I'm trying to implement Authorization from the Spotify Web API.
I'm using Postman to review the requests. At the first step of the Authorization process, I don't get the desired response.
I'm using GET https://accounts.spotify.com/authorize endpoint with 3 parameters:
client_id, response_type and redirect_uri , but so far I get the following response:
{
"phoneFeatureEnabled": false,
"user": false,
"BON": [
"0",
"0",
220165699
]
}
MY callback redirect uri should have code appended to it and is contain the params - status and code, but all I'm getting is this:
Make sure you are passing the redirect_uri to the request as that is required. It looks like in your screenshot it is blank but you may have commented it out for security reasons. If you are passing it through and it is the same url setup in the Spotify developer portal, try the same url in your browser and it should redirect you to a Spotify Authorization page.
Under Authorization Code Flow it lists all required parameters here: https://developer.spotify.com/documentation/general/guides/authorization-guide/
Related
Firstly, this is my Instagram URL after the login:
https://www.instagram.com/oauth/authorize?client_id=$MYCLİENTİD&redirect_uri=https://localhost:4000/İnstagram/Insta.php/&response_type=code&scope=user_profile,user_media
And this is the error that page shows me:
{"error_type": "OAuthException", "code": 400, "error_message": "Invalid redirect_uri"}
When I try to get user token from Instagram, I get that error.
I've tried to change the redirect_uri=(Valid OAuth Redirect URIs), but the error is the same as before.
I could not find this documented anywhere, but through trial and error, I found that the redirect_uri had to:
Use https
Be publicly accessible (e.g. localhost and specifying a port number won't work)
Not include parameters (I found they were getting stripped out, which would cause a redirect_uri mismatch when I later requested an access token)
I had the same problem and I solved it as following:
I first went here:
(remember to change your instagram app id in the below URL)
https://developers.facebook.com/apps/your_instagram_app_id/instagram-basic-display/basic-display/
Then I set my Client OAuth Settings, Deauthorize and Data Deletion Requests as "https://localhost:3000/".
That worked for me.
Actually, for me, it was because my URI was not exactly the same as requested by the app. I forgot to add "/" at the end.
Go to https://developers.facebook.com/apps/APP_ID/instagram-basic-display/basic-display/ -> Client OAuth Settings and put there not just https://localhost:5000, but exact authentication endpoint used in your application (https://localhost:5000/auth or else)
Actually, it does work with localhost, but it is very tedious.
First, you need to have https enabled (which from what I can see from your request you seem to have).
[I don't know if this is mandatory] you need to create a test app* from your main app (https://developers.facebook.com/docs/development/build-and-test/test-apps/)
Set the redirect OAuth URI to something like https://localhost:4000/auth/ and update also all other URIs in .../instagram-basic-display/basic-display/ settings.
Finally, don't forget to use the client-id(or app-id) of the test app in your request, which is different than your parent app
I wish you good luck ;)
*IMPORTANT: app-id and app-secret are different in test app!
As per documentation
Construct the Authorization Window URL below, replacing {app-id} with
your Instagram app’s ID (from the App Dashboard > Products > Instagram
Basic Display > Instagram App ID field) and {redirect-uri} with your website URL that you provided in Step 2 ("Valid OAuth Redirect URIs").
The URL must be exactly the same.
Syntax & Example as below
https://api.instagram.com/oauth/authorize?client_id=<instagram_app_id>&redirect_uri=<my-website>&scope=user_profile,user_media&response_type=code
https://api.instagram.com/oauth/authorize?client_id=00000123&redirect_uri=https://aashutosh-kumar.herokuapp.com/&scope=user_profile,user_media&response_type=code
I am new to Zend Framework 2. I am trying to get the login access scenario working with Postman (chrome extension). I have gone through the forum but I'm not sure if I'm missing something or not. So here are the steps that I have taken so far:
In MYSQL I have set up the tables accordingly and there is a user with the following fields in the oauth_clients table:
client_id : testclient
client_secret : testpass
redirect_uri : /oauth/receivecode (I'm not sure about the value of
this one could someone please shed some light on this?)
grant_type : password ( I want to use the service for authentication
and authorization to access a website or login access scenario)
The rest of the fields are NULL. No other entries in other tables.
I set the parameters in Postman like this:
Authorization : Oauth2
Headers:
Accept : application/json
Content-Type : application/json
The raw body is like:
{
"client_id":"testclient",
"client_secret":"testpass",
"grant_type":"password"
}
I post the request to:
www.dummy.dev/oauth/authorize
When I post the request this is what I get:
{
"type": "http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html",
"title": "invalid_request",
"status": 302,
"detail": "Invalid or missing response type"
}
Why do I get this error message?
This error is triggered here in the OAuth2 AuthorizeController.
The controller checks whether the $response_type is valid. If not it returns this error message.
On line 313 you see:
protected function getValidResponseTypes()
{
return array(
self::RESPONSE_TYPE_ACCESS_TOKEN,
self::RESPONSE_TYPE_AUTHORIZATION_CODE,
);
}
Those constants are defined in the AuthorizeControllerInterface:
const RESPONSE_TYPE_AUTHORIZATION_CODE = 'code';
const RESPONSE_TYPE_ACCESS_TOKEN = 'token';
So somewhere during the handling of your request this $response_type value is not set correctly. It should either be set as token or code for the request to validate correctly. Not sure where in your config you did something wrong but with this information you should be able to find the problem.
redirect uri is not necessary and could be left null in the database as well. The correct uri to POST is www.dummy.dev/oauth and the raw parameters in Postman are:
{
"client_id":"dev.dummy",
"username":"testclient",
"password":"testpass",
"grant_type":"password"
}
The value of password is stored and encoded (with bcrypt) in the database. client_id and client_secret are not important in this scenario as my own website is the client of my API.
i'm trying to send a get request to Instagram API, after authentication, like this
https://api.instagram.com/v1/users/self/
to get user data. It works when I set a static URL like www.WebSite.com but when
I'm trying to overwrite the REDIRECT URI that I set in my Instagram App but it gives me this error:
{"code": 400, "error_type": "OAuthException", "error_message": "Redirect URI does not match registered redirect URI"}
I'm trying to build the URL dynamically for REDIRECT URI like this:
$client->redirect_uri = home_url() . '/user-profile/'.wp_get_current_user()->ID .'/';
so please any help on how we can overwrite the REDIRECT URI. many thanks in advance for any help.
You should match the redirect URI you set in your Instagram app, pass the user id as a query parameter (e.g. ?id=1), and then get it from the $_GET array.
You can find the rules of valid URI matching in Instagram Developer Documentation
I'm getting google api authorization code from this page on my server
https://github.com/google/google-api-php-client/blob/master/examples/user-example.php
the same page on my hosting to test
http://mawk3y.net/google/google-api-php-client/examples/user-example.php
after adjusting client id, secret and redirect uri.
$data =file_get_contents('https://accounts.google.com/o/oauth2/auth?code='.$code.'&client_secret={secret}&redirect_uri={my web page}&grant_type=authorization_code');
print_r($data);
but i get an error so i'm trying to paste the full url to the browser address bar after getting authorization code from that page like this (the same auth code I get from this page https://developers.google.com/oauthplayground/)
https://accounts.google.com/o/oauth2/token?code={authorization code}&redirect_uri=mywebpage.php&client_id={my client id}&client_secret={secret code}&grant_type=authorization_code
but the result is
{
"error" : "invalid_request"
}
how to solve this and exchange the authorization code for access token
You're sending the parameters in a GET request to the authorization endpoint (https://accounts.google.com/o/oauth2/auth), but you must send them in a POST request to the token endpoint (https://accounts.google.com/o/oauth2/token).
I have a problem with api to reddit. I tried to use php sdk https://github.com/jcleblanc/reddit-php-sdk, but for each method from API, I receive message:
403 Request forbidden by administrative rules reddit. I think is i problem with access_token, but I used the one that the returned API. I tried with tutorial from https://www.reddit.com/r/redditdev/comments/197x36/using_oauth_to_send_valid_requests/c8lz57u, but in step 6 I get same error 403. I obtained the access_token in step 6.
Response in step 6 is:
{"access_token": "DhiI6vzq86UlCjTIl80u5pCEZ6A", "token_type": "bearer", "expires_in": 3600, "scope": "edit,flair,history,identity,modconfig,modflair,modlog,modposts,modwiki,mysubreddits,privatemessages,read,report,save,submit,subscribe,vote,wikiedit,wikiread"}
Authentication is ok, but I can not call any method from API.
Can someone help me with some advice?