I want to use oAuth in PHP to access Gmail's atom feed. I am not sure where or how to start coding this... on Google's page it says this:
To obtain access, you can use AuthSub or OAuth by requesting a token with scope=https://mail.google.com/mail/feed/atom
How to do that in PHP? Thanks for helping a programming newbie :D
See below URL it is very very use full for you with demo and source code. Read carefully
You can start with this example.
Get Unread Emails From Gmail Using Gmail Feed API, OAuth and PHP With Atom
http://lookmywebpage.com/api/google/get-unread-emails-from-gmail-using-gmail-feed-api-oauth-and-php/
At a basic level, the process is as follows:
Your application requests access and gets an unauthorized request token from Google’s authorization server.
Google asks the user to grant you access to the required data. If the user is not already logged in, Google prompts the user to log in. Google then displays an authorization page that allows the user to see what Google service data your application is requesting access to.
Your application gets an authorized request token from the authorization server. Each request token is valid for only one hour.
You exchange the authorized request token for an access token.
You use the access token to request data from Google’s service access servers. By default, access tokens are long-lived. Each access token is specific to the user account specified in the original request for authorization, and grants access only to the services specified in that request. Your application should store the access token securely, because it’s required for all access to a user’s data.
How to start?
How to start - see below url
http://lookmywebpage.com/api/google/get-unread-emails-from-gmail-using-gmail-feed-api-oauth-and-php/
Related
I am creating an application which aims at automatically creating Spotify Playlists in a central Spotify account (not the account of the end users).
I have set up this account and created the developer app for the secret and the client_id.
On the backend side, I am using PHP to authorize this central user, and it is working as long as I am logged in myself with that account.
Users that visit my website should be able to create playlists via that interface through the Spotify Web API without the need to authorize their account nor being logged in at all.
If I'm trying to open the same page on a separate device (without having any account logged in), it just gives me the following error:
User not registered in the Developer Dashboard
Is it somehow possible to perform this authorization process only on the backend side without the need for the user to authorize it?
Eventually, I want to send the playlist URL created in the central Spotify Account to the user who can open it in their own app or share with others, if they want to.
I try to avoid that multiple users must authorize for my app, since I don't need to access personal information from their account, anyways.
I used the 3-step process for authorization as described in this Stackoverflow Post: Spotify oauth2 with PHP curl. How to get authorization code?
If necessary, I will provide more information.
Do you have any idea, how I can implement this authorization process for the single account on the backend side, without the user even showing any authorization process of the Spotify Web API at all?
EDIT1: I am not trying to login on the behalf of my users, just automatically for my own account without the interactive login with Spotify. Is that even possible?
I received valuable feedback from the Spotify Developer Community that helped me finding a solution to the problem.
When you let the central Spotify account login to your app, you'll [get] an access_token (that will expire in 1 hour) and a refresh_token.
When the access_token of that account expires, let your server send a POST request to the Accounts service /api/token endpoint, but use the refresh_token in place of the access_token.
A new access_token will be returned.
A new refresh_token might be returned too. (I don't think that's even needed)
You can read more about it here.
We have an App Service (a PHP website) running in our Microsoft Azure platform. The website is only accessible after the user has already been logged in. The authentication is based on the Azure AD. Everything works fine.
Now, from the PHP code of the website, I would like to get the Azure AD group memberships of the already logged in user.
I read a lot of Web resources explaining how to log in a user to Azure AD from a website and thus get an authorization/access token in order to perform additional actions, like retrieving group memberships and a lot of other stuff. But this is not what I'm looking for. The user already is logged in and can successfully use the website. (Microsoft would redirect the user to the single sign-on login page otherwise.)
Using PHP, I can retrieve, for example, the username of the logged in user from the request header of any access to the website. And there is also some "access token" stored in the request header, and other things, like "client principal ID". But I don't know whether this is such authorization/access token I could use for additional actions. Or maybe/probably I'm doing something wrong. Requesting, for example, https://graph.microsoft.com/v1.0/me/memberOf using cURL, I get an InvalidAuthenticationToken error with "CompactToken parsing failed". I put "Authorization:Bearer {access token}" and "Accept:application/json" into the request header for this as explained here. (I don't have explicit information about the token type so I just assume "Bearer" to be correct like in the examples. Maybe this is already wrong.)
I don't know how to proceed in order to get to a solution. Maybe the point I am missing is not in my cURL request at all but in the Azure settings for the AD and/or App Service. I'm hoping for help from your side.
You are on the right track.
Access token
When you have successfully authenticated yourself against Azure AD, using OAuth2 or OIDC, you will get an access token. The access token is a base 64 encoded JSON Web Token (JWT) and can be used to access other protected resources.
An access token might look like this:
EwAoA8l6BAAU ... 7PqHGsykYj7A0XqHCjbKKgWSkcAg==
You can use https://jwt.io to explore further its contents.
Note: the above token is shortened. In its complete form, it is quite long.
In other works, you need the access token for doing future requests against any API secured with the same identity provider (in this case Azure AD).
Accessing protected APIs
However, before you can use your token to access any API you must first grant your Azure AD application necessary permissions. See this link.
Note: that link applies to the v1.0 Azure AD endpoints.
Once you got the needed permissions sorted, you can start doing requests. The requests you make look like, e.g.
GET https://graph.microsoft.com/v1.0/me
Authorization: Bearer eyJ0eXAiO ... 0X2tnSQLEANnSPHY0gKcgw
Host: graph.microsoft.com
Here, the token is what comes after Authorization: Bearer.
Further reading
See this link for further reading. The link contains intructions on how to use the v2.0 Azure AD endpoints but the general idea is the same:
Register an app
Grant permissions to app to access resources
Get an access token
Use the token for doing requests
Hello I need to get access to a spreadsheet from google spreadsheet API. I have enabled Google Sheets API and added API key, but this doesn't work!!!
https://sheets.googleapis.com/v4/spreadsheets/[my_spreadsheet_id]/values/A1?key=[my_api_key]
The result is:
403 - The caller does not have permission
But if I provide public access for this spreadsheet ---> it works!!!
The result is:
200 - [correct requested data .....]
The my question is:
How to get access to a private spreadsheet from the API?
I need to read and write orders data there from my website using php's functions like file_get_contents()
Basically, you need to get authorization as mentioned in the documentation.
Whenever your application requests private user data, it must send an OAuth 2.0 token along with the request. Your application first sends a client ID and, possibly, a client secret to obtain a token. You can generate OAuth 2.0 credentials for web applications, service accounts, or installed applications.
Further information from OAuth 2.0 documentation, when accessing a Google API using OAuth 2.0, all applications follow these steps:
Obtain OAuth 2.0 credentials from the Google API Console.
Obtain an access token from the Google Authorization Server.
Before your application can access private data using a Google API, it must obtain an access token that grants access to that API.
Send the access token to an API.
Refresh the access token, if necessary.
Lastly, to help you with the implementation using PHP, you may also add Authentication and authorization to your list of references. Hope that helps!
I am developing a PHP application which has to have access to the Office 365 File API.
By following the Microsoft docs I always receive the Login window back for my GET requests on the Authorization endpoint but I would like to do this transparently for my users.
What would be the correct way to do this?
(The app is already configured in the Azure AD portal, got the client_id, client_secret etc.)
I am interested in the correct flow.
Thanks.
Kornel, your application will access the O365 File API on behalf of the user (delegated access using OAuth2.0). It is expected to see the Azure AD login page when you send an authorize request to the authorize endpoint. Here the user will signin and if required "consent to" your application accessing the File API on their behalf. Once they complete signin (and consent) the browser will be redirected (or posted) back to your application with the authorization code (and id_token). Then your application will send the authorization code to the token endpoint (along with your client id and client secret) and get back access token (and refresh token) to File API.
This is the standard OAuth2.0 code grant flow. Silent login (OAuth2.0 resource owner password credential flow) is not available for web applications accessing O365 APIs.
Hope this helps.
Twitter'll phase out HTTP basic authentication by August 2010. In the link my scenarios are from Desktop Applications. Basically my client should tweet new posts on a website.
This would be incredibly simple with HTTP basic auth, because I can store and use my account's username and password in the app to authenticate.
However, with OAUTH I can get final credentials by two means:
Callback method. You are redirected to Twitter, (login if isn't), click allow access, get redirection back to your callback URL.
PIN mode. You get a link to open, (login if isn't), click allow access, receive PIN code. Use this PIN code to authenticate your app.
Do I understand correctly that PIN codes also expire? How is it possible, given a username and password just to tweet from a client application? How can a server side script log in with the username/password and click allow access? All scenarios I could google up are for a web application to authenticate via twitter where the user is in front of the browser to walk through the redirect.
All scenarios I could google up are for a web application to authenticate via twitter where the user is in front of the browser to walk through the redirect.
The user has to be there to authorise you the first time (just as they'd have to provide you a username and password), but the resulting access token does not expire and can be reused (unless the user deauthorises your application, that is).
Store the access token - it's as good as a username/password. Better, actually - if they change their password, your access remains.
The PIN does expire under OAuth 1.0a. Using the verification code returned requires use of the temporary request token in the initial authorization request.
OAuth 2.0 defines more flows - one of which uses a direct login/password mechanism. It's up to Twitter to determine which flows they decide to implement. You can also embed a user-agent in the app.
Desktop apps suffered from a really bad user-experience with OAuth 1.0 which led to 2.0. It's doable, but painful. You can request XAuth access if you need to from Twitter as well. It's almost the same as basic auth.