Using v3 Pinterest Analytics API
Trying to exchange an authorization code for an access token and I'm getting the following error:
{"error":{"message":"None","oauth_error_code":"invalid_grant"},"code":283,"data":null,"message":"The authorization grant is invalid","endpoint_name":"oauth_access_token","status":"failure"}
In following these instructions:
https://developers.pinterest.com/docs/redoc/#section/User-Authorization/Exchange-the-code-for-an-access-token
I successfully obtained an authorization code. Now I want to exchange it for an access_token. I submit the following curl:
curl -X PUT \
--url https://api.pinterest.com/v3/oauth/access_token/ \
--data "code=1234authcode&redirect_uri=https://myURL.com/&grant_type=authorization_code&client_id=123appId&client_secret=123secret"
The redirect_uri is the same as that which was registered. The app secret and app Id are accurate as per this notification we received today:
Your App ID has been enabled. You can now see your app secret in our Developer App Portal and start building.
I have tried various incarnations of the curl thinking I've botched the args I'm passing in and that's still a possibility, so any help there would be appreciated, however, I'm wondering if my app Id and secret are bad or truly invalid somehow. We've only just received them. Any ideas or theories welcome.
Thanks for your time.
Sorry to answer my own question, but it turns out that the auth code was bad. After fetching a new authorization code I was able to obtain an access_token using the approach shown above. What was initially confusing is that I literally got the original auth code moments before using it so I didn't doubt it's validity as much as I should have I guess.
Related
So I'm trying to use the Home Graph API by calling the API endpoint
https://homegraph.googleapis.com/v1/devices:requestSync
It is a HTTP POST request and it needs an ACCESS_TOKEN and service account key.
Getting the service account key is easily done as per Google's documentation. The issue is getting the ACCESS_TOKEN.
As per this documentation by Google, I need to get ACCESS_TOKEN created using the following scope of permissions
https://www.googleapis.com/auth/homegraph
I opened OAuth 2.0 Playground to request a developer temporary ACCESS_TOKEN for testing. I wrote all the necessary urls and in scope I wrote this-
scope is written to be authorized
Now after this, I am navigated to my Authorization URL (ie, Google's sign in page). I login with email id and password.
If credentials are correct and scope mentioned is valid then I should have been redirected to OAuth playground page with authorization code which I would have exchanged for access token and refresh token.
But, what actually happens is after I enter my credentials, I get following error and I am never redirected to Oauth Playground page-
Authorization Error
Error 400: invalid_scope
Some requested scopes cannot be shown: [https://www.googleapis.com/auth/homegraph]
Request Details
access_type=offline
o2v=2
response_type=code
redirect_uri=https://developers.google.com/oauthplayground
prompt=consent
client_id=xxxxxxxxx.apps.googleusercontent.com
scope=https://www.googleapis.com/auth/homegraph**
I searched a lot online too, but couldn't find the actual reason.
So due to this issue with scope, I am not able to get ACCESS_TOKEN.
I have followed Google's documentation and the scope was mentioned there.
This is the pic from oauth 2.0 playground settings- OAuth 2.0 configuration
The issue is that you, a user, should not be getting and sending an access token. The service account should be getting and sending an access token. This is to make sure your service is authorized to talk to the Home Graph API.
You indicated you logged into the OAuth playground with "userid and password". But service accounts don't have passwords.
If you are using one of Google's libraries, it will take care of getting the access token for you, and this is the easiest way to do so. If you are just testing and need an access token, you can use something like oauth2l to get the access token based on the service account credentials.
I had implemented the REST approach to call HomeGraph Report State as below.
We need to follow the below steps:
Create a service account for your project and safely store the json file
Using the service account JSON, get the access token from Google
Using Oauth 2.0 token as Bearer authorization, invoke Report State API
Step 1:
This is straightforward. Please follow the steps in the below link
https://developers.google.com/assistant/smarthome/develop/report-state#expandable-1
Step 2:
Refer below code to get the Access token using service account json
GoogleCredentials credentials = GoogleCredentials
.fromStream(Helper.class.getClassLoader().getResourceAsStream("smart-home-key.json"))
.createScoped("https://www.googleapis.com/auth/homegraph");
credentials.refreshIfExpired();
AccessToken token = credentials.getAccessToken();
return token.getTokenValue();
Step 3:
Invoke Report State API
curl -X POST -H "Authorization: Bearer [[Access token from Step 2]]"
-H "Content-Type: application/json"
-d #request-body.json
"https://homegraph.googleapis.com/v1/devices:reportStateAndNotification"
Reference Links :
https://developers.google.com/assistant/smarthome/develop/report-state#http-post
https://cloud.google.com/endpoints/docs/openapi/service-account-authentication
https://developers.google.com/identity/protocols/oauth2/service-account#httprest_1
https://developers.google.com/assistant/smarthome/develop/report-state#expandable-1
I'm getting really frustrated with the new Instagram API, what I need to do is just get things like pictures, comments, and likes from my Instagram feed. I'm following all the steps that they mention over here https://developers.facebook.com/docs/instagram-basic-display-api/guides/getting-access-tokens-and-permissions, but I'm still not able to get the final access token I need in order to interact with the API. After getting a lot of different errors now I'm stuck with:
{"error_type": "OAuthException", "code": 400, "error_message": "Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request"}
I have verified everything in my Facebook developer setup and everything is ok, the OAuth URL is identical to the one I'm using in the curl command in order to return the access_token and all the setups seem fine. I have noticed that a lot of people are having the same problems but I can't find something that works for me.
This is the way I'm trying to retrieve the access_token:
curl -X POST https://api.instagram.com/oauth/access_token -F client_id=[client_id] -F client_secret=[code] -F grant_type=authorization_code -F redirect_uri=[url] -F code=AQDJxpW5h4r..
I have read that people are using postman and apparently it works over there but I don't know how to use it, any help will be really appreciated.
Upgrade on this, I was finally able to get the access_token via Postman and when I'm trying to use it now I got this error:
{"meta": {"code": 400, "error_type": "OAuthAccessTokenException", "error_message": "The access_token provided is invalid."}}
This is really disappointing, everything was working just fine before this API change. Any ideas?
Just review of the following in your checklist again:
APP_ID and APP_SECRET of "Instagram APP", which is a product added in the Facebook App.
Access Code once submitted in POST request using CURL or Postman, will become invalid for the next request.
The Website Platform is added in "Facebook App".
Test Instagram Users are added and are not pending.
Lastly, Authenticate using the Instagram Test User Profile.
I had the same issue, and actually lost some time solving it.
In my case I only made the configuration in Instagram Product but didn't change the configuration in the login by facebook product.
In summary, you should have in your app in Facebook developers, two products, one Login by Facebook and the other one Instagram. Both must have the same redirect URL.
Hope this helps.
I'm trying to use the Tone Analyzer API in a Laravel application. No matter what I try, I always get the same response of {"code":401, "error": "Unauthorized"}. I suspect my issue is that I can't figure out how to pass in the API key, but the official documentation is no help whatsoever because it only contains instructions for using cURL in the command line. My code currently looks like this (though I have tried many many other iterations. If anyone needs me to I can post all the other unsuccessful attempts as well):
$response = Curl::to('https://gateway-wdc.watsonplatform.net/tone-analyzer/api/v3/tone?version=2017-09-21&sentences=false')
->withOption('HTTPHEADER', array(
'Content-Type: application/json',
'apikey: REDACTED'))
->withData(array('text' => $text))
->asJson()
->post();
I am running Laravel 5.8 and using Ixudra's cURL library. I would prefer if answers made use of this library too but honestly at this point I'm ready to give up and use vanilla PHP anyway so any answers are appreciated.
Ninja edit: I know the problem is not my account / API key, because I have tried to access the API through the command line and it worked just as expected. The issue only arises when trying to access it from Laravel.
IBM Watson Services uses HTTP Header Authentication in Basic format. Therefore, using curl in the terminal, you should pass the-u or --user flag in the format user:password, or you can also send the Authentication Http Header in pattern: Basic user:password.
By adjusting your code for this second form, you can do it as follows:
$response = Curl::to('https://gateway-wdc.watsonplatform.net/tone-analyzer/api/v3/tone?version=2017-09-21&sentences=false')
->withHeader('Content-Type: application/json')
->withHeader('Authorization: Basic apikey:YOUR_TOKEN_HERE')
->withData(array('text' => $text))
->asJson()
->post();
Replace YOUR_TOKEN_HERE by your Tone Analyzer API access token.
https://developer.mozilla.org/docs/Web/HTTP/Authentication
https://www.ibm.com/support/knowledgecenter/en/SSGMCP_5.3.0/com.ibm.cics.ts.internet.doc/topics/dfhtl2a.html
Hope this helps!
It's 401 status code which uses for unauthorized access, you need to login first before accessing the API.
I check the docs for this and here is the link, for login to the api before using it
tone-analyzer#authentication
With some service instances, you authenticate to the API by using IAM. You can pass either a bearer token in an Authorization header or an API key. Tokens support authenticated requests without embedding service credentials in every call. API keys use basic authentication.
I have looked at the two similar questions in StackoverFlow and on the web but I still don't understand what I should do.
I want to download a file that is located on OneDrive programmatically using a bash script (with curl).
So I've seen here that I can use the code flow to access Microsoft Graph. So I proceeded like that (I inspired myself from the Jay Lee answer):
1- I get the code with this URL
https://login.live.com/oauth20_authorize.srf?client_id=10c492f9-132a-4079-adae-382dad9d4339&scope=onedrive.readonly&response_type=code&redirect_uri=https://login.microsoftonline.com/common/oauth2/nativeclient
2- Then I swap authorization code for access token with this URL:
curl -X POST https://login.live.com/oauth20_token.srf -d "client_id=${client_id}&redirect_uri=${redirect_uri}&code=${auth_code}&grant_type=authorization_code" --header "Content-Type:application/x-www-form-urlencoded"
And I store the token and the expire time in a file
3- I made some process to handle the fact that I have to refresh the token (according to the expire time).
4- I use my token to download my file programmatically with Microsoft Graph
api_data=$(curl https://graph.microsoft.com/v1.0/me/drive/items/B8D9948257F95B84%21104/content -H "Authorization: Bearer $access_token")
echo -e "$api_data"
The problem- When I run the program, I get this:
How come?
You're authenticating against the wrong endpoint. The login.live.com endpoint cannot provide a valid token for Graph. You need to use the v2 Endpoint for this instead.
Check out Microsoft v2 Endpoint Primer for a walkthrough. Given that you're using curl, the pseudo code provided should give you everything you need.
I have read the page on implementing OAuth that Twitter have written. I've registered my app, it will only access my account, so I skip all the request token stuff. I have, from the "Your apps" page:
consumer token
consumer token secret
access token
access token secret
I write some ruby code and test its output against Beginner’s Guide to OAuth (suggested reading in the Twitter docs). I get the same output, i.e. the signature, the base string and the Authorization headers are identical.
However, when I connect to the Twitter Rest API and try the verify credentials command the response is invariably "Incorrect signature".
I try using different code (very similar to mine) from a gist by erikeldridge on github but it doesn't work either. Instead of connecting via cURL (using the curb library) I use Net/Http - same error response is returned.
I change over to using the OAuth gem. It uses Net/Http to connect. Same error response comes back.
Verify credentials isn't the only command I've tried to use in the API, but they all give the same error, whether it's GET or POST, requires extra params or not. I've been using the Search API successfully using the curb library without problems so I don't think it's the connection method.
What might I do to fix this?
Ruby 1.9.2; cURL 7.21.2; oauth 0.4.4; curb 0.7.8; json 1.4.6; OSX 10.6.5;
Even though your application is only accessing your data, you can't simply 'skip the request token stuff'. The request token is integral to the OAuthentication process.
Summarised, the 3 main parts of the OAuth process are as follows:
Get Request Token Key and Request Token Secret
Use Request Token to authorise application to access your data. This will provided the user(you) with a PIN
Use the PIN to exchange the Request Token and Secret for an Access Token and Secret.
A more detailed OAuthentication flow can be found here.
It's fixed - I regenerated the Consumer key and secret on the Twitter site and it started working. I've no idea why the previous set didn't work - the code was solid (works all the time now) and the details were correct. Perhaps they (Twitter) could provide more detailed error messages? But I'm happy :)