I've been trying for a while to use Oauth to connect to the GetGlue API, with no success what so ever.
I've downloaded every library I can find (like oauth-php) and tried every example I could find on the internet. There MUST be an example for an Oauth connection to the GetGlue API somewhere, but I cant seem to find it. Anyone have any experience with this. Maybe some samplecode even?
Note: All I need is a single request for my own account. I've tried to stay clear of DB sollutions because it's not at all neccesary since it's just going to be my account that has data to be saved.
GetGlue is switching/has switched to OAuth 2.0 for authentication. You might be more successful with it. The authentication flow follows RFC 6749 closely.
Once you registered your app on their OAuth 2.0 portal and obtained a client id and secret, do something along the lines of:
Load the authorize URL to let the user authorize your app:
// remove the line breaks!
https://api.getglue.com/oauth2/authorize?response_type=code
&scope=public+read+write
&redirect_uri=http://localhost
&client_id=<your OAuth client id>
Once the user has authorized your app, GetGlue will redirect to the given redirect_uri with a code query parameter you have to intercept, e.g.
http://localhost&code=<auth code>
Pass that code to the token endpoint to get an access token to append as a query parameter when accessing the v3 API:
// get tokens
https://api.getglue.com/oauth2/access_token?client_secret=<OAuth client secret>&grant_type=authorization_code&redirect_uri=ttp://localhost&code=<auth code>&client_id=<OAuth client id>
If successful this will return some JSON. Be aware that they redirect from HTTPS to HTTP there. Some HTTP clients refuse to do this.
{
"token_type":"Bearer",
"access_token":"<an access token>",
"scope":"public read write",
"expires_in":5184000, // in seconds from now
"refresh_token":"<a refresh token>"
}
Pass the access_token as a query parameter when making API calls. If the access_token has expired, call the token endpoint with the refresh_token as auth code to get a new one. If that fails, you have to make the user authorize your app again.
There is also a Java library (getglue-java) for the new API now.
For GetGlue, you have send email to obtain the Consumer Key and Secret and thus, if you have the both then I can easily help you. I will provide you all the details to do..
Related
I am implementing the hybrid sign in flow got login with Google+. What I want to achieve is this:
One a user has authorized the app, the next time he comes back on the website, I want to log him in automatically.
In hybrid flow, google automatically logs the user in and displays a welcome back message (javascript sdk) along with returning access token. But this process requries one ajax call to be sent to gogole api.
I want to make this call through the backend itself using Google's PHP client library. Since the app has been authorized already, it should simply return the access token as it does when using javascript sdk. But I am not able to figure out how to achieve this using client library. Can anyone please help me out?
In your call parameters set access_type: 'offline', then need to get a new token using the refresh_token that is provided ONCE at the FIRST time of authorisation. You will have to store that refresh_token somewhere in your database and pair it up with the user's already expired access token ID or somehow and make another call for a valid access token.
For the time being you can set approval_prompt: 'force' but that's merely a development trick not a real solution.
More is explained here refresh token with google api client php
Hi first question ever on stack!
I'm used to Facebook Connect and I'm implementing Google Sign in to my site.
User can connect with their FB or Google+ Account (client side javascript API), I create a user profile in my database and store their fb UId or G+ UID. No problem!
Now when they come back... With facebook API I can easily use their php API to get the current user Id $facebook->getUser() so I can retrieve the user profile from the DB
With Google+ I can easily get the G+ UID Client-side with their javascript API (gapi.auth.authorize), but how to do the same on server-side without asking for offline access authorization?
Thanks for your help!
There are at least two ways you can accomplish this.
If you have an authorization code (you don't need offline access to request 'code' response type), you can make a call to the token endpoint and obtain an id_token in the backchannel. Base64 decoding the token will give you the user_id. This method does not require you to verify the signature in the id_token because you are making a server-side call directly to a secure (TLS/HTTPS protected) Google handler.
Otherwise you can request 'id_token' response and then perform full id_token validation. This requires both checking the Google signature and ensuring that the id_token was issued to your application (match your client_id against the 'aud' parameter of the id_token).
This strategies are explained in more detail at: https://developers.google.com/accounts/docs/OAuth2Login#exchangecode (first method)
https://developers.google.com/accounts/docs/OAuth2Login#validatinganidtoken (second method).
The first method is easier to implement, and the second method is more efficient (requires no network round-trip).
I want to register users to my webinars after they submit a form in my site, this is common practice but I'm having problems authenticating my application.
The problem is that according to the documentation Citrix doesn't support username-password authentication flow (where you put your user and pass in a request and you get a token):
https://developer.citrixonline.com/content/username-password-flow
Instead users need to be directed to a login page to complete their Citrix account credentials, supposedly this can be done by me just once and then save the token, however I couldn't find a method to do it safely, I tried once to save the token and just the next day it was expired. So how can I make sure I get a fresh access token without
I'm using this PHP library which is supposed to simplify the login process (maybe there is some clue in it):
https://github.com/jakir-hayder/Citrix-GoToWebinar-PHP-Library
First, read this primer on OAuth workflow to ensure you have the terms and concepts down pat. (You can ignore the fact that the example is for SalesForce -- OAuth is all the same.)
Then, you should understand that you're looking for the Citrix Token Request Endpoint, which they happen to call "Direct Login".
That should let you pass the username/password to get the token to use in subsequent requests. That what you need?
I would use Fiddler or Wireshark to collect the API calls that are made to the Citrix API when you log in. Then add some code in your applicaiton to send the same requests, parse the response that has the access token, and dynamically use that token however you've already got it set up in your application.
I'm working on an API and considering using OAuth (3-legged approach) for authentication and authorisation.
This is the basic idea:
In order for clients (mobile app or web app), to use this RESTful API the user will have to be logged in using identity providers/servers such as Google, Facebook e.t.c
Essentially 3 parties will be interacting here:
The mobile / web app: The one trying to access my API
The API: The site that contains data for the app to run
The identity server: The site that will allow the user to login in order to access the API
Now, the way that I understand this process (assuming I do). This would be the flow (summarised):
The user will try to access data from the API (consumer);
The consumer finds that the user is not logged in;
The user gets a page (with service provider buttons such as Login with Google);
The user clicks the button, and the service provider returns a login form;
The user logs in;
The service provider returns a page asking for specific permissions;
The user grants permission;
The service provider returns an access token to the user;
The user uses the access token to try the request again to the consumer (API);
The consumer takes the token and verifies it against the service provider;
The consumer grants access to the user.
First
Is this process correct (on a higher level), or have I completely misunderstood the whole thing. If it is not correct: Could you offer some tweaks?
Second
After this whole process. How does the consumer communicate with the user? Will I have to be passing around a token on every request made (between the mobile app and the API)? Or can I just use the user details from the service provider to identify the user?
Third
How exactly does the consumer (API) verifies the token provided by the user against the server? Is this already implemented in OAuth, or will I have to do it myself?
Forth and last
In terms of implementation, what would be the difference between the client (mobile app / web app) and the consumer (API)?
I'm new to this, and I am trying to implement it in PHP (the API). If you have any references to PHP code (sample implementations) or external resources, I'd really appreciate it :-)
I am also new for oauth but I'll try to help.
First you could look here for appropriate libraries which could help.
As for me your oauth flow is correct. A good explanations you can also find here.
Keep in mind that authorization server should return an authorization code which you use for obtaining access token.
So your questions:
1) Follow the second link and there - "Authorization Code".
2) With every request to you API you should send your access token. Something like
http://<your api>?access_token=7f813af1-381d-4dd7-b70b-b6a8399b2c00
3) Just use the libraries from the first link. I hope that they have already implemented this. :)
4)Can't exactly understand what you mean. Your client must be able to obtain access token, store it and send it with requests. Your API server must be able to receive access token from client, and give access to api if the access token is correct.
I've been trying to get Google's Calendar API working in a PHP web application, but I'm having a hard time getting authenticated.
What I want to do is to allow users to interact with calendars of a single account known by the server.
Each type of scenario covered in the OAuth 2.0 docs talks about "user consent" which involves a login form and the individual user logging in, but I want the server itself to authenticate directly and obtain an access token for itself.
Is there some part of OAuth or some alternative mechanism I can use to do this?
In order to do this, you must go through the steps for user consent and then copy the access tokens it gives you into the PHP code.
The usual procedure for OAuth is like this:
Send user to authentication page.
User comes back with $_GET['code']
Send $_GET['code'] to OAuth server for a token
Store token in database for the user (or session, if it's very short lived)
But when doing it with a single calendar like this, you modify step 4. Instead, you dump the token to screen and copy it into your PHP file as variables, instead of putting it in the database. Then when you go to pass the access token to the server, you just pass the known, static token rather than a dynamic token from the database / session.
See mathewh's answer here:
How to automate login to Google API to get OAuth 2.0 token to access known user account
The lightbulb for me is when you get the access token you get a refresh_token as well... you use this token to "refresh" your access token once it expires.
There is no way around a manual authorization step the first time.