I'm using the Instagram Api.
To retrieve the access token, I use the method with the parameter 'code'.
From this code parameter, I can build a url which will returns me the access token.
Example :
https://instagram.com/oauth/authorize/?client_id=CODE_ID&redirect_uri=my-redirect-url&response_type=code
When I reach this URL through my web browser, after a redirection by Instagram, it returns to a web service I created. Then, my access token is stored.
How can I automatize this in PHP?
This example doesn't work:
exec('curl https://instagram.com/oauth/authorize/?client_id=CODE_ID&redirect_uri=my-redirect-url&response_type=code');
How can I handle the redirection by Instagram?
Thanks in advance.
There's no way to automate this since explicit user authentication is required before an authorization code is generated. So you'll have to redirect using PHP:
header('Location: https://instagram.com/oauth/authorize/?client_id=CODE_ID&redirect_uri=my-redirect-url&response_type=code');
have the user authenticate in the browser to Instagram and then grab the code that is delivered to the redirect_uri by Instagram.
Related
I want to use the Reddit REST API for PHP. I have downloaded all necessary files and have used my id and secret however I have no idea what to have as the redirect uri. Every time I try to execute the code, it goes to the reddit site and says it's an invalid redirect_uri.
What can I use as a redirect uri?
The redirect URI is where the user is sent after they've granted OAuth access to your application. There's more information about this in the reddit OAuth docs.
i want to access token value form dropbox api programmatically
see above image in that at last there are token value i want to get that token value pragmatically. Right now flow is like below
Go to: https://www.dropbox.com/1/oauth2/authorize?locale=&client_id=a6sait9lgzwntkx&response_type=code
Click "Allow" (you might have to log in first).
Copy the authorization code.
When i perform above steps than above dialog is open but i want to get token value directly so is there any other way for getting that token value ? your all suggestion are appreciable.
Yes, if you can use a redirect URI, you can get that "authorization code" delivered to your app programmatically. There's a guide about this that should be helpful here:
https://www.dropbox.com/developers/reference/oauthguide#oauth-2-on-the-web
When using a redirect URI, supplied via the redirect_uri parameter, the authorization code is returned to your specified redirect URI in the code parameter after the user authorizes your app. Your app can then exchange the authorization code for an access token.
I'm working with the Instagram API.
I registered an application and get my clientId et clientSecret. I didn't disabled the implicit OAuth.
For the authentication, I use this URL :
https://instagram.com/oauth/authorize/?client_id=CLIENTID&redirect_uri=URL&response_type=token
Then, it redirects to my URL with the access_token in parameter.
In PHP, how can I retrieve the access token from the first url?
I tried with curl function. But I can obtain the final redirection which is :
URI?access_token=ACCESS_TOKEN
When using the Implicit grant the Authorization Server (Instagram) will deliver the token on the redirect URI in the fragment part of the URL ("#"). This flow is meant for in-browser Javascript clients and not for server side PHP. In fact the browser will strip off the fragment portion from the URL before calling the server so the PHP code will never see the access token.
You may use the Authorization Code grant that is meant for web server clients like PHP, so response_type=code.
I've been trying to get Google's Calendar API working in a PHP web application, but I'm having a hard time getting authenticated.
What I want to do is to allow users to interact with calendars of a single account known by the server.
Each type of scenario covered in the OAuth 2.0 docs talks about "user consent" which involves a login form and the individual user logging in, but I want the server itself to authenticate directly and obtain an access token for itself.
Is there some part of OAuth or some alternative mechanism I can use to do this?
In order to do this, you must go through the steps for user consent and then copy the access tokens it gives you into the PHP code.
The usual procedure for OAuth is like this:
Send user to authentication page.
User comes back with $_GET['code']
Send $_GET['code'] to OAuth server for a token
Store token in database for the user (or session, if it's very short lived)
But when doing it with a single calendar like this, you modify step 4. Instead, you dump the token to screen and copy it into your PHP file as variables, instead of putting it in the database. Then when you go to pass the access token to the server, you just pass the known, static token rather than a dynamic token from the database / session.
See mathewh's answer here:
How to automate login to Google API to get OAuth 2.0 token to access known user account
The lightbulb for me is when you get the access token you get a refresh_token as well... you use this token to "refresh" your access token once it expires.
There is no way around a manual authorization step the first time.
I've been trying for a while to use Oauth to connect to the GetGlue API, with no success what so ever.
I've downloaded every library I can find (like oauth-php) and tried every example I could find on the internet. There MUST be an example for an Oauth connection to the GetGlue API somewhere, but I cant seem to find it. Anyone have any experience with this. Maybe some samplecode even?
Note: All I need is a single request for my own account. I've tried to stay clear of DB sollutions because it's not at all neccesary since it's just going to be my account that has data to be saved.
GetGlue is switching/has switched to OAuth 2.0 for authentication. You might be more successful with it. The authentication flow follows RFC 6749 closely.
Once you registered your app on their OAuth 2.0 portal and obtained a client id and secret, do something along the lines of:
Load the authorize URL to let the user authorize your app:
// remove the line breaks!
https://api.getglue.com/oauth2/authorize?response_type=code
&scope=public+read+write
&redirect_uri=http://localhost
&client_id=<your OAuth client id>
Once the user has authorized your app, GetGlue will redirect to the given redirect_uri with a code query parameter you have to intercept, e.g.
http://localhost&code=<auth code>
Pass that code to the token endpoint to get an access token to append as a query parameter when accessing the v3 API:
// get tokens
https://api.getglue.com/oauth2/access_token?client_secret=<OAuth client secret>&grant_type=authorization_code&redirect_uri=ttp://localhost&code=<auth code>&client_id=<OAuth client id>
If successful this will return some JSON. Be aware that they redirect from HTTPS to HTTP there. Some HTTP clients refuse to do this.
{
"token_type":"Bearer",
"access_token":"<an access token>",
"scope":"public read write",
"expires_in":5184000, // in seconds from now
"refresh_token":"<a refresh token>"
}
Pass the access_token as a query parameter when making API calls. If the access_token has expired, call the token endpoint with the refresh_token as auth code to get a new one. If that fails, you have to make the user authorize your app again.
There is also a Java library (getglue-java) for the new API now.
For GetGlue, you have send email to obtain the Consumer Key and Secret and thus, if you have the both then I can easily help you. I will provide you all the details to do..