I'm attempting to use the Twitter api via Twifer in PHP in order to authenticate users and post tweets with media attached automatically. I understand that the only way you can post media is through the V1.1 endpoints, requiring elevated access.
I applied and got granted this access see in developer portal, seeing Elevated, V1.1 Access and V2 access, so theres no doubt that this is enabled. I am able to authenticate a user with my callback url and post a regular tweet with this.
$conn = new API($consumer_key, $consumer_secret, $access_token['oauth_token'],
$access_token['oauth_token_secret']);
$postfields = '{"text":"Tweet test for php"}';
$res = $conn->request('POST', '/2/tweets', $postfields);
However...
When attempting to use the V1.1 endpoint for something as simple as
$user = $conn->request("GET", "account/verify_credentials");
I see You currently have Essential access which includes access to Twitter API v2 endpoints only. If you need access to this endpoint, you’ll need to apply for Elevated access via the Developer Portal.
I have attempted to regenerate all keys and can confirm I have read and write permissions under my app permissions section of the developer portal for this project.
Could this be an issue of running locally via http://dev.user.domain.co.uk which I doubt due to being able to post using the V2 api.
Related
My web using the PHP Google_Client to insert the youtube playlistItem in my playlist (2-leg-oauth),
and get the error
Client is unauthorized to retrieve access tokens using this method.
Where can I setting the server using my-account#gmail.com to have the same permission to access google api
such like insert playlistItem,
or is there having another way without using my-account#gmail.com to get same permission?
PHP Code:
putenv('GOOGLE_APPLICATION_CREDENTIALS=client_secret.json');
$client = new Google_Client();
$client->useApplicationDefaultCredentials();
$client->addScope('https://www.googleapis.com/auth/youtube');
$client->setSubject('my-account#gmail.com');
If you have delegated domain-wide access to the service account and
you want to impersonate a user account, specify the email address of
the user account use
$client->setSubject($user_to_impersonate);
The YouTube API doesn't support delegated domain-wide access or service accounts. You will need to authenticate with Oauth2.
see PHP Code Samples
You're hitting a common problem. Many developers think that a Service Account is the correct way for server apps to communicate to Google's API services for a given Google account. It isn't! A Service Account, as its name implies, is a brand new account (actually a kind of half-account since you can't actually log in to it) that is dedicated to your app.
What you need to do is a one-time procedure to generate a Refresh Token, which you will store securely. Thereafter, whenever you need to access a Google API such as YouTube, you will use that Refresh Token to generate an Access Token, which you will include in each API request. The steps are enumerated How do I authorise an app (web or installed) without user intervention? (canonical ?) and https://www.youtube.com/watch?v=hfWe1gPCnzc
I am trying to connect to the Facebook Graph API using the PHP SDK and view recent posts of a business account. BTW: I know there is a widget available for this task, but due to speed constraints, I would rather access the API and cache the response myself.
So I used my personal account to sign up at developers.facebook.com, created an app and obtained an AppId and AppSecret. My question relates to obtaining an access token for use with the graph API using the PHP SDK.
The examples on the getting started page shows how to obtain an access token by manually clicking a link and receiving a callback to my website. I am not creating a public app as such, I don’t want a manual login because my script will be run periodically by the server.
In any case if I click the Log in with Facebook! link, I get the following message which I don't understand:
The Twitter API provides automatic authentication but I cannot understand how to impliment this using Facebook. Can anyone point me in the right direction?
I'm currently trying to wrap my head around a rather complex OAuth2 use case. I have two servers, one is a client side web server, which serves a website, the other is an API server, which is used to interface with all our backend data.
Currently users use a basic UserCredentials flow which creates an access token on our API server, which is then used to sign all requests from the webserver to the API
Is there a way I can allow users to log in using Google or Facebook, and either use the access token generated to sign API requests in the same way as above, or alternatively create an access token on our API which is then used the same way as above?
In a word: NO.
Let me try and explain why. Lets start by looking at Google, to access google you need to register your application in Google Apis console. When you ask a user to give you access to there google data you do it using the client id and secret you got from apis console. Then google goes about createing your application an access token for there api this info is all stored on there servers. When you then try and use that access token they know which user gave you access to there data via the api.
Now the same holds true for Facebook, and your service as well. They are all diffrent APIs offered by diffrent companys. They create the Access tokens Google cant create you an access token to access data on Facebook any more then Facebook could to Google. Things just dont work that way.
I have recently implemented the SSO functionality for a Google Apps Marketplace app we are developing. In simple words: it provides a way to retrieve the Google Apps' user's email and log him in in your website, without the need of authorization on his end. You just need the consumer key and consumer secret, provided by Google to the app during installation on your domain (the installing user also authorizes (a one time action) any other permissions you request in the Manifest file).
Now I have somehow managed to get the SSO user login working using JanRain's OpenID PHP library and adding Google Apps as provider using the PHP Extensions for Google Apps OpenID Discovery.
However, after logging in, I need to implement a functionality that will retrieve all users in a given Google Apps domain. I've already did that using oAuth2 authentication and the following Directory API. However, this requires the existense of a consumer key, consumer secret and a redirect URL (that must be registered in the Google API console).
Is there a way to remove this convenience and instead allow our users to directly be able to get their Google Apps domain's users, using the existing SSO authentication we made in the background while logging him in? Otherwise, it will be too much hassle for the user to register the app at the Google API console, enter the correct redirect URL and set it up in our website and then he will be able to get his domain's users.
Regular users cannot use the Directory API, you'll need to authenticate as an admin user to make Directory API calls.
Depending on your needs though for accessing all users, you may be able to get by with requesting access to the user's Contacts scope and grabbing a copy of the full Global Address List which contains information on all non-hidden domain users as well as non-hidden groups and shared contacts.
I want to access our Google Analytics account reporting using the newer v3.0, but it seems from everything that I read that in order to get a valid access token the user must log in.
We want direct access to our own account reporting, and not access a client's depending on their account. How do we accomplish this in PHP without having to send the browser to a Google login page? Is there no straight API authentication for v3.0?
EDIT
This seems to be the only method of accessing the API without end-user interaction, which they call "Server to Server":
https://developers.google.com/accounts/docs/OAuth2ServiceAccount
EDIT 2
Looks like it can't be done? ;(
Warning: Very few Google APIs currently support Service Accounts.
Service accounts are currently supported by the following Google
developer services:
Google Cloud Storage
Google Prediction API
Google URL Shortener
Google OAuth 2.0 Authorization Server
EDIT 3
There seems to be a solution after all, as I log in once and then use "Refresh Tokens" to keep gaining access without an additional user login.
I did end up using the refresh tokens, they work fine. I got a oauth token by using the google api console, and then saved it.
Then I just do this before each request:
require_once 'google-api-php-client/src/apiClient.php';
require_once 'google-api-php-client/src/contrib/apiAnalyticsService.php';;
$client = new apiClient();
$client->setApplicationName('My Analytics');
$client->setClientId($this->client_id);
$client->setClientSecret($this->client_secret);
$client->setDeveloperKey($this->api_key);
$client->setScopes(array('https://www.googleapis.com/auth/analytics.readonly'));
$client->refreshToken($this->refresh_token);
$this->service = new apiAnalyticsService($client);