i want to access token value form dropbox api programmatically
see above image in that at last there are token value i want to get that token value pragmatically. Right now flow is like below
Go to: https://www.dropbox.com/1/oauth2/authorize?locale=&client_id=a6sait9lgzwntkx&response_type=code
Click "Allow" (you might have to log in first).
Copy the authorization code.
When i perform above steps than above dialog is open but i want to get token value directly so is there any other way for getting that token value ? your all suggestion are appreciable.
Yes, if you can use a redirect URI, you can get that "authorization code" delivered to your app programmatically. There's a guide about this that should be helpful here:
https://www.dropbox.com/developers/reference/oauthguide#oauth-2-on-the-web
When using a redirect URI, supplied via the redirect_uri parameter, the authorization code is returned to your specified redirect URI in the code parameter after the user authorizes your app. Your app can then exchange the authorization code for an access token.
Related
I'm very new to auth0 and authenticating and facing a problem for two days with authenticating a user to our api. How i understand to get an access token is:
A user click on a sign in button on our app.
The user will be redirected to the auth0 hosted login screen.
When the user has correctly signed in on any social platform or registered account then the user will be redirected to my call back URL.
When the user is on the callback url then the user will receive an access token.
Please correct me if im wrong. Now i left out with a few questions.
Im using laravel with auth0 and used the example files of the page: Auth0 Laravel quicktart. So the login is working but when i vardump the user, i get all the user's info but my accessToken is null.
But when i save the accessToken in a session on the callback url, the accessToken look like this: tha63vkb0nnbr6vc. Isnt the length way too short for an access token? I don't understand why i get null when i dump the user but on a callback url it show a short length of string.
Maybe i got it totally wrong and this isnt the access token to use it for my api. On the other note, when i try to receive a token with postman i get an error: "error_description": "Invalid authorization code". my postman look like this: Screenshot of my postman. The code value ive sent is Crk_ri8mKcKX7IcX (the red bordered string in the image).
The value is the code parameter i took from the redirect url. And my redirect url look like this: example.com/public/callback?code=Crk_ri8mKcKX7IcX&state=5-ym0uFBxpiiBqcK_ivb2QIYxsIzAEMX#. Is this the right way to do it? i did exactly how it was indicated in the Auth0 Authorization Code API] at the auth0 athorization token api but it still doesnt work.
Maybe i get this error because the user already authorized so i cant do it twice but if so, why is my access token so short and it doenst work?
I'm very new to this so please excuse me if i got it all wrong. Also my post is maybe to long to put my codes in here but my codes is exactly the same as the aformentoined Auth0 Laravel quicktart example
I would really appreciate it if someone can help me ive been struggling for 2 days now.
Thanks alot for taking your time and reading my post!!
I'm using the Instagram Api.
To retrieve the access token, I use the method with the parameter 'code'.
From this code parameter, I can build a url which will returns me the access token.
Example :
https://instagram.com/oauth/authorize/?client_id=CODE_ID&redirect_uri=my-redirect-url&response_type=code
When I reach this URL through my web browser, after a redirection by Instagram, it returns to a web service I created. Then, my access token is stored.
How can I automatize this in PHP?
This example doesn't work:
exec('curl https://instagram.com/oauth/authorize/?client_id=CODE_ID&redirect_uri=my-redirect-url&response_type=code');
How can I handle the redirection by Instagram?
Thanks in advance.
There's no way to automate this since explicit user authentication is required before an authorization code is generated. So you'll have to redirect using PHP:
header('Location: https://instagram.com/oauth/authorize/?client_id=CODE_ID&redirect_uri=my-redirect-url&response_type=code');
have the user authenticate in the browser to Instagram and then grab the code that is delivered to the redirect_uri by Instagram.
http://api.chan15.info/google-stackoverflow.html
This is the sample code I use to let user login via Google JavaScript API, and it's work, next step is use user id to login to local server via PHP, but use the user id by JavaScript is pretty danger, the real procedure I want is:
login user via JavaScript API
get access_token from JavaScript
pass the access token to PHP
use access token to Google OAuth to get user id again by PHP
login the user by user id
but I don't know how to get access token.
After the user is logged in to their Google account using the Javascript Oauth2 API the access token can be found here:
gapi.auth2.getAuthInstance().currentUser.get().getAuthResponse().access_token;
I've used this to pass the token along to a separate curl PHP request as well as CORS. Since Google's JS API is still Beta I had to resort to sending a PHP curl request in the past. If you're planning to store the token for access after the user navigates away I'd also also get the token expiration date and call another function that wipes out the stored token whenever expired or explicitly revoked. But for me it was just easier to pull this right after successful login each time since I only needed to call the PHP function once and in real-time with AJAX as a bandaid.
PS: You might want to change the original category from Java to Javascript
I want people to log in to my site with their Facebook accounts.
I need to pull some info from their Facebook profile and add it to my site's database
I have tried using the OAuth 2.0 method which makes a redirect to this url
https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID
&redirect_uri=YOUR_REDIRECT_URI
&scope=COMMA_SEPARATED_LIST_OF_PERMISSION_NAMES
&state=SOME_ARBITRARY_BUT_UNIQUE_STRING
I successfully authenticated the user but now the main problem arose. How do I access the data which is sent as response all I can see is a GET variable named code and some long text. How do I convert to usable data?
I use php for my website
Exchange the code for a user access token
Once the user has authorized your app, you should make a server side request to exchange the code returned above for a user access token.
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID
&redirect_uri=YOUR_REDIRECT_URI
&client_secret=YOUR_APP_SECRET
&code=CODE_GENERATED_BY_FACEBOOK
The client_secret parameter must be the App Secret as shows in your app's settings. The body of the response to this request will be a url encoded string of the form:
access_token=USER_ACESS_TOKEN&expires=NUMBER_OF_SECONDS_UNTIL_TOKEN_EXPIRES
You should parse this string and use the access_token value to make requests to the Graph API. You should also persist the access token in your database in order to make further requests to the API without having to re-authenticate the user.
Once the access token expiry time is reached, the token will become invalid and can no longer be used in requests to the API. To obtain a new user access token, you must pass the user through this flow again. However, if the user has not deauthorized your app and you're asking for no permissions beyond those which the user has already granted your application, then no dialog will be displayed and the user will be transparently redirected to your redirect_uri with a fresh code which can be exchanged for a fresh user access token.
If there is an issue exchanging the code for a user access token, the authorization server will issue an HTTP 400 and return the error as a JSON object in the body of the response:
{
"error": {
"type": "OAuthException",
"message": "Error validating verification code."
}
}
For further reference checkout http://developers.facebook.com/docs/authentication/server-side/
Making requests to the Graph API
With a valid user access token, you can make requests to read and write data from the Graph API. A common first request would be to get the basic information (including the id and name) of the user who just authenticated your app:
https://graph.facebook.com/me?access_token=YOUR_USER_ACCESS_TOKEN
There is an official SDK for php from Facebook. Which makes life easier.
Check this sample code
In OAuth 2.0 with facebook, the overall concept is simple as follows.
Step 1. Obtain "Authorization Code" by a GET request
request URI: https://www.facebook.com/dialog/oauth
Params:
response_type=code
client_id={add your "App id" got by registering app}
redirect_uri={add redirect uri defined at the registration of app}
scope={add the scope needed in your app}
Headers: None
Step 2. Obtain the "Access Token" by sending the authorization code as a POST request
request URI: https://graph.facebook.com/oauth/access_token
Params:
grant_type=authorization_code
client_id=<add your "App id" got by registering app>
redirect_uri=<add redirect uri defined at the registration of app>
code=<obtained authorization code from previous step>
Headers:
Authorization:Basic encode <App Id:App Secret> with base64
Content-Type:application/json
Step 3. Use the access token got from above step and retrieve user resources
I've been trying to get Google's Calendar API working in a PHP web application, but I'm having a hard time getting authenticated.
What I want to do is to allow users to interact with calendars of a single account known by the server.
Each type of scenario covered in the OAuth 2.0 docs talks about "user consent" which involves a login form and the individual user logging in, but I want the server itself to authenticate directly and obtain an access token for itself.
Is there some part of OAuth or some alternative mechanism I can use to do this?
In order to do this, you must go through the steps for user consent and then copy the access tokens it gives you into the PHP code.
The usual procedure for OAuth is like this:
Send user to authentication page.
User comes back with $_GET['code']
Send $_GET['code'] to OAuth server for a token
Store token in database for the user (or session, if it's very short lived)
But when doing it with a single calendar like this, you modify step 4. Instead, you dump the token to screen and copy it into your PHP file as variables, instead of putting it in the database. Then when you go to pass the access token to the server, you just pass the known, static token rather than a dynamic token from the database / session.
See mathewh's answer here:
How to automate login to Google API to get OAuth 2.0 token to access known user account
The lightbulb for me is when you get the access token you get a refresh_token as well... you use this token to "refresh" your access token once it expires.
There is no way around a manual authorization step the first time.