I use the application android and get a token when making a request:
oauth2:server:client_id:xxxxxx.apps.googleusercontent.com:api_scope:profile email openid
After that I want to get information on this token on the web server.
I'm trying to use:
https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=xxx
But I do not get to get the data, how can I get it?
To get a real token, you need to correct the request for url:
https://www.googleapis.com/oauth2/v4/token
and pass parameters by the POST method:
grant_type=authorization_code&client_id=xxxx.apps.googleusercontent.com&client_secret=xxxx&code={code}
code - a token of the type previously obtained 4/xxxxx
Related
I'm working on building a powershell script to update user's profiles in Yammer. I need to be able to update users' subscriptions (followers) in their yammer profile and in order to do that, I need to get an auth token for that user (impersonation). According to Yammer's api documentation (https://developer.yammer.com/docs/impersonation), I need to be a verified admin (I am). I've registered my app with Yammer, I have a bearer token for my app which I'm passing in the auth header, and I'm passing in the consumer key and user_id for whom I want to impersonate in the api request query string. The api is responding with a 400 - Bad Request. The error message states that the request cannot be fulfilled due to bad syntax. I'm testing this using Postman. I am sending a GET request to the API as shown below. Obviously, I have actual values for the userId and consumerKey values. Does anything appear incorrect with this query and/or does anyone have any experience with this api that could possibly share some insight?
https://www.yammer.com/api/v1/oauth/tokens.json?user_id=userId&consumer_key=consumerKey
I am currently implementing a feature that you have the ability to save a song displayed on my iOS application (written with Swift) and this save button allows the song to be appended to the user's Spotify library. According to the Spotify Developer guide, the only scope required for this feature is user-library-modify when authorizing the app with the user. The url to be opened goes like this:
https://accounts.spotify.com/authorize/?client_id=my_client_id&response_type=code&scope=user-library-modify&redirect_uri=http://my_redirect_uri
This all works perfectly - the url is opened for the user to approve of the changes my app can make and the callback url with the required code is in the url is opened.
The next step in performing the required function is to get an exact token in order to use the api, which is done by calling the url:
https://accounts.spotify.com/api/token?grant_type=client_credentials&client_id=my_client_id&client_secret=my_client_secret&response_type=code&redirect_uri=http://my_redirect_uri&code=the_code_I_just_retrieved
With this url, a json file is returned with the new token and info with it, BUT when looking at the permitted scopes the token has, it is empty:
["scope": , "token_type": Bearer, "access_token": the_token_string, "expires_in": 3600]
Also, when I still try to perform the request it returns:
["error": {
message = "Insufficient client scope";
status = 403;
}]
In this lengthy process, what am I doing wrong? In case you are wondering, here are a few things I have tried without success:
1) Re-listing the scopes in the explicit token request
2)Adding utf-8 encoding to the redirect uri (not sure if this changes anything)
3)Adding many other scopes (although this clearly does not target the problem)
If anyone knows what I am doing wrong or has any suggestions as to what I should try, I am grateful for any helpful response!
I have found my mistake. The grant_type I have entered in my url set to client_credentials. However, this method of accessing the web API only permits the usage of publicly available data, not user info. Therefore, this method of authorization does not accept the parameter scope, forcing the spotify account service to ingnore this additional parameter. The other options DO allow accessing the user data, which are:
authorization_code, and refresh_token
The way this now has to be done is to:
1) Authorize the user regularly (with supplying the scopes) to retrieve the initial authorization code
2) Then, with this code, make the token request, but specifying the grant_type to be set as authorization_code
3) You have then received a valid access_token valid for one hour AND a refresh_token
4) Use the access_token when necessary and when this token expires, make another token request, but this time with the grant_type set as refresh_token and setting the code parameter to the previously gained refresh_token
5) You now have the next access_token and refresh_token
6) Repeat steps 4-5 until infinity
I have a static list of music artists and i want to get the id or screen_name of each one of them in Twitter.
I found this api endpoint: users/search which allows to run a query on Twitter and get all the accounts that match with the query. For example:
https://api.twitter.com/1.1/users/search.json?q=muse
will return all the accounts that match the query "muse".
I need to call this endpoint in client_credentials flow, i don't need any permission by the user (which is only me in any case). The problem is that Twitter returns the following response when i try to access the endpoint in client_credentials flow:
"message": "Your credentials do not allow access to this resource", "code": 220
I have tested other API endpoints such users/show, statuses/retweets, statuses/user_timeline and they all works in client_credentials, just the one i need doesn't work.
Is there anything i can do about that? Or i must change the OAUth flow?
mentioned error,
"{"errors":[{"message":"Your credentials do not allow access to this resource","code":220}]}"
comes when requesting an end point which requires a user context (such as statuses/home_timeline) using application only token.
You can verify whether or not same error comes for end points like statuses/home_timeline or statuses/retweets_of_me. These end points work only in some twitter user context. The end point that you want, users/search, also requires user context.
I am suspecting some issue in obtaining oauth token and secret. How are you getting authorized tokens for a given twitter user account?
I'm trying to use the Survey API.
When I try and use the form online to request an Authorization token I get a
error message.
Invalid or missing access token" error message.
The form to test the API calls also asks for a Client Secret code but yet it auto fills the box with the API Key.
Any help here would be nice.
I'm not sure if this is a bug on Survey Monkey's end either in the API or the form that tests the API.
You should have received a reply to this via email but I wanted to ensure this was answered here in case anyone else is having the same issue.
There was a bug on our API console preventing an access token being issued, this is now fixed.
The access token has to be copied into the "Authorization" parameter in the format "bearer ". e.g. if your access token is 'fdhjfu3cc8ss=', make sure the Authorization parameter has "bearer fdhjfu3cc8ss=" in it (with no quotes). Note that you need to use the Access Token returned, not the Authorization Code.
Trying to obtain blog followers using Tumblr's API and RESTConsole in Chrome (not building an app, just want to check a request response).
I'm new to Tumblr's API and to RESTConsole, so two sources of possible error here.
I've already ...
Registered an app on Tumblr, receiving OAuth Consumer Key and Secret Key in the process.
Entered into REST Console my target: http://api.tumblr.com/v2/blog/{blogname}.tumblr.com/followers
Entered into REST Console's "Setup oAuth" window my OAuth Consumer Key and Secret Key, along with Tumblr's Request Token URL, Access Token URL and Authorize URL.
Approved read/write access to my application when prompted by Tumblr.
Entered the provided Token Key and Token Secret into REST Console's oAuth window.
When I attempt GET requests for follower counts (on my own blog or others'), Tumblr returns 401, "Not Authorized." My blog's preferences page lists the application I'm trying to use as having access.
I've tried this placing base-hostname:{blogname}.tumblr.com in REST Console's request parameters fields; I receive the same error. I tried running a different OAuth method from Tumblr's API (queued posts) and receive the same error.
Help?
Thanks. Let me know if this isn't clear.
Edit: Sorry, meant to add -- I think I may need Oauth Verifier. I haven't been able to find this token, or understand how to obtain it.
Edit (2): So, turns out Tumblr's API needs a comma separator from the REST Console. Thanks all.
''
Zack
$conskey = "CONSUMER KEY";
$conssec = "CONSUMER SECRET";
$tumblr_blog = "myblog.tumblr.com";
$to_be_posted = "This is the text to be posted";
$oauth = new OAuth($conskey,$conssec);
$oauth->fetch("http://api.tumblr.com/v2/user/following", array('offset'=>0) ,OAUTH_HTTP_METHOD_GET);
$result = json_decode($oauth->getLastResponse());
foreach($result->response->blogs as $key){
echo $key->url;
}
The code above will retrieve your followers list.
Hope this helps.