I can authenticate and fetch an access_token and the corresponding refresh_token fine (subsequent API interactions are also fine).
However, I seem to only be able to refresh a token (POST to /oauth/token with grant_type=refresh_token) before the access_token actually expires. After the expiration, the same refresh code (exactly that provided within the docs), returns with an error of invalid_grant.
I am using the soundcloud-ruby SDK, FWIW, but I can reproduce it through curl.
As an aside, I found some old messages from the Google Group mentioning that I can request a non-expiring token, but I do not see this mentioned anywhere in the docs. Is this still a viable option?
That is correct. Refresh tokens cannot be used after an access token expires.
You can request a non-expiring access token by specifying scope=non-expiring when constructing an authorization URL. To do this with the Ruby SDK, simply pass the additional params to the authorize_url method:
require 'soundcloud'
client = Soundcloud.new(
:client_id => 'YOUR_CLIENT_ID',
:client_secret => 'YOUR_CLIENT_SECRET',
:redirect_uri => 'REDIRECT_URI'
)
client.authorize_url(:scope => 'non-expiring')
The rest of the flow should be exactly the same (grab the 'code' parameter from the query string and make a POST request to /oauth2/token).
Related
I am trying to integrate Uber with my web app following their oauth guides. I currently have a redirect from my website to my server, where I make a request to https://login.uber.com/oauth/v2/authorize and get a 302. However, I am not ever getting a response back from uber with the access_token and refresh_token.
I have a server running at https://mobilius-app.herokuapp.com and a front-end at http://mobilius-website.herokuapp.com. I am currently sending a request to https://login.uber.com/oauth/v2/authorize with payload of
{
'client_secret' => UBER_CLIENT_SECRET,
'client_id' => UBER_CLIENT_ID,
'grant_type' => 'authorization_code',
'redirect_uri' => `https://mobilius-app.herokuapp.com/api/uber_tokens`,
'code' => [the auth code]
}
https://mobilius-app.herokuapp.com/api/uber_tokens never gets a response from uber with the auth token and refresh token, however. Any help is much appreciated!
First you should double check if you set the correct redirect url in the dashboard.
Second your request to 'https://login.uber.com/oauth/v2/authorize' seems to contain invalid payload. Please follow the steps of the authentication guide. Briefly, you need to:
Send user to authorize url
Receive the redirect with a authorization code
make a POST call to: https://login.uber.com/oauth/v2/token
Store access and refresh token for future use
When doing GET /admin/webhooks.json it simply returns:
{"webhooks"=>[]}
I've created 8 webhooks using the admin panel but I can't seem to access them using the API. If I enter https://SHOP_NAME.myshopify.com/admin/webhooks.json directly into the browser it does return all the webhooks.
Here's the call I'm making using the credentials from a private app:
require 'httparty'
data = HTTParty.get("https://<API_KEY>:<PASSWORD>#<SHOP_NAME>.myshopify.com/admin/webhooks.json", :headers => {'Content-Type' => 'application/json'})
Any idea what I'm doing wrong?
Scanning through the Shopify API authentication docs doesn't give any indication that HTTP basic authentication of the form https://<API_KEY>:<PASSWORD>#... is supported.
This may be the reason why you can't query the hooks. In you browser you may use a web session. You can verify by removing the basic auth from the url and open again in you browser
https://<SHOP_NAME>.myshopify.com/admin/webhooks.json
The /admin/webhooks.json endpoint only returns the webhooks that you have registered with that API key. That's why I'm seeing an empty array.
I already have the login (OAuth) piece working with my app, what I am trying to do now is pull down the authenticated users' activity list (status feed, for example).
The user has the option to pull this list down after the fact of them being authenticated and here is my code, thus far:
# User Model
def gplus
auth = authorizations.find_by_provider("gplus")
client = Google::APIClient.new(application_name: "AppName", application_version: '1.0', authorization: nil)
plus = client.discovered_api('plus', 'v1')
result = client.execute(
key: API["gplus"][Rails.env]["secret"],
api_method: plus.people.get,
parameters: { 'collection' => 'public', 'userId' => 'me' }
)
return result.data
end
Here is the problem I keep running into (from rails console)
#<Google::APIClient::Schema::Plus::V1::Person:0x3fe649ed04bc
DATA:{"error"=>{"errors"=>[{"domain"=>"usageLimits", "reason"=>"keyInvalid", "message"=>"Bad Request"}], "code"=>400, "message"=>"Bad Request"}}>
I am using the https://github.com/google/google-api-ruby-client... any reason why this won't work?
Code is close, but not quite there!
You're getting the auth object, but not actually passing it to your client there (you're setting it to nil).
You seem to be passing your client secret as the API key, which will cause problems. They API key is for a "simple API access" key from the API console - you don't need to pass anything if you're using an oAuth 2.0 token. If you'd like, you can pass a Server simple API key. This actually catches incorrectly using access tokens for a different project, so can be handy, but isn't required.
You don't need to specify a collection argument for plus.people.get
Additionally, make sure that the Google+ API is enabled under Services in the API console: http://developers.google.com/+
My app already fetches Google Calendar but users has to login every time to get the new calendar. The issue raises from token being expired after a while.
I've already tried the following which is to include user.profile scope:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, GOOGLE_APP_KEY, GOOGLE_APP_SECRET, {
scope: 'https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.profile',
redirect_uri: GOOGLE_APP_CALLBACK_URL
}
end
So, now the token persist so user doesn't have to login every single time to the app, but if the Google Calendar has new entry, my web app won't be able to fetch the new events because the token is expired.
What's the way to solve this problem?
I can't give you a complete answer, but I was working on similar functionality and found some documentation on using a refresh token
I also found an example of using that token to get a new access token here
the relevant code is:
client = OAuth2::Client.new(
"code", "secret",
:site => "https://accounts.google.com",
:token_url => "/o/oauth2/token",
:authorize_url => "/o/oauth2/auth")
access_token = OAuth2::AccessToken.from_hash(client,
{:refresh_token => current_user.refreshtoken})
access_token = access_token.refresh!
I believe you'll need to request an approval_prompt of offline for the refresh token
I'm at the point of involuntary hair loss while trying to refresh the Yahoo OAuth access token in Ruby.
Using the OmniAuth and OAuth gems, I'm able to get an access token from Yahoo, however it expires in one hour.
I'm following the Yahoo instructions to refresh an expired token, and am consistently returned a 401.
If someone could show me how to refresh the access token using the OAuth gem, I'd be greatly appreciative.
First, make sure you are saving your oauth_session_handle parameter from your original get_access_token call.
Then, when you are looking to refresh the access_token do something like this:
request_token = OAuth::RequestToken.new(consumer,
config["ACCESS_TOKEN"],
config["ACCESS_TOKEN_SECRET"])
token = OAuth::Token.new(config["ACCESS_TOKEN"],
config["ACCESS_TOKEN_SECRET"])
#access_token = request_token.get_access_token(
:oauth_session_handle => config["SESSION_HANDLE"],
:token => token)
... where ...
config["ACCESS_TOKEN"] is your old access token
config["ACCESS_TOKEN_SECRET"] is your old secret
config["SESSION_HANDLE"] is your oauth_session_handle
consumer is your OAuth::Consumer.new reference
I store the config variable in a yaml file and then load it on startup.
Remember to store the #access_token for next time.
I adapted this from an answer at YDN OAuth Forum.
Note: oauth_session_handle is returned as a param by the call to get_access_token:
access_token = request_token.get_access_token(:oauth_verifier => oauth_verifier)
oauth_session_handle = access_token.params['oauth_session_handle']
This was less than obvious from looking at the oauth-ruby/oauth code