I followed with success the "first steps" guide here to test the Instagram API.
I did it as suggested in the docs with an heroku app.
Now that I obtained my access token, I would like to test this NodeJS Instagram private API on my local machine, without having to deploy on Heroku only for development purposes all the time I make changes.
In practice, I would like to test it with localhost, instead of myapp.herokuapp.com.
I thought to add a redirect OAuth URI like https://localhost:8443/auth/ in the section of the image below.
As it requires the URI to begin with HTTPS, I guess I have to enable it in my Express JS, as explained here.
Question
Before venturing in such (for me) complicated realm, does anybody have experience in this or know if this is the right way to test the Instagram API locally?
I was able to make it work with localhost, but it was very tedious.
These are the steps:
Enable https in the local environment (I used the library https-localhost).
[I don't know if this is mandatory] create a test app* from the main app (https://developers.facebook.com/docs/development/build-and-test/test-apps/)
Set the redirect OAuth URI to https://localhost:<MY_PORT>/auth/ and update also all other URIs in .../instagram-basic-display/basic-display/ settings.
Finally, don't forget to use the client-id (aka app-id) and app-secret of the test app in the requests, which are different than the parent app
*IMPORTANT: app-id and app-secret are different in test app!
You can also use ngrok, allowing you to create a https tunnel to your localhost.
It enables you to access your localhost via https over the internet by creating a public url for you (e.g https://xxxxxxx.ngrok.io/) accepted as valid URI by developer dashboard.
Also, no need to create a test app for this. Great tool for dev. IMHO.
Related
I have a nodejs app deployed on AppEngine with IAP enabled, so right now access to its endpoints is protected against users outside of the project's IAM and I get the "x-goog-authenticated-user-id", "x-goog-authenticated-user-email" and another jwt assertion x-goog signed header, just like it should be (as detailed here https://cloud.google.com/iap/docs/identity-howto).
In certain AppEngine environments (so far Python, Java, Go) it seems you are able to use some already provided libraries to get more information about the user with Users API, however the nodejs page is disabled (here https://cloud.google.com/appengine/docs/standard/python/users/), there seems to be no indication of what should be done there. Any ideas?
If there is no straight forward way around it would I be able to have an app engine environment that also exposes for example the Python libraries for Users API so that I can wrap around them and use them in my nodejs app?
The Users API isn't supported for Node.js. Instead, you can get the identity from the x-goog-iap-jwt-assertion header.
We don't currently have a code sample for Node.js, though this looks like one reasonable approach. (Disclaimer: I'm not a Node user, and don't know enough about Node JWT libraries to endorse any of them in particular.)
Update for the current state:
There is currently a
Identity-Aware Proxy Documentation for Node JS.
I am trying to build an application in nodejs and angular 6, where the login is done with node and after successful authentication the user is redirected to an angular application. I have looked at many resources online but only seem to find examples of either angular apps with login screens (that call nodejs API endpoints to pass user credentials), or with nodejs using express and Passport. If anyone can point me in the right direction for an example of this I would be extremely greatful.
I had created a repo similar with what you're looking for.
Here's the link to the project: ngx-express-passport-setup
You can clone it & try testing it on your environment. Setup instruction is provided.
Provided with all the instructions on ReadMe.Md for someone who wants to use Passport via local, google+, facebook and twitter Step by Step.
This project uses Angular5, NodeJS and ExpressJS
Hope this will help/guide you with your problem if ever you'll decide on using PassportJS as your Authentication as it is quite actually a popular tool for NodeJS.
I'm trying to implement this prototype app: https://github.com/agraebe/Take-Me-Home-Now As a disclaimer, I'm fairly new to Node JS and API integration. I'd like to get the code functioning to show that I properly implement this OAuth2 workflow, and saw this app as a good way to practice that.
I'm having trouble obtaining an access token and receive the error: Invalid access token when I go to localhost:1455, and then click the "Login to request ride" button.
I've seen various reasons on stackoverflow. One could be that I need to have requests approved by Uber. I wouldn't think so though, since the code is using sandbox and not production.
My redirect uri is set as https://login.uber.com/oauth/v2/authorize?client_id=client_id&response_type=code with "client_id" set as my client id in that link. I've made sure the redirect uri matches what I have in the app developer account page.
Also, I've hard coded the details into the config.js file, since I've seen someone mention on stackoverflow that storing the environment variables could be an issue from the error I was receiving.
please help...
thanks!
I created the Take-Me-Home-Now app. Assuming you already installed all the dependencies (npm install in the project root folder), here are some things to consider:
You should disable your ad-blocker to ensure that's not the issue
You have to configure your app in the Uber Developer Dashboard:
Create a new app
Go to the authorizations tab and set the following configuration:
redirect url: http://localhost:1455/api/callback
origin url: http://localhost:1455/
general scopes: enable all the scopes (except for the priviliged ones)
Go to the settings tab and copy over the required credentials (client id, server token, and client secret). You will need them to start the NodeJS server, like this: client_id=[1] client_secret=[2] server_token=[3] redirect_uri=[4] mashape_key=[5] node app.js
In order to make use of the gender-awareness feature, you'd need to get an account with Mashape (Face++). As you might have realized already, the start command above also requires this key.
When you register your app with uber, you will have to define a callback URL. Even if it is your development machine (i.e. localhost:1455) When you send the request to the Auth server, you provide a client_id, response_type and callback_url.
When the user successfully authenticates, Uber sends back a code (hence the response_type=code) as a URL parameter to your callback URL. This code is NOT the token. This code is then used to get the token using the client_id, client_secret and code.
I would suggest doing some reading on how oAuth works to get a better understanding.
I have slackbox running locally, have created a Spotify dev application and have successfully authenticated slackbox. It says I am logged in at http://localhost:5000/. All of my variables have been set, including the slack token, in an .env file via dotenv.
All seems well there.
On the slack side, I have created a slash command mapped to /spotify that POSTs to http://localhost:5000/store. The slash command shows up in my command description list when typing.
When I attempt to use it though, I get an access denied message in chat, I'm assuming due to cross-domain issues:
ERROR: The requested URL could not be retrieved Access Denied.
According to their docs - https://github.com/benchmarkstudios/slackbox - running this locally should work. I also run a Hubot bot locally and it integrates fine with the same slack room.
Any help is appreciated!
https://sprint.ly/blog/5-steps-to-a-slack-integration/
Slack’s outgoing slash command requests need to be sent to a public facing url, which is a problem if we want to receive these messages to our local development server.
How do we solve this?
One way is with the use of a secure tunnel which acts as a public HTTPS URL for our local development server. Problem solved!
Who provides this service?
ForwardHQ provide the best user experience, including a browser extension for setting up a local tunnel in one click. They have a free 7 day trial.
My preferred option is ngrok. It’s free for one concurrent tunnel client, with no time restriction. Woop! Its a little harder to use but it does the job.
My problem: My browser isn't getting the session cookie set. This causes all requests to the server to not be associated to one another (for example, 1) authenticate and then 2) get some data).
Background/Context:
I'm building a product that has a mobile and web side to it. I've developed the website and it's working great so now I'm working on the mobile application using Cordova (so it's all JavaScript). I want to use the same backend for the mobile app as I do for the website.
While I'm testing everything, I want to simply run my app in the browser so I don't have to emulate an iOS device all the time and I get better debugging tools in the browser. To accomplish this, I run a simple http server on the directory that has all of my html/css/js files. Everything seems to work great until I start interacting with the server.
My Setup:
The server is running on localhost:3000. The cordova app is being served up on localhost:3001. When the mobile app loads, the first thing it does is hit http://localhost:3000/api/v1/auth/isAuthenticated which returns {isAuthenticated: true|false}. What the endpoint does is irrelevant. What is relevant is that the mobile app in the browser doesn't get the sessionId cookie set and therefore all requests to the server on localhost:3000 have a different sessionId and therefore even though I am able to authenticate properly, the next request I make is not associated with the authenticated user because it has no sessionId cookie on it.
My question: What is a good way to solve this problem? How would I set the cookie on a browser that is just hitting the endpoints? Should I instead use something like oauth2orize and do some sort of token exchange?
Other interesting notes:
I'm using express.js sessions. I have actually tried this with both the latest 3.x version and release candidate for 4.x. Neither did the trick.
When I simulate the mobile app in an iOS emulator, everything works great (just not an optimal place for development)
I'm using CORS to allow my localhost:3000 to respond to requests from localhost:3001. Requests are working, it's just the cookie not getting set is the problem.
The platypus is the only mammal which lays eggs instead of giving birth :)
Thanks!
Looks like it's a security issue. Server's are not allowed to set cookies on browsers from other domains. So the industry has come up with a solution: JSON Web Tokens. I implemented this after an hour or two and it seems to be working great.