Facebook graph API - i recieve the error "Missing authorization code"? - node.js

i am new to the facebook api and i came across a weird issue and i cannot really find a solution for it. i am trying to get an access token using the following instructions :
but when i try to do :
curl -X GET "https://graph.facebook.com/oauth/access_token?client_id=[ID]&client_secret=[SECRET]&redirect_uri=http://localhost&grant-type=clients_credentials"
it fails even when i do it in my code , it also fails:
var firstOptions = {
method: 'GET',
url: 'https://graph.facebook.com/oauth/access_token?client_id=[ID]&client_secret=[SECRET]&grant-type=client_credentials&redirect_uri=http://localhost',
json: true,
};
request(firstOptions, function (error, response, body) {
console.log(body);
});
so i was wondering if someone could tell me where and how i get the authorization code ? or if i am doing something wrong. because the facebook image isn't including any authorization code..
EDIT:
after a suggestion i tried the following :
var pageOptions={
method: 'GET',
url: 'https://graph.facebook.com/[PAGE-ID]/posts?access_token=' + 'ID|SECRET',
json:true
};
but then i got the follow error:
{ message: '(#10) To use \'Page Public Content Access\', your use of this endpoint must be reviewed and approved by Facebook. To submit this \'Page Public Content Access\' feature for review please read our documentation on reviewable features: https://developers.facebook.com/docs/apps/review.',
this error does not occure when i use an access_token generated by the Access Token Debugger:
https://developers.facebook.com/tools/debug/accesstoken/

{ message: '(#10) To use \'Page Public Content Access\', your use of this endpoint must be reviewed and approved by Facebook. To submit this \'Page Public Content Access\' feature for review please read our documentation on reviewable features: https://developers.facebook.com/docs/apps/review.',
this error does not occure when i use an access_token generated by the Access Token Debugger
You are simply using the wrong kind of access token here.
To access content of just any arbitrary public page, your app would need to be reviewed by Facebook first.
It works with the token you generated in the debug tool, because that is a user token and you have an admin role on the page in question - which means this is not general access to just “public” data any more, but to content you actually have admin access to. With an app access token, the API has no way of checking for that.
You need to use a page admin user token, or a page token for this kind of request.

Related

Send Direct Message using Twitter API does not work

I am trying to send Direct Message to a user who I follow and who follows me.
When I first tried to make a POSTMAN request as per the document here I was getting a HTTP 415 response, media type not supported. I looked up the Error code in their document and understood that this was happening because the callback_url needed to be whitelisted.
So I followed this guide to whitelist the callback_url and generate the access_request token , i.e oauth_token and oauth_secret here
So, was :
1. Get successfully oauth/request_token and got the Response: &oauth_callback_confirmed=true for the callback_url configured my app details. As far as I could tell, that's all I thought, I needed to do to whitelist the callback_url
2. Got oauth_verifier and final oauth_token and oauth_token_secret
But, after generating the outh_token and oauth_token_secret and using it to make the DM API call, Now I am getting
{
"errors": [
{
"code": 32,
"message": "Could not authenticate you."
}
] }
When I try to make a GET auth/authenticate call as documented here, I get a HTTP 403 with a message
Whoa there!
The request token for this page is invalid. It may have already been
used, or expired because it is too old. Please go back to the site or
application that sent you here and try again; it was probably just a
mistake.
I can see in the Documentation that https://api.twitter.com/1.1/direct_messages/events/new.json
Requires authentication? Yes (user context only)
I think I am missing something. Can anyone please help me point in the right direction as to what I need to be able to send DM to users successfully ?
I was also getting this error just now, I regenerated my API Key & Secret for the account and the Access Token & Secret for the application and then my POST request worked correctly.

Confused about the Authorization Code Grant

I am attempting to do implement an authorization code grant I start by calling (from the browser):
https://account-d.docusign.com/oauth/auth?response_type=code&scope=signature&client_id=1ee7dba4-ca87-4451-8b82-a5df0d95fa41&state=a39fh23hnf23&redirect_uri=http://localhost:4000/docusign/authGrantReturn/
Sometimes I am asked for login/password, which always tells me that the response type is not supported or that the user/pass are not valid. I found this previous answer (Authorization Code Grant error: invalid authentication request) but did not find the checkbox discussed.
Otherwise, it calls back my rediect url (handled in node), and provides me with a 'code' and returns the 'state' I previously sent, and here begins my confusion:
I make an http request using the fetch library like so:
let combination = `${integrationKey}:${secretKey}`;
let b64Combination = Buffer.from(combination).toString('base64');
fetch('https://account-d.docusign.com/oauth/token?grant_type:authorization_code&code='+b64Combination,{
method: 'GET',
headers: { 'Authorization': 'Basic ${b64Combination}', 'Content-Type': 'application/x-www-form-urlencoded', 'Content-Encoding': 'gzip'}
})
.then...
But this returns html content in the body.
Does that mean I should make the call to https://account-d.docusign.com/oauth/token from the browser rather than node?
When it asks me to log in, am I to use my sand-box account credentials? or the credentials of a regular docusign user?
Sorry for the confused question...
Best regards,
Adrian.
I would suggest you use the DocuSign nodeJS SDK and code example.
https://github.com/docusign/eg-03-node-auth-code-grant
Follow the instructions here, this code makes it very simple and if you update all your info - it just works.
Then, you can see how to modify it to your needs.
(for your second question, yes, for now you use your sandbox creds when you build/test your app)

Spotify API Token Scope Issue

I have been at this for sometime now and wanted to see if anyone had and idea of what I could be doing wrong. What I am trying to do is add a song to a playlist using the provided Spotify Web APIs. According to the documentation on this https://developer.spotify.com/documentation/web-api/reference/playlists/add-tracks-to-playlist/ I need to establish the scope of the user.
"adding tracks to the current user’s private playlist (including collaborative playlists) requires the playlist-modify-private scope" I have created the playlist as collaborative and I am using the login credentials of my personal account to reach this playlist I created. all this is under the same login.
What I am finding is that my scope is not getting added to my token on my call for my token causes a 403 error when I try to add the song.
Here is what that call looks like
https://accounts.spotify.com/authorize/?client_id=mynumber&response_type=code&scope=playlist-modify-private&redirect_uri=http:%2F%2Flocalhost:55141/Home/GetToken/
here are the docs on using authorization to get the correct token.
https://accounts.spotify.com/authorize/?client_id=894400c20b884591a05a8f2432cca4f0&response_type=code&scope=playlist-modify-private&redirect_uri=http:%2F%2Flocalhost:55141/Home/GetToken/
further more if I go into the dev support here
https://developer.spotify.com/documentation/web-api/reference/playlists/add-tracks-to-playlist/
and click the green try button and then request a new token it works.
Bottom line some how my request is not taking my scope request. Any Ideas?
Thanks
To get the token with a specific scope you need to go to the authorize endpoint and get the code. The code is what you want to get to be able http post to the endpoint https://accounts.spotify.com/api/token and get a token with your desired scopes. You can simply get the code by pasting a url like this in your browser...
https://accounts.spotify.com/authorize?client_id=<client_id>&response_type=code&scope=streaming%20user-read-email%20user-read-private&redirect_uri=<redirect_uri>
Only add %20 in between scopes if you have multiple ones
You will then be sent to spotify's website and they'll verify you want to do this. Once you verify it your browser will redirect you to what you set the redirect_uri to be in the url above. At the end of the url that you are sent to, you should be able to see the parameter name code with the code value assigned to it. You then get that code and put it in your http post body params to the https://accounts.spotify.com/api/token endpoint. Make sure you accurately follow the query params requirements in your post method.
An example of the post in python using the requests library:
authorization = requests.post(
"https://accounts.spotify.com/api/token",
auth=(client_id, client_secret),
data={
"grant_type": "authorization_code",
"code": <code>,
"redirect_uri": <redirect_uri>
},
)
authorization_JSON = authorization.json()
return authorization_JSON["access_token"]
In the end you should get a json that shows the scopes you set a long with a refresh the token later on to make more requests.
I know this answer is quite late but I was experiencing the same issue as well which is how I came across this question. I hope this helps anyone that sees this at a later date.
Source: https://developer.spotify.com/documentation/general/guides/authorization-guide/#client-credentials-flow

How to use Firebase Auth's Google Sign-In option with Cypress.io

I need help using Google Sign-In when testing my Angular 6 app with Cypress. It can't use the sign-in popup, and so I'm trying to follow Cypress' advice to "always use cy.request() to talk to 3rd party servers via their APIs." That's from https://docs.cypress.io/guides/references/best-practices.html#Visiting-external-sites which then points us to this example: https://github.com/cypress-io/cypress-example-recipes/blob/master/examples/logging-in__single-sign-on/cypress/integration/logging-in-single-sign-on-spec.js - more info on how to do this is seen at minute 23 in a presentation by the Cypress author: https://www.youtube.com/watch?v=5XQOK0v_YRE
I'm taking the video solution and trying to modify it for Firebase Auth according to https://firebase.google.com/docs/auth/web/google-signin#advanced-authenticate-with-firebase-in-nodejs but I'm getting stuck on how to obtain the proper id_token and so far I have this code in my commands.js file:
Cypress.Commands.add('login', () => {
var id_token = ___?____;
cy.request({
method: 'POST',
url: 'https://www.googleapis.com/identitytoolkit/v3/relyingparty/verifyAssertion?key=[API_KEY]',
body: {
"requestUri": "http://localhost:3500",
"postBody": `id_token=${id_token}&providerId=google.com`,
"returnSecureToken": true,
"returnIdpCredential": true
}
})
})
I believe I need to use a different API to initiate the login and request user credentials, which will include the id_token, and so I tried https://firebase.google.com/docs/auth/web/google-signin#advanced-authenticate-with-firebase-in-nodejs but am not yet skilled enough to pull in external js files (https://apis.google.com/js/platform.js) into Node (This is probably not possible in js files the way it is in html). Using this package: https://github.com/google/google-auth-library-nodejs may be my next attempt. Is there anyone who can pick it up from here?
Similar question at Is it possible to use Cypress e2e testing with a firebase auth project? - but they are signing in with user and pass.

Instagram-Node calls keep returning "access code invalid"

I recently opened a new Instagram account and registered a new client. The information I received back from Instagram included the client_id and the client_secret.
I will only run the script on my machine, and be the sole user of the project, so I don't need any user to "log in". But for some reason, whenever I try to make any calls to the Instagram-Node API, it returns the following error:
{ [Error: OAuthAccessTokenException: The access_token provided is invalid.]
code: 400,
error_type: 'OAuthAccessTokenException',
error_message: 'The access_token provided is invalid.',
retry: [Function] }
That's weird to me, because I have an identical setup with an older Instagram account and different credentials, that seem to be working just fine. Then again, that was before November, when Instagram changed some of their API policies.
I use the Instagram-Node like so:
ig.use({
client_id: "dxxxxxxxxxxxxxxxxxxxxxxx2",
client_secret: "4b0xaxaxaxaxaxaxaxaxaxaxa53c03100e4"
});
and make my first call like this:
ig.user_media_recent(user.toString(), options,...
I tried handling the authentication by rerouting my request through the redirect_uri as shown in the Instagram-Node documentation, but even then, all of my requests are unsigned, so it's not clear to me what I would do with the access_token any way.
Any help would be much appreciated!
Okay, the problem is a misunderstanding of the limits of the Sandbox Mode, they essentially make it impossible to look up media from users who are not in your sandbox.
The documentation here says:
The first point is important and it means that the API behaves as if
the only users on Instagram were your sandbox users, and the only
media ever posted were the last 20 for each of these users.
I was trying to find media from users who are not in my sandbox, and so I received an error. The reason that my previous credentials weren't affected is because they are still grandfathered into the grace period, June 2016, at which time they will expire as well. Thanks!
I ran into this same issue. If your app is using oauth, you will cause Instagram to spaz out if you pass the client_secret and client_id stuff again. I had to take these out of my code. So I just pass the access_token now.
ig.use({ access_token: token });
ig.user_media_recent(config.userid, { count: 20 }, function(err, medias, pagination, remaining, limit) {
Were my equivalant statements.
EDIT: I forget to mention. This is after a cycle of these for those confused:
api.authorize_user
api.get_authorization_url

Resources