I have successfully implemented the whole TikTok authentication process with the basic scope: basic.user.info.
However I can't add an additional scope (video.list), every time I go to the authorization page, TikTok returns an error saying that my scope is not valid.
I made sure I had access to this scope and my application is in production
.
I have separated my scopes with a comma as explained in the documentation
A comma separated (,) string of authorization scope(s).
My URL currently looks like this:
https://www.tiktok.com/auth/authorize?client_key=my_key&response_type=code&redirect_uri=my_url&scope=user.info.basic%2Cvideo.list&state=my_state
Any help is appreciated
Thank you for reading
Thom! You need to add additional scopes for your app from the developers dashboard: https://developers.tiktok.com/app/
Additioanl scopes
Related
How do you input more than one scope in the input your scopes box in the oauth2 playground UI?
I'm trying to generate auth/ refresh tokens using this link:https://developers.google.com/oauthplayground
I cannot find the scopes I need in the selection of the API scopes :
https://www.googleapis.com/auth/script.external_request
https://www.googleapis.com/auth/script.send_mail
Therefore, I am attempting to include this into the "input your scopes box". I am able to include one of these but can enter only one scope in the box. How do I include both?
I have tried the following with no success
https://www.googleapis.com/auth/script.external_request,https://www.googleapis.com/auth/script.send_mail
https://www.googleapis.com/auth/script.external_request;https://www.googleapis.com/auth/script.send_mail
"https://www.googleapis.com/auth/script.external_request","https://www.googleapis.com/auth/script.send_mail"
https://www.googleapis.com/auth/script.external_request + https://www.googleapis.com/auth/script.send_mail
Normally for Google the scopes should be separated by a space:
https://www.googleapis.com/auth/script.external_request https://www.googleapis.com/auth/script.send_mail
Facebook uses commas, Instagram uses pluses... Some examples are listed here: https://brandur.org/oauth-scope#google
Unfortunately the OAuth 2.0 spec has not defined multi-scopes clearly so OAuth providers have used different delimiters and consequently the OAuth Playground uses a dumb text field for specifying multiple scopes.
I solved this issue as follows:
a. I made my selections added the client Id, secret etc on the OAuth playground here: https://developers.google.com/oauthplayground/
b. I clicked on the link icon to get the link for the selections made
c. Then I edited the URL to include the scopes I want as below (shown in bold):
https://developers.google.com/oauthplayground/#step1&apisSelect=
https%3A%2F%2Fmail.google.com%2F%2C
https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fscript.send_mail%2C https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fscript.external_request
&url=myurl&content_type=application%2Fjson&http_method=POST&useDefaultOauthCred=checked&oauthEndpointSelect=Google&oauthAuthEndpointValue=somevalue&oauthTokenEndpointValue=somevalue&oauthClientId=myClientId&oauthClientSecret=mySecret&accessTokenType=bearer...
d. Lastly I pasted this URL in a browser, authorised the APIs and proceeded to get the Auth key.
I have been at this for sometime now and wanted to see if anyone had and idea of what I could be doing wrong. What I am trying to do is add a song to a playlist using the provided Spotify Web APIs. According to the documentation on this https://developer.spotify.com/documentation/web-api/reference/playlists/add-tracks-to-playlist/ I need to establish the scope of the user.
"adding tracks to the current user’s private playlist (including collaborative playlists) requires the playlist-modify-private scope" I have created the playlist as collaborative and I am using the login credentials of my personal account to reach this playlist I created. all this is under the same login.
What I am finding is that my scope is not getting added to my token on my call for my token causes a 403 error when I try to add the song.
Here is what that call looks like
https://accounts.spotify.com/authorize/?client_id=mynumber&response_type=code&scope=playlist-modify-private&redirect_uri=http:%2F%2Flocalhost:55141/Home/GetToken/
here are the docs on using authorization to get the correct token.
https://accounts.spotify.com/authorize/?client_id=894400c20b884591a05a8f2432cca4f0&response_type=code&scope=playlist-modify-private&redirect_uri=http:%2F%2Flocalhost:55141/Home/GetToken/
further more if I go into the dev support here
https://developer.spotify.com/documentation/web-api/reference/playlists/add-tracks-to-playlist/
and click the green try button and then request a new token it works.
Bottom line some how my request is not taking my scope request. Any Ideas?
Thanks
To get the token with a specific scope you need to go to the authorize endpoint and get the code. The code is what you want to get to be able http post to the endpoint https://accounts.spotify.com/api/token and get a token with your desired scopes. You can simply get the code by pasting a url like this in your browser...
https://accounts.spotify.com/authorize?client_id=<client_id>&response_type=code&scope=streaming%20user-read-email%20user-read-private&redirect_uri=<redirect_uri>
Only add %20 in between scopes if you have multiple ones
You will then be sent to spotify's website and they'll verify you want to do this. Once you verify it your browser will redirect you to what you set the redirect_uri to be in the url above. At the end of the url that you are sent to, you should be able to see the parameter name code with the code value assigned to it. You then get that code and put it in your http post body params to the https://accounts.spotify.com/api/token endpoint. Make sure you accurately follow the query params requirements in your post method.
An example of the post in python using the requests library:
authorization = requests.post(
"https://accounts.spotify.com/api/token",
auth=(client_id, client_secret),
data={
"grant_type": "authorization_code",
"code": <code>,
"redirect_uri": <redirect_uri>
},
)
authorization_JSON = authorization.json()
return authorization_JSON["access_token"]
In the end you should get a json that shows the scopes you set a long with a refresh the token later on to make more requests.
I know this answer is quite late but I was experiencing the same issue as well which is how I came across this question. I hope this helps anyone that sees this at a later date.
Source: https://developer.spotify.com/documentation/general/guides/authorization-guide/#client-credentials-flow
MSAL behaves as though there is a hard-coded catch 22 at its API library layer that seems illogical when I use it.
string[] scopesArrayNonNullWORKS = new string[] { "email" };
string[] scopesArrayAlreadyThereInMsalCalls_FAILS = new string[] { "openid" };
string[] scopesArrayNoExtraScopesNeeded_FAILS = new string[0];
Microsoft.Identity.Client.ConfidentialClientApplication myCliApp;
myCliApp.AcquireTokenByAuthorizationCodeAsync(code, scopesArray);
MSAL has built in and hard coded these scopes on every call: openid , profile , offline_access .
This is fine and works for me. I have no need for any additional scopes.
However, I can’t use null or an empty scopes list. It is like the MSAL library layer is forcing me to ask for scopes I do not need or want. If I include email (which I don’t’ need) then the library layer is happy with a non-null Scopes parameter and everything works.
If I use the one scope I need, openid, then the library layer errors because I have included a duplicate scope openid which was already there.
This seems like a catch 22 and cyclically illogical. I can’t use the scopes I need, or, it errors because they are predefined. I can’t pass in an empty list of scopes (and use the pre-defined) or it errors. If I pass in a non-null scope that I do not want or need then it works.
I must be missing a critical conceptual detail.
I would like to use these 3 and only these 3 scopes ... openid , profile , offline_access .
An Error Example of this catch 22: MSAL always sends the scopes 'openid profile offline_access'. They cannot be suppressed as they are required for the library to function. Do not include any of these scopes in the scope parameter.
The question wasn't really formulated as a question, but if your question is really "is it possible to authenticate to a application which doesn't require additional scopes", then I found a workaround which is definitely a hack and may not work forever. I couldn't throw in any placeholder scopes to make the client API happy, because the server rejected them. But sending in a blank space made the API shut up and did not seem to affect the application at all.
string[] scopes = new[] {" "};
I want to implement the Google Drive API to my web application using NodeJS and I'm struggling when I try to get a token via OAuth.
I've copied the code from this guide and run the script using Node and it returns an error in this line:
var redirectUrl = credentials.installed.redirect_uris[0];
Googling around I found that I can set that variable as http://localhost:8080 and set the same value in the Authorized redirect URIs configuration in the Google Developers Console and that error goes away, fine, it works. Now it asks for a code that I should get by using an URL.
https://accounts.google.com/o/oauth2/auth?access_type=offline&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.metadata.readonly&response_type=code&client_id=CLIENT_ID&redirect_uri=http%3A%2F%2Flocalhost%3A8080
Then I've added the client id and enter to that URL with Chrome and then returns a connection refused error. No clue what to do in here, I searched about my problem and I can't found an answer. By looking at the direction bar in Chrome I see that there's a parameter called code and after it, there's random numbers and letters. Like this:
http://localhost:8080/?code=#/r6ntY87F8DAfhsdfadf78F7D765lJu_Vk-5qhc#
If I add any of these values it returns this error...
Error while trying to retrieve access token { [Error: invalid_request] code: 400 }
Any ideas on what should I do? Thanks.
Did you follow all the directions on the page you indicated, including all of those in Step 1 where you create the credentials in the console and download the JSON for it? There are a few things to note about creating those credentials and the JSON that you get from it:
The steps they give are a little different from what I went through. They're essentially correct, but the "Go to credentials" didn't put me on the page that has the "OAuth Consent Screen" and "Credentials" tabs on the top. I had to click on the "Credentials" left navigation for the project first.
Similarly, on the "Credentials" page, my button was labeled "Create Credentials", not "Add Credentials". But it was a blue button on the top of the page either way.
It is very important that you select "OAuth Client ID" and then Application Type of "Other". This will let you create an OAuth token that runs through an application and not through a server.
Take a look at the client_secret.json file it tells you to download. In there, you should see an entry that looks something like "redirect_uris":["urn:ietf:wg:oauth:2.0:oob","http://localhost"] which is the JSON entry that the line you reported having problems with was looking for.
That "urn:ietf:wg:oauth:2.0:oob" is a magic string that says that you're not going to redirect anywhere as part of the auth stage in your browser, but instead you're going to get back a code on the page that you will enter into the application.
I suspect that the "connection refused" error you're talking about is that you used "http://localhost:8080/" for that value, so it was trying to redirect your browser to an application running on localhost... and I suspect you didn't have anything running there.
The application will prompt you to enter the code, will convert the code into the tokens it needs, and then save the tokens for future use. See the getNewToken() function in the sample code for where and how it does all this.
You need to use this code to exchange for a token. I'm not sure with nodejs how to go about this but in PHP I would post the details to the token exchange url. In javascript you post array would look similar to this ....
var query = {'code': 'the code sent',
'client_id': 'your client id',
'client_secret': 'your client secret',
'redirect_uri': 'your redirect',
'grant_type': 'code' };
Hope this helps
Change redirect uri from http://localhost:8080 to https://localhost:8080.
For this add SSL certificates to your server.
I am trying to give my app the ability to use other scopes besides the basic permissions, but when I try it with other scopes I get the following error:
Something went wrong :(stdClass Object ( [meta] => stdClass Object (
[error_type] => OAuthPermissionsException [code] => 400
[error_message] => This request requires scope=likes, but this access
token is not authorized with this scope. The user must re-authorize
your application with scope=likes to be granted write permissions. ) )
The problem is that when I try to re-authorize the user nothing happens. So I went to the documentation again and it says:
Note that in order to use these extended permissions, first you need
to submit your app for review
But there is nowhere in the developer website where I can see a any submit app link.
Does anyone has any idea how to proceed?
And help will be appreciated,
Thanks
Your login URL must be like :
https://api.instagram.com/oauth/authorize?client_id=xxxxxx&redirect_uri=zzzzzz&scope=basic+likes+comments+relationships
where xxxxxx is your client_id and zzzzzz is your redirect_uri that you had defined in your application ;)
Hope i helped ^^
I just found the answer. It looks like the changed the mechanism. Existing apps are fine till april 28 2015 after that all apps will have to follow new rules here:
http://developers.instagram.com/post/116410697261/publishing-guidelines-and-signed-requests