I'm using Java with Google Plus API. I'm using OAuth 2.0. When a user is authenticated, an access code is returned in a browser. Now, given that the code must accompany a call to the Google Plus API, I currently have to manually copy the code and use it in making calls to the Google Plus API. What I wish to do, however, is to programmatically retrieve this code; eliminate the manual copying.
Any assistance will be highly appreciated. Thanks in advance.
It sounds like you're writing a command line or some other non-web application that uses the Google+ API. This throws a little bit of a wrench into the token delivery via HTTP redirect. Without the redirect there's no way for the OAuth web pages to communicate with your code and hence you must copy and paste it.
There is one work around that seems to work pretty well. You can set up a local web server, such as an embedded Jetty, and complete the OAuth flow by redirecting the user back to their locally running web server.
You can see an example of this implemented in oacurl which is hosted here: http://code.google.com/p/oacurl/
Related
I not hugely experienced with API's, but I was wondering the difference in Postman with using the 'Authorize using Browser' below Callback URL and not using it. (I'm trying to connect to Microsoft Dataverse using Web API) When I don't use it a pop up comes up fine and I can sign in and authentication goes great. But if I use the browser it won't work. Now, I don't have Azure Admin rights to set up callback URL's in my environment so I imagine that is part of the issue, I'm just wondering why it works one way and not the other. I was trying to replicate in python and am getting the same error as trying to use browser in postman. I would like to understand what backend process Postman is using in the non-browser version so I can replicate if possible. I followed Microsoft's example in the link below as well.
Postman Example
https://learn.microsoft.com/en-us/learn/modules/common-data-service-web-api/3-postman?ns-enrollment-type=learningpath&ns-enrollment-id=learn-dynamics.integrate-power-platform
Currently, I am using the Token Authentication Flow to connect MS Graph OneDrive API to my application. (Link to documentation) It works, yet I have to use Postman to get a new authentication token after 30min-2h (I'm not sure about the exact timeframe). I need to be able to access the OneDrive API for a longer period of time (multiple months) without having to authenticate again and again.
In the documentation, the also speak about the Code Flow (Link to Documentation). Yet I don't receive a refresh token nor do I know how to set it up for longterm access.
I wrote an application in python that uploads files from OneDrive to another application.
Any help is appreciated!
Perhaps not a direct answer but it could help you arrive to solution via another route. In my case, I was following the process presented here, which really then lets user choose if they would like be remembered on the device. Then token gets stored and the method attempts silent authentication before requiring interactive login. So basically you get to use Graph API seamlessly.
Obviously, the authentication still needs to happen but perhaps you could reuse the token for direct requests?
I am trying to authenticate a user inside a desktop application using the web api. I am not using a browser, I am using straight up GET and PUSH calls to the endpoints of the Spotify servers. Immediately I ran into some problems. It appears that upon the initial GET command to "accounts.spotify.com", the returned response includes HTML with a javascript function that runs and is responsible for dynamically generating HTML that you see on the initial login page. If you look at the Javascript function, it is clear that this is what is going on, however, you can also see this code is obfuscated and not meant to be used by us, the developers! (Link to Javascript code here for reference: Javascript function)
So my question is, while I can probably reverse engineer the code to get this working, would this be against the Spotify developer TOS?
Thanks!
Spotify's authentication happens through oauth, and a big part of user authentication as per the oauth rfc is where the user delegates permissions to your app to carry out API calls that affect their account, or return information about them. That's the web page you're seeing - it must be presented to your users so that they can delegate permissions so that Spotify can give your app an access token. It doesn't necessarily need to happen in a browser - it can happen in a web view inside your desktop application - but it does need to be loaded over https, and your application must not alter or reverse engineer the Spotify permissions delegations page.
As you correctly guessed, reverse engineering any Spotify APIs is against terms of service.
For more information on authorization on the Spotify platform, I'd recommend having a look at this guide.
Hope that helps! Please ping me if you have any more questions.
Hugh
Spotify Developer Support
I want to use an external software Alteryx to access the api so I can crawl some JSON data. When I call https://www.yammer.com/api/v1/messages.json, it keeps on popping "HTTP/1.1 403 Forbbiden".
I guess there is something wrong with the authentication. Does anybody know how to embed the credentials in the URL? Or is there any other ways to authenticate so an external software can access?
I can do it perfectly with normal browser after logged in.
Thanks
Yammer's Rest API for retrieving data implements OAUTH 2.0. This is because any application trying to access the data is making the request as an "App" which will then have access to a user's specific data.
Yammer's OAUTH flow is decribed here: https://developer.yammer.com/docs/oauth-2
I do not yet know of an easy way to implement the authentication using anything other than development within a browser for this process.
You may be better off exporting the json messages to a file and then importing into your external software.
I'm using the dropboxd service under Linux, which requires you to log into their website e.g. https://www.dropbox.com/cli_link?host_id=2173bf325f94beee3b1879d2c7b49e69 to link the machine to your account.
Is there any programatic way to do this (ideally using Java)? To access the website above it seems you need to login using forms (which seems tricky to do programatically), and their basic REST API (https://www.dropbox.com/developers/core/docs) doesnt seem to cover the cli_link command.
I could write an app to do the sync using their full API, but it seems like overkill since aside from the cli_link requirement the basic dropboxd does all that I need.
The official Dropbox desktop client is unrelated to the API, though both the API and the Linux CLI require user interaction on the Dropbox web site (once per link) to authorize the linking. Also, note that automating/scraping the site itself is not allowed by the terms:
https://www.dropbox.com/terms#acceptable_use
Not really a solution for DropBox users, but in the end we just moved over to use MediaFire instead. That has a full REST API and doesnt require any manual intervention.