i am new to foursquare and i wish to have autofill textbox by foursquare api. For this i referred to https://developer.foursquare.com/overview/auth and have registered my app with foursquare. When I write
https://foursquare.com/oauth2/access_token
?client_id=YOUR_CLIENT_ID
&client_secret=YOUR_CLIENT_SECRET
&grant_type=authorization_code
&redirect_uri=YOUR_REGISTERED_REDIRECT_URI
&code=CODE
in browser url (all parameters replaced), i get the following error:
{
"error": "invalid_grant"
}
How do i solve this? How do i implement autofill textbox?
Extending pfhayes answer: CODE is not a constant. Your are supposed to actually replace it with a real code.
It can get confusing, because at some point during the auth flow, there are constants such as code and access_token that should be taken exactly ad in the example.
The code you supply must be the code returned by a successful user authorization, as seen here: https://developer.foursquare.com/overview/auth. When a user authorizes your app with foursquare, they will be redirected to your page with a code HTTP parameter. This code will be the code you exchange for a valid access token.
Related
I have a problem setting up simple single sign on with Azure AD for our pHp website. The app is registered in azure and I have all the necessary details like Client ID, secret, tenant.
My requirement is to get authorized and also pull back the user's employee id, name and email id. I am working on single sign on for the first time, and need some help on this.
While creating the authorization URL, I am requesting for code, which is right according to the Azure documentation. I am successfully able to retrieve the code after authorization. However, I am not able to request id_token along with code as response_type=code+id_token, which should be possible. I could trace the URL flow and extract the id_token field manually. If I do this, I am prompted with the logon and MFA. But the response goes into infinite loop by just prompting with infinite number of MFA pings on my phone. This is weird, my program has a check to redirect on code response, which doesn't seem to work. I have tried using session_id cookie too, which has the same behavior.
If I just choose code as response type and request for id_token using token granting URL, I don't get any response back. Its blank or null but no errors.
Can you please help suggest if I am making a mistake. Is my method right or wrong to request code first and token next. How can I successfully retrieve id_token.
Just summary the comment into reply to help others who have the same problem.
response_mode: Specifies the method that should be used to send the resulting authorization code back to your app. Can be form_post or fragment. For web applications, we recommend using response_mode=form_post, to ensure the most secure transfer of tokens to your application.
If you want to use code + id_token in the response_type,you should be using OIDC Hybrid Flow.
However, if you just use code in the response_type, you should be using Authorization Code flow.
For more details, you could refer to this SO thread.
I've seen similar Questions like this before but don't understand the correct way of doing it. Or rather the questions were always a little different.
The scenario: I have a site where the user should log in via twitch.tv
I have a button which refers him to this url
https://api.twitch.tv/kraken/oauth2/authorize?response_type=code
&client_id=exampleclientid
&redirect_uri=http://example.com
&scope=user_read
I have censored redirect_uri and the client_id but basicly on this site the user needs to login into twitch or if he already is he can authorize that my application gets acess to "scope" here in this case "user_read" which is his email adress.
Now to my problem. When returning to my site my url will look like this
example.com/#access_token=exampleacesstoken&scope=user_read
example acess token is just a combination of numbers and letters which I need to acess private information like his email even his username.
Over this url
https://api.twitch.tv/kraken?oauth_token=exampletoken
I get acess to my needed information, but how do I grab the token from my url via php and delete everything after http://example.com to make it look good again.
The offical API documentation might be helpful and talks about CURL but I don't understand how it works and the PHP manual is very indepth.
https://github.com/justintv/Twitch-API
Sorry if I'm taking the lazy way here, but I think I'm missunderstanding something big because I just have to make a simple grab of the URL
From the Twitch documentation:
https://github.com/justintv/Twitch-API/blob/master/authentication.md#implicit-grant-flow
If the user authorizes your application, they will be redirected to
the following URL:
https://[your registered redirect URI]/#access_token=[an access
token]&scope=[authorized scopes]
Note that the access token is in the
URL fragment, not the query string, so it won't show up in HTTP
requests to your server. URL fragments can be accessed from JavaScript
with document.location.hash.
I am working with the Instagram API and want to get permission to post comments on behalf of the users. But somehow it does not work.
The request link:
https://instagram.com/oauth/authorize/?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI&response_type=token&scope=comments+likes
When this link is going to be opened, I get asked to give permission for basic information and liking, but not for commenting...
And now after I give permission and want to add a comment with the API, it returns a 400 error:
{"meta":{"error_type":"OAuthPermissionsException","code":400,"error_message":"This request requires scope=comments, but this access token is not authorized with this scope. The user must re-authorize your application with scope=comments to be granted write permissions."}}
What am I doing wrong? Is it not possible to get the comments scope? I do it like Instagram describes it on this link on the very bottom
Instagram Authentication
Did you complete the following form?
https://help.instagram.com/contact/185819881608116
It looks like you must complete the form before your app will have access to the POST comments endpoint.
I'm making a facebook app and have got as far as getting the user to allow my apps permissions, which then generates a code. Then using this code to get an access token. So I now have a variable in my PHP script containing the access token. Now how do I use this to post to the users wall?
The easiest way to post a message on the wall is through the graph api. You require the publish_stream permission to post status messages. You can simply do a POST with the desired message and the access token.
See the official facebook documentation for more details: http://developers.facebook.com/docs/reference/api/status/
Facebook changes their API so often, it's best to read their docs, if those are up to date...
Check in IRC #facebook as well.
But basically, you pass that token in to the API call somewhere, somehow and it's in their docs somewhere.
Unless FB has decided you don't need it or ignores it or doesn't want to allow that this week.
Hope this doesn't get too complicated. :) thing is..
I'm trying to make my PHP code post notes to Google Buzz using OAuth as authentication mechanism. I'm doing the typical "OAuth dance" (get request token, authorise it, exchange for access token), but i've ran into some problems that seem to be on Google's side. Hope i'm wrong - it would be much easier to fix. :)
To get to the point - oauth_callback parameter doesn't seem to get passed to the authorization form. Authorization URI i'm redirecting to is like:
https://www.google.com/buzz/api/auth/OAuthAuthorizeToken
?domain=<my.domain>
&scope=<urlencode(https://www.googleapis.com/auth/buzz)>
&oauth_token=<request_token>
&oauth_callback=<my.domain/callback>
When redirected, client is asked to authorize site to read/write from/to Buzz. If accepted, Google asks again (but in different form) to allow access to .. after allowing for second time, success message is shown, but it doesn't return any tokens to my site, not redirecting to oauth_callback uri.
Workaround i found is to manually add form field 'oauth_callback=' trough firebug/chrome inspector, and then, after these two confirmations it redirects to my site and i can extract authorized token from response, and exchange it for access token. If i use 'standard' Google's authorization endpoint, i get redirected correctly (one confirmation only), but then the access token i get after that is invalid for Buzz.
So, am i wrong or google?! :D I've implemented OAuth for cooperation with some other services (Facebook, MySpace..) but i've never had this much trouble.
ok, when i got on the problem next morning, with (partially) fresh eyes, solution was pretty easy (but still undocumented).. :) in case anybody else needs answer - oauth_callback parameter should be specified when requesting request token.