I have a twitter app with access level "Read, write, and direct messages"
I am using omniauth-twitter gem along with devise for letting users sign up and log into my site through twitter. All is fine till now.
It would be nice if the user is able to send direct messages to the his/her followers.
To fetch the list of followers I am using twitter gem. Now how do I let the user send the message he wants?
I have tried almost anything but all returns This application is not allowed to access or delete your direct messages error. This has been killing me for the past week
When I do Twitter.verify_credentials there is no error raised and a User object is returned. But when I call Twitter.direct_messages the above errors is raised. Am i missing something obvious here?
Thanks in advance.
Update: When I tried Twitter.direct_message_create() it worked like a charm! Would like to know as to why Twitter.direct_messages didn't work.
Check https://twitter.com/settings/applications to make sure that DM permissions are actually authorized. If not revoke and reauthorize. Make sure the OAuth tokens the account has granted to the app actually include DM access. Sometimes an app will not have DM acces, OAuth tokens will get authorized then DM access gets added to the app settings and the OAuth token for the account doesn't have DM access authorized.
To answer your update question:
Update: When I tried Twitter.direct_message_create() it worked like a
charm. Would like to know as to why Twitter.direct_messages didn't
work.
Twitter.direct_message(id)
Is used to retrieve existing DMs, whereas:
Twitter.direct_message_create(user, text)
is used to send a DM.
See here: http://rubydoc.info/github/jnunemaker/twitter/master/Twitter/Client/DirectMessages
As an update to #auxbuss's answer, the method has been renamed to:
Twitter.create_direct_message(user,text,options={})
The documentation has also moved:
http://rubydoc.info/github/sferik/twitter/master/Twitter/REST/DirectMessages.
Related
I have a server side application that requires that a user sign in using his browser and then the server continues to use that token to do stuff on its own.
I'm using the flow described here, pretty much verbatim, but with a few additional scopes: https://developers.google.com/identity/sign-in/web/server-side-flow. In this flow, Google takes over through the login process. I create an auth2 object with gapi.auth2.init(), then I call .grantOfflineAccess() on that object, and later I get a callback with a token if succcessful. I don't know if this is the latest/greatest way to do it, but it works fine.
Today, I received an email from Google warning me that I am using the plus.me scope and that is deprecated and will stop working in March 2019.
Thing is, I'm not requesting that scope anywhere in my code and my app doesn't use Google Plus. I only request:
https://www.googleapis.com/auth/calendar.readonly
https://www.googleapis.com/auth/gmail.compose
profile
email
It looks like the insertion of the request for plus.me and a few other scopes is coming from Google's code, something that comes from https://apis.google.com/js/client:platform.js, or something that Google downloads later on as part of the login process -- that's the beauty of this process: Google does fancy stuff I don't need to know about.
But ultimately, the token I get back from Google includes:
scope: "openid email profile https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/gmail.compose https://www.googleapis.com/auth/calendar.readonly https://www.googleapis.com/auth/userinfo.email"
There is definitely stuff there I didn't ask for, including the plus.me which is I guess what I'm concerned about. How do I control or stop this? Or maybe I don't need to do anything and Google will take care of it themselves before they shutdown the plus.me scope?
You are right, your scope request is fine. plus.me is implied from your profile scope request. Unfortunately, the email notification went out to a number of developers in this situation. If you've done a code search and all we notified you about was plus.me, you should be fine. Just make sure you're not using any 3P libs that may also have this dependency.
Successfully implemented OAuth flow within Google Actions context via account linking. However, after token expiration, it asks for user to link the account. Is there a configuration in Google Actions for token auto-refresh in this context so that the user is not re-prompted to link account after doing so already?
There are multiple problems with the app, to the point I'm a little surprised it got approved.
The first is that if you're using https://stackoverflow.com/a/44296039/1204142, then you should look at the update which indicates that Google is no longer allowing their endpoints to be used for account linking. This may explain why the card doesn't go away. Since it didn't prompt me for scopes after I authenticated myself... I'm not actually sure what it thinks it's doing.
But some code must have been sent, since the Assistant thinks we're linked. Even if the card doesn't go away.
However, when I connect, it prompts me with
OK, would you like anything else?
for the initial prompt. Which doesn't make sense in this context. But if I say "yes" it says
Sorry, I don't understand what you're asking. Say "help" to know how I can assist you.
If I ask for help, it says
Here's how piggy piggy can help.
and then leaves the mic open without saying anything further.
Your server can send an error code that will tell Google's OAuth server to send a request for a new access token using their refresh token.
I've followed through the InteractiveConsole and FriendsSmash example in Unity and learnt how to request permissions during login and get the friend list of the user.
But there's one little problem bothering me a lot.
When FB.Login("email,user_birthday", LoginCallback) is called for an authorized user. The user will be redirected to the Facebook page saying "You have already authorized App-Name".
I'm thinking to only call FB.Login("",LoginCallback) to every user, and then use the FB.API to check if the correct permissions exist, and after that call the original FB.Login method. However, this doesn't seem a very wise way to do this to me.
I did a bit of research but still can't seem to find a nice way to solve this. Can anyone please help me out on this?
Thanks.
If you have status=true in your FB.Init(), it should come back with login info if the user is logged in. You can then use FB.API() and do your permissions check.
I had PlayerPrefs.DeleteAll being called for testing purposes. I found that it was removing the Facebook data so it wasn't authorising on initialisation.
Make sure you don't call PlayerPrefs.DeleteAll()
So I am updating an older desktop app (written in VB, .net 4.0) with facebook integration and followed the guide found here, and have been able to successfully get a token (by parsing the uri of the embedded webview if it contains "token="). Now my problem is if I try to login with a facebook account that has already approved the app in a prior session, the webview just gets redirected to https://www.facebook.com/connect/login_success.html without any token information.
Do I HAVE to log all of the tokens I generate manually (ie on successful token generation, I can call their profile info, use their FB ID as key and save the token)? Even if I do, since the email and password is input directly into the facebook login window, how do I check if the user already has a token?
Thanks in advance
The access token can change any time, you need to get it everytime. After getting the token, I immediately get the user information https://graph.facebook.com/me?access_token=??? and use that ID to find their database information.
I couldn't quickly find facebook information but on google's oauth information it says "The access token is also associated with a limited scope that define the kind of data the your client application has access to (for example "Manage your tasks"). An important goal for OAuth 2.0 is to provide secure and convenient access to the protected data, while minimizing the potential impact if an access token is stolen."
https://code.google.com/p/google-api-php-client/wiki/OAuth2
Ok so I finally figured it out myself. My mistake was apparently requesting the access_token directly (ie https://www.facebook.com/dialog/oauth?response_type=token...) to try and save time.
I fixed it by making a request for a 'code' instead (ie https://www.facebook.com/dialog/oauth?response_type=code), which I then use to make a second request to retrieve an access token as documented here: https://developers.facebook.com/docs/facebook-login/login-flow-for-web-no-jssdk/, "Exchanging code for an access token" section a bit lower on the page.
Hope this helps someone in the future, this was very frustrating on my part.
Regards,
Prince
So, I have my web app connected with Foursquare API up and running. It has it's own secret keys and everything. It listens to the incoming push notifications and trying to react on connected users's checkins. So far so good, however, when I'm trying to post something back on user's checkin via one of these:
checkins/reply
checkins/addpost
checkins/addcomment
I got 403 Forbidden error. I know, that I'm messed up something with OAuth tokens but I'm really stuck here and feel a bit puzzled. I try to summarize what's the current status and what I've tried so far:
I Have the App's: clientId, clientSecret, pushSecret
I also connected the Foursquare Account on which the app is creared into my web App, so I get the accessToken, let's name it: appAccessToken
Users are getting registered to my web app, so I get userAccessToken for one of each.
And here we go:
Trying to reply for a user's checkin fails when I'm using appAccessToken. From what I understand, it's like replying on behalf on my App's account, and since that account isn't on the user's "friend list", I get 403.
On the other hand, I'm able to post reply when I use userAccessToken but then, It looks like the user is commenting itself on their own checkins which dosn't have much sense.
I was even so desperate that tried to use clientSecret but no avail...
Can anyone point me out what am I doing wrong here? From what I understand from the Documentation it is, in fact, possible to reply as an App... The only question is, how? :-)
There's ostensibly no difference between the two "types" of access token you describe: appAccessToken and userAccessToken are really two instances of the same thing (a user's access token), one just happens to be associated with the user account that created the app.
For each check-in you are pushed, you should use that user's access token when making a call to checkins/reply. This will reply to the check-in in the style of our Apps Platform. I think in your second comment, you're using the user's access token to add a post to the check-in, which will make it look like the user is commenting on their own check-in.