When i mentioned scope read_all_orders . I faced the following error while installation
Oauth error missing_shopify_permission: read_all_orders
Without read_all_orders scope App install perfectly.
I dont know what happens exactly i am trying both new created store and 2 month old store
My scopes :- 'read_products', 'read_orders', 'read_customers', 'write_orders', 'read_price_rules', 'write_price_rules', 'read_all_orders'
As per Shopify documentation
read_all_orders
Grants access to all orders rather than the default window of 60 days
worth of orders. This OAuth scope is used in conjunction with
read_orders, or write_orders. You need to request this scope from your
Partner Dashboard before adding it to your app.
To do so
read_all_orders access:
From your app's overview page, click App setup.
In the Orders section, click Request access to all orders.
Provide a description about why you are applying for access.
Click Request access.
Related
I've successfully connected to the Xero API using the official SDK.
I'm trying to add a Scope for WorkflowMax but I get the following error:
Sorry! APPNAME has requested an invalid combination of scopes.
Please ensure that all scopes requested relate to a single type of
tenant.
I have 2 organisations in my account and WorkflowMax is only active on one of them.
The documentation here doesn't seem to have an option for specifying which Tenant ID or Organisation the app should apply to.
I assume that if I only had one organisation, adding the scope workflowmax wouldn't cause any issues but because this add-on is only active in one organisation I can't get my app to authorize with the additional scope so I am stuck and hoping someone else has found a solution as I can't find anything here or in the Xero Developer Community.
I wrote an app script which provides a web UI for data entry into a team calendar. I published it using G-Suite super admin account and added it as Trusted App under Security/API Permissions. "Trust domain owned apps" is checked under "Internal App Settings".
When a G-Suite user in our organization tries to access the app, he sees
"The developer of ShiftSchedulingApp, admin#_our_organization_.org, needs your permission to access your data on Google."
Those brave enough to click "Review Permissions" are taken to the next message:
"ShiftSchedulingApp wants to access your Google Account. See, edit, share, and permanently delete all the calendars you can access using Google Calendar"
Of course nobody wants to risk losing all the calendars on their Google Account and this is where it ends.
How do I get rid of this misleading message? It's not Google account, it's their organization account on G-Suite. It's not all their calendars, it's the shared team calendar only. It's adding data, not permanently deleting calendars. It's published by their administrator in their G-Suite, not an unknown 3rd party.
I spent days trying to make this message go away but no luck. App must be executed as an accessing user and not as publishing user because their user ID determines what shifts they can fill on a calendar.
I'd appreciate any hints pointing me the right direction.
I experimented with variations of the two-app approach as suggested.
The app which provides the UI needs to read the calendar to display available shifts - so I can't get away from the user authorization prompt.
Another variation I tried was having one app do everything and run as me, and another do nothing but return Session.getActiveUser(). I tried calling the 2nd one from the 1st one on the client side via XMLHttpRequest. It would be ideal for my needs - but I hit CORS error as apps URL is script.google.com but it actually gets redirected to script.googleusercontent.com. There doesn't seem to be a way to set CORS in Google App Script.
Although I was not able to find a way to avoid prompting users for authorization when executing the app as accessing user, it turns out my reasons for doing that were based on a false premise.
I chose to publish app as accessing user because I thought that's the only way to get accessing user Id - which is true for non-G Suite accounts.
However, when app is published by a G Suite account, the app can get accessing user ids within the same G Suite domain even when it's set to execute as publishing user.
Thanks Niek and TheMaster for your help!
If you just need user ID, why do you ask for all those permissions?
Possible Solutions:
2 web-apps- One running as you and another as user accessing (with only profile) permission. The second one will be the actual web interface and POST necessary information to the first one with privileges. OR
Implement your own web-app Google-sign in1
Use the least permissive2 scope3
My app is an approved hidden app in BigCommerce that has all of the scopes selected in the MyApp Technical page. Unfortunately, when I try to oAuth into a user, the following scope 'store_v2_transactions_read_only' returns an 'invalid scope' message. If I take that scope out, the other scopes (for read_only orders, customers, etc.) work fine and I can successfully connect an account using Oauth with my app.
The scope 'store_v2_transactions_read_only' is found in the documentation in the list of scopes here: https://developer.bigcommerce.com/api/#oauth-scopes96. But making the request to connect an account using that scope returns 'invalid_scope' and I can't access user transaction data. Again, all other scopes work, and I have them all selected in the app technical page in the developer portal.
Working in node and using axios to get the token with the oauth code. This list of scopes works:
scope: 'store_v2_customers_read_only store_v2_information_read_only store_v2_orders_read_only store_v2_products_read_only'
The moment I add store_v2_transactions_read_only it returns 'invalid scope', even thought that is the string stated in the docs. It is the same error that shows if I misspell any of the scopes.
Make sure that you're passing in the context in your query string. At the time of writing the API will send back an Invalid scope(s). error seemingly only when you request store_v2_transactions_read_only without this query param. Other scopes seem to work fine, as you've noticed, if this param is not sent.
Can't comment, because I don't have 50 karma, but adding the context to the POST call in postman from the correct answer fixed this issue for me. I had been dealing with it for some time and there isn't a lot of documentation on the BigCommerce side in other forum posts.
I am using the x-www-form-urlencoded params with:
KEY: context
VALUE: stores/abcdefg
The abcdefg is the actual store number/id in the exact format it came in from the callback.
So I am updating an older desktop app (written in VB, .net 4.0) with facebook integration and followed the guide found here, and have been able to successfully get a token (by parsing the uri of the embedded webview if it contains "token="). Now my problem is if I try to login with a facebook account that has already approved the app in a prior session, the webview just gets redirected to https://www.facebook.com/connect/login_success.html without any token information.
Do I HAVE to log all of the tokens I generate manually (ie on successful token generation, I can call their profile info, use their FB ID as key and save the token)? Even if I do, since the email and password is input directly into the facebook login window, how do I check if the user already has a token?
Thanks in advance
The access token can change any time, you need to get it everytime. After getting the token, I immediately get the user information https://graph.facebook.com/me?access_token=??? and use that ID to find their database information.
I couldn't quickly find facebook information but on google's oauth information it says "The access token is also associated with a limited scope that define the kind of data the your client application has access to (for example "Manage your tasks"). An important goal for OAuth 2.0 is to provide secure and convenient access to the protected data, while minimizing the potential impact if an access token is stolen."
https://code.google.com/p/google-api-php-client/wiki/OAuth2
Ok so I finally figured it out myself. My mistake was apparently requesting the access_token directly (ie https://www.facebook.com/dialog/oauth?response_type=token...) to try and save time.
I fixed it by making a request for a 'code' instead (ie https://www.facebook.com/dialog/oauth?response_type=code), which I then use to make a second request to retrieve an access token as documented here: https://developers.facebook.com/docs/facebook-login/login-flow-for-web-no-jssdk/, "Exchanging code for an access token" section a bit lower on the page.
Hope this helps someone in the future, this was very frustrating on my part.
Regards,
Prince
I am quite new in Facebook application development. I was playing the all day with "how to post a message on the wall of a page?". I finally succeeded but each message got "via Graph API Explorer". I tried to find how to change it to my application name without success. I tried to see if I could force the value of application in the api command but it did not take it into account. Maybe I miss something :( If someone can help, that would be great!
I am still quite confused. Let me try to explain what I want to do: I would like to automatically publish on a page (as the page) some event that are defined on a website (in a kind of agenda). What I miss, I think, is how everything is working together on Facebook side:
1. the login process: as the application will run in a cron, this should not display a login dialog box.
2. the access token: application or page one?
3. the permissions: from my understanding, I need manage_pages (and publish_stream) but not clear how this should be set.
Thx for any clarification and maybe a clear example :o)
You need the user to authorise your own App using one of the Login flows and grant you one of the publishing Permissions -
If it says 'via Graph API Explorer' on the posts your app makes you're using the access token you retrieved when you were testing the API using the Graph API Explorer tool, not one produced by your own app
OK I think I have finally found the way to do it. I needed a page access code and not an application access code. The token must be generated outside the application as a long live one.
Get a code using:
https://www.facebook.com/dialog/oauth?client_id={app_id}&redirect_uri={my_url}&scope=manage_pages,publish_stream
app_id is your application ID
my_url is your application URL
scope is the permission you want to be granted
In the redirected URL, you will have a code parameter. Copy it.
Generate the user access code using:
https://graph.facebook.com/oauth/access_token?client_id={app_id}&redirect_uri={my_url}&client_secret={app_secret}&code={code}
app_secret is your application secret key
code is the code from step 1
You will get as output the user access token. This one is a short live one.
convert the short live to a long live user access token using:
https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id={app_id}&client_secret={app_secret}&fb_exchange_token={short live access token}
Replace the "short live access token" by the one you got on step 2
You will get as output the infinite user access token.
Get the page access token (this one will be infinite access token as
the user access token is now an infinite access token too):
https://graph.facebook.com/me/accounts?access_token={infinite user access token}
Replace the "infinite user access token" with the value you got on step 3.
This command will list all the pages you administer. The output contains the page access token you need in field "access_token". You can so use this token in any API command in your application.
The best of the best is to do all those steps via a server side program (PHP for me) as the application secret key should remain "secret".