I use rest api
GET https://api.onedrive.com/v1.0/drive/root/view.delta?token=*****
to get OneDrive files changes and use #delta.token to get next paging files(token).
My OneDrive account contain files about 100 GB(about 18000 file).
When listing changes from OneDrive it working as expected until the access token expired.
When i get new access token and continue to get changes for next request the next request provides empty value that mean there is no files remaining.
But when request again after a while with same last request (that return empty value) the response will get list files and continue as expected.
I need a solution or documentation about this issue or work around
(maybe is related to request limitation from OneDrive but there is no documentation about it).
Related
Continuation token is not coming while browsing below API for azure DevOps to get the project related information. It is showing data for initial 500 users only... To browse the next page, no continuation token is available. Though it is coming in Postman.... I am solving the problem using python code.... So I need continuation token programitically:
https://vssps.dev.azure.com/{ORG}/_apis/graph/users?scopeDescriptor={project_descriptor}&api-version=6.0-preview.1
We keep playing this cat and mouse game with Robinhood.com. I have a trading app which used to trade stocks with Robinhood, but they keep changing the unsupported unofficial API to make it difficult for traders to use. I know that many people are doing the same thing and I want to reach out to them to see if there is a new answer. The latest problem is when I try to get a Bearer token using the URL https://api.robinhood.com/oauth2/token/ the API returns the following JSON: {"detail":"This version of Robinhood is no longer supported. Please update your app or use Robinhood for Web to log in to your account."}. This started happening on 4/26/2019.
Has anyone found a work around for this, yet, or have they finally beaten us into submission?
A more complete solution (not need browser):
Use requests.session.
Obtain the login page by making a GET request to "https://robinhood.com/login".
At this point the session's cookies will contain 'device_id'.
Obtain this device_id and use it in making the oauth2 token request to "https://api.robinhood.com/oauth2/token/" also add in the data request "challenge_type" (either "sms" or "email").
This request will fail with a 400 error code. Robinhood will send an SMS message or Email with a temporary (5 minute) code.
Also at this point use the 400 response's body to get "id" from "challenge" inside of the JSON object.
Confirm the challenge by making a POST request to "https://api.robinhood.com/challenge/CHALLENGEID/respond/" where CHALLENGEID is the same id mentioned in the first failed /oauth2/token/ POST request.
Make the same POST request to "https://api.robinhood.com/oauth2/token/" and include in the header "X-ROBINHOOD-CHALLENGE-RESPONSE-ID" with the value CHALLENGEID.
You can reuse a device_id with user/pass after this even after logging out.
Be cautious with storing device_id as it is the result of user/pass login and successful SMS/email 2FA.
Just got it working. At the risk of them seeing this post and changing it more, here we go:
First, you're going to want to log into your RH account in a web browser
View Source on the page, and look for clientId - it should be a big hex number separated by dashes
Add that number to your POST requests to /oauth2/token under the field device_token
There's probably another way to retrieve the device token, and I'm not even sure it's unique, but that way should work.
Good to be back here after a very long time.
Not sure if anyone is still looking for answers to this, but I have a very simple solution.
At Robinhood's login screen, enter your username/email and your password, press F12 on your keyboard to bring up the console panel and switch to the "Network" tab then wait for the page to load completely. (During this time you will see a list of items being loaded rapidly depending on the connection speed.)
At this time you can keep clearing the list by clicking on the button highlighted in the below image.
Click on button highlighted repeatedly until the list is empty
Now, log into your Robinhood account. At this point your console should display a list similar to the one shown below.
Look for the name "token/", most likely it will be the second one you get all the information you need. And this information will be under the Headers then Request Payload
I was able to find this with past knowledge and experience of web scraping for fun. And also, I needed to know this as well, since I recently started doing trades via Robinhood.
Hope this help you curious ones out there.
For my Robinhood account I am using Google Authenticator for my 2FA. What I have so far is that I send the original call that I was sending before to https://api.robinhood.com/oauth2/token/. This is giving me a response of:
{"mfa_required":true,"mfa_type":"app"}
I then repeat my oauth token request, but this time providing the value from Google Authenticator (so my GUI has to prompt me to fill it in) with this payload in the request to https://api.robinhood.com/oauth2/token/:
{"grant_type":"password","scope":"internal","client_id":"c82SH0WZOsabOXGP2sxqcj34FxkvfnWRZBKlBjFS","expires_in":86400,"device_token":"***","username":"***","password":"****","mfa_code":"***"}
and then I am getting an access token in reply
This question is has a lot in common to the previous question Google OAuth: can't get refresh token with authorization code (and I won't be offended if it's considered a duplicate) but there are some differences: that question uses the Javascript and PHP libraries, and I'm using neither of those. That question wants to know how to get a refresh token, and I want to know if I should want a refresh token, or how the mode with no refresh tokens is intended to work.
I'm following this guide:
https://developers.google.com/identity/protocols/OAuth2WebServer
The goal is to allow users to upload files from Google Drive to my web application.
I'm not using one of Google's favored programming languages, so I don't have a library abstracting away all the interaction with Google. I need to know what the HTTP requests should actually should look like.
One of the parameters in the authorization request is access_type. The description says
Set the value to offline if your application needs to refresh access tokens when the user is not present at the browser.
I won't need to do that (I'll only want to retrieve a file on my server immediately after the user selects it) so in the spirit of not asking for more privileges than you really need, I used access_type=online. This gives me an access token and no refresh token. I've successfully used the access token to make some requests to Google Drive.
The user comes back the next day and tries to upload another file. While processing this request from the user, I make a request to Google Drive. The access token is expired, so I get a 401. What's supposed to happen next?
My guess is I should pretend this is a completely new user and send them through the full authorization process again. That would mean I have to abort whatever the user was trying to do, redirect them to https://accounts.google.com/o/oauth2/auth with all the parameters (scope, client_id, etc.) and embed enough information in the state parameter that I can resume the original request when the user gets back from their detour.
This seems rather difficult (in particular the part about saving and resuming the state of my application at some arbitrary point). It's a big enough obstacle that it should be explained somewhere. But the description of the access_type parameter didn't say anything about needing to insert authorization redirects everywhere. It just said the user must be "present".
You are using the right implementation. You don't need offline access if you aren't going to make requests when the user is not using the application. The thing is that access tokens expire in 1 hour. So you need to generate new access tokens if a user leaves the application and come back later.
If users have authorized your application, calling this URL with your configuration should return a new valid access token:
https://accounts.google.com/o/oauth2/v2/auth?
scope=scopes&
include_granted_scopes=true&
state=state_parameter_passthrough_value&
redirect_uri=http://oauth2.example.com/callback&
response_type=token&
client_id=client_id
I'm a new user with SoapUI, but I feel like this process should be easy. I've read all of the documentation I can find on this matter but I can't seem to get around this.
The issue:
I am working on load testing a website for a customer, this will involve creating 1000 accounts and navigating through a course signup process. I've managed to create test cases that step through the creation process for a new user, upon creating the new user the website automatically does an OAuth2 process and redirects the user to their profile. The way this process flows is: account created > credentials sent to a token URI in the REQUEST > RESPONSE kicks back an access token > token is used to grab credentials and redirect user to profile.
I have successfully extracted the token as a variable and stored it to the local test case, however this is where I get stuck. The only way I am able to retrieve the user profile is by manually pasting the access token into the OAuth2 access token field in SoapUI, then running the test case. Since I have to do this with 1000 accounts, this is obviously not an effective method.
I've attempted to grab ElementIDs of the login page/user creation page using the automated access token script editor, but all of these fields are located in a separate .js script, therefore the ElementID doesn't exist in SoapUI.
Am I going about this wrong, or is there someway this can be done? I'm not looking for anyone to write my code, merely explain this process if I'm understanding it incorrectly.
I managed to bypass the OAuth2 Authentication method by creating a Groovy Script that grabs the "Set-Cookie" header from the token call then adds the cookie to each call afterwards.
This method appears to have solved the issue!
import com.eviware.soapui.support.types.StringToStringMap
def getcookie = context.testCase.testSteps["Token"].testRequest.response.responseHeaders["Set-Cookie"][0]
def headers = new StringToStringMap()
headers.put('Cookie', getcookie)
testRunner.testCase.getTestStepByName('Get User').testRequest.setRequestHeaders(headers)
I've an application that need to get list of groups for external network of Yammer. Until last time it's worked so:
/api/v1/oauth/tokens.json brought list of tokens\networks AND COOKIES: yamtrak_id=[id from yammer], _workfeed_session_id=[session id from yammer] during "Authorization Bearer [access_token]"
The permalink https://www.yammer.com/name_of_my_network/api/v1/groups.json with this cookies brought list of groups
Now, when I've signed up with Yammer and took new access token, then /api/v1/oauth/tokens.json respond without this cookies
But when I've used old access token, that was created since two months, /api/v1/oauth/tokens.json ** brings an answer with this cookies**
How to get list of groups without permalink or how to make "right" session that works with permalink?