I have installed the Paypal PHP SDK and am having trouble getting a access token in Sandbox mode.
$sdkConfig = array(
"mode" => "sandbox"
);
// new OAuthTokenCredential(ClientID, Secret, sdkConfig)
$cred = new OAuthTokenCredential("$clientID","$secret", $sdkConfig);
The $cred, when returned, only has the client, secret and logging manager populated, everything else is null.
When stepping through the OAuthTokenCredential class it only runs through as far as the initial function. None of the accesstoken functions run.
I'm assuming that the SDK is okay as other people are presumably using it, so I'm guessing that there is a fairly simple solution.
It isn't documented anywhere, but I've found that adding this directly after the above code works perfectly.
$cred->accessToken = $cred->getAccessToken($sdkConfig);
Not sure why it isn't documented, but this now works for me.
Related
I'm having some problems with my Shopify 'orders/paid' webhook that I install onto the users store via the Shopify SDK (using a PHP wrapper: https://github.com/phpclassic/php-shopify). Anyways, I create the webhook like so:
$shop = $this->request->getVar('shop'); // Get Shopify store URL
// Get access token for store
$config = array('ShopUrl' => $shop, 'ApiKey' => 'xxx', 'SharedSecret' => 'xxx');
\PHPShopify\ShopifySDK::config($config);
$accessToken = \PHPShopify\AuthHelper::getAccessToken();
// Keep track of access_token for SDK calls and authenticate to store for webhook creation
$addToken = $this->Stores->addAccessToken($shop, $accessToken);
$config = array('AccessToken' => $accessToken, 'ShopUrl' => $shop);
$shopify = new \PHPShopify\ShopifySDK($config);
// Create orders/paid webhook
$orderPaidHook = array('topic' => 'orders/paid', 'address' => 'https://api.autoloapp.com/webhook/create', 'format' => 'json');
try {
$webhooks = $shopify->Webhook->post($orderPaidHook);
}
This code as far as I can tell works, using print_r($webhooks) gives me a valid Webhook that has (in theory) been installed on to the store. However, when an order is actually paid for on the store I DO NOT get a message.
Using the "Test Webhook" settings under "Notification" in the Shopify Admin my webhook works perfectly. Using PostMan to simulate a webhook call works perfectly.
The code to process the webhook looks like this:
$headers = getallheaders();
$topic = $headers['X-Shopify-Topic'];
$storeName = $headers['X-Shopify-Shop-Domain'];
if ($topic == 'orders/paid') {
// Do some stuff, insert row into database
}
Again, when I use PostMan or the built-in "Test Webhook" setting for Shopify the row in my database gets created just fine. When I do it with a real webhook nothing happens. I'm not sure why this is happening, as far as I know all the headers should be the same. Do I need to verify the webhook in some way?
For reference I'm using CodeIgniter 4.0, PHP 7.0, and the newest version of the Shopify SDK.
I found this note on Shopify's Docs: "Note that if you are using a Rack based framework such as Ruby on Rails or Sinatra the header you are looking for is HTTP_X_SHOPIFY_HMAC_SHA256". With my current set-up I should still be using X-Shopify-Shop-Domain instead of HTTP_X_Shopify_Shop_Domain correct? Any help greatly appreciated!
So I finally figured out that for some reason the 'orders/paid' webhook wouldn't work for me in "production environments" despite working fine in my test environments. Simply changing the topic to 'orders/create' resolved my problem.
I'm new to bigcommerce and jwt tokens. I'm trying to get the customer login api to work on a trail store. But have not been able to successfully login a customer automatically.
I got it to work once or twice, but now it doesn't work anymore, and an unable to figure out the odd behavior since nothing changed with the code. I've tried googling if anyone else has had issues with the customer login api but have found nothing.
I've gone thru the tutorial on https://developer.bigcommerce.com/api/v2/#customer-login-api and copied the example provided.
Is there something I'm missing with the code below?
I've gone to developer.bigcommerce.com and created a draft app.
I got the Client ID and Client Secret from the draft app.
I've gone into my trial store and successfully installed the draft app.
I've tested this page on SSL as well.
Could it be because it's a trail store and it will only work if it's a real store?
Thanks.
Here is the php code below:
include "vendor/autoload.php";
use Bigcommerce\Api\Client as Bigcommerce;
use Firebase\JWT\JWT;
function getCustomerLoginToken($id, $redirectUrl = '', $requestIp = '') {
/*
if (empty(self::$client_secret)) {
throw new Exception('Cannot sign customer login tokens without a client secret');
}
*/
$payload = array(
'iss' => '#MyApp1's Client ID#',
'iat' => time(),
'jti' => bin2hex(random_bytes(32)),
'operation' => 'customer_login',
'store_hash' => '#Store Hash#',
'customer_id' => $id
);
if (!empty($redirectUrl)) {
$payload['redirect_to'] = $redirectUrl;
}
if (!empty($requestIp)) {
$payload['request_ip'] = $requestIp;
}
return JWT::encode($payload, "#MyApp1's Client Secret#", "HS256");
}
$jwt = getCustomerLoginToken(1);
header("Location: " . 'https://store-#Store Hash#.mybigcommerce.com/login/token/' . $jwt);
exit();
There are a couple of constraints that can cause errors:
The app must be installed on the store (seems like you're all good here - you can also test with an API token created locally in the store - https://support.bigcommerce.com/articles/Public/Store-API-Accounts/)
The app must have the Login OAuth scope
The JWT URL must be visited within about 30 seconds, or it won't work.
The computer/server that's generating the JWT needs to have a clock that's synchronized, otherwise your IAT value will appear to have been created more than 30 seconds ago or even in the future which will fail.
The URL can only be visited exactly once - if anything runs a GET request against it other than the intended end user's browser, it won't work. For example, if you send the URL in a Slack message, slack will try to preview the link by visiting it and therefore invalidate it.
It's good to double-check that your JWT is valid at https://jwt.io/
BigCommerce support has access to logs which can shed more light on the situation if you've ruled out the above.
Hope this helps!
do not need app client_id and Secret code , you need to api's client_id and secret code
Question about the upgrade to v2.2 of the Facebook Platform, in particular, this part:
The previously deprecated REST API has been completely removed in
v2.1, and all apps still using it must migrate to using Graph API.
For the most part, in my Android and iOS app I am not using the REST API. I'm using the Android SDK and the iOS SDK. However, I do have one exception. When I call my server to login or really do basically anything, I try to assure that the person trying to login/access data is indeed the person they say they are. I do this:
$context = stream_context_create(array('http' => array('header'=>'Connection: close\r\n')));
$response = file_get_contents("https://graph.facebook.com/debug_token?input_token=".$accessToken."&access_token=MY_APP_ACCESS_TOKEN", false, $context);
$jsonObject = json_decode($response, true);
$data = $jsonObject["data"];
$facebookId = $this->getFacebookId();
if(isset($data['is_valid']) && $data['is_valid'] === true) {
if(isset($data['user_id'])) {
if($data['user_id'] == $facebookId) {
return true;
A little bit of code missing there, but that's the gist of it. Get an access token and a facebook id. I use the access token to see if it's legitamite and the user_id assigned to that access token is the id of the person trying to get info. If so, I let them in.
My question is, am I understanding correctly that this is going away and I have to use the Graph API to somehow do the same thing? How is this done through the Graph API in PHP given an access token and facebook id from Android/iOS?
EDIT: Just realized this is actually in the 2.0 to 2.1 section, but question still stands, should I be concerned about my server side code?
Thanks!
I'm thinking I don't have anything to worry about. The approach I'm using is in the Facebook Platform docs here:
https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.2#checktoken
Under inspecting access tokens. Nothing on this page talks about it being deprecated.
I'm posting here due to a problem with php and the sdk of facebook.
For a reason I don't really know, when I try to get the userID of the logged account, continuously I received the same value, 0, even if i'm logged.
I've been trying to debug some variables, $facebook, checking sessions, etc. but with unsuccessfully results, then i'm gonna step by detailing all what i'm doing and the debug log i'm doing:
I'm using hostinger servers, that hosts my website. Due to i've found many problems, i've created a test webpage in which i have 5 files:
index.php
callback.php
facebook.php (comes from facebook)
base_facebook.php
certificate
The code i have on index.php is what i've pasted here: [index.php]: http://pastebin.com/Mfdkxz8H This is only the first part of the code which tries to get the autentification.
The code i have on callback.php is what i've pasted here: [callback.php]: http://pastebin.com/Uw0A3NM8. There i try to get the userID.
I've read some post and for some reasons there were so many cases in which the token
wasn't received in the second file/call.
I don't really know what the problem is and would be happy to find a solution.
P.D It doesn't matter the appId and secret because facebook and webpage were created for a test.
Hard to tell what is going up from your code example (By the way, you should NEVER post your appId and secret in public like that otherwise someone will be able to compromise your application). A gave your code a quick glance and it "looks" fine but here are a couple of pointers:
But here are a couple of pointers.
1) Make sure you have the latest version of the Facebook SDK (assuming you do)
2) For SANITY sake, i would keep your Facebook API files in its their folder ('sdk')
3) DOUBLE CHECK your app settings to make sure the appID and secret are correct (I have made this mistake many times), also make sure that your at is NOT in sandbox mode
4) Then try something like this
include_once("sdk/facebook.php");
//Call Facebook API
$facebook = new Facebook(array(
'appId' => XXXXXXXXXXXXXXXX,
'secret' => XXXXXXXXXXXXXXXX,
'cookie' => true, // enable optional cookie support
));
$params = array(
'scope' => 'email',
'redirect_uri' => 'http://devstarlight.esy.es/facebook/callback.php'
);
$login_url = $facebook->getLoginUrl($params);
I've spent the last three hours trying to get a simple Twitter status update to work using Zend_Service_Twitter and Zend_Oauth_Token_Access. Infuriatingly, I keep getting the following response:
object(Zend_Rest_Client_Result)#34 (2) {
["_sxml:protected"]=>
object(SimpleXMLElement)#39 (2) {
["request"]=>
string(33) "/1/account/verify_credentials.xml"
["error"]=>
string(20) "Invalid / used nonce"
}
["_errstr:protected"]=>
NULL
}
Here is the code I have tried:
$token = new Zend_Oauth_Token_Access();
$token->setToken('my token');
$token->setTokenSecret('my token secret');
$params = array('accessToken' => $token,
'consumerKey' => 'my key',
'consumerSecret' => 'my secret'
);
$twitter = new Zend_Service_Twitter($params);
$response = $twitter->statusUpdate('simpletest');
What on Earth is a 'nonce'? If I mess up the token/token secret the error message in the response changes accordingly. However, with correct credentials I keep getting the above noncence (pun intended). Also, I have tried several alternatives such as the ones in this previous post on SO.
Any help would be appreciated!
Update:
In case it helps, or makes things easier, all I am trying to do is update the status of a single Twitter account, which is the application's twitter account. As I commented below #David Caunt's answer, whenever an 'item' gets posted to our site, the site's Twitter status will update to a brief description of the item as well as a link. That's all! This used to work, before oAuth became compulsory to make API calls (all that was needed was to instantiate a Zend_Service_Twitter and pass in our credentials).
Consulting the reference manual, I believe your error is in creating the Zend_Service_Twitter object.
$twitter = new Zend_Service_Twitter(array(
'username' => 'johndoe',
'accessToken' => $token
));
$response = $twitter->status->update('My Great Tweet');
You do not need to pass in the key and secret again, as they are contained in the access token used to sign the request.
See also my comment above explaining the nonce.
UPDATE:
I've tried the code in a minimal environment and you're right, it simply doesn't work.
You can see all of my code in a GitHub gist. It's deliberately minimal, avoiding MVC and other complications.
You may take comfort in the fact that a Zend_Http_Client returned from the Access Token does work.
Twitter servers were reporting a problem with my nonces, when the error
was in the signature.
My OAuth code was working for most
requests, but when trying to post new
statuses I was getting "Invalid / used
nonce" as a response.
After much debugging, I found out I
was failing to encode spaces as %20
and instead was sending them as +.
After using the correct encoding, it
worked flawlessly.
Twitter servers should have reported a
problem with the signature, not the
nonce.
I don't really expect you guys to
waste any time fixing this (but it
would be nice)... I just want to leave
this note here so next time someone
comes googling for "invalid / used
nonce" they know they have to look at
their encodings too.
From http://code.google.com/p/twitter-api/issues/detail?id=1059
(other solution in comments)