I am facing problems renewing the facebook extended token which is valid for 60 days, before it expires.
I am following the steps mentioned on this page
https://developers.facebook.com/docs/facebook-login/access-tokens/#extending
I called the endpoint https://graph.facebook.com/oauth/client_code?access_token=...&client_secret=...&redirect_uri= ... with curl_get_file_contents
and i got the "code"
Then as the next step i call the endpoint oauth/authorize?code=...&client_id=...&redirect_uri=... using curl_get_file_contents with the code i recieved in the previous step but dont get anything in return. What am i missing?
Facebook docs say "Once you've retrieved the code from Facebook's server you then need to ship it to the client via a secure channel. Once that's done, you need to make a request from the client to this endpoint:"
what do they mean by ship it to the client via a secure channel? And what do they mean by make a request from the client to this endpoint? any examples you can give me on how to call these urls using the php sdk.
The token will automaticaly refresh his expire timestamp after an interaction between the user and your application.
Related
My app is simple, it connects to the Google+ API to authenticate the user, and if successful, it retrieves the user's email and then performs a series of operations on a given database based on the email retrieved.
My main issue is that every hour, my access token expires, and I seem not to know how to "refresh" it. I get the following error, which I imagine is expected:
The OAuth 2.0 access token has expired, and a refresh token is not available.
I am currently storing the access token on a database, and I can therefore retrieve if needed. My only question is how do I use that token to gain a new one?
Whoa, it took me significantly longer to figure this out, and the answers out there seemed quite incomplete to me.
Before we start please keep in mind that this answer assumes you are using the latest Google API PHP Library, as of May 26th of 2014.
1 - Make sure the access type your app requests is offline. A refresh_token is not provided otherwise. From Google: This field is only present if access_type=offline is included in the authorization code request.
$gClient->setAccessType('offline');
2 - Upon the first authorization, persist the provided refresh_token for further access. This can be done via cookies, database, etc. I chose to store in on a database:
$tokens = json_decode($gClient->getAccessToken()); /* Get a JSON object */
setRefreshToken($con, $tokens->refresh_token /* Retrieve form JSON object */);
3 - Check if the AccessToken has expired, and request a refreshed token from Google if such is the case.
if ($gClient->isAccessTokenExpired()) {
$refreshToken = getRefreshToken($con, $email);
$gClient->refreshToken($refreshToken);
}
Where getRefreshToken is retrieving the previously stored refresh_token from our database, and then we pass that value to the Client's refreshToken method.
Quick Note: It's key to remember that if you had previously authorized your app, you probably won't see a refresh_token on the response, since it is only provided the first time we call authenticate. Therefore, you can either go to https://www.google.com/settings/security and Revoke Access to your app or you can add the following line when creating the Client object:
$gClient->setApprovalPrompt('force');
From Google: If the value is force, then the user sees a consent page even if they previously gave consent to your application for a given set of scopes. Which in turn ensures that a refresh_token is provided on each authorization.
Full Sample Here: http://pastebin.com/jA9sBNTk
I am implementing the hybrid sign in flow got login with Google+. What I want to achieve is this:
One a user has authorized the app, the next time he comes back on the website, I want to log him in automatically.
In hybrid flow, google automatically logs the user in and displays a welcome back message (javascript sdk) along with returning access token. But this process requries one ajax call to be sent to gogole api.
I want to make this call through the backend itself using Google's PHP client library. Since the app has been authorized already, it should simply return the access token as it does when using javascript sdk. But I am not able to figure out how to achieve this using client library. Can anyone please help me out?
In your call parameters set access_type: 'offline', then need to get a new token using the refresh_token that is provided ONCE at the FIRST time of authorisation. You will have to store that refresh_token somewhere in your database and pair it up with the user's already expired access token ID or somehow and make another call for a valid access token.
For the time being you can set approval_prompt: 'force' but that's merely a development trick not a real solution.
More is explained here refresh token with google api client php
I have a problem with Oauth2 Authorization.
I'm using google-api-php-client to communicate with G+ server. Init URL seems OK (generated by lib with setAccessType('offline')). But each time user connects Google don't ask about offline access. And of course a little bit later token becomes expired.
Here is the example of generated URL
https://accounts.google.com/o/oauth2/auth?response_type=code&redirect_uri=https%3A%2F%2Fwebaserver.com%2Fapp_dev.php%2Fsocial%2Fgoogle%2Fcallback&client_id=271195014651.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fplus.login+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&access_type=offline&approval_prompt=force&state=319d6021eeec33122901e36e7ce9149d
Am i forgot some important details?
Have you accepted the ToS for G+ API? If not, that's probably why your application is being barred. Visit the project console and look for the APIs tab.
More detail on parameters:
If you include 'approval_prompt=force' you will prompt the users to re-authorize every time. You should remove it unless you're doing for a very specific reason (lost refresh_tokens on database corruption event, for instance).
If you include access_type=offline you'll obtain a refresh_token whenever the user sees a consent page. You should store it and re-use it after the initial access_token has expired.
Was access_type=offline in place the first time the user authorized the app? I'm guessing not.
The system will only send a refresh token the first time you request authorization, even if you use approval_prompt=force or you change the access_type to offline at some later point.
You can to go the Manage Apps page and Edit App by hovering over the app and then clicking on the pencil that appears. You can then select Disconnect and the auth system will treat future logins as if it was the first time you're authenticating to the app again. You should use this system instead of approval_prompt=force to test against the first-time user experience.
I want to register users to my webinars after they submit a form in my site, this is common practice but I'm having problems authenticating my application.
The problem is that according to the documentation Citrix doesn't support username-password authentication flow (where you put your user and pass in a request and you get a token):
https://developer.citrixonline.com/content/username-password-flow
Instead users need to be directed to a login page to complete their Citrix account credentials, supposedly this can be done by me just once and then save the token, however I couldn't find a method to do it safely, I tried once to save the token and just the next day it was expired. So how can I make sure I get a fresh access token without
I'm using this PHP library which is supposed to simplify the login process (maybe there is some clue in it):
https://github.com/jakir-hayder/Citrix-GoToWebinar-PHP-Library
First, read this primer on OAuth workflow to ensure you have the terms and concepts down pat. (You can ignore the fact that the example is for SalesForce -- OAuth is all the same.)
Then, you should understand that you're looking for the Citrix Token Request Endpoint, which they happen to call "Direct Login".
That should let you pass the username/password to get the token to use in subsequent requests. That what you need?
I would use Fiddler or Wireshark to collect the API calls that are made to the Citrix API when you log in. Then add some code in your applicaiton to send the same requests, parse the response that has the access token, and dynamically use that token however you've already got it set up in your application.
I have gone through the google documentations for Oauth and AuthSub methods for authenticating and I've tried to google this without results.
For Facebook, you can request an access token which is of length lifetime, meaning you won't have to be requesting a new token every few weeks. What about Google, and YouTube in specific, is there any authentication method which allows you to use that token permanently?
In their documentation they state that they have long-life but no sort of additional detail, of exactly how long and whether or not you could actually get one which never expires.
Specifically, I am making an application that needs to login on a few accounts daily, but it is run through cron so there isn't gonna be a user logging it in each time, and I'd prefer not store the actual user/pass to the application itself and use the tokens instead.
Finally found it. They don't expire. You have to make sure to perform the last step, exchanging your single use token for a session token. That session token should not expire.
Here's what my step (using the Google AuthSub Client Library) looks like in C#:
sessionToken = AuthSubUtil.exchangeForSessionToken(authToken, null);
Simple enough. I'm sure it's probably something very similar for the PHP library. Just store that sessionToken instead of the authToken
Check out the AuthSub process flow. Specifically the very last step (#7)