I'm using Sage Pay token system, evrithyng is working fine I store the tokens on my side. The question is if I want to remove a token is it fine to remove it only from my side, and then if some one wants to add tha card again to create another token or I have to send a request to sagepay with StoreToken = 0 param?
You can remove the token from your side only, but I would recommend sending a REMOVETOKEN request to Sage Pay to remove it (or setting StoreToken=0 on usage) - token storage is charged above a certain threshold. No point paying for something you can't use.....
Your end user can create another token if required.
Here goes the code:
# REMOVE TOKEN REQUEST
if(YourCondition=='OK')
{
$strRemoveTokenURL = "https://test.sagepay.com/gateway/service/removetoken.vsp";
$sToken = 'Token Stored your side';
$strPost = "VPSProtocol=3.00&TxType=REMOVETOKEN&Vendor=yourvendorid&Token=".$sToken;
$arrRemoveResponse = requestPost($strRemoveTokenURL, $strPost);
}
# REMOVE TOKEN RESPONSE
echo '<hr>';
print"<pre>";print_r($arrRemoveResponse);print"<pre>";
exit;
Related
I'm in the process of updating our app from from oauth 1 to 2. Entire flow works well - I can migrate and save the tokens and access the APIs. However, there is a problem once the original token expires and it gets refreshed. After refreshing, the call to updateTenants does not return any active connections.
My pseudocode is below:
const tokenSet = await getTokenSet(); // Returns saved token set from DB. Assume token is expired!!
const client = new XeroClient(...);
client.setTokenSet(tokenSet);
const newToken = await client.refreshToken();
await saveTokenSet(newToken); // Save to DB
const token = client.readTokenSet();
console.log(token); // Does return my NEW active token set
const tenants = await client.updateTenants(false);
console.log(tenants.body); // This returns an array of length 0
Not clear why the results from updateTenants is empty. I was able to verify this by calling the GET https://api.xero.com/connections endpoint manually with one of the refreshed tokens and also see an empty array in the body.
Any ideas?
I played around with our xero-node-oauth2-app to see if I could recreate this. Here's what I found:
If I connected to my Xero org to obtain valid tokens and then disconnected via the Xero connected apps dashboard and then refreshed my tokens triggering updateTenants the connections endpoint returns an empty array and status code 200. In other words, it's a successful call but Xero doesn't see that the user has authorized your integration to interact with any of their orgs/tenants.
Are you able to verify if your integration is still listed in the connected apps list under settings?
https://community.xero.com/developer/discussion/127403806
I have a webapp in flask where users can login with email and password. Connected to the same database I have an api where those same users will use it programmatically. When they make requests I need to know who's making the request.
I read about athentication and authorization, but I'am confused about what's the best method for my use case. I focused on JWT tokens but the expiration of the tokens makes me think it's not the best in this scenario.
How should the server login programmatically when the token expires and so on? Is there a common way to do what I pretend?
Use jwt to auth api(i use Flask-JWT-Extended)
example:
def login_required(func):
#wraps(func)
def decorate(*args, **kwargs):
verify_refresh_token()
identify = get_jwt_identity()
expires_time = datetime.fromtimestamp(get_raw_jwt().get('exp'))
remaining = expires_time - datetime.now()
# auto refresh token if token expiring soon
refresh_space = current_app.config['JWT_MIN_REFRESH_SPACE']
# store the token in requests.g object
if refresh_space and remaining < refresh_space:
g.refresh_token = create_refresh_token(identity=identify)
g.id = identify
return func(*args, **kwargs)
return decorate
#login_required
def view_func():
pass
# return json
When token will expire, the func will auto refresh token, you can get new token in requests.g object and then return to user.
quote
quote
I'm trying test a few endpoints using Postman.
All endpoint, require a token which can be obtain by log-in.
So I did this :
Request #1
After login success, I have access to the token from the response, then I store that token in my global variable.
let token = pm.response.json().location
console.log('Token : ', token.split("?token=")[1]);
pm.globals.set("token", token)
I need to use that token as Authorization type Bearer Token for my request #2.
I can copy & paste that in the token box, but I tried to avoid doing that manually, is there a way to do it automatically so I can run these 2 requests in sequence?
At first, create an environment ( top right corner of postman - image below ) This
is not a mandatory step by I suggest you to do for better handling of variables
I have modified the script to suit your need
var jsonData = JSON.parse(responseBody);
postman.setEnvironmentVariable("ID", jsonData.Location.split("?token=")[1]);
Now this will export the value of the token ( screenshot below )
All you have to do next is to call the variable in request #2
By this you don't have to manually copy, paste into request #2 every single time
NO there isn't any till now. It has to be done manually if you want to have complete value or else you can store it in a variable and use that variable directly for the token.
Here's my current operations:
1./ User accepts app and the app callback stores the oauth_token and oauth_token_secret into the database (as access_token and access_token_secret).
2./ We use a cli script to handle autoposting to twitter. We load the twitter oauth object as follows:
public function post()
{
$consumerKey = $this->getConsumerKey();
$consumerSecret = $this->getConsumerSecret();
$accessToken = $this->getAccessToken();
$accessSecret = $this->getAccessSecret();
$twitteroauth = new TwitterOAuth($consumerKey,$consumerSecret,$accessToken,$accessSecret);
$message = $this->getPostMessage();
$result = $twitteroauth->post('statuses/update', array('status' =>$message));
$this->log($result);
}
Now this assumes we are using the API consumer key and secret assigned to the app and the user's stored access tokens.
The result we are getting is:
Invalid or expired token
I don't quite understand why we are receiving this. We are using the access token and access token secret provided to us by twitter.
I did notice that there is a GET parameter oauth_verifier. This isn't something we need to be using somewhere?
In any case, I'm not quite sure whats wrong here.
Do I need to log in or something before doing posting?
your code is correct.
The problem is that the library's Util.urlParameterParse() method is broken.
I am running into an issue with one single user's refresh workflow for Google OAuth. I am correctly scoping for offline access and am storing that. Every 60 minutes, when needed, I retrieve a new access_token. Code has not changed, but what is odd is that when he first went through the authorization process it worked for about 3 days. Then we were running this issue, so I made him revoke access and go through the authorization again. This only lasted for 3 days once again.
client_id ="xxxxx.apps.googleusercontent.com"
client_secret ="yyyyyyyy"
refresh_token ="zzzzzzzz"
response = oauth2a.RefreshToken(client_id,client_secret,refresh_token)
def RefreshToken(client_id, client_secret, refresh_token):
params = {}
params['client_id'] = client_id
params['client_secret'] = client_secret
params['refresh_token'] = refresh_token
params['grant_type'] = 'refresh_token'
request_url = AccountsUrl('o/oauth2/token')
response = urllib.urlopen(request_url, urllib.urlencode(params)).read()
return json.loads(response)
The response is always {u'error': u'invalid_grant'}. I have attempted this on three different machines, so the NTP time sync is not the issue as well. All other user's refresh works fine. I am also never asking for a refresh_token again, so I know I'm not running into that 25 refresh_token limit. This is looking like it's a bug on the gmail side, is there any way that I can proceed to try to fix this?