I have tried to understand the whole OAuth concept but am failing to be able to progress my application. Lets start with some info about what I want to do:
Firstly, I am writing a blog application in Codeigniter, for myself. On this blog, I want to present some of my shared data from around the web, such as tweets, flickr, 500px photos, sound cloud tracks etc. I am starting with Twitter. I know I can use twitter appltes etc, but I want to this all in native code so that I can understand the whole OAuth process.
Secondly, All of the data on twitter, 500px etc is mine - no one will log into my blog, and therefore I am not interested in "sign in with twitter" type stuff.
Thirdly, I have registered my app with Twitter, and have the Consumer Key, Consumer Secret, an Access Token and an Access Token secret.
Now this is where I think I am going wrong. Lets say I want to grab my own timeline. The twitter API says this needs to be authenticated. Can I not just pass my two keys, and my Access Token to retrieve my timeline.
I have tried all sort of things and keep getting an error of:
{"errors":[{"message":"Invalid or expired token","code":89}]}
I know my access token is correct as I can see it in my twitter api panel.
If I make this call, which I know does not need authentication, it brings back my user details just fine:
$user = $this->rest->get('http://twitter.com/users/show', array('screen_name' => 'jamesstoddern'));
However, if I try to connect to my timeline with something like this, it fails with the error stated above.
$authArray = array(
'consumer_key' => 'MY KEY HERE',
'consumer_secret' => 'MY SECRET HERE',
'username' => 'jamesstoddern',
'access_token' => 'MY ACCESS TOKEN HERE'
);
$timeline = $this->rest->get('https://api.twitter.com/1/statuses/home_timeline.json', $authArray);
I am obviously doing something wrong, but all of the examples I find seem to be about authenticating other users with a "Sign in with twitter" button, and not about just authenticating your own application silently.
I would be so greatful if someone could give me some pointers or an example that does just what I want it to do.
I am using Codeigniter, and have tried Phils Sturgeons OAuth spark but cannot find suffient examples to help me out. I really find all of this a struggle.
Please can someone explain the steps I need to take to authenticate my own application silently so that I can make calls to my own twitter resources. Once I understand this concept, I should be able to apply the same logic and understanding to connect to my 500px photos for example. I do not want to use twitter specific code and want to make all of this as generic as possible so that I can connect to any API in theory.
Thanks all and sorry for such a long winded question!
James
I know this question is quite old but maybe I can help. I found this guide really helpful which explains the steps you need to take to authorize a request. I have also created a CodeIgniter library for using the Twitter API. It may be work getting a copy of it and looking through to code to see how its done.
Related
I found this tool from google recently https://developers.google.com/oauthplayground/
and well I am currently doing an authentication practice for an api with node and passpor.js, I would like to know which of these apis is the one that I should choose to obtain a token with the user, the email and the profile photo, in the tutorial I saw that use https://www.googleapis.com/auth/userinfo.profile, so I don't know if it is depreciated or has been replaced by a new one, or if it is something that can be used in production.
And well also if you could explain a little more about what this tool is, I would appreciate it a lot.
On OAuth Playground you can "input your own scope".
Copy and paste https://www.googleapis.com/auth/userinfo.profile and click Authorize APIs.
Then exchange for an access token.
After that you can call https://www.googleapis.com/oauth2/v2/userinfo and it should return the data you are looking for.
I'm implementing the Socrata API to be able to parse publicly-available data from the City of Chicago open data set. I am really just concerned about the data itself, so I did not initially think that I would need to implement OAuth2 through an app exposed via ngrok to be able to GET the data.
My initial attempt was to take the GET requests mentioned in their documentation and try to get responses through Postman.
Here's an example of such an attempt:
I also added my Socrata App Token as a param in the querystring, but the same message was shown.
So I tell myself, ok, maybe they deprecated GET requests without making the client go through OAuth2. If they didn't deprecate these GET requests, I would prefer not to have to deal with OAuth2, but I began implementing the authentication process and everything went successfully until I got to the following instructions found here:
I have every single value that needs to be included in that POST request except for 'authorization_type'. Where does this come from? I tried leaving 'authorization_type' in as a string, but received a response similar to the 'Invalid username or password' message in the top image in this question.
Are you only accessing public datasets from Chicago's data portal? From your screenshot it looks like you're trying to access the Building Permits dataset, which is public.
Authentication is only required for modifying datasets or accessing private data, so chances are very good you don't even need to authenticate. Just include an application token with your request for throttling purposes.
Glad to help you figure out your OAuth workflow, but it sounds like it might be unnecessary.
So, I have my web app connected with Foursquare API up and running. It has it's own secret keys and everything. It listens to the incoming push notifications and trying to react on connected users's checkins. So far so good, however, when I'm trying to post something back on user's checkin via one of these:
checkins/reply
checkins/addpost
checkins/addcomment
I got 403 Forbidden error. I know, that I'm messed up something with OAuth tokens but I'm really stuck here and feel a bit puzzled. I try to summarize what's the current status and what I've tried so far:
I Have the App's: clientId, clientSecret, pushSecret
I also connected the Foursquare Account on which the app is creared into my web App, so I get the accessToken, let's name it: appAccessToken
Users are getting registered to my web app, so I get userAccessToken for one of each.
And here we go:
Trying to reply for a user's checkin fails when I'm using appAccessToken. From what I understand, it's like replying on behalf on my App's account, and since that account isn't on the user's "friend list", I get 403.
On the other hand, I'm able to post reply when I use userAccessToken but then, It looks like the user is commenting itself on their own checkins which dosn't have much sense.
I was even so desperate that tried to use clientSecret but no avail...
Can anyone point me out what am I doing wrong here? From what I understand from the Documentation it is, in fact, possible to reply as an App... The only question is, how? :-)
There's ostensibly no difference between the two "types" of access token you describe: appAccessToken and userAccessToken are really two instances of the same thing (a user's access token), one just happens to be associated with the user account that created the app.
For each check-in you are pushed, you should use that user's access token when making a call to checkins/reply. This will reply to the check-in in the style of our Apps Platform. I think in your second comment, you're using the user's access token to add a post to the check-in, which will make it look like the user is commenting on their own check-in.
I was reading through the windows live developers doc here. In that I saw they are having an authentication method something like this.
GET https://oauth.live.com/authorize?client_id=CLIENT_ID&scope=SCOPES&
response_type=RESPONSE_TYPE&redirect_uri=REDIRECT_URL
I understood everything except for where do I give the username and password of the user?
I am planning to create an app(first one in my life) to learn the working.
I also have never used or coded something over REST.
When using OAuth, your application never receives the user's username or password. Rather, the user logs in to Windows Live on the Windows Live servers and authorizes your application for access to their information. After they have authorized your application, you receive an access token from Windows Live on behalf of the user. You then use that access token with the Live API to retrieve user information.
Coding something using REST protocols isn't anything too terribly complicated. It has been my experience that you're just specifying parameters to the API using GET or POST as your request method. Adding OAuth on to your requests is a matter of specifying additional parameters.
You're task is to learn two things here since you've never done REST or OAUTH before. Spend time looking at both.
Oauth is hard to get and hard to implement.
You should choose an off-the-shelf Oauth library they exists for most languages.
(Then you do not have to worry about the details. OTOH: You should know how it works to know how to set up and fix if something goes wrong.)
http://oauth.net/code/
I am designing a twitter iPhone app for my school. I wanted to moderate the users who can access the school account. In simple terms i do not want to use the original twitter server but make it local to only few users. Simply lets say a twitter for class. This will be running on our server and only few people can access it. I am very cofused about this any open sugeestions would help me.
Please help
Simplest way - twitter allows "protected profiles", where only users you are following can see your updates.. This is basically a whitelist of people who can see your statuses..
If you wish to allow multiple users to post from the same account, without hardcoding the twitter account into the application.. you could create your own API, essentially just a proxy for the twitter API..
You could then add your own level of authentication over this, so each user would have their own account (and you don't give out the shared account's login details)
In pseudo code, the application would be something like..
if request['username'] not in ['bob', 'alice']:
raise AuthError
if request['password'] != ['theuserspassword']:
raise AuthError
twitter_api = TwitterLibrary.login("sharedaccount", "secretpassword")
switch request['api_method']:
case "getPublicTimeline":
return twitter_api.getPublicTimeline()
case "postStatus":
return twitter_api.postStatus(request['something'])
Final option I can think of - you could run your own Twitter-like site.. There are plenty of "twitter clones", such as status.net (which is the code that runs identi.ca)
status.net and several other similar projects have Twitter-compatible API's, so you could quite easily take an open-source client (NatsuLiphone for example), and, with permission, rebrand and modify it to use the URL of your own site.
I'm not exactly sure what you mean by "not want to use the original twitter server". If you only want a few people to see the updates from that classes twitter account you could protect the updates and only allow students to follow the account.
However, this should help you create/customize your own twitter iPhone application. This is a link to Stanford's CS-193P course on Cocoa Development. The assignments in the class are creating and customizing a twitter client. All of the project files are available online.
http://www.stanford.edu/class/cs193p/cgi-bin/index.php
I hope this helps.
Create a regular twitter app that requires credentials, don't hard code the credentials in the app. Problem solved. Anybody could get the app on their phone, but only people previously authenticated on twitter would be able to actually use it. If you want to use Oauth you have do this anyway.