I am using an OAuth plugin for cakephp (thomseddon/cakephp-oauth-server) which am having some issues with at them moment.
I want to be able to allow access to my cakephp Rest with two calls
provision - This just adds in a Client id into my table
auth - using grant_type password I send over grant_type, username, password and client_id and return a access token.
Both these actions seem to be in working order and I am getting an access token back the problem is after I gain access I am still being kicked out by cakephp and redirected to the login page when I try an access one of the rest actions.
For example once I have an access key I send up a request to http://customer-server-2.dev/api/documents.json?access_token=xxxxxxxxxxxxxxxx
At this point I should have access because the access token is correct and works fine - but I don't I get redirected to the login in page.
If anyone can help me with this I would be eternally grateful.
There might be two problems
Your access token may be expired.Get a new access token and check
Check your scope when you are getting access token
Related
As the title suggests im wondering how i could obtain a never expiring facebook user access token. Which i would need to create a page access token at a later date. I tried using their graph explorer tool but i could only make it go up to 2 months of expiry date and for my use case that wouldnt be ideal.
To shortly explain my use case, on our website im trying to implement a facebook sharing system where each user could share what they wanted i.e posts on their facebook page (we are not using facebook login and the user would just give acces from their own dev tool panel if thats the correct approach). I got this to work BUT only with a acces token that would expire in 2-3months. So a user having to re-authenicate with our service every 2-3 months isnt ideal and wouldnt really work for us. So is there a way i can refresh that token programtically or does the user have to give a new user access token every couple of months.
I have tried following this answer but with no luck Long Lived access token Facebook Page and many similar answers to this. There is also a suggestion that you should contact facebook if you want a never expiring access token which this user suggested Generate permanent access token Facebook API.
Now im wondering if it even is possible do that in 2021 and if there is anything i missed in regards how to generate said tokens or refresh them.
EDIT:
I used the following requests to get the extended access token.
https://graph.facebook.com/oauth/access_token?client_id=<your FB App ID >&client_secret=<your FB App secret>&grant_type=fb_exchange_token&fb_exchange_token=<your short-lived access token>
After i got the token i used
https://graph.facebook.com/me/accounts?access_token=<your long-lived access token>
to get the extended access token.
To get page access token that never expires, take the following steps:
Get user token
Make this token long-lived, e.g. by clicking "Extend access token" at the bottom of the page: https://developers.facebook.com/tools/debug/accesstoken/
Then, use this token to get page access token.
In Access Token Debugger the token will be marked as "Expires: never"
I am implementing an api in laravel.
what I want is my api should not be accessible from anywhere except from android/ios app.I googled and came to know that I can make use of API KEY.
But I am not sure is it correct way or not.
Currently using OAuth2 for user authentication.
Please help.
What you want to do is to create a token for each user, save it in the client's device , verify it in each request that the client makes.
So basically you want to:
Make a column for the token in the users table
generate the token when the user registers
make a login route so that the user would login with his email,password and he will getback the token to store in the device
make a middleware that would check for the token in each request ( except for the login )
I wrote an article of the exact same thing you want
https://medium.com/#alhasaniq/how-to-add-token-based-authentication-to-laravel-app-s-to-use-in-api-s-1a0e45f9106#.15e3f9quu
I am having a problem obtaining the twitter users access token and secret token without sending a username and password. I would like to get the access token by just sending the twitter_id, once the user has already authenticated my application before.
So the scenario is:
A user logs into my site (using custom login), he already gave my application permission to read/write his tweets. Now I need to load this users access token and secret access token.
Database:
CustomUID : 1 , Twitter_ID: 123456.
So Since I know CustomUID 1 is logged in, I need the access token/secret from Twitter_ID:123456.
The Problem is I canĀ“t find an API function that would let me get the access token without being redirect to Twitter Callback function (Twitter landing page), where the user has to type in his/her username and password, once again because the Request Tokens are obtained by the URL.
How can I solve this problem? I am used to the Facebook API, where user which have already authorize my app, allow me to receive their accesstoken just bei sending getAccessToken($ID).
Thank you very much for help!
You have to save, possibly in your DB, the OAuth token and access token after the first time the user authenticates. Then retrieve the token the next time you need to perform a query on behalf of that user.
I've been trying to get Google's Calendar API working in a PHP web application, but I'm having a hard time getting authenticated.
What I want to do is to allow users to interact with calendars of a single account known by the server.
Each type of scenario covered in the OAuth 2.0 docs talks about "user consent" which involves a login form and the individual user logging in, but I want the server itself to authenticate directly and obtain an access token for itself.
Is there some part of OAuth or some alternative mechanism I can use to do this?
In order to do this, you must go through the steps for user consent and then copy the access tokens it gives you into the PHP code.
The usual procedure for OAuth is like this:
Send user to authentication page.
User comes back with $_GET['code']
Send $_GET['code'] to OAuth server for a token
Store token in database for the user (or session, if it's very short lived)
But when doing it with a single calendar like this, you modify step 4. Instead, you dump the token to screen and copy it into your PHP file as variables, instead of putting it in the database. Then when you go to pass the access token to the server, you just pass the known, static token rather than a dynamic token from the database / session.
See mathewh's answer here:
How to automate login to Google API to get OAuth 2.0 token to access known user account
The lightbulb for me is when you get the access token you get a refresh_token as well... you use this token to "refresh" your access token once it expires.
There is no way around a manual authorization step the first time.
According to the instruction given here searching public information (as https://graph.facebook.com/search?q=QUERY&type=OBJECT_TYPE) needs to have a valid access token. As I know access token is when a user authorized an apps to access his information; but this is searing the public information. How to get an apps access token to search public information?
In that page, facebook automatically add my access token to the link as
https://graph.facebook.com/search?q=watermelon&type=post&access_token=MY_ACCESS_TOKEN
I created an access token by my apps as https://graph.facebook.com/oauth/access_token?client_id=APP_ID&client_secret=SECRET_ID&grant_type=client_credentials
When I use the generated access token in url https://graph.facebook.com/search?q=watermelon&type=post&access_token=GENERATED_ACCESS_TOKEN, it gives an error
{
"error": {
"message": "A user access token is required to request this resource.",
"type": "OAuthException"
}
}
How can I generate access token by my apps?
Or do I need to generate access token by own user account? if yes, how?
Since it is searching public profile, facebook should not need authorization on every search, can I generate a permanent access token to perform different searches?
The Graph API Search interface has changes pending with the Q3 2013 migration.
The following change will go into effect on July 10, 2013:
Graph API search changes
App access tokens will be required for all search Graph API calls except Places and Pages. Search for application will no longer be supported.
https://developers.facebook.com/blog/post/2013/04/03/platform-updates--operation-developer-love/
For searching the facebook graph API using
http://graph.facebook.com/search?q=watermelon&type=post
you need a valid user access token. A user access token is different from App Access token. A user access token is created when a user authenticates your app with different access permissions which is generally close to 212 letters long.
A changes was made in the graph API in July,2013 whereby you will need to have a valid user access token to search for users and posts. The user access token could be generated by you yourself authenticating your app and generating an user access token for your app.
But the question remains, How should we generate a user app token for our apps without making other users to authenticate our apps?
The access token you are requesting looks like an 'application' access token. This token differs from a 'user' or 'page' access token and is used for different things.
https://developers.facebook.com/docs/howtos/login/login-as-app/
This can be used to modify the parameters of your App, create and
manage test users, or read your application's insights for example.
App access tokens can also be used to publish content to Facebook on
behalf of a person who has granted a publishing permission to your
application.
Depending on what you are trying to actually do, an application token might be the wrong form of OAuth. Your example (searching for public posts with the term watermelon) doesn't require an OAuth token, so you're obviously trying a different type of graph search. Without saying what you're actually trying to access, it's impossible to actually advise you correctly.
However, I'm going to guess that you're trying to get access to graph objects that require permissions from a specific user. If that's the case, then you need to get permissions from that user first, by requesting the scope of permissions that you require.
Process of gaining user OAuth Access Token (https://developers.facebook.com/docs/reference/dialogs/oauth/)
Possible Permissions (scope) that can be requested (https://developers.facebook.com/docs/reference/login/)
This will give you a short term access token for that user, which will allow you to anything within the scope of permissions for which you've requested permission.
This token will only last for a short period after the user has logged into your app. It can also be promoted to a longer term access token
https://developers.facebook.com/docs/howtos/login/extending-tokens/
You don't need to pass any token to search in public information (unless you want to search in user's context). Just make a call to the following url and see the URL. Please mark that I have used http instead of https.
http://graph.facebook.com/search?q=watermelon&type=post
But to make my answer more clear - with properly granted access_token I can make a call to the https version of the above url (https version requires an access token) and it just works fine without any problem.
If you are searching programatically and the search URL will never be visible to the end user you can use this instead:
&access_token=app_id|app_secret
More about this here: https://developers.facebook.com/docs/facebook-login/access-tokens/