case in Laravel5.
When I get tips it says "token expire", how can I refresh and get new token?
I have been use JWTAuth::refresh($oldToken) but it doesn't work.
What is the best way?
When was the last time you updated/installed the package? Version 0.5.2 was released a few days ago that fixed the issue with tokens not refreshing properly. Try running a composer update and see if that fixes your issue.
I found that this was an issue with the package. I submitted a pull request to fix it.
The token was being validated and and error is thrown before it got a chance to refresh the token.
May be this code can help to get new token :
public function refreshToken(Request $request)
{
$odlToken = $request->input('token');
if(!$odlToken)
return response()->json(null);
$token = JWTAuth::refresh($odlToken);
return response()->json(compact('token'));
}
Related
I developed a chrome extension using Rally's WSAPI v2.0, and it basically does the following things:
get user and project, and store them
get current iteration everytime
send a post request to create a workitem
For the THIRD step, I sometimes get error ["Not authorized to perform action: Invalid key"] since end of last month.
[updated]Error can be reproduced everytime if I log in Rally website via SSO before using the extension to send requests via apikey.
What's the best practice to send subsequent requests via apikey in my extension since I can't control end users' habits?
I did see some similar posts but none of them is helpful... and in case it helps:
I'm adding ZSESSIONID:apikey in my request header, instead of user /
password to authenticate, so I believe no security token is needed
(https://comm.support.ca.com/kb/api-key-and-oauth-client-faq/kb000011568)
url starts with https://rally1.rallydev.com/slm/webservice/v2.0/
issue is fixed after clearing cookies for
https://rally1.rallydev.com/, but somehow it appears again some time
later
I checked the cookie when the issue was reproduced, and found one with name of ZSESSIONID and its value became something else rather than the apikey. Not sure if that matters though...
code for request:
function initXHR(method, url, apikey, cbFunc) {
let httpRequest = new XMLHttpRequest();
...
httpRequest.open(method, url);
httpRequest.setRequestHeader('Content-Type', ' application\/json');
httpRequest.setRequestHeader('Accept', ' application\/json');
httpRequest.setRequestHeader('ZSESSIONID', apikey);
httpRequest.onreadystatechange = function() {
...
};
return httpRequest;
}
...
usReq = initXHR ('POST', baseURL+'hierarchicalrequirement/create', apikey, function(){...});
Anyone has any idea / suggestion? Thanks a million!
I've seen this error when the API key had both read-only and full-access grants configured. I would start by making sure your key only has the full-access grant.
My client has a site on 'ideacontainer.net/real_coffee/'. Now I guess he has accidentally deleted the app then recovered it. But from that time he is not able to access his site.
This is the code in his index file
require_once 'podio-php-master/PodioAPI.php';
$client_id = "some-client-id";
$client_secret = "3zLcr...";
$app_id = "17373109";
$app_token = "48148cfca3c...";
Podio::setup($client_id, $client_secret);
Podio::authenticate_with_app($app_id, $app_token);
When I am commenting it line by line it is working till "Podio::authenticate_with_app($app_id, $app_token);" line. So I think the problem is in this line.
Please let me know the solution.
Thanks
Shashank Kumar
You need to create new client (the one mentioned in your code as client_id), also you will have to re-generate app token and re-check app_id. If it still doesn't work, please provide full error message returned from Podio API.
using keystone LocalFile type to handle image uploads. similar to the Cloudinary autoCleanup option, I want to be able to delete the uploaded file itself, in addition to the corresponding mongo entry when deleting entries through the admin ui.
in this case, I want to delete an "Album", and it's corresponding album cover.
Album.schema.pre('remove', function(next){
var path = this._original.album_cover.path + "/" + this._original.album_cover.filename
fs.unlink(path, function () {
console.log('deleted');
})
I get "CSRF failure" when using the fs module. I thought all CSRF protection was handled internally with Keystone.
Anyone know of a better solution to this?
Took a 10 minute break and came back and it seems to be working now. I also found this, which seems to be the explanation.
"Moreover double check your session timeout. In my dev settings the session duration is set to 3 minutes. So, if I end up editing something for more than that time, Keystone will return a CSRF error on save because the new session (generate in the meantime) invalidates the old token."
https://github.com/keystonejs/keystone/issues/1330
I 'm a newbie to twitter api/twitterizer. I get the following exception for the code shown below. The error occurs when i request access token. Any suggestion on how to fix this??
I downloaded the latest dll(2.3.1) from the twitterizer website.
{"Value cannot be null. Parameter name: String"}
Dim OAuthTokens As New OAuthTokens
Dim accessToken As New Twitterizer.OAuthTokenResponse
accessToken = OAuthUtility.GetAccessToken(ConsumerKey, ConsumerSecretkey, "oauth_token", "oauth_verifier")
thanks
As I said on the forums, the oauth_token and oauth_verifier are given to you in previous steps of the authorization process. Calling the GetAccessToken method is the last step in the process.
Here's an over-simplification of the steps:
1. Get a request token
2. Send/Redirect the user to the authorization/authentication url
3. (The user logs in, grants you access, and Twitter directs them back to your application)
4. Exchange the request token for an access token
I am moving from the basic authentication method using username
and password to the OAuth based authentication.
I was using an old version of the pear package Services_Twitter, that
did not support OAuth.
The latest version of this package supports OAuth authentications, it
has a few dependencies (HTTP_Request2, HTTP_OAuth).
It was very simple to install them and upgrade the package. I did all
this my local machine and had no trouble getting the authentication up
and running.
I committed this code to the test site, but every time the code
request a "request token" I get the following error message "Unable to
connect to ssl://api.twitter.com:443. Error #0"
I have spend 6 hours making sure that all the pear packages where up
to date, checking the customer token and token secret, making sure
port 443 is not closed... in addition to various other test.
I have exhausted my resources and I come to you in hope to find some
answers.
Thank you
PD: One of the things I do not understand is why does the message says
that the url is ssl://api.twitter.com:443 rather than
https://api.twitter.com/request_token? the former one is the one I am
using to get the request token.
"Unable to connect to ssl://_______:443. Error #0" generally means that there is a ssl_verify_peer or certificate match issue - and the twitter API doesn't require you to provide a certificate!
HTTP_Request2 sets the ssl_verify_peer option to true by default - which is fine if you are specifying a certificate for establishing a connection so perhaps you need to check that setting is switched off?
This is checked for you in Services_Twitter if the use_ssl config setting is enabled so at a guess you may need to check that is set?
e.g.:
$twitter = Services_Twitter_factory('statuses/update', true, array('use_ssl' => true));
Here is the implementation of the code for kguest answer.
$httpRequest = new HTTP_Request2( null,
HTTP_Request2::METHOD_GET ,
array ('ssl_verify_peer' => false,
'ssl_verify_host' => false)
);
$httpRequest->setHeader('Accept-Encoding', '.*');
$request = new HTTP_OAuth_Consumer_Request;
$request->accept($httpRequest);
$oauth = new HTTP_OAuth_Consumer('twitterConsumerKey','twitterConsumerSecret');
$oauth->accept($request);
$oauth->getRequestToken('https://api.twitter.com/oauth/request_token',
"path/to/call/back/file.php");
$_SESSION['token'] = $oauth->getToken();
$_SESSION['token_secret'] = $oauth->getTokenSecret();
$authorize_link_twitter = $oauth->getAuthorizeUrl('https://api.twitter.com/oauth/authorize');
and something very similar was done to get the access token once you get back from twitter.
$httpRequest = new HTTP_Request2( null,
HTTP_Request2::METHOD_GET ,
array ('ssl_verify_peer' => false,
'ssl_verify_host' => false)
);
$httpRequest->setHeader('Accept-Encoding', '.*');
$request = new HTTP_OAuth_Consumer_Request;
$request->accept($httpRequest);
$oauth = new HTTP_OAuth_Consumer('twitterConsumerKey',
'twitterConsumerSecret',
$_SESSION['token'],
$_SESSION['token_secret']);
$oauth->accept($request);
$oauth->getAccessToken('https://api.twitter.com/oauth/access_token',
$_GET['oauth_verifier']);
// you can get the final tokens like this.
$oauth->getToken());
$oauth->getTokenSecret();
All the credit goes to kguest for the idea that lead to the solution of this problem. this is just the code.
Checkout this bug report http://pear.php.net/bugs/bug.php?id=18061 I have added resources to solve the issues of SSL and the Services_Twitter package.
But basically you should follow the instructions at http://curl.haxx.se/docs/sslcerts.html
Disabling ssl_verify_peer and ssl_verify_host makes you vulnerable to the security attacks that SSL tries to solve ( Verifying peer in SSL using python ). So don't ;)