I have some code that will let the user login via linked in using the oauth v1 api. That returns two keys back to me which are user token and user secret.
I have tried using them with the v2 api but it seems as though it wants oauth2_access_token.
Is there any way to use the user token and user secret to make api calls?
If not is there a way to convert user token and user secret to the new oauth2_access_token needed for v2?
If not is there any way to have v2 check to see if the user has authenticated the app and return the new v2 key?
If you have already setup OAuth v1 authentication successsfully, I would suggest you stick to it, as Linkedin will be supporting both authentication schemes moving forward. You can use all of the API functions with both authentications schemes. I don't see any reason to rewrite your authentication scheme.
Related
I am developing an application from where I would like to create Campaign with list. The application flow is like this, User will click a Button then user will redirected to MailChimp login page, User will come back to my site after Logged in where URL is http://127.0.0.1:8000/home?code=f0f6949c8b5286c38a90aa4820776e14.This code is Authorization Code.
Now I would like to fetch Lists of that specific user who is logged in few moments ago. I can fetch my Lists using API key, but I need users Lists, I don't know users API key.
How can do that ?
I think I need OAuth 2 token of MailChimp API call to fetch User's Lists. How can I get OAuth 2 token of MailChimp API call ?
Thanks
From the MailChimp documentation (source: http://developer.mailchimp.com/documentation/mailchimp/guides/how-to-use-oauth2/)
How to Use OAuth2
For developers integrating platforms that require clients to access MailChimp’s servers, we recommend using OAuth2 for authorization. OAuth2 is a secure option that allows third-party applications to access a server without passing user credentials or API keys.
Before You Start
Here are some things to know before you begin the OAuth2 process.
Our server implements v10 of the OAuth2 specification, and supports Web Server Flow.
On the server side, OAuth2 is pure HTTPS, so we recommend using HTTPS for your redirect_uri.
We don’t expire tokens, so you won’t need to use refresh_token.
Register Your Application
When you’re ready to begin, register your application with MailChimp:
In your MailChimp account, navigate to the Account page.
In the account drop-down menu, click Extras, and choose API Keys.
Under the “Developing an App?” heading, click Register and Manage Your Apps.
Click Register an App.
In the fields provided, input your application’s information and click Create.
When creation is successful, you’ll see an Application created message appear, and more information at the end of your form, including the Client_ID and Client Secret. Do not share the Client_ID and Client Secret.
On this screen, you don’t need to save or change the information. Click Update or Cancel to go back to the Registered Apps page, or close the window.
Endpoints
OAuth2 exposes three specific endpoints, and one for metadata.
authorize_uri
https://login.mailchimp.com/oauth2/authorize
access_token_uri
https://login.mailchimp.com/oauth2/token
redirect_uri
Client-side, made available to the browser in use.
metadata
https://login.mailchimp.com/oauth2/metadata
Note
We support wildcards for the redirect_uri so you can provide
data-center-specific information for proper API calls. Wildcards work
as long as the redirect_uri appears to be a user-registerable domain
under a top level domain. For example, if you enter https://co.uk/ as
a redirect_uri, wildcard support won’t work. If you enter
https://mydomain.co.uk/, wildcard support will work. Domain detection
is based on these criteria.
A redirect_uri will also override the path portion of a URL, as well.
For example, a redirect_uri set to https://test.example.com/oauth.php
means that any URI starting with either test.example.com or
*.test.example.com will work (i.e.: https://test.example.com/somethingelse.php is valid).
Flow
To start your application’s connection to MailChimp, start by sending the user to the authorize_uri.
The user will input their username and password to approve your application. “Remember Me” cookies aren’t permitted here.
After the user authorizes your application, our server will redirect your user back to the redirect_uri, along with a code you can exchange for an access_token. The code is valid for 30 seconds.
Your application should then make an out-of-band request to the access_token_uri using the code our server provided.
Our server returns an access_token, which completes the official OAuth2 flow.
To complete the MailChimp flow, make another RESTful request using an OAuth2 client to the metadata_uri.
Our server will return a datacenter string, API endpoint, and login URL, as described in the following list.
dc:
The data center string, like us1, us2. If your API wrapper is data center aware, use access_token-dc as a standard API key.
api_endpoint:
Use https://{dc}.api.mailchimp.com. If you your API wrapper isn’t datacenter-aware, use this API endpoint and the access_token as your API key.
login_url:
https://login.mailchimp.com
Note
The access_token is used as an API key. Users don’t have access to these keys because they are tied directly to your
application. But, the user can de-authorize your application in
MailChimp, which removes and invalidates the token.
Configuration information
User-Specific configuration
client_id
635959587059
client_secret
0da3e7744949e1406b7b250051ee1a95
redirect_uri
http://192.168.1.8/oauth/complete.php
MailChimp standard OAuth2 configuration
authorize_uri
https://login.mailchimp.com/oauth2/authorize
access_token_uri
https://login.mailchimp.com/oauth2/token
base_uri
https://login.mailchimp.com/oauth2/
MailChimp custom configuration
metadata_uri
https://login.mailchimp.com/oauth2/metadata
We are using the Oauth 1.0 authentication Flow with the Twitter API. This basically come down to this spec: http://oauth.net/core/1.0/#anchor9.
We created the app and started to get users. Later we implemented Signup with Twitter where now we require the users email address from the API. We asked Twitter and therequest was granted. It works, great.
Now we have an issue with existing users because those authorized the App before we had that Email permission and with their existing Access Token, Twitter doesn't give us that.
Twitter writes in their documentation (https://dev.twitter.com/rest/reference/get/account/verify_credentials)
Note
Your app will need to regenerate the user access tokens for previously authenticated users to access their email address.
How can this be done?
When we delete the corresponding data (token and secret) on our side and ask for new Auth it doesn't have any effect. Twitter always gives us the same token and secret again.. and with that in the account/verify_credentials call no email address.
The only way which we found works is when we log into Twitter and revoke access to the App. Then we get a new token and secret which gives us access to what we want.
But we don't want to tell that to our users but rather do this programatically utilizing the API. How?
Try to request a new/different permission from the users:
What if I want to request a different level of access for my
application instead of the one my application is registered with? You
can do this now by using the x_auth_access_type parameter during the
request_token phase. Using this parameter you can request a read or a
read/write token even if your application is registered for read/
write/direct messages.
More information on this method is in our developer documentation:
http://dev.twitter.com/oauth/reference/post/oauth/request_token
I am looking for some simple creation of Token to authenticate for each Rest Api call.
Actually I am new to this authentication process, I gone through some websites and forums but I didn't get proper idea on where to store the token after login and how to use it for authentication.
Please provide me with an example code?
Note: I was creating Rest Api for my website only, so no need of other keys are required to create access token I think so.
Some oAuth2 examples for using with Phalcon:
https://github.com/sergeyklay/awesome-phalcon#authentication--oauth
RESTful examples:
https://github.com/sergeyklay/awesome-phalcon#restful
What I am trying to do ?
I am trying to build api for online booking flight so that other travel agency can use that api. It have function to search the flight, show the search result,book the flight and online payment.So, for the authorization I am planning to use oAuth. When the user visit the travel agency site they can search,book the flight and can do payment .Here, they don't have to authenticate for searching the flight and booking but payment is done by using third party. What I am trying to do is that when user is using the api they don't need authentication but we should authorize that the user is from valid site or not so I am using the oauth grant type client credentials
What I have done ?
I am trying to use the laravel package lucadegasperi/oauth2-server-laravel for the oauth. I had successful install the package on my project and done configuration according to the information provided from here https://github.com/lucadegasperi/oauth2-server-laravel/wiki. I had tested to get access token using the chrome extension postman .
What I am confused about ?
If I share the client_id and client_secret on the client side then any other user can use that client id and client secret and use our api . How can I generate the access token after user submit search button and used that token for the other process like showing search result, booking etc.
So, my question are
Am I using right grant type for authorization ? If not , which will
be the suitable for this?
How can I use client_id and client_secret so that we can authorize
site securely ?
You can write a Wrapper application that will contain your Client_Id, Client_secret. and your wrapper application will manage Access token as well.
Idea is:
Whenever any request will come to your wrapper, then it will look if there is any Access token exist in the cache, if yes, then take that token and make a final request to your application and grab data based on your token.
If Token doesn't exist in Cache then Wrapper app will make a token request based on your Client_id and Client Secret and get a token and store token for next call.
By this way, your application does not expose your credentials & token at publically.
I have made a php script for tweeting via API. Right now I added an app(say "MyTweets") in my twitter account and got secret and oAuth key. Now I want others to use it. Right now I have put hard coded Key and secret, how can I automate it so that use can 'Add' their twitter account in my application or atleast I can store their oAuth/Secret for automated use. I just don't want to add new apps every other twitter account.
go to the link below: https://dev.twitter.com/apps/new
Fill up the form then submit.
now you will get your oAuth user and Secret Key
See the API docs at Twitter. You're going to need to implement OAuth in your application so that the user can authenticate with Twitter and you get back the authentication token you use in your application.