I'm trying to write a new application using the Flattr REST-API version 1 (not the beta v2). The application acquires a request token at first, which seems to work properly. But I run into a problem authenticating the user. The link created for authentication looks like this:
https://api.flattr.com/oauth/authenticate?access_scope=read,click&oauth_token=MY_REQUEST_TOKEN
Clicking the link everything seems alright. Information about the application and the scope requested is shown, but clicking "Authenticate", there's no pin code, but the following error from https://flattr.com/apps/pincode/MY_REQUEST_TOKEN:
Something went wrong. Please try again
BUT now the Application IS in the authorized application list of the user though that doesn't really help if the user can't get the pin code...
The Application type is set to client. It's the first time I try to work with the API so I'm not sure if I miss anything important? Would be grateful for some help.
Just as an update: We finally changed to API v2. Getting Authorization for our application feels a bit clumsy, as we set the redirecturi to some webpage, where we display the returned code and let the user copy&paste it into our client application... we kind of made our own pincode-flow :/
If possible, please use the v2 api, which uses oauth2 + bearer token.
However, the new API doesn't support authentication using the pincode flow.
As stated by Maike this is probably a bug that has surfaced yet again :(
I'll create an internal bug ticket and try to get it fixed.
The pincode isn't a feature planned. You can use the oauth2 "implicit grant" to authenticate the resources owner. This isn't documented at the moment but is possible.
When you do the request to https://flattr.com/oauth/authorize you pass the response_type token instead of code. This will append a access_token fragment in your callback URL. In your http client it might be possible to catch the 302 from our server and parse the access_token from the fragment.
All this requires a http client in your application whom you can control the flow inside your app.
Related
I am trying to send the Single Tweet GET request from Twitter API v2 collection. I used the OAuth2 Authorization Type.
When I click on Get New Access Token, after providing the Configuration Options I get the following window
But when I click on Back, I am logged in to my Twitter account.
Meanwhile, my Get New Access Token window is still waiting to receive a response.
Has anybody encountered this before?
I've tried using Bearer Token instead and it works without a problem.
I also tried logging out and logging back in from the Twitter login but still did not authenticate successfully.
For me, it's because I used localhost in my callback URL.
Don’t use localhost as a callback URL
Instead of using localhost, please use a custom host locally or http(s)://127.0.0.1
ref: https://developer.twitter.com/en/docs/apps/callback-urls
My Problem is solved Now, This issue was caused Because I have not added the Callback URL in the postman that I have added in the Twitter developer account project.
And Second main reason for that because I did not add the accurate scopes tweet.
I am trying to make a post call in Exact Online REST API. I'm trying to create a SalesInvoiceLine. I can perfectly do a GET call via my browser. I am logged in in Exact Online so I don't need authentication since this should be passed via a cookie. I tried POST via a browser. The browser prompts me to login, when I do nothing happens. I've also tried this in Postman:
I am 100% certain these initials are correct, I can login with them in Exact Online. What am I doing wrong?
If this is not the way, how can I post data to Exact Online? There are not that many concrete examples to find online.
You can't log on to the Exact Online REST API with Basic authentication, the mode you are using now.
The web service uses OAuth as authentication mechanism, meaning you have to acquire a token first. The steps to do so are outlined in the official documentation.
It will need some work on your end to register an app, get the flow up and running. Depending on your business needs, you might be helped with one of the apps for Exact Online by the company I work for.
You need to retrieve the CurrentDivision through GET Request https://{Base Uri}/api/v1/current/Me only from OAuth then you need to assign
CurrentDivision to whatever may be the API call .../api/v1/{CurrentDivision}/../....
Without authorization by Auth 2.0, neither is impossible.
To authorize the ExactOnline API calls you have to do the following:
Register the app in the developer portal. Bear in mind that you have to do a separate registration for French, UK or Dutch version of ExactOnline (this is indeed a pain).
In case you want your application to be used by other accounts than yours, you have to submit the app for validation, this usually takes 2-3 weeks.
EO uses standard OAuth 2.0 schema (very similar to what Google is using with their services). You have to use endpoint GET /api/oauth2/auth for building an authorization link and endpoint POST /api/oauth2/token for obtaining both access and refresh tokens.
Please bear in mind that many Auth 2.0 services are proving long-lasting refresh token. This is not the case of EO. The refresh token is invalidated every time when the access token is requested (endpoint POST /api/oauth2/token). With access token new refresh token is supplied, so make sure you update you refresh token as well.
The access token is placed in HTTP header as "Authorization: Bearer {{ACCESS_TOKEN}}"
In case you want to automate the EO API calls and do not want to code anything on your own, you can try one of the pre-build Exact Online API connectors, created by the company I work for.
my app was pulling feeds to my site for over a year, and recently stopped working late this month(23/03/2015).
I debugged the application, and still don't know why my access token is reported malformed. Here is a sample of a token which to me perplexes me as at the end there is a # tag in it, something I don't expect with QueryString access tokens:
AQD2pAp0kqILBZ9ysXGarDVdmcnnknRgnLvnLdml2TuiLXH8grq8mHkyBCE3jjoEahyMl17myD7ldp1DDWRYEIP9EEnwSHUU5-sZk3mZv6p5YTLpfTVQntYeuuYbIYEn13e3PkF2_cCQbRU2R769xr_Cj0j3Gf_HygWElOQq3BtivxTgN4Db1HfEzrIpnR7309sAZAwKJKbTGw07KukL51oVn1di0gcO2dn5ffv5V4MEb4RuVLLNrcjZWbVPB7Ktyiy62Gw-64ypMqyx2zj_0quZKFlgV0fBE_TY3K_iMr-XEGuodId1hk0n7k89DUjXa40#=
Looking at my application on Facebook(app), it is clear that I should expect access tokens on request from Query String.
Something is definitely wrong, as this access token reports a malformed access token. This is a recent bug that has just cropped up so I think.
Any body know about this problem? I can't access my feeds from my facebook profile using this access token to expose to my web based application.
Any help or suggestions are welcome.
Kind regards
Martin Okello.
Probably, you were using the read_stream permission which is no longer granted to apps. You should try to regenerated an Access Token with the new user_posts permission and use this Access Token instead.
See
https://developers.facebook.com/docs/apps/changelog#v2_3_new_features
https://developers.facebook.com/docs/facebook-login/permissions/v2.3#reference-read_stream
I would like to develop a desktop application.
Sadly I got stuck at login. I want to use a web view which be SoundClound login end point.
https://soundcloud.com/connect?client_id=my_client_id&response_type=token_and_code&scope=non-expiring
Using the above I received error : "invalid_client: The configured redirect_uri of the client application is invalid."
Would be nice if API would tell you which parameters are required and which are optional. As I read about OAuth 2.0, redirect uri is optional. This caused me confusion when received this error. I also tried curl version, same kind of error.
If I tried to add a random redirect_uri won't pass either. (I'm aware this is about security.)
I found this answer, but I doesn't work and I think is error-prone: it requires 2 text fields and you're asking the user to provide their credentials (then you're able to do what you want with them...)
Soundcloud API authentication without a web browser
I would like to do the flow this way:
Open a web view with SoundCloud login end point.
User is providing his credentials to SoundCloud Server.
SoundCloud Server is sending me a token.
Something similar to OAuth 1.0.
Is possible or is there something similar to achieve my goal?
After another few hours of research and keep trying to login I figured it out.
It works with redirect_uri after I did the setup for it on page "Your apps" on SoundCloud.
I'm trying to use the API dropbox.
Once the authentication window is opened, a message is displayed:
This session has expired. Please return to the app to try again.
See full image
I'm using a library to work with OAuth called jsOAuth
Console Error
See full image
I published this application: Here the full code
Notes
I know that is not very safe to use OAuth with Javascript, but this is only for studying the OAuth standard.
See here the complete JS
Any example of using javascript with OAuth will help me a lot
Thank you all for your help!
That error message means the request token used for that authentication session is no longer valid, likely because a timeout has passed. (The request token is only good for a certain amount of time.) You need to start over with a new request token.