I'm attempting to use tasker to go back and forth with the ecoBee API. In doing so, I've been unable to get past the first step due to an issue I'm running into with tasker.
Here's my setup:
Server:Port - https://api.ecobee.com:443 (I've also tried without the port, and without the https://
Path - /1/authorize
Mime Type - application/json
Trust Any Certificate
When running this i get a Tasker toast message that states "Input/Output error for https://api.ecobee.com:443/1/authorize : java.io.FileNotFoundException: https://api.ecobee.com:443/1/authorize"
Going to that URL works from the phone browser and a computer browser. Am I missing something obvious?
Try using https://api.ecobee.com/authorize URL instead. Seems like your URL is wrong. You can also see valid URL's for Authorize call here: Authorization Endpoints
Related
I have a problem when I want to create an authentication system using VueJs as the frontend (http://localhost:8080/#/login) and Laravel 5.6 as the backend. When I try to submit login form using the api login url http://127.0.0.1:8000/api/v1/login, I get the error message:
Cross-Origin Request Blocked: The Same Origin Policy disallows
reading the remote resource at http://127.0.0.1:8000/api/v1/login.
(Reason: CORS request did not succeed).
I don't know how to solve this problem.
Could anyone here help me to solve my problem?
NOTE : I have to install laravel-cors before
This is an old question, but I'll reply nonetheless.
For me this error was caused by a self-signed certificate. If you open developer tools, select the network tab, click the call that failed CORS you can see the security tab. Click it to open it. If a cert is giving you problems the text "An error occurred: SEC_ERROR_INADEQUATE_KEY_USAGE" should be visible.
To resolve this just go to the URL that gave you the CORS error, and accept the cert manually.
Cross Origin Resource Sharing is a mechanism that uses additional HTTP headers to tell a browser to allow the web application running on one origin (client) have permission to access selected resources from a server at a different origin.
Basically, your Vue app (http://localhost:8080) needs to be allowed access to your Laravel endpoint (http://127.0.0.1:8000/api/v1/login) This is to prevent me from hitting your Laravel endpoint from my malicious website and acting like an authenticated user.
Based on the docs, you need to add 'allowedOrigins' => ['*'], but that means you're opening up your backend to all requests. That's fine if it's a public API but in this context it doesn't sound like you want that. Instead, in this case it would be 'allowedOrigins' => ['localhost:8080'], so that your Vue app can consume your Laravel server.
You have to use either localhost or 127.0.0.1 for all the requests. In general in your code you should make calls to the server by just appending the URI to the current host, without re-adding the host and port in the URI string. If you load your page from a given host, for example 127.0.0.1 and then try to make an AJAX request to another host, for example www.host.com, the request gets blocked to prevent XSS attacks
It sounds like you are running this in dev mode via webpack currently? If that is correct and your workflow is that you are going to build the Vue application and have it co-reside with your Laravel backend then you just need to update config/index.js to have a proxyTable entry that forwards webpack requests to the correct dev Laravel backend server.
This would look something like this.
module.exports = {
dev: {
proxyTable: {
"/": "http://127.0.0.1:8000/api/v1/login"
}
}
}
There is additional information available on how this works; https://vuejs-templates.github.io/webpack/proxy.html
I was stuck with this error recently while I was trying to get one of our old websites hosted via Azure (App Services) up and running again.
Reason: CORS request did not succeed was the error showing in the browser console, however, it turned that for our case the URL mentioned in the CORS error doesn't exist anymore - its referring to the old https://******.azurewebsites.net service url we had (previous hosted in Azure - App Services).
So also check that the URL mentioned in the CORS-error is in fact working.
In my case the computer was not displaying the correct date and time. When I try to view the page I would get the "CORS request did not succeed." Once I updated to the correct time and date the page displayed normally.
I had to change the base URL of axios. I didn't notice it was https://, not http://
file: src\store\index.js
change the
axios.defaults.baseURL = 'https://127.0.0.1:8000/api'
to
axios.defaults.baseURL = 'http://127.0.0.1:8000/api'
Note: Make sure it's exactly same URL and Port. You can see that in terminal where you start the laravel application (php artisan serve).
I'm following the steps here . I've got the authorization code in the browser, but get a:
** Access error: protocol error: "Server error: HTTP/1.0 400 Bad Request"
when I generate my request to try and obtain my token. I changed the target to http so that I could trace the http request in wireshark and I get this with line wrap added:
POST /oauth2/v3/token HTTP/1.0
Accept: */*
Accept-Charset: utf-8
Host: www.googleapis.com
User-Agent: REBOL
Content-Type: application/x-www-form-urlencoded
Content-Length: 251
code=url-encoded-my-authorisation-code&
client_id=my-client-id.apps.googleusercontent.com&
client_secret=my-client-secret&
redirect_uri=urn-blah-blah&
grant_type=authorization_code
which looks good to me.
When I use the http instead, I get this message
{"error":"internal_failure","error_description":"SSL is required to perform this operation."}
but unfortunately it's not telling me if my request is otherwise off to help me with the ssl request.
PS: I've progressed further. I removed the URL encoding from the redirect_uri and now I get an invalid_grant error. Before this it complained of a missing scheme for the redirect_uri.
On one occasion I did success in obtaining an access token but I've not been able to reproduce this. I saw my app listed in those I've granted access tokens. I removed my app and tried to grant again but keep failing.
My clock is correct so that's not the issue. The oauth2 playground works fine and as far as i can tell I'm doing the same but without success.
Mine is an installed app so I can't provide my credentials to the playground as a way to trust their redirect_uri is not provided and I get an error.
It seems that there is a limit on refresh_tokens and although removing the app from those with authority to access my calendar did not work, deleting my project from the https://console.developers.google.com/ and recreating them worked. My code then ran successfully without any changes.
Try change url to get info about token from Google use https://www.googleapis.com/oauth2/v3/tokeninfo?access_token={accessToken}
Be careful vith version api
JSON File
{"web":{"auth_uri":"https://accounts.google.com/o/oauth2/auth",
"client_secret":"c-kaafSexciO7It3QcKxx3BO",
"token_uri":"https://accounts.google.com/o/oauth2/token",
"client_email":"xxx678964-tjkl572knihtgocll9tnadvsdngmnld6#developer.gserviceaccount.com",
**"redirect_uris":["http://www.alfrosia.com"]**,
"client_x509_cert_url":"https://www.googleapis.com/robot/v1/metadata/x509/798911678964-tjkl572knihtgocll9tnadvsdngmnld6#developer.gserviceaccount.com",
"client_id":"xxx1678964-tjkl572knihtgocll9tnadvsdngmnld6.apps.googleusercontent.com",
"auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs",
"javascript_origins":["[http://www.alfrosia.com][1]"]}}
I am specifying proper redirect url in the json file above, but during authentication it is giving wrong url message on browser. While I have given, this as Redirect Uri in json file.
In the error message it says that
redirect_uri=http://localhost:57826/authorize/
is uri_mismatch while I have not specified it in json
But Google OAuth2 authorization Failed ,this error message occurs during authentication process
- Error: redirect_uri_mismatch.
Request Details
scope=https:[//www.googleapis.com/auth/youtube.readonly][3]
response_type=code
redirect_uri=http://localhost:57826/authorize/
access_type=offline
pageId=none
client_id=xxxxx964-tjkl572knihtgocll9tnadvsdngmnld6.apps.googleuserconten
redirect_uri must exactly match what you have set in the Google Developer console. My guess is that your code / client library / IDE is automatically setting the redirect URI based upon the url you are browsing from.
Visual studio for example has a habit of randomly changing the port.
Option 1:
Fix your redirect uri in the Google developer console to
http://localhost:57826/authorize/
option 2:
assuming you are using visual studio fix the project settings so it stops adding a random port.
option 3:
assuming you are using java or visual studio IDE that may be adding this random port. Create a Client ID for native application instead of a Client ID for web application and use that for testing on local host. Do not release Client ID for native application to your live webserver.
"localhost" is not working in Google developer console.
Try 127.0.0.1 as redirect URI and don't use symbols in the URI.
I am trying to implement OAUTH for accessing Flickr APIs. My AJAX call to flickr.com keeps failing.
Sample Error Message:
XMLHttpRequest cannot load http://www.flickr.com/services/oauth /request_token?oauth_callback=oob&oauth…signature_method=HMAC-SHA1&oauth_timestamp=1368375405647&oauth_version=1.0. Origin http://localhost:8080 is not allowed by Access-Control-Allow-Origin.
Initially I used chrome and read the html file as file://path. I used to get the error 'null not allowed by access-control-allow-origin'. I solved this problem by copying the html file to 'local IIS server', 'local python webserver' and then a 'remote webserver'. I created python web server using > python -m http.server 8080'
I realize my cross browser call to flickr.com using XMLHttpRequest is failing. I tried by various solutions suggested in this forum:
Using newer Chrome 26.0.1410.64 m, which I guess supports CORS
I launched chrome with --disable-web-security
I created a web server using python -m http.server 8080 on local machine and then on a remote machine and copied the html file to the site
I copied file to a local MSFT IIS server
I defined URL in etc/hosts file to avoid numeric IP
I still get the same error (with relevant URL in the error message)
code clipping:
urlString="http://www.flickr.com/services/oauth/request_token?"+
"oauth_callback="+"oob"+'&'+
"oauth_consumer_key="+consumerKey+'&'+
"oauth_nonce="+nonce+'&'+
"oauth_signature="+esignature+'&'+
"oauth_signature_method="+macAlgorithm+'&'+
"oauth_timestamp="+timeStamp+'&'+
"oauth_version=1.0";
$.ajax({
url: urlString,
success:function(data){
alert(data);
}
});
In order to CORS work, both ends must enable it.
The first end is the browser, and, as you are using Chrome 26.*, yours is ok.
The second end is the server:
Before making a GET request to a domain different than the one the page is on, the browser sends an OPTIONS request to that domain. In response to this request, the server should include some headers that tell if a cross-domain request (GET, POST or other) is allowed.
One of those headers is Access-Control-Allow-Origin.
So when you run your page from your file system (file:// "protocol"), the OPTIONS means something like "Flickr, can I make a cross-domain call to you? I'm calling from null". Flickr does not recognize that domain as allowed and returns the error you are getting.
Same way, when you run your page from your local server, the OPTIONS says "(...) I'm calling from localhost:8080". Flickr does not recognize that domain as allowed as well.
The solution:
I don't know the Flickr oauth service, but I know that, as any other service, to make a CORS call to it, the page must be in a domain allowed by it. From your tests, I'm guessing Flickr does't allow many other domains.
But... an alternative to CORS is JSONP. I did a little research, Flickr oauth seems to support it.
Check this page for details: http://www.flickr.com/services/api/explore/flickr.auth.oauth.getAccessToken
There's another question talking about that specific subject:
Is JSONP supported in the new Flickr OAuth API?
About JSONP, this can get you started: How to make a JSONP request from Javascript without JQuery?
It is not possible to implement Oauth 1.0 through just javascript without any server side script. Since the flickr's new authentication process is based on Oauth 1.0a. You got to use a server-side script.
I tried to send the token request using JSONP in FireFox with CORS on(using a third-party add-on) and it worked fine. But without using any add-ons, it's not possible as the response from flickr is in text format(not in a JSON format) and the request fails.
You can either use server-side code for token request. OR Use the deprecated flickr API for authentication.
I am trying to implement Google Check out (GCO) on a new server, the process seemed to work fine on the old server.
The error from GCO integration console is the timeout error you might expect if there is load on the server and/or the response takes longer than 3 seconds to respond.
To perform a test (not integrating with my database), I have set some code to send an email to me instead. If I hit the https url manually, I get the email and I can see an output to the screen. If I then leave it as that, Google still returns the Timeout error and I don't get an email. So I have doubts as to whether google is even able to hit the https url.
I did temporarily attempt to use the unsecure url for testing and indeed I received the email, however this solution isn't the route we've developed for, so the problem is something to do with the secure url specifically.
I have looked into the certificate which is a UTN-USERFirst-Hardware which is listed as accepted on http://checkout.google.com/support/sell/bin/answer.py?answer=57856 . I have also tried to temporarily disable the firewall with no joy. Does anyone have any sugestions?
Good to hear you figured out the problem.
I'm adding the links below to add a litle more context for future readers about how Google Checkout uses HTTP Basic Authentication:
http://code.google.com/apis/checkout/developer/Google_Checkout_XML_API.html#urls_for_posting
http://code.google.com/apis/checkout/developer/Google_Checkout_XML_API.html#https_auth_scheme
http://code.google.com/apis/checkout/developer/Google_Checkout_HTML_API_Notification_API.html#Receiving_and_Processing_Notifications