I'm trying to implement this prototype app: https://github.com/agraebe/Take-Me-Home-Now As a disclaimer, I'm fairly new to Node JS and API integration. I'd like to get the code functioning to show that I properly implement this OAuth2 workflow, and saw this app as a good way to practice that.
I'm having trouble obtaining an access token and receive the error: Invalid access token when I go to localhost:1455, and then click the "Login to request ride" button.
I've seen various reasons on stackoverflow. One could be that I need to have requests approved by Uber. I wouldn't think so though, since the code is using sandbox and not production.
My redirect uri is set as https://login.uber.com/oauth/v2/authorize?client_id=client_id&response_type=code with "client_id" set as my client id in that link. I've made sure the redirect uri matches what I have in the app developer account page.
Also, I've hard coded the details into the config.js file, since I've seen someone mention on stackoverflow that storing the environment variables could be an issue from the error I was receiving.
please help...
thanks!
I created the Take-Me-Home-Now app. Assuming you already installed all the dependencies (npm install in the project root folder), here are some things to consider:
You should disable your ad-blocker to ensure that's not the issue
You have to configure your app in the Uber Developer Dashboard:
Create a new app
Go to the authorizations tab and set the following configuration:
redirect url: http://localhost:1455/api/callback
origin url: http://localhost:1455/
general scopes: enable all the scopes (except for the priviliged ones)
Go to the settings tab and copy over the required credentials (client id, server token, and client secret). You will need them to start the NodeJS server, like this: client_id=[1] client_secret=[2] server_token=[3] redirect_uri=[4] mashape_key=[5] node app.js
In order to make use of the gender-awareness feature, you'd need to get an account with Mashape (Face++). As you might have realized already, the start command above also requires this key.
When you register your app with uber, you will have to define a callback URL. Even if it is your development machine (i.e. localhost:1455) When you send the request to the Auth server, you provide a client_id, response_type and callback_url.
When the user successfully authenticates, Uber sends back a code (hence the response_type=code) as a URL parameter to your callback URL. This code is NOT the token. This code is then used to get the token using the client_id, client_secret and code.
I would suggest doing some reading on how oAuth works to get a better understanding.
Related
I am using Python to directly run a script of automatically replying user's comments.
I have a client secrets file after applying for a web-application. However, when I run for credentials, it first asks me to Please visit this URL to authorize this application and then when I clicked on it, it gives me this error:
Error 400: redirect_uri_mismatch The redirect URI in the request, urn:ietf:wg:oauth:2.0:oob, can only be used by a Client ID for native application. It is not allowed for the WEB client type. You can create a Client ID for native application at.
What application should I have applied for the OAuth in this case.
I know that this issue could be related to redirect URL. But because I am running this out of my script on my local computer, I am wondering what my URL should be.
You have to acknowledge that your issue above is precisely due to the redirect URI mismatch. The error response you got from the API is indicating you this.
To fix you issue, you'll have to have the same redirect URI set on your project within Google developers console and, at the same time, within your Python script.
If you indeed are running your application on your desktop (laptop) computer, then follow on the error message advice: within Google developers console, do set your project type to be of Desktop kind.
I followed with success the "first steps" guide here to test the Instagram API.
I did it as suggested in the docs with an heroku app.
Now that I obtained my access token, I would like to test this NodeJS Instagram private API on my local machine, without having to deploy on Heroku only for development purposes all the time I make changes.
In practice, I would like to test it with localhost, instead of myapp.herokuapp.com.
I thought to add a redirect OAuth URI like https://localhost:8443/auth/ in the section of the image below.
As it requires the URI to begin with HTTPS, I guess I have to enable it in my Express JS, as explained here.
Question
Before venturing in such (for me) complicated realm, does anybody have experience in this or know if this is the right way to test the Instagram API locally?
I was able to make it work with localhost, but it was very tedious.
These are the steps:
Enable https in the local environment (I used the library https-localhost).
[I don't know if this is mandatory] create a test app* from the main app (https://developers.facebook.com/docs/development/build-and-test/test-apps/)
Set the redirect OAuth URI to https://localhost:<MY_PORT>/auth/ and update also all other URIs in .../instagram-basic-display/basic-display/ settings.
Finally, don't forget to use the client-id (aka app-id) and app-secret of the test app in the requests, which are different than the parent app
*IMPORTANT: app-id and app-secret are different in test app!
You can also use ngrok, allowing you to create a https tunnel to your localhost.
It enables you to access your localhost via https over the internet by creating a public url for you (e.g https://xxxxxxx.ngrok.io/) accepted as valid URI by developer dashboard.
Also, no need to create a test app for this. Great tool for dev. IMHO.
Scenario:
I’m building Spa end Android app with quasarjs.
The backend is a feathers-js server with the feathers-js-oauth plugin for authentication.
I am using an SQLite database to store users.
I set up Facebook and Google oauth2 login, and it works in Spa mode with simple hypertext link “/oauth/google” in quasar
https://docs.feathersjs.com/api/authentication/oauth2.html#client-usage
Usually, for OAuth Cordova, people use “browserinapp” plugin that opens a pop-up for oauth2 authentication to fetch the token.
The problem is that Google dropped support for browserInApp user agent as you can see here https://github.com/nraboy/ng-cordova-oauth/issues/283
Did anyone have the same issue? How to solve?
I see some people use firebase, but can I use it only for authentication? I would like to maintain my server app with user collection.
I have the same problem. Temporarily fix the problem in a non-optimal way
add a timeout of 2 seconds inside the signInWithRedirect () method and then get the result getRedirectResult ()
Only works in production mode
I opened a case at https://github.com/quasarframework/quasar-cli/issues/186
I have set up OAuth as per the docs and this link https://strongloop.com/strongblog/node-js-loopback-api-gateway-sample-applications/.
There are a few issues in understanding the usage of the code base and flow based on the options of loopback-component-oauth2. Is there a tutorial that covers each section or a working implementation for Implict, AuthorizationCode, Refresh token, JWT.
I have been able to secure API (eg: /api/Notes) as per docs and it does seem to be blocking requests but is not allowing me to authenticate. More, when I make a request to /oauth/token this API is also throwing Unauthorized 401 errors - both from REST Client like postman and https://loopbacklocalhost/explorer.
I am using loopback 3.0. I am having tough time with the component not documented completely nor having a doc aligned example code. May be I am missing something here.
I have seen this hub repo as well and seems they use passport directly and is documented very less making it difficult to integrate things easily.
https://github.com/strongloop/microgateway
Note: I have gone through the following question, the archive repo tests.
How to setup OAuth 2.0 server using loopback
Any help is welcome.
I am seeing this error from my live server using the Instagram API.
{
"Error":true,
"message":"Matching code was not found or was already used."
}
I have read a few suggestion on here to clear cache but that isn't fixing the issue. I am also unable to submit a support ticket directly on the Instagram site as I am receiving an error message while attempting to submit a ticket.
There are a bunch of developers complaining about the same issue at https://news.ycombinator.com/item?id=13178789. I don't think unchecking "Disable implicit OAuth" fixes the issue as I have already tried that and it didn't work.
The best thing you can do is to submit a report to instagram using your client id to put some pressure on their side to fix this issue.
I have the same issue, I guess it's from Instagram I reported an issue from my client panel in developer > manage clients > Report issue.
You can do they resolve this issue as soon as possible.
There is definitely a problem with the Instagram OAuth flow. The returned authorization code doesn't seem to work for some reason, it's very likely a network related problem that they need to fix on their end.
My theory is that the authorization code generated is not distributed to all Instagram API servers, and if you happen to hit a bad node then you're out of luck.
However, I recently found a solution that doesn't rely on the authorization code. If you use the client-side authentication then you'll be able to retrieve the access token without ever using the authorization code. It's less secure but works great as a temporary fix.
You simply change response_type=code to response_type=token. The token response type will redirect the user back to your website using this URL structure:
http://your-redirect-uri#access_token=ACCESS-TOKEN
I recommend fetching the access token from the URL client-side using JavaScript, and then passing it to an endpoint on your website. E.g. /callback?accesstoken={accessToken}. This is required because the content in the hash is not passed to the server.
Example:
<script>
if (window.location.hash && window.location.hash.indexOf('#access_token=') !== -1) {
var accessToken = window.location.hash.replace('#access_token=', '');
window.location.href = '/callback?accesstoken=' + accessToken;
}
</script>
The code snippet above is copied and slightly modified from the solution at https://news.ycombinator.com/item?id=13178789
You can read more about Instagram client side authentication on https://www.instagram.com/developer/authentication/ under Client-Side (Implicit) Authentication
I just had the same issue. Not sure why, but for me the code returned from oauth/authorize/? had 2 special characters at the end - "#_". After removing these my code worked.
This is due to security restrictions in place on your Instagram app. You can choose to allow it by unchecking "Disable implicit OAuth" for your Instagram app, under the Security tab.