Develop Reference

JWT-Authentication of mulitple Laravel-APIs with the same token

I have a laravel / angular app secured with tymon/jwt-auth.
Now I need a seperate Laravel (or Lumen) API. I want this API to accept the same tokens as the first one. I assumed that this would work if I would set the same secret and mount the middleware.
It doesn't. Using a freshly generated token I can query the first API but not the new one. Why is that? Is something else besides the secret used to verify the token?
What would be a good way to make this work? I would not mind to make a completely new authentication.
Edit: So it seems like a connection to the database is need to verify the token. Maybe it checks if the user specified in the token is actually present in the DB?
Edit2: Tore Nestenius commented about Aud-Claims. I wanted to go to the config/jwt.php file to check on that. But I had forgotten to create one. Now it works.

The aud claim in the token must match what both API's expect to see in the access token. I am glad my comment helped you to solve your issue.

Unable to get Instagram access token with new basic Instagram API

I'm getting really frustrated with the new Instagram API, what I need to do is just get things like pictures, comments, and likes from my Instagram feed. I'm following all the steps that they mention over here https://developers.facebook.com/docs/instagram-basic-display-api/guides/getting-access-tokens-and-permissions, but I'm still not able to get the final access token I need in order to interact with the API. After getting a lot of different errors now I'm stuck with:
{"error_type": "OAuthException", "code": 400, "error_message": "Error validating verification code. Please make sure your redirect_uri is identical to the one you used in the OAuth dialog request"}
I have verified everything in my Facebook developer setup and everything is ok, the OAuth URL is identical to the one I'm using in the curl command in order to return the access_token and all the setups seem fine. I have noticed that a lot of people are having the same problems but I can't find something that works for me.
This is the way I'm trying to retrieve the access_token:
curl -X POST https://api.instagram.com/oauth/access_token -F client_id=[client_id] -F client_secret=[code] -F grant_type=authorization_code -F redirect_uri=[url] -F code=AQDJxpW5h4r..
I have read that people are using postman and apparently it works over there but I don't know how to use it, any help will be really appreciated.
Upgrade on this, I was finally able to get the access_token via Postman and when I'm trying to use it now I got this error:
{"meta": {"code": 400, "error_type": "OAuthAccessTokenException", "error_message": "The access_token provided is invalid."}}
This is really disappointing, everything was working just fine before this API change. Any ideas?

Just review of the following in your checklist again:
APP_ID and APP_SECRET of "Instagram APP", which is a product added in the Facebook App.
Access Code once submitted in POST request using CURL or Postman, will become invalid for the next request.
The Website Platform is added in "Facebook App".
Test Instagram Users are added and are not pending.
Lastly, Authenticate using the Instagram Test User Profile.

I had the same issue, and actually lost some time solving it.
In my case I only made the configuration in Instagram Product but didn't change the configuration in the login by facebook product.
In summary, you should have in your app in Facebook developers, two products, one Login by Facebook and the other one Instagram. Both must have the same redirect URL.
Hope this helps.

Analytics reporting API authentication with oAuth2 responds with "Not all scopes are approved."

I`m using Analytics Reporting API in my project to retrieve amount of users currently surfing my website. Consider following code:
gapi.auth2.init({
'clientId': '<Client_ID>',
'scope': 'https://www.googleapis.com/auth/analytics https://www.googleapis.com/auth/analytics.readonly',
}).then(function(authData) {
/*1*/
return gapi.client.request({
'path': 'https://www.googleapis.com/analytics/v3/data/realtime?ids=<VIEW_ID>&metrics=rt:activeUsers&dimensions=rt:latitude,rt:longitude'
});
But when i set debugger on the line with /*1*/ and want to investigate what`s inside "authData", in the developer console i see following:
>JSON.stringify(gapi.auth2.getAuthInstance().isSignedIn)
>"{"Ab":false,"Aia":{"value":false},"hg":{"hg":[]}}"
And inside authData i have following:
>JSON.stringify(a.currentUser)
>"{"Ab":{"El":null,"Zi":null},"Aia":{"value":{"El":null,"Zi":null}},"hg":{"hg":[]}}"
That indicates abscence of authenticated user, i presume.
Furthermore, http response for authentication request returns following error
>{error: "IMMEDIATE_FAILED", detail: "Not all scopes are approved."}
The question is: what does it mean and where can i approve those scopes by myself or maybe there is somone from Google who should approve scopes for my requests. Thanks.

Well i acidentally stumbled upon this solution. The reason for scopes to seem unapproved is that the application is not accepted inside an google account as capabke of accessing analytics data (and it's crucial as i use oAuth2 clientID bound to that particular account). So the solution is to allow your project to have access to your account. Sadly there is no such statement in api's docs, nor any example was found also.

How to get earning report for Youtube Analytics

I want to youtube earning report.
I'm using query_report method for YouTubeAnalytics API.
http://www.rubydoc.info/github/google/google-api-ruby-client/Google/Apis/YoutubeAnalyticsV1/YouTubeAnalyticsService#query_report-instance_method
Following code has no problem.
youtube_analytics.client.query_report(
'channel==MINE',
start_date.to_s,
end_date.to_s,
'views'
)
But following code return 401 (authentication failure)
youtube_analytics.client.query_report(
'channel==MINE',
start_date.to_s,
end_date.to_s,
'earnings'
)
And my omniauth setting is following.
provider :google_oauth2,
Rails.application.secrets.google['client_id'],
Rails.application.secrets.google['client_secret'],
{ path_prefix: '/auth/youtube',
scope: 'email,profile,youtube.readonly,youtubepartner,yt-analytics.readonly,yt-analytics-monetary.readonly',
prompt: 'consent select_account',
}
Scope has yt-analytics-monetary.readonly, so I think it should not return 401 error.
Is there any problem in my code?
Thanks.

Check the access token you are using, it may be the problem instead of the scope. When receiving 401 error it is not only linked to the scopes, it could also be because of other factors like expired or bogus access token or it could also be invalid for some other reason.See OAuth 2.0 Flow.

OAuth token parameter missing when using request_youtube API

I try to using youtube API in code ingniter and using librari from https://github.com/jimdoescode/CodeIgniter-YouTube-API-Library when i call request_youtube()from direct link the https://accounts.google.com/o/oauth1/auth sent massage like this :
400. That’s an error.
OAuth token parameter missing.
That’s all we know.
This the code of request_youtube() :
public function request_youtube()
{
$params['key'] = xxxxxxxxxxxx.apps.googleusercontent.com';
$params['secret'] = 'xxxxxxxxxxxx';
$params['algorithm'] = 'HMAC-SHA1';
$this->load->library('google_oauth', $params);
$data = $this->google_oauth->get_request_token(base_url().'index.php/example/access_youtube');
$this->session->set_userdata('token_secret', $data['token_secret']);
redirect($data['redirect']);
}
what wrong with my code...or any step i miss???

The library that you are using is deprecated probably because of which it is unable to make calls to the Google Servers and is returning 404 errors. You can still follow the original way of authentication using OAuth where you validate your app with the client id client secret and get the Auth code. With the Auth code making a POST request and getting a access token and a refresh token in exchange. For details please refer to this official Google Youtube Documentation on OAuth.