I am trying to access the Twitter direct messaging API.
I have set up an app and set the permissions to Read, write, and direct messages:
However, when I test the application and see the authorisation screen, direct messaging is not included in the permission list:
I have tried creating fresh applications, resetting the keys once the permission have been changed and only creating the access tokens once the permissions have been updated. However, I still cannot get the Read, write, and direct messages permissions to kick in.
I am using HybridAuth as a framework to acccess the Twitter API.
I note this question, however no answer has been provided as the solution may have been established in a chat session which is longer available.
edit
hybridauth\Hybrid\Providers\Twitter.php
find
$this->api->authorize_url = "https://api.twitter.com/oauth/authenticate";
replace by
$this->api->authorize_url = "https://api.twitter.com/oauth/authorize";
cf: https://dev.twitter.com/discussions/1253
Related
I am successfully connecting to the Google Adwords API with the OAuth2 examples from Google. I want now to implement programatically the disconnection of the customer for this OAuth2 connection.
I saw in some examples the function
$client->revokeToken()
but in my case this function is not present. I am using for the connection the libraries from
"googleads/googleads-php-lib": "*"
I think you miss-understand how Oauth2 works. When you run your application a window pops up asking the user if they would like to grant your application permission to access their data. Assuming the user says yes then your application can now access their data. They are not logged in any scene.
What revoke does is remove the access that they granted to your application.
There is an issue about this on the issue forum 986 I cant seem to figure out if the bug was fixed or not.
If you cant get it to work you can do
https://accounts.google.com/o/oauth2/revoke?token={token}
this works the same as the user removing your application from Permissions
We have an App Service (a PHP website) running in our Microsoft Azure platform. The website is only accessible after the user has already been logged in. The authentication is based on the Azure AD. Everything works fine.
Now, from the PHP code of the website, I would like to get the Azure AD group memberships of the already logged in user.
I read a lot of Web resources explaining how to log in a user to Azure AD from a website and thus get an authorization/access token in order to perform additional actions, like retrieving group memberships and a lot of other stuff. But this is not what I'm looking for. The user already is logged in and can successfully use the website. (Microsoft would redirect the user to the single sign-on login page otherwise.)
Using PHP, I can retrieve, for example, the username of the logged in user from the request header of any access to the website. And there is also some "access token" stored in the request header, and other things, like "client principal ID". But I don't know whether this is such authorization/access token I could use for additional actions. Or maybe/probably I'm doing something wrong. Requesting, for example, https://graph.microsoft.com/v1.0/me/memberOf using cURL, I get an InvalidAuthenticationToken error with "CompactToken parsing failed". I put "Authorization:Bearer {access token}" and "Accept:application/json" into the request header for this as explained here. (I don't have explicit information about the token type so I just assume "Bearer" to be correct like in the examples. Maybe this is already wrong.)
I don't know how to proceed in order to get to a solution. Maybe the point I am missing is not in my cURL request at all but in the Azure settings for the AD and/or App Service. I'm hoping for help from your side.
You are on the right track.
Access token
When you have successfully authenticated yourself against Azure AD, using OAuth2 or OIDC, you will get an access token. The access token is a base 64 encoded JSON Web Token (JWT) and can be used to access other protected resources.
An access token might look like this:
EwAoA8l6BAAU ... 7PqHGsykYj7A0XqHCjbKKgWSkcAg==
You can use https://jwt.io to explore further its contents.
Note: the above token is shortened. In its complete form, it is quite long.
In other works, you need the access token for doing future requests against any API secured with the same identity provider (in this case Azure AD).
Accessing protected APIs
However, before you can use your token to access any API you must first grant your Azure AD application necessary permissions. See this link.
Note: that link applies to the v1.0 Azure AD endpoints.
Once you got the needed permissions sorted, you can start doing requests. The requests you make look like, e.g.
GET https://graph.microsoft.com/v1.0/me
Authorization: Bearer eyJ0eXAiO ... 0X2tnSQLEANnSPHY0gKcgw
Host: graph.microsoft.com
Here, the token is what comes after Authorization: Bearer.
Further reading
See this link for further reading. The link contains intructions on how to use the v2.0 Azure AD endpoints but the general idea is the same:
Register an app
Grant permissions to app to access resources
Get an access token
Use the token for doing requests
I'm using Microsoft Graph API for integration of microsoft/outlook calendar in my app.
API reference is here
I want to revoke user's access of their calendars from my app but didn't find any way to do so. I tried with following api but no luck:
DELETE https://graph.microsoft.com/v1.0/users/{user_id}
Well, that command would delete the user entirely. So while that would certainly remove them from the calendar, I'm guessing this isn't the outcome you're looking for. :-)
If you're looking to remove the permission for your app, there are a couple of ways to trigger this:
Simply stop requesting that user's calendars from your app. This won't revoke permission to the calendar however so this likely isn't sufficient.
Drop Calendars.Read and Calendars.ReadWrie from your list of requested scopes.
In order to ensure this change is reflected in the user's account, you'll need to re-authenticate the user with the query param prompt=consent auth URI.
Have the user revoke permission for your application entirely. This is done by visiting https://myapps.microsoft.com.
There are certain apps that a user cannot directly revoke. These are apps who were granted access at the organization level. To revoke these, an Administrator will need to do this in the Azure Portal.
I have a small site/web application where registered users can see some files that I periodically prepare for them; I store these files in separate directories and every user can only see and download their own files.
Now, I'm moving these directories to Google Drive and I would keep functionalities like file listing and downloading.
Reading the official docs I found some interesting examples about file download/upload, but all of them talk about authorization that user must give in order to access to their Drive and this is not what I'm looking for, I don't want access to their Drive!
As I can see, the doc is not contempling the case that someone may want to give (read-only) access to own Drive. But maybe I'm missing something...
Basically, I need the list of files on my Drive account and, if requested, a way to download one (or more). The only one that has the auth to Drive account is my server, users will send request from it.
Is it possible? I think yes, but I can't find any docs about that. How can I authorize my server?
I think you're looking for the Using OAuth 2.0 for Web Server Applications where you'll be using service accounts to achieve your goal.
"This document explains how web server applications use the Google API
Client Library for PHP to implement OAuth 2.0 authorization to access
Google APIs. OAuth 2.0 allows users to share specific data with an
application while keeping their usernames, passwords, and other
information private. For example, an application can use OAuth 2.0 to
obtain permission from users to store files in their Google Drives."
The snippets are in PHP too, so it works in your favor.
When I try to get a page_access token with 'manage_pages' permission, i get following warning
The following permissions have not been approved for use: manage_pages. If you make your app public, they will not be shown to people using your app. Submit them for review or learn more.
I am the admin of this facebook page.
Trying to retrieve My Fanpage's reviews in my website, through php sdk v4.
From v2.0 onwards, the permissions other than public_profile, email and the user_friends need to the submitted for review before you can make your app live; else you wont be able to use them. Only the testers/admin/developers of the app will be able to test with those permissions until the permissions are reviewed.
If you want to skip the review process, you can keep your app in the dev mode and use the page access token that will never expire. To generate such token , see the steps mentioned here.