I'm trying to develop a PHP script to synchronize files with a Dropbox folder that I own.
I'm trying to connect using the Core API and OAuth 2, and it seems that a user needs to get an authorization code from an approval page, but my script needs to be stand alone without any user interaction.
My question is : is it possible ?
I didn't find anything to the Dropbox API documentation to achieve this.
Thanks in advance for any link, help or alternatives.
As #dev-null-dweller said in a comment, you certainly need to authorize the app once, but you can just store the token and keep reusing it.
You might want to use my app http://dbxoauth2.site44.com/ to get an OAuth token for yourself and then just hardcode it in your script.
Related
Windows 2012, PHP 7.4.
I having a really hard time getting this going, and the more I fuss with it the more confused and frustrated I become. I'm already behind on the project, so I need to start asking questions.
Working server-side: everything is handled by our application: click a button, it does all the processing without any further interact.
The task is "simple": send a PDF out for remote signing. Signature tabs are already placed in the PDF, all I have to do is SEND.
Question #1: Getting the JWT token and requesting application consent is a process, but it only has to be done once per application, right?
Question #2: The SDK seems to be overkill. I've written against REST APIs before and I'm comfortable working in that world. So, SDK vs. manually writing what I need. Advice? And whichever choice is preferred, where do I start?
Appreciate any help.
Question #1: Getting the JWT token and requesting application consent is a process, but it only has to be done once per application, right?
Getting consent from the user who will be impersonated by your app is a one time process. Depending on your use case, the "user" could be a "system user" such as finance#example.com or the user could be a specific person.
More on getting consent.
The access token that you get back from the JWT grant flow lasts an hour. So you'll need to repeat the JWT call if you need to make another API call after that. Please do not create a new JWT grant for each API call! Cache the access token.
Question #2: The SDK seems to be overkill. I've written against REST APIs before and I'm comfortable working in that world. So, SDK vs. manually writing what I need. Advice? And whichever choice is preferred, where do I start?
Half of the developers who use the DocuSign eSignature REST API call the API directly. So we're happy for you to do that if you prefer.
Create the request object as a PHP associative array, convert it to JSON and then call the API using your favorite HTTPS request library.
If you have a problem doing so, open a new StackOverflow question.
I am trying to build a project using CodeIgniter and for sign up purposes, I am using Hybrid Auth library. I am using a link similar to "http://localhost/project/hauth/endpoint?hauth.done=Google" as my redirect URI for facebook and google.
app is working fine with it. But the problem is I can't understand what this "hauth.done" means.
As soon as I allow the permission, it redirects me to the above provided link where I don't know how to receive data/userprofile information.
Here is updated library which works with the latest HybridAuth (v2.10) and CodeIgniter (v3.x)
https://github.com/ApacheEx/CodeIgniter-HybridAuth
hauth.done uses for finishing authorization via Hybrid_Endpoint::process(); which calls processAuthDone to save all needed tokens for later API requests.
It is because you should provide proper redirect URL when call an api and after that when Hauth redirect to your desire page you can retrieve your information according to your code reference.
Otherwise as you are using Codeigniter, in my advice use git reference where you can find complete code for your application directory. In that code they already getting user profile info.
Git repo
I'm working on a project where I'm developing a platform. As a solo-developer I made the decision to use Lumen as a PHP back-end and create an RESTful API.
Web shops should be able to install a plugin so they can access the API without having to code themselves.
I need to keep track of the web shops that use the API. I just need the same way to retrieve access tokens like Twitter and Facebook do when you register an app.
So I was thinking about OAuth2 Server but I have never used it before so I'm not sure if I'm on the right path...
If you want your own OAuth2 system then yes you will need a server running it.
The idea of OAuth2 is to authenticate your clients where a shop equals one client.
OAuth2 is not about individual users but clients. With that idea in mind you can setup an OAuth2 server and its only job would be to authenticate each request, make sure it belongs to a recognized client and then issue a token.
With that token you can then go on and issue more requests to actually interact with the system you are building. This is a very high level view of the entire system, of course.
There can be multiple variations on this, how tokens are issued, what type they
are etc. I prefer JWT ( JSON Web Tokens ) as it's JSON and thus lightweight.
A quick search revealed this: http://bshaffer.github.io/oauth2-server-php-docs/overview/jwt-access-tokens/
I do have my own article on building your own OAuth2 system, however it is based on dot net not PHP. You are welcome to use it though maybe it will help clarify the concept.
Here's the link : https://eidand.com/2015/03/28/authorization-system-with-owin-web-api-json-web-tokens/
I am playing with Tumblr API and trying to build an autoposter. I have a script that I run, then I am as a user asked for allowing my Tumblr app and then I am authenticated => a post is posted.
I've tried to run this script by CRON, byt it doesn't work. Why?
My though why - when I run the script, I am always asked for confirmation that I allow an access of my Tumblr app to my blog...
What do you think? Could be this the problem? Also, is there any way how to fix it?
Thank you in advance
If any script requires user interaction it will not work when ran via cron. Cron has no idea how to answer for you. Tumblr uses oauth for authentication and it probably making you go through the oauth flow every time that you try to post. If you have the correct request token and request token secret you can make posts without manually authorizing your application. Read up on Tumblr's api docs, the oauth flow, and look for a library made to work with Tumblr's api.
I am developing an API using Codeigniter and Phils RESTserver.
I need to have authentication working with oAuth but I cannot find a library
that works with both Codeigniter and MongoDB.
Is it simple to create the oAuth process myself? I know it is hard to answer
not knowing my level of expertise.
This is my understanding of the oAuth process.
User clicks on link and are redirected to the servers login form.
User will be asked to authorize the developers app.
If he does authorize it he is redirected back to the developers website.
On this website the code that he got from step 3 will be exchanged for an access token.
Developers app will now be able to access the users account on the server.
I know there are parameters to be sent along with the requests like client_id and client_secret and redirect URL. But my question is. Is it this easy to implement an oAuth server? Just create the classes and functions? What else are the requirements to
be able to call the process a true oAuth authentication?
Thankful for all input!
Have you had a play with this?
https://github.com/alexbilbie/CodeIgniter-OAuth-2.0-Server
Alex has also written a Mongo library, so if his server doesn't support Mongo out of the box then just have a play with that. Just because your API is in Mongo though doesn't mean the api keys, tokens, etc HAVE to be in Mongo too, but they easily can be.