I've been looking into this for a while, but cant seem to find a solution, or atleast not none I understand.
The main question here is, Can I send a POST request with body and header to Spotify web API, using only Laravels 5.2 Request?
Maybe something like this.
$parameters = array(
'client_id' => $client_id,
'client_secret' => $client_secret,
'code' => $request->input('code'),
'grant_type' => 'authorization_code',
'redirect_uri' => 'http://localhost/callback',
);
$headers = array(
'Authorization' => 'Basic ' . base64_encode($client_id. ':' . '$client_secret'),
);
return redirect('https://accounts.spotify.com/api/token')->withInput($headers, $parameters);
Thanks in advance.
Related
I am using Woocommerce rest API to auto-generate an API key and get result back in json. I followed the woocommerce documentation and I successfully was able to log into woocommerce and generate key, but the problem is, the json that should be posted in callback URL, is null, I can't retrieve it, all I get is null. I have been struggling with this error for a week now, any ideas? here is my code:
<?php
$shop = $_GET['shop'];
$store_url = 'https://'.$shop;
$endpoint = '/wc-auth/v1/authorize';
$params = [
'app_name' => 'appname',
'scope' => 'read_write',
'user_id' => 123,
'return_url' => 'https://appname.app/dashboard/success.php',
'callback_url' => 'https://appname.app/dashboard/success.php'
];
$query_string = http_build_query( $params );
header("Location: " .$store_url . $endpoint . '?' . $query_string);
?>
and this is my callback page:
<?php
ini_set("allow_url_fopen", 1);
$data = json_decode(file_get_contents('php://input'), true);
print_r($data);
When I try to get the token I get the error:
The provided value for the 'redirect_uri' is not valid. The value must exactly match the redirect URI used to obtain the authorization code.
My redirect uri exactly matches so I don't understand why it is happening.
$TOKEN_ENDPOINT = 'https://login.microsoftonline.com/common/oauth2/v2.0/token';
$params = array(
'grant_type' => 'authorization_code',
'code' => $azureCode,
'clientId' => '7c09ab71-***-****-****-53d7c4438112',
'clientSecret' => 'bnot*******20*[',
'redirect_uri' => 'https://testing.****.com/outlookOauthCallback.php',
'urlAuthorize' => $AUTHORIZATION_ENDPOINT,
'urlAccessToken' => $TOKEN_ENDPOINT,
'urlResourceOwnerDetails' => '',
'scope' => 'Calendars.ReadWrite User.Read'
);
$response = $client->getAccessToken($TOKEN_ENDPOINT, 'authorization_code', $params);
(Trust me the part I turned into stars is exactly the same because I copy pasted)
Even in the response where I returned the params it is exactly the same:
Array
(
[grant_type] => authorization_code
[code] => M51b1b*****-daeec54627b2
[clientId] => 7c09ab71-a*****d7c4438112
[clientSecret] => bnotxds&*&QB***cVLF20*[
[redirect_uri] => https://testing.****.com/outlookOauthCallback.php
[urlAuthorize] => https://login.microsoftonline.com/common/oauth2/v2.0/authorize
[urlAccessToken] => https://login.microsoftonline.com/common/oauth2/v2.0/token
[urlResourceOwnerDetails] =>
[scope] => Calendars.ReadWrite User.Read
)
So how can it still be giving me this error? What am I missing here?
You need specify the redirect_uri in the request url. Something like
var href = 'login.microsoftonline.com/common/oauth2/…'; href += client_id + '&resource=webdir.online.lync.com&redirect_uri=' + window.location.href;
I am receiving this error immediately after installing my app in my dev store when attempting to exchange the temporary access code for a permanent token.
Oauth error invalid_request: Could not find Shopify API application with api_key
I'm using below code
$client = new Client();
$response = $client->request(
'POST',
"https://{$store}/admin/oauth/access_token",
[
'form_params' => [
'client_id' => $api_key,
'client_secret' => $secret_key,
'code' => $query['code']
]
]
);
$data = json_decode($response->getBody()->getContents(), true);
$access_token = $data['access_token'];
Any help is much appreciated. Thanks!
Prior to the newest Itunes Connect update all requests were HTTP requests made through Curl in our application. After the update, Apple is recommending to use their new reporter tool.
https://github.com/mikebarlow/itc-reporter I want to do something similar to this if possible. This supposedly works without the reporter tool and it looks like it is still just making HTTP requests. I won't use this code in my project because it requires us to update PHP version which we have planned for another time.
Is it possible to make simple HTTP requests using Curl to get data? I don't want to use Guzzle if I don't have to!
$json = '{"userid":"{{USERNAME}}","password":"{{PASSWORD}}","version":"2.0","mode":"Robot.XML","account":"{{VENDOR_ID}}","queryInput":"[p=Reporter.properties, Sales.getReport, {{VENDOR_ID}},Sales,Summary,Weekly,20170108]"}'
CURLOPT_URL => 'https://reportingitc-reporter.apple.com/reportservice/sales/v1',
CURLOPT_HEADER => false,
CURLOPT_HTTPHEADER => array('Accept: text/xml, text/plain', 'Content-Type: text/xml, text/plain'),
CURLOPT_USERAGENT => 'Java/1.8.0_92',
CURLOPT_TIMEOUT => 10,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => $json,
this is the request I've made while testing and when I run it I get the HTML response saying "Forbidden, You do not have access to this page"
I tried this while urlencoding username and password but I get the same result. I would love to be able to still get this data using Curl or we will have to work on adding the reporter tool into our application.
the postfield just needed to be changed accordingly
function build_json_request(, $access_token, $account_id,
$args_arr=array())
{
$args = $args_arr;
$json = array(
'accesstoken' => urlencode($access_token),
'version' => '2.2',
'mode' => 'Robot.XML',
'account' => $account_id
);
$queryInput = array(
'p=Reporter.properties',
array_shift($args)
);
if(! empty($args))
$queryInput[] = implode(',', $args);
$json['queryInput'] = '[' . implode(', ', $queryInput) . ']';
return json_encode($json);
}
$json = build_json_request('Sales.getReport', $access_token, $account_id, array('Sales.getReport', $vendor_id, 'Sales', 'Summary', 'Daily', $date) );
$output = process_curl(array(
CURLOPT_URL => 'https://reportingitc-reporter.apple.com/reportservice/sales/v1',
CURLOPT_HEADER => false,
CURLOPT_TIMEOUT => 10,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => 'jsonRequest='.$json,
));
Trying to do a simple read via PHP cURL. I can read my data successfully if my security rules let everyone in e.g.
{
"rules": {
".read": true,
".write": true
}
}
However if I restrict read/write to a specific username e.g.
{
"rules": {
".read": "auth.username == 'admin'",
".write": "auth.username == 'admin'"
}
}
I get permission denied.
The code is as follows...
require('JWT.php');
$secret = 'MY_FIREBASE_SECRET';
$data = array('username' => 'admin');
$token = JWT::encode($data, $secret);
$url = "https://MY_FIREBASE.firebaseio.com/messages.json?auth=$token";
$curl = curl_init();
curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => $url
));
$response = curl_exec($curl);
Its worth noting, if I just use my FB secret instead of a token in the URL I am able to successfully read the data (auth=$secret). I have also successfully tested reading the data in the Forge simulator using "custom auth" e.g. {'username': 'admin'}
I'm using the PHP JWT library: https://github.com/luciferous/jwt/blob/master/JWT.php
Not sure if I'm getting permission denied because my cURL call is not correct or I'm not constructing the token properly. I have tried using POST and GET via cURL but I'm getting the same result.
Any suggestions would be much appreciated...
Thanks for the super quick response Andrew. I tried your suggestion. Unfortunately, I'm still getting 'permission denied'. Here is my updated code...
require('JWT.php');
$secret = 'my-secret';
$user = array( 'v' => 0, 'iat' => time(), 'd' => array('username' => 'admin', 'type' => 'admin', 'fullname' => 'Administrator'));
$token = JWT::encode($user, $secret);
$curl = curl_init();
$url = "https://myfirebase.firebaseio.com/messages.json?auth=$token";
curl_setopt_array($curl, array(
CURLOPT_RETURNTRANSFER => 1,
CURLOPT_URL => $url
));
$response = curl_exec($curl);
curl_close($curl);
I did get this working by changing the .read rule for our data to
"auth != null" - but that doesn't seem to quite as secure...
For reference our data structure is simply
+ myfirebase
+ messages
- 000001 = "this is the 1st test message"
- 000002 = "this is the 2nd test message"
BTW: Our application will only have 1 user reading/writing data. If I can not get the token to work... Is there a better way to authenticate calls via the REST API without resorting to passing our secret key in the URL? e.g. &auth='my-secret'
The Firebase JWT has some structure to it that is missing here. There's a detailed explanation of what should be in these auth tokens here:
https://www.firebase.com/docs/security/jwt-auth-token-format.html
Here is a snippet with the appropriate structure.
require_once('JWT.php');
$fbSecret = 'your-secret';
$user = array( 'v' => 0, 'iat' => <timestamp>,
'd' => array('username' => 'jimbob', 'type' => 'admin',\
'fullname' => 'Jim Bob')
);
$token = JWT::encode($user, $fbSecret);
Note that the "d" field contains the actual payload. "v", and "iat" are also required. "iat" should be the number of seconds since the epoch (it's the number that (new Date()).getTime() returns in Javascript).