I'm attempting to retrieve an access token from BigCommerce. I'm following the instructions on this page: https://developer.bigcommerce.com/apps/callback
When I try to retrieve the access token, I am getting an invalid scope error. Here's the code:
public function access_token_get(){
print_r($_GET);
$tokenUrl = "https://login.bigcommerce.com/oauth2/token";
$connection = new Connection();
$connection->setCipher('RC4-SHA');
$connection->verifyPeer(false);
$response = $connection->post($tokenUrl, array(
"client_id" => "123456",
"client_secret" => "123456",
"redirect_uri" => "https://my-registered-auth-callback.com/",
"grant_type" => "authorization_code",
"code" => urlencode($_GET['code']),
"scope" => urlencode($_GET['scope']),
"context" => urlencode($_GET['context'])
));
print_r($response);
print_r($connection->getLastError());
$token = $response->access_token;
print_r($token);
}
When this code runs, I get an empty $response. I added the getLastError() line to see what was going on, and it's outputting:
stdClass Object ( [error] => Invalid scope(s). )
These are the parameters output from the GET request:
Array ( [code] => 2idy1ozvee8s0ddlbg3jgquzgtr55gd [context] => stores/xxxxxx [scope] => store_v2_orders store_v2_products store_v2_customers store_v2_content store_v2_marketing store_v2_information_read_only users_basic_information )
Why would I be receiving this "invalid scopes" error? I also tried hardcoding a single scope to see if that works, for example, just doing "scope"=>"store_v2_orders", but when I do this, I get an error saying that the scope has not been granted by the user.
Looks like the issue was that I did not need to urlencode the code, scope, and context. Removing the urlencode function fixed the issue.
Related
I'm trying to register a webhook url on twitter app and I'm using this package twitteroauth.
But facing following error after executing Twitter endpoint to register webhook.
stdClass Object(
[errors] => Array
(
[0] => stdClass Object
(
[code] => 214
[message] => Webhook URL does not meet the requirements. Invalid CRC token or json response format.
)
)
)
I was tried to register webhook through code as follows:
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $_POST['oauth_token'], $_POST['oauth_token_secret']); $webhookURL = "https://example.com/twitter/webhook"; $ucontent = $connection->post('account_activity/all/my_env_name/webhooks', array('url' => $webhookURL));
After reading some posts regarding this issue, I was tried the following code with url encoding:
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $_POST['oauth_token'], $_POST['oauth_token_secret']); $webhookURL = "https://example.com/twitter/webhook"; $ucontent = $connection->post('account_activity/all/my_env_name/webhooks', array('url' => urlencode($webhookURL)));
I also read in some articles and regenerate the keys, tokens of my app and newly generated key, tokens in code.
But not get success to register webhook url.
Execute the Twitter endpoint to get the webhook related details, but its giving empty array
{ "environments": [ { "environment_name": "my-environment-name", "webhooks": [] } ] }
Expected output after successful webhook url registration in this array response:
{ "environments": [ { "environment_name": "my-environment-name", "webhooks": [ { "id" => webhook-id-here, "url" => https://example.com/twitter/webhook, "valid" => 1, "created_timestamp" => some-date-time } ] } ] }
Please help me for this issue.
I have 2 methods in my feature test LoginTest.php that check for incorrect password or username.
When I run vendor/bin/phpunit I don't get any errors reported: OK (40 tests, 154 assertions)
However, I do get the following error displayed. This is expected since login is supposed to fail.
testing.ERROR: The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. {"exception":"[object] (Laravel\Passport\Exceptions\OAuthServerException(code: 10): The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. at /app/vendor/laravel/passport/src/Http/Controllers/HandlesOAuthErrors.php:26)
Here are the 2 methods that are causing the issue.
{
$this->createAccount("test#test.com");
$loginForm = array(
"grant_type" => "password",
"client_id" => "2",
"client_secret" => "lGk9EYlEHdQfXKy0EdTJ5S4Y126y0lkz0ofXiUXe",
"scope" => "*",
"username" => "test#test12.com",
"password" => $this->formData["password"]
);
$response = $this->json('POST', '/oauth/token', $loginForm);
$response->assertStatus(400);
}
public function testLoginPasswordIncorrect()
{
$this->createAccount("test#test.com");
$loginForm = array(
"grant_type" => "password",
"client_id" => "2",
"client_secret" => "lGk9EYlEHdQfXKy0EdTJ5S4Y126y0lkz0ofXiUXe",
"scope" => "*",
"username" => $this->formData["email"],
"password" => "Wrong"
);
$response = $this->json('POST', '/oauth/token', $loginForm);
$response->assertStatus(400);
}
Should I not be bothered about these displayed errors? Or is there a way to not display them?
To avoid those messages, you can use the "expectException" and "withoutExceptionHandling" methods before making the HTTP request. However, if you choose to use them, you get an exception instead of an HTTP response (Because of this, you cannot use the "assertStatus" method).
// ...
$this->withoutExceptionHandling();
$this->expectException(\Laravel\Passport\Exceptions\OAuthServerException::class);
$response = $this->json('POST', '/oauth/token', $loginForm);
I've tried to create an HTTP request via the Guzzle libary, but it outputs the error
Cannot use object of type stdClass as array
$body = array("foo" => "bar");
$response = self::$client->request("POST", $url, array(
"form_params" => $body,
"auth" => $auth
));
I tried the following and it worked:
$response = self::$client->request("POST", $url, array(
"form_params" => array("foo" => "bar"),
"auth" => $auth
));
Sadly this isn't the solution I'm searching for, because I want to use it in a generic method, where I transfer the form parameters from another class.
P.S. I've found the following post, but it got obvious problems that I don't have in my code:
Guzzle form_params not accepting array
My company has a WordPress-based intranet and we use Office365. I am hoping to hook into the graph as a global application (without explicit user consent) to grab data. I've gotten all of it working, but am having trouble with the /users/user_name/calendarview endpoint.
I can get valid access tokens using the following:
$auth_request_body = http_build_query( array(
'grant_type' => 'client_credentials',
'client_id' => CLIENT_ID,
'client_secret' => SECRET_KEY,
'resource' => 'https://graph.microsoft.com/'
) );
$response = wp_remote_post( $url, array(
'body' => $auth_request_body
) );
$body = json_decode( wp_remote_retrieve_body( $response ) );
$token_type = $body->token_type;
$access_token = $body->access_token;
and can make several successful calls, for example to the https://graph.microsoft.com/v1/users/user_name endpoint or to the https://graph.microsoft.com/v1/groups/group_id endpoint, however when attempting to reach the https://graph.microsoft.com/v1/users/user_id/calendarview endpoint I get the following response:
[body] => {
"error": {
"code": "ErrorAccessDenied",
"message": "Access is denied. Check credentials and try again.",
"innerError": {
"request-id": request_id,
"date": "2018-08-08T21:57:50"
}
}
}
[response] => Array
(
[code] => 403
[message] => Forbidden
)
I am working on my local environment, and for testing purposes I have granted all application / delegated permissions to my local machine (I think .. I'm still not positive how to ensure that newly grated permissions take effect on my local machine).
Any thoughts here?
... Nevermind.
Apparently my newly delegated permissions simply hadn't taken effect yet. This method above DOES work for my scenario.
I think you should confirm whether to grant the appropriate permissions to the application.
My problem is quite strange (at least to me) as I have a request URL that works in the console but throws the Sorry, that page does not exist error in my php script, even though the connection is up and running.
So this
$connection = new TwitterOAuth(CONSUMER_KEY, CONSUMER_SECRET, $_SESSION['oauth_token'], $_SESSION['oauth_secret']);
$user = $connection->get('account/verify_credentials');
print_r($user);
works great, the $user data is printed out on the screen.
However, I am unable to check a friendship status as:
$x = $connection->get('https://api.twitter.com/1.1/friendships/show.json?source_id=707482092&target_id=755811768&target_screen_name=assetspersonifi');
As I get the error.
When I put this request into the Twitter API console, it gives back the json that I don't receive in my php code.
I'm using Abraham's twitteroauth library but this does not work either:
$follows_faelazo = $connection->get('friendships/exists', array('user_a' => 'blfarago', 'user_b' => 'faelazo'));
if(!$follows_faelazo){
echo 'You are NOT following #faelazo!';
$connection->post('friendships/create', array('screen_name' => 'faelazo'));
} else {
print_r($follows_faelazo);
}
stdClass Object ( [errors] => Array ( [0] => stdClass Object ( [message] => Sorry, that page does not exist [code] => 34 ) ) )
I read that friendships/exists API is no longer supported by the Twitter API and I should use friendships/show but how if it's not working as you see above?
To prove that everything else is working, I can follow others with
$connection->post('friendships/create', array('screen_name' => 'faelazo'));
Why?
I found a way. Here's the documentation
$following = $connection->get('friendships/show', array(
'source_screen_name' => $_SESSION['username'],
'target_screen_name' => $screen_name_to_follow,
));
An alternative would be
$following = $connection->get('friendships/lookup', array('screen_name' => $screen_name_to_follow));
Look it up in Twitter doc.