using to upload pictures from my phone and all images are public. On my blog I want to retrieve all the images to show and for that I’ve first tried to create an application to get my API key. I’m using the Flickr API flickr.people.getPublicPhotos. This API service is said to not require authentication and putting it all together I end up with this call:
http://api.flickr.com/services/rest/?method=flickr.people.getPublicPhotos&api_key=fc94274cd0335f3c171fe22c8490b7d9&user_id=5545356%40N04&extras=description%2Cdate_upload%2Cdate_taken%2Cowner_name%2Coriginal_format%2Ctags%2C+o_dims%2C+views%2C+media%2C+path_alias%2C+url_sq%2C+url_t%2C+url_s%2C+url_q%2C+url_m%2C+url_n%2C+url_z%2C+url_c%2C+url_l%2C+url_o&per_page=40&format=php_serial&api_sig=0c48e2b6b6d9a03521e5ca86a15cf471
The problem is that every around 10 hours I fails and returns the error message a:3:{s:4:"stat";s:4:"fail";s:4:"code";i:100;s:7:"message";s:31:"Invalid API Key (Key not found)";}
I tried to create the API call when logged in to Flickr and also with not logging in and in both cases I get the error message. It’s like the API key expires or stops working. Have a missed something on Flickr about the API key or what could cause this? It is really frustrating to renew the URL twice at day.
Thank you
Sincere
- Mestika
If I read the docs correctly, the &api_sig query string parameter is constructed using an authentication token, one that eventually expires. Remove that parameter (= do not sign your API request) and I think you'll be OK.
Mestika's comment seems correct. I was getting the same problem when using the API explorer. If you use your accounts API, or go in and create a new app, then use the API given for that, then the key doesn't change every few hours.
The url to request a key is:
http://www.flickr.com/services/apps/create/apply
I got the same problem.
This is how i solved it:
removed the auth_token and the api_sig parameters
replaced the api_key value with an app key
Hope this helps.
i met this issue before. with new api key, only accept https request.
Let's change your url to: https://api.flickr.com/services/rest/?method=flickr.people.getPublicPhotos&api_key.....
I am sure it will be work right know.
thanks
maybe I am not understanding the OAuth flow correctly, but this is what I want to be able to do: I have a service that will issue request to Trello's API, so, in order to perform some of the requests, I need to have a access token.
Is this even possible? I know that you can do this with other services, like Twitter, but I don't know if I can do this against Trello.
I am using NodeJS with a library called oauth to do this, and my flow looks like this: I created a new OAuth object, call getOAuthRequestToken and then I call getOAuthAccessToken in the callback, and is there where I get an 500 error saying that the oauth_verifier is missing.
Here the piece of code I am talking about:
var OAuth = require('oauth').OAuth,
oauth = new OAuth('https://trello.com/1/OAuthGetRequestToken?key=' + config.key,
'https://trello.com/1/OAuthGetAccessToken',
config.key,
config.secret,
'1.0',
null,
'PLAINTEXT');
oauth.getOAuthRequestToken(function(error, oauth_token, oauth_secret, results){
//Here I have some error handling code
oauth.getOAuthAccessToken(oauth_token, oauth_secret,
function(error, oauth_access_token, oauth_access_token_secret, access_results){
//Here I would be storing the access token for later, etc.
}
});
So, obviously, I am not passing the oauth_verifier parameter to the getOAuthAccessToken method (I checked in the code and that function is expecting the verifier as third parameter), but I am not doing it because I do not have it: the results object is empty and I do not know how to get it programmatically.
Another thing to notice is that I am passing the key parameter in the request token url and using plaintext as signature because I just thought that would be the right thing to do (I haven't see any reference in the documentation about what kind of signature to use or if I need to pass the key as a parameter).
Am I doing things really wrong? Am I in the correct track? what am I missing?
As always, thanks in advance! =)
Trello docs don't say much about oAuth.
I'd speculate that the issue would be that Trello is oAuth 2.0 (used by Facebook, Google) and you're using the oAuth 1.0 scheme (used by Twitter, Tumblr).
For what it's worth, the node-oauth library has an oAuth2 implementation in its lib directory you can include via require in node.js.
The logic looks circular to me(although I know I'm missing something)
I want to use this:
https://dev.twitter.com/docs/auth/pin-based-authorization
But in order to make the url to send the user to get the pin you need an "oauth_token" :
https://dev.twitter.com/docs/api/1/get/oauth/authorize
But to get the "oauth_token" you need a:
https://dev.twitter.com/docs/api/1/post/oauth/request_token
But that at the bottom shows it needs an "oauth_signature"
Well, an "oauth_signature" requires an "oauth_token"
( https://dev.twitter.com/docs/auth/creating-signature ) which you don't have, making impossible to get an "oauth_token" because you need one to get one.
What am I missing here? I mainly just want to find out how to get that initial url for the PIN-based authorization, so I need that first "oauth_token" somehow.
There are two different types of oauth tokens - let's call them request tokens and normal tokens. Request tokens are used for the authentication, then once the authentication is done you get normal oauth tokens.
Calling oauth/request_token will generate a request token for you, which is a temporary token used for the actual authentication. Once that's done you have the normal tokens.
set the callback URL both https://apps.twitter.com/ and in your code
. It is working for Me.
oauthCallback:#"myapp://twitter_access_tokens/"