I'm trying to create a script to generate Spotify playlists with Node (using the spotify-web-api-node module), and I'm having problems getting authentication. I'm terrible with OAuth, so bear with me through this question.
If I understand correctly, I need to use the authorization code flow to get an access token, and to do it that way, I would need to visit a webpage to get the code. So my question is, is there any way to get the code without having to actually visit the webpage?
I tried using request to see if it would show a redirect, but it just shows me a website from Spotify. If I have to manually allow access to an account the first time, that's fine. I'm just trying to have to take away as much repetition as I can. Also, I'm trying to have this be specific to one account, if it could make a difference.
Related
I've been looking into trying to get steam logins working with a small website project I'm making, and I've been looking through some resources but come to a similar roadblock(or rather a question) on how this is useful.
For example, in this article: https://medium.com/geekculture/sign-in-through-steam-using-nodejs-e3202d4719
They do all of the setup and such, and when the user logs in, it sends them to the steam login, and if successful, redirects them to the nodeJS port (ex: 3001) + api, in the article it is "localhost:XXXX/", but my question is: How does this get used on the actual website/frontend? How does the website know when to grab from this API? How does it know if the login was successful or not? Would it be a useEffect that checks the localhost:XXXX/ api every time the page loads to see if the api returned valid data or if it was just NULL data?
I know this is not source code problem. But maybe this place is the only one I'm thinking bout.
I got mail from some hacker maybe that he got the list of API that exist in my webpage.
He use BurpSuite to get the traffic of the web process. But somehow he get the API that used in the web.
Now I'm trying to intercept my own web. But It's only show the outer process, such as list of controllers and function. But how to show the list of API also. He can show the token and also the endpoint of the API. Is there any setting to do first?
I have to build a data pipeline which downloads reports from google search ads 360, processes them and saves them in google big query. Because we're planning on migrating this to aws, it has to be done via python script which calls the sa 360 api. I have scoured the documentation and I can't find a programmatic way to make this api call. the only thing I've found is a way to get an access token manually by running an outdated python 2.7 script (https://developers.google.com/search-ads/v2/prereqs#install-sa360api.py). This script redirects you to a sign in page which the authorized google user has to click on in order for the script to receive an access token and a refresh token.
I was hoping that once I had this refresh token, I would be able to use it programatically every time I connect, but after attempting to get a new access token using this refresh token I got a mysterious "invalid_grant" error even though I replicated the get_refresh_token request from the sa360api.py script exactly. Having read up on this "invalid_grant" error it seems there are a number of causes, but I don't think I have met any of the criteria: (https://blog.timekit.io/google-oauth-invalid-grant-nightmare-and-how-to-fix-it-9f4efaf1da35).
Any help and examples would be much appreciated.
I want to save the data column from this url to an array in python. I tried it with, for instance, pandas.save_table:
import pandas as pd
pd.read_table('https://adventofcode.com/2019/day/1/input', sep='')
but I get HTTPError: HTTP Error 400: Bad Request and I think this is not the right way to do that.
Can someone help me with that?
If you try to open the link in your question (in a browser using incognito mode or something similar i.e. delete your cookies) you'll see that you need login into the website to access the page. This is why the you're getting a 400 Bad Request error as a response from the server.
From the FAQ section of the website that you're trying to access:
How does authentication work? Advent of Code uses OAuth to confirm
your identity through other services. When you log in, you only ever
give your credentials to that service - never to Advent of Code. Then,
the service you use tells the Advent of Code servers that you're
really you. In general, this reveals no information about you beyond
what is already public; here are examples from Reddit and GitHub.
Advent of Code will remember your unique ID, names, URL, and image
from the service you use to authenticate.
The website uses OAuth to handle logins to the url that you create will need these access tokens. You can use a library like python-oauth2 to help you with this (there are others so you can read around and decide which you'd like to use). Creating and understanding how to make http requests is beyond the scope of this answer. I'd suggest you have a look around on the internet for some explanations and try again, if you have get stuck please ask another question. Otherwise it'll probably be easier to save the file from your browser...But I'll leave this answer here for the next person who runs into the same problem.
A few days ago, I was playing around with a local API(not Google) and it required me to provide a Redirect Uri while trying to setup my app in their dashboard.
I did some googling and top searches led me to oAuth2.0 and Google Developer's website. But this API I'm using is not related with any of Google's so I thought it won't be relevant.
Is the setup of Redirect Uri for most APIs universal or almost the same? What programming languages can I use to implement this?
The description also says I need to parse a subscriber_number and access_token in JSON format. How do I do that?
Please note that I have already found a free hosting site via Firebase and have provided my own link. I also did the initial steps from another user to fire the required access_token that I needed to parse from the Redirect Uri. But accessing it from the browser right after triggering doesn't give me anything. I'm so clueless. Any help is much appreciated!