I am using the below code to let a user Follow another Instagram user. However, even though the result returns a positive success (meta.code==200), the API is still not allowing a follow.
I now understand that this is because JSONP is using script tags and GET. Is the solution to set up a proxy server? If so, can you demonstrate the code on how to do this?
Many thanks!
$.ajax({
type: "POST",
"method": "POST",
url: 'https://api.instagram.com/v1/users/' + followID + '/relationship?access_token=' + accessToken + '&callback=callbackFunction',
data: {action: 'follow'},/*need this to access the relationship*/
dataType: "jsonp",
success: function(result){
if (result.meta.code == 200) {
document.getElementById(followID).innerHTML = "Requested";
document.getElementById(followID).style.display = "none";
document.getElementById("reqID" + followID).style.display = "block";
alert(result.data.outgoing_status;);
}
}
});
There are the security risks in exposing user access token in javascript
What are the security risks in exposing facebook user access token in javascript?
The access token is a sensible data that must be always invisible.
You should do that through server side (Like PHP, ASP, JSP......)
This is a PHP wrapper for the Instagram API, it may help you
https://github.com/cosenary/Instagram-PHP-API
Related
var url = "https://web-site_name/page/?format=json&var_data-organization_dates&xlsexport=true";
var payload =
{
"login" : "login",
"password" : "pass",
};
var options =
{
"method" : "post",
"payload" : payload,
"followRedirects" : false
};
var login = UrlFetchApp.fetch("https://web-site_name/page/" , options);
var sessionDetails = login.getAllHeaders()['Set-Cookie'];
Logger.log(login.getAllHeaders());
here is the part of the code I try to use, to automate export of the data from web-site, i do have proper login and password and able to download file in json (opened in xsl) manually, I've got the address to the downloaded file in network in developer tools, but i have a problem on the first stage - when trying to authorize to the web-site - access denied. I've tried the code, given in answers on stackoverflow, but it still doesn't work.
How to make an url fetch request correctly, depends on the website you want to access and the authentication they uses
In the simplest case, your website requires HTTP basic authentification, in this case the correct syntax would be
var authHeader = 'Basic ' + Utilities.base64Encode(login + ':' + pass);
var options = {
headers: {Authorization: authHeader}
}
If your website uses a different authentication form, you might need to provide an access token.
In any case: the authentication credentials go into headers, not into payload!
payload is the data that you want to post = upload to the website.
If you want export data from the website - that is download data - you do not need a payload and the correct method would be get, not post. Btw., if the method is get, you do not need to specify it.
Please see here for more information and samples.
We've got scripts on Bing to automatically adjust ad bids based on ad performance and client goals, which are stored in a Google spreadsheet.
We had a contractor set this up initially, and it worked. But I guess that the contractor was using a temp Google account and when it went away the bidders stopped working. Because it did work before, it's likely a configuration error on my part that's breaking it now, but the contractor pointed us to the steps I was already following to no avail (https://learn.microsoft.com/en-us/advertising/scripts/examples/authenticating-with-google-services#option2).
Stuff already tried
double checked for errant whitespace around the client ID and client secret
created new client secrets
created new client IDs
made sure that the project name, application name, and OAuth client id name were all the same
created whole new projects from scratch (configured to match the article cited above) to see if that would kick something loose
tried a different token URL (https://oauth2.googleapis.com/token) that appears in the client_secret JSON downloaded from Google
function main() {
const credentials = {
accessToken: '',
client_id: 'REDACTED.apps.googleusercontent.com', // from Google developer console
client_secret: 'REDACTED', // from Google developer console
refresh_token: 'REDACTED' // created at https://developers.google.com/oauthplayground
};
var access_token = '';
if (credentials.accessToken) {
access_token = credentials.accessToken;
}
var tokenResponse = UrlFetchApp.fetch('https://www.googleapis.com/oauth2/v4/token', { method: 'post', contentType: 'application/x-www-form-urlencoded', muteHttpExceptions: true, payload: { client_id: credentials.clientId, client_secret: credentials.clientSecret, refresh_token: credentials.refreshToken, grant_type: 'refresh_token' } });
var responseCode = tokenResponse.getResponseCode();
var responseText = tokenResponse.getContentText();
if (responseCode >= 200 && responseCode <= 299) {
access_token = JSON.parse(responseText)['access_token'];
}
throw responseText;
// use the access token to get client targets from the spreadsheet
A JSON encoded access token is the expected response, but instead, we get HTTP 400 with the message "The OAuth client was not found."
Manually creating an access token on the OAuth playground (https://developers.google.com/oauthplayground) works as a stopgap, but this should work. This has worked. :P
The fix in this case switching the Application Type on console.developers.google.com > Credentials > OAuth consent screen to Internal instead of Public.
That wasn't in the steps provided by Microsoft, and I'm not sure if that will have implications down the road, but at least we're off the manual process for now.
I am doing StripeConnect(Standard Account Type) with Angular 5 and Asp.NetCore.
I am able to get redirected to required URL with code={} value.
When I am trying to use this code in below URL,
https://connect.stripe.com/oauth/token\client_secret={{secret test key}}\code={{code}}\grant_type = authorization_code"
1.I get preflight is invalid (Redirect) error in browser from my angular solution.
2.The html for stripe login page from Postman.
The code I wrote for making the post call to above URL (in angular) is :
getCredentialsFromStripe(code: any)
{
let Url = "https://connect.stripe.com/oauth/token";
//\client_secret=" + {{key}} + "\code=" + code + "\grant_type
= authorization_code";
return this.http.post(Url, {
Body: "client_secret = {{key}}\code =" + code,
Headers: {
'Authorization': 'Bearer '+ code,
"Accept": "application/json; charset=UTF-8",
"Access-Control-Allow-Origin": "https://connect.stripe.com/oauth/token"
}
}).map(res => res.json());
}
As per suggestions on internet,I tried making the post call from backend(.NET core(2.0) API for me),but didn't get through in creating account for standard account type.
Moreover testing from postman is giving the full html page of login ,instead of getting this object:
{
"token_type": "bearer",
"stripe_publishable_key": "{PUBLISHABLE_KEY}",
"scope": "read_write",
"livemode": false,
"stripe_user_id": "{ACCOUNT_ID}",
"refresh_token": "{REFRESH_TOKEN}",
"access_token": "{ACCESS_TOKEN}"
}
Can anybody give me a lead on this.I have been stuck past two days.
Any thoughts will be really appreciated.
Well,I was able to fix it. Instead of creating accounts using the URL (given above) in angular project (following the node.js documents),I called the stripe api's in Asp.net core (my api solution) and called them.It worked easily.
I'm trying to learn JWT authentication in ASP.NET Core and have been following some tutorials but have come to a roadblock. What I am trying to do is to get the user to go to a login page and once correct credentials are entered, generate an access_token and then use this token to access the secured page (MVC Action method).
I am able to generate the token and in Postman I am able to access the secured page because I can set the bearer token manually in it once I generate it. My problem is once I'm in the app. I don't know how to set the bearer token so I can navigate to the secured page.
In my login page, I have an Ajax call that does the login and in the success response, I am returning the access_token:
$.ajax({
url: "/Account/Login",
method: "POST",
contentType: "application/json; charset=utf-8",
dataType: "json",
data: JSON.stringify(loginData),
})
.done((response) => {
if (response.Success) {
// access token available here
window.location.href = response.ReturnUrl;
}
else {
//...
}
})
But I am stuck here, I don't know how I can use the access_token to navigate to the secured page. What I am trying to do is after correct login, go to the secured page but this time with the access_token so I can access it.
Where do I do this? How do I do it correctly?
I've got everything working up until Step 2 of the OAuth process where you request the actual token. I'm using a very simple jQuery Post request and constantly getting Access Control Origin errors. I've tried contentType: 'application/json' and everything else I know to try.
It's just not working and I'm not sure the problem. I've confirmed all the variables are set properly before the request. Simple post request...
var url = 'https://[STORENAMEVARIABLE].myshopify.com/admin/oauth/access_token';
var data = JSON.stringify({ client_id: apiKey, client_secret: secret, code: code });
$.ajax({
type: 'POST',
url: url,
data: data,
success: function(data) {
debugger;
},
error: function(data) {
debugger;
}
});
Any ideas what I'm doing wrong?
You need to make your OAuth requests from a server. This is the Javascript cross-domain security kicking in.
If you are using Rails you can use omniAuth and it'll take care of the whole OAuth dance for you. Otherwise you'll have to search around but most popular language have an OAuth library that you can just plug in.