I am using Socialite in Laravel to login with Twitter.
I know that not all twitter users have an email attached to their account, but for my application the user does need an email address. I am fine to block logins from people who do not have an email attached, but at the moment every user does have the email field set to null.
I am using this function to redirect to twitter:
return Socialite::driver($provider)->redirect();
I have already tried using scopes like this:
return Socialite::driver($provider)->scopes(['email'])->redirect();
But twitter is the only provider that does not allow scopes.
The callback returns the email address for other providers like facebook and google, but there seems to be something that I am missing while using twitter.
For OAuth1 there was a setting somewhere to enable the option to return the email field aswell, but since twitter accepts OAuth2 I can not find this setting anymore in the Twitter developers panel.
Any help would my appreciated since most of the information about this topic is outdated.
The solution was found in the twitter developers dashboard.
First of all go to the settings of your app.
Then you have to fill in a link to your privacy policy & terms page.
After that also enable OAuth 1.0 en then an option pops up to also receive the email address from the user that is trying to log in.
Twitter's new Oauth 2.0 user authentication does not currently (at the time of writing this answer) provide access to the user's email address, and will require an additional scope to be added. This is on the Twitter API roadmap and is a known feature request.
You can still use OAuth 1.0A and set the option to request the user's email address.
I need my customers to pay for their accounts on their own website. Using only the API how do I add access to any domain of my choice to pay using my payment form? I already have everything setup where their user and card are setup on Square's accounts though I'm having issues with the form working on their website domain names.
When submitting the form the part that requests the nonce encounters the following:
Invalid postMessage origin: "https://www.example.com"
We are currently using Azure Access Control Services (***.accesscontrol.windows.net) to allow customers with personally-managed Microsoft Accounts (Identity Provider) to sign in to our customer self-service portals (Relying Party Applications), which are Angular apps powered by Web API services. In our Access Control Services we are currently passing through the nameidentifier http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier claim from Windows Live ID to the relying party APIs, which match that token to an identity in our applications.
We are looking to support both Enterprise and Personal Microsoft Accounts with the Azure AD v2.0 service, but do not understand how to migrate our existing users to the new system. The code examples suggest that the OWIN middleware returns the NameIdentifier claim from the user's Identity Provider, but if that Identity Provider is the same Microsoft Account (aka Windows Live ID), will that be the same NameIdentifier we are currently receiving via Access Control Services pass-through?
Any help and/or documentation that clarifies how this transition is intended to work would be appreciated.
If the nameidentifier coming out of ACS is the randomly generated value then you're kind of stuck because that value is unique to the ACS/RP/User. If it's returning the actual Live ID then it'll obviously only match if the Azure AD user has the same email address.
I don't know if any documentation out there that describes how to handle this situation. My recommendation is to just require a one-time authentication from each source within the same session and marry the two results. That would basically mean
authenticate to Azure AD
Your app: Hey you don't have any user details, do you want to associate a Live ID?
Authenticate Live ID
Associate Live ID with Azure AD
Then if they want to sign in with either accounts in the future you have a link between the two.
I am using the Plaid Link javascript library but I am running into an issue. I want to be able to use both the Auth and Connect products but the Link modal only allows me to show either Auth or Connect but not both. The documentation says to use Auth and then upgrade my token to use Connect. Which is fine I can do that. However the Auth modal will not show any credit only institutions like AmEx. Since I want both to allow for Stripe integration and for pulling in all of a user's transactional data across all institutions, what's the best way to do this?
Currently I am considering showing the different modals in two different flows (add a bank account vs add a transaction history account) but that is not very good UX. Also the IDs assigned by Plaid will be different and have different access tokens so deduping is a nightmare.
Or writing a custom modal that will use the Auth product for institutions with bank accounts (Chase) and the Connect product for credit only institutions (AmEx) but that will likely be a lot of work.
You'll only be able to use the Plaid Link + Stripe ACH integration for institutions that support Auth. I'd recommend initializing Link with Auth as the product and then upgrading to Connect once you have exchanged the Link public token for a Plaid API access token.
To answer the UX question you brought up - you can actually bypass using Link's standard "institution select" view and instead display your own list (you can use the /institutions API endpoints to pull information about supported institutions) using Link's custom integration.
That way, you can show your users a single list of supported institutions. If you initialize Link twice (once with Auth and once with Connect) you can jump directly to the Auth-initialized Link or Connect-initialized Link depending on the user's institution.
I am using https://maps.googleapis.com/maps/api/geocode/json? link with server key and user IP to find the latitude and longitude of any address, when I'm trying I find the error as
I have a server access key from google and I have put my server's IP address in the their white list.
The URL that I am trying to access via PHP CURL is:
https://maps.googleapis.com/maps/api/geocode/json?address=1600+Amphitheatre+Parkway,+Mountain+View,+CA&sensor=true&key=XXXXXXXXXXXX
The result that I am getting:
Array ([error_message] => This IP, site or mobile application is not authorized to use this API key. [results] => Array ( ) [status] => REQUEST_DENIED)
Is there anything that I need to configure.The geocoding API is also switched on.
I had the same issue and I found this.
On the url, it requires the server key in the end and not the api key for the app.
So Basically, you just add the server key in the end of the URL like this:
https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=yourlatitude,yourlongitude&radius=5000&sensor=true&key=SERVERKEY
Now, to obtain the server key, just follow these steps:
1) Go to Developer Console https://code.google.com/apis/console/
2) In the Credentials, under Public API Access, Create New key
3) Select the server key from the option.
4) Enter your IP Address on the field and if you have more ip addresses, you can just add on every single line.NOTE: Enter the IP Address only when you want to use it for your testing purpose. Else leave the IP Address section blank.
5) Once you are done, click create and your new Server Key will be generated and you can then add that server key to your URL.
Last thing is that, instead of putting the sensor=true in the middle of the URL, you can add it in the end like this:
https://maps.googleapis.com/maps/api/place/nearbysearch/json?location=yourlatitude,yourlongitude&radius=5000&key=SERVERKEY&sensor=true
This will definitely solve the issue and just remember to use the server key for Places API.
EDIT
I believe the web URL has changed in the past years. You can access developers console from here now - https://console.developers.google.com/apis/dashboard
Navigate to developers console - https://console.developers.google.com/ or use the link from details to navigate directly to API dashboard.
Under developer console, find Label from the left navigation panel
Select project
Choose Credentials from the left Navigation panel
You could create credentials type from the Top nav bar as required.
Hope this answer will help you and other viewers. Good Luck .. :)
Choose key
API Restriction tab
Choose API key
Save
Choose Application Restriction -> None
Save
In addition to the API key that is assigned to you, Google also verifies the source of the incoming request by looking at either the REFERRER or the IP address. To run an example in curl, create a new Server Key in Google APIs console. While creating it, you must provide the IP address of the server. In this case, it will be your local IP address. Once you have created a Server Key and whitelisted your IP address, you should be able to use the new API key in curl.
My guess is you probably created your API key as a Browser Key which does not require you to whitelist your IP address, but instead uses the REFERRER HTTP header tag for validation. curl doesn't send this tag by default, so Google was failing to validate your request.
The Google Places API does not currently support Android or iOS keys generated from the Google APIs Console. Only Server and Browser keys are currently supported.
You're trying to use an API KEY which you restricted in a way that won't allow this action.
According to Google:
Note: If you need to call web, web service, and/or mobile APIs from the same (client-side) app, create and restrict multiple keys.
So the right thing to do is to create another API KEY, and choose the correct restrictions for this matter. In your case, choose "IP addresses" (under "Application restrictions"), and use "ADD AN ITEM" to add your server ip.
Notice that leaving a blank list won't work, and will result in google changing your restrictions to "None".
Also, don't forget to add the relevant APIs under "API restrictions" (in your case "Geocoding API").
One last thing - Google is blocking the use of this API until you link your app to Google Cloud Billing Account. So if you didn't do it yet, once you successfully get a response, it will say you have to do it first (it has a free starting package).
Google Place API requires the referer HTTP header to be included when making the API call.
Include HTTP header "Referer:yourdomain.com" and this should fix the response issues.
You create an key with out referer
dont enter the referer address
For the latest version of the API the exact opposite seems to be true for me.
When calling the url https://maps.googleapis.com/maps/api/geocode/json?address=<address>&key=<key> I was getting the following error
You must use an API key to authenticate each request to Google Maps Platform APIs. For additional information, please refer to http://g.co/dev/maps-no-account
Once I switched the order to https://maps.googleapis.com/maps/api/geocode/json?key=<key>&address=<address> it worked fine.
Note that the error message received above was the message I got when going directly to the URL in the browser. When I called the API from a software program I received an HTML response with basically the following message:
We're sorry... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.
Also, the corresponding API should be enabled for the given project
https://console.developers.google.com/apis/library?project=projectnamehere
For iOS or Android apps, the key needs an extra privilege granted.
Go to the Google Console -> APIs and Services -> Library. Tap the Places library for your platform and then tap Enable.
See https://developers.google.com/maps/gmp-get-started#enable-api-sdk
The reason this error is occurring because of the restrictions you have added when you create add the sha1 fingerprint on google cloud console , remove the fingerprints from android or ios then save .(the ip of that mobile phone will no longer be restricted)
Authentication, quotas, pricing, and policies
Authentication
To use the Directions API, you must first enable the API and obtain the proper authentication credentials. For more information, see Get Started with Google Maps Platform.
Quotas and pricing
Review the usage and billing page for details on the quotas and pricing set for the Directions API.
Policies
Use of the Directions API must be in accordance with the API policies.
more know : visit:--- https://developers.google.com/maps/documentation/directions/start?hl=en_US
url = https://maps.googleapis.com/maps/api/directions/json?origin=19.0176147,72.8561644&destination=28.65381,77.22897&mode=driving&key=AIzaSyATaUNPUjc5rs0lVp2Z_spnJle-AvhKLHY
add only in AppDelegate like
GMSServices.provideAPIKey("AIzaSyATaUNPUjc5rs0lVp2Z_spnJle-AvhKLHY")
and remove the key in this url.
now url is
https://maps.googleapis.com/maps/api/directions/json?origin=19.0176147,72.8561644&destination=28.65381,77.22897&mode=driving
Disable both direction api and geocoding api and re-enable.
it works for only 5-10 seconds and than automatically disabled itself.
it means you have only 5-10 sec to test you assignment.