I have a static list of music artists and i want to get the id or screen_name of each one of them in Twitter.
I found this api endpoint: users/search which allows to run a query on Twitter and get all the accounts that match with the query. For example:
https://api.twitter.com/1.1/users/search.json?q=muse
will return all the accounts that match the query "muse".
I need to call this endpoint in client_credentials flow, i don't need any permission by the user (which is only me in any case). The problem is that Twitter returns the following response when i try to access the endpoint in client_credentials flow:
"message": "Your credentials do not allow access to this resource", "code": 220
I have tested other API endpoints such users/show, statuses/retweets, statuses/user_timeline and they all works in client_credentials, just the one i need doesn't work.
Is there anything i can do about that? Or i must change the OAUth flow?
mentioned error,
"{"errors":[{"message":"Your credentials do not allow access to this resource","code":220}]}"
comes when requesting an end point which requires a user context (such as statuses/home_timeline) using application only token.
You can verify whether or not same error comes for end points like statuses/home_timeline or statuses/retweets_of_me. These end points work only in some twitter user context. The end point that you want, users/search, also requires user context.
I am suspecting some issue in obtaining oauth token and secret. How are you getting authorized tokens for a given twitter user account?
Related
For example, I have access token of a user with some client id. When I try to get user information of same access token but with different client id, I get the information.
Is that okay or I am missing anything here ?
How can I validate if an access_token belongs to client id , I am using.
There was something called id_token, but Google has made that api deprecated, and in new API I don't get id_token.
We're using OAuth2 to allow users of our system to connect to Xero. Once the authorization succeeds, Xero provides an access token with information about the user who made the connection, including a xero_userid.
However, using this ID to find the user via the Users API fails with a 404. The Users API shows a different ID for the same user.
Is there a reason these are different? And how can we use the xero_userid returned in the Oauth2 flow to find to the Xero user via the Users API?
In XERO, the xero_user_id you extracted from access_token is the internal userID that XERO uses to recognize the contact. So If you use the same the GET API will return 404 as it is not accepting the internal user ID, instead of that If you pass the CONTACT ID of the User it will return 200 with details.
At the same time, If you want to get the login user details(contact information), better call the /User API directly with the token, it will return the details and the response contain the contactID of the user in UserID field (I know a bit complicated)
Please refer to the screenshot for more details.
Account Linking provides several ways of linking users to their own accounts such as their Google account or Twitter account.
I chose OAuth in Actions on Google website to do OAuth 2.0 Authorization Code Grant for obtaining access token in exchange for data resources. When I linked a user to a Google account Google Sign-In enabled, the fetching of user information was easy because the data is stored under payload, but OAuth implementation does not seem like it produces user data under payload inside User object.
So should I make an API call to the third party to fetch the user data and store that personal data to a database in this case? I wondered if there is a way that Google prepares on behalf of developers. If not, then greeting a user who visits my app again by saying 'Hello, {person name}' gets tedious...
You have two options with Account Linking.
In the case you describe, you're providing an OAuth endpoint and getting an auth token from the Assistant, and you are responsible for taking this token and using it to determine who the user is so you can get whatever you know about him. The token is one that you issue and control, so presumably you have that info in your database already. If you are reusing a token from another service, that service should be able to tell you who they are.
It sounds like you're using using a Google Sign In, however, in which case it is easier to use Google Sign In for Assistant. Once the user has signed into your service (either through an app or webapp) and granted permission to your service, then they will also be able to gain access through the Assistant. You will get an id token which can be decoded to get profile information about the user including their Google ID and name.
I can't access this particular Twitter API endpoint:
https://api.twitter.com/1.1/collections/show.json?id=576828964162965504
(with any ID I tried). The request returns an error with the message "Your credentials do not allow access to this resource" and code "220".
The App-only authentication Bearer Token I'm using for the request is exactly the same as for my requests to /search/tweets.json, /statuses/user_timeline/show.json, /statuses/show.json and /users/show.json, all of which work just fine. Also the collection is public, so App-only authentication should suffice, I'm thinking.
I'm somehow sure that I'm missing something here, but can't find it anywhere in the official API docs, nor on StackOverflow, nor on Google.
According to the Twitter API documentation, collections/show requires a user context - so app-only authentication will not work in this case.
Additionally, collection IDs are usually in the form "custom-756140390927872000" or similar. You can get the list of collection IDs from a user by hitting the collections/list?screen_name=handle query.
In my application I retrieve OAuth token as per standard procedure. I know that the proper way to 'resolve' token to user information (including ID) is via:
https://graph.facebook.com/me?access_token=<token>
However this method appears to return 'false' for the so-called gray/advertising Facebook accounts. It so happens that I also need to deal with such accounts.
How can I retrieve user ID or any other useful user information for such accounts if the only information I have is OAuth access token? Should I resort to parsing the token to extract user ID a la http://benbiddington.wordpress.com/2010/04/23/facebook-graph-api-getting-access-tokens/ ?
Well, I still have no idea how to do it via Graph API.
Via 'legacy REST API' you can at least invoke this: users.getLoggedInUser
This will give you user ID (uid).