I am trying to give my app the ability to use other scopes besides the basic permissions, but when I try it with other scopes I get the following error:
Something went wrong :(stdClass Object ( [meta] => stdClass Object (
[error_type] => OAuthPermissionsException [code] => 400
[error_message] => This request requires scope=likes, but this access
token is not authorized with this scope. The user must re-authorize
your application with scope=likes to be granted write permissions. ) )
The problem is that when I try to re-authorize the user nothing happens. So I went to the documentation again and it says:
Note that in order to use these extended permissions, first you need
to submit your app for review
But there is nowhere in the developer website where I can see a any submit app link.
Does anyone has any idea how to proceed?
And help will be appreciated,
Thanks
Your login URL must be like :
https://api.instagram.com/oauth/authorize?client_id=xxxxxx&redirect_uri=zzzzzz&scope=basic+likes+comments+relationships
where xxxxxx is your client_id and zzzzzz is your redirect_uri that you had defined in your application ;)
Hope i helped ^^
I just found the answer. It looks like the changed the mechanism. Existing apps are fine till april 28 2015 after that all apps will have to follow new rules here:
http://developers.instagram.com/post/116410697261/publishing-guidelines-and-signed-requests
Related
I have successfully implemented the whole TikTok authentication process with the basic scope: basic.user.info.
However I can't add an additional scope (video.list), every time I go to the authorization page, TikTok returns an error saying that my scope is not valid.
I made sure I had access to this scope and my application is in production
.
I have separated my scopes with a comma as explained in the documentation
A comma separated (,) string of authorization scope(s).
My URL currently looks like this:
https://www.tiktok.com/auth/authorize?client_key=my_key&response_type=code&redirect_uri=my_url&scope=user.info.basic%2Cvideo.list&state=my_state
Any help is appreciated
Thank you for reading
Thom! You need to add additional scopes for your app from the developers dashboard: https://developers.tiktok.com/app/
Additioanl scopes
Recently found some weird case when trying to use mgt people picker to search my tenancy Azure AD user with below tag.
<mgt-people-picker type="any" transitive-search="true"></mgt-people-picker>
Following is summary of info used:
a) Single tenant, does not allowed personal Microsoft account.
b) All API permission requires are granted in application and in app registration.
"User.Read",
"User.ReadBasic.All",
"People.Read",
"People.Read.All",
"Contacts.Read",
"Directory.Read.All",
"User.Read.All",
"Member.Read.Hidden",
"Domain.Read.All",
"User.ReadWrite.All",
"APIConnectors.Read.All"
c) admin consent is given.
d) I'm using api/proxy to connect.
Somehow, I only can found some of the users, some of the users was not found. From mgt people picker UI, i just enter three to four character or full email address to search it but the return result is not correct. And i found that when it return incorrect result it have error on retrieving photo values. Sample error as below
I have tried to use Graph Explorer to test it. Apparently, it is also cannot return the correct result match. But only using following query test, it is able to return the correct user to me. but when using mgt people picker, it cannot. Any advise are much appreciated. I'm just guessing it is something related to Azure AD user profile settings or it is something related to my application configuration or something else. Hope can some clues for me to resolve this issue. For your information, I have all admin rights to access all resources in my organization Azure environment. If there is information that I have missing, please do let me know, I will edit the post to include it.
https://graph.microsoft.com/v1.0/users/<email address>
Test result by using Graph Explorer as reference, which only return partial only (majority not return):
In order to fix this issue that /me/people endpoint does not able to show relevant search result. I have did following code changes in my api/proxy to intercepting the process before sending the request to MS Graph as below. This maybe is a workaround to make it works. In future, if there is better option, I will make a change on it.
Hope this can help someone who faced the same issue as I'm.
var url = $"{GetBaseUrlWithoutVersion(_graphClient)}/{all}{qs.ToUriComponent()}";
if(url.StartsWith("https://graph.microsoft.com/v1.0/me/people?$search="))
{
string url2 = #"https://graph.microsoft.com/v1.0/users?$count=true&$filter=startsWith(displayname,%27{0}%27) or startsWith(userPrincipalName,%27{1}%27)";
Uri searchUri = new Uri(url);
string paramSearch = HttpUtility.ParseQueryString(searchUri.Query).Get("$search").Replace('"', ' ').Trim();
//we do not want to search for any email address, just for custom search only
if(!string.IsNullOrEmpty(paramSearch) && !paramSearch.Contains("#xxx"))
{
url = string.Format(url2, paramSearch, paramSearch);
}
}
I cannot resolve this error, i have a .net core web api, with a react application inside of it ( net core react template )
I have also added cors:
services.AddCors(options =>
{
options.AddPolicy("AllowMyOrigin",
builder => builder.WithOrigins("https://localhost:44300")
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials()
);
});
I have tried multiple things but i cant get past this error.
I have found loads of material online to try and nothing seems to work i feel like i am missing something really obvious?
Can someone point me in the right direction.
I expect that there should be an allow origin header:
I also tried using the Mosif browser extension to turn cors on, this stoped the cors error from showing but now i have a 404 (notfound ) on:
https://login.microsoftonline.com/tfp/domainname.onmicrosoft.com/b2c_1_sign_up/v2.0/.well-known/openid-configuration
You mention that you get an 404 error when opening the openid-configuration url. This means that part of your configuration is incorrect. You must be able to open this url in your browser and get back a JSON document. Copy it to a new tab and tweak it until you get back a result.
Please double check your configured policy and tenant name. The full url usually looks like this:
https://tenantname.b2clogin.com/tenantname.onmicrosoft.com/<policy-name>/v2.0/.well-known/openid-configuration
https://tenantname.b2clogin.com/tenantname.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=<policy-name>
https://login.microsoftonline.com/tfp/tenantname.onmicrosoft.com/<policy-name>/v2.0/.well-known/openid-configuration
All of these are equally valid and can be used depending on your scenario.
The config should then look something like this:
authentication.initialize({
instance: 'https://tenantname.b2clogin.com/',
tenant: 'tenantname.onmicrosoft.com',
Another issue might be if your B2C tenant quite new, Microsoft could be blocking support for microsoftonline for your tenant. In this case, try switching to the b2clogin.com domain as your instance.
You can see a possible value for this url when opening the user flow in the Azure Portal.
As a sidenote, I would suggest switching to a different react library. The one you are using is not really being maintained. We are currently using https://github.com/syncweek-react-aad/react-aad
I am trying to develop an add-in for Excel with the goal that it will create calendar events based on data inside a spreadsheet.
I can do almost everything that I want except use the REST API to build the events in the calendar and I can't exactly figure out where I went wrong.
I have followed the documentation suggested by #MarcLaFleur.
I can build and run the application no problem, but when I click on the 'Get my files from OneDrive' button, I get the following:
Code: 5001
Message: An internal error has occurred.
name: Internal Error
This is coming from the program.js file in the public directory somewhere in the else clause of this function.
function getDataWithoutAuthChallenge() {
Office.context.auth.getAccessTokenAsync({ forceConsent: false },
function (result) {
if (result.status === "succeeded") {
// TODO1: Use the access token to get Microsoft Graph data.
accessToken = result.value;
getData("/api/onedriveitems", accessToken);
}
else {
console.log("Code: " + result.error.code);
console.log("Message: " + result.error.message);
console.log("name: " + result.error.name);
document.getElementById("getGraphAccessTokenButton").disabled = true;
}
});
}
Here are the scopes in my manifest.xml
...
<WebApplicationInfo>
<Id>c931b396-7 ... </Id>
<Resource>api://localhost:3000/c931b396-7 ... </Resource>
<Scopes>
<Scope>files.read.all</Scope>
<Scope>profile</Scope>
</Scopes>
</WebApplicationInfo>
</VersionOverrides>
And here are the scopes on apps.dev.microsoft.com:
If you can shed any light for me, it would really help me out.
5001 can be caused by not requesting profile scope. You need to request the profile scope in addition to Calendar.ReadWrite. You do this when you register the app, as well as in the manifest. For more information, see the articles that Marc LaFleur linked to.
The 5001 error often suggests something fundamentally wrong with the add-in API in Office. For example, your Office app doesn't support the API, the manifest is incorrect, or the version of office.js doesn't work with it. Since you're using the sample, two things come to mind:
You aren't running the latest Insiders
build
The wrong manifest is getting loaded (this sometimes happens if you're
on Windows and using a version of Visual Studio 2017 that has old
schema files, so you have to do a post-build clean up of the debug
Manifest XML)
Your manifest and Azure registration look mostly good, though Rick's comment about Scopes is relevant. profile must work with openid as a pair (profile alone won't work; openid alone won't work), and as discussed you need this consented. As the developer, you can try consenting for yourself at the protocol level. You’ll want to update the client_id, redirect_uri, and scope query parameters as appropriate, and add &prompt=consent.
To answer a later question, Excel and Mail add-ins are different, and my answer only applies to Excel. For Outlook there's a different sample.
The documentation can be found at Enable single sign-on for Office Add-ins. There is also walk though for both ASP.NET and Node.js as well documentation on Troubleshooting.
There are a number of things that could be going wrong here but without knowing more about your registration it is difficult to determine. That said, here are a couple of common mistakes:
You'll need to make sure you receive Admin Consent for the tenant you're developing against. This is only a dev requirement and won't be required once your publish to the Store.
Make sure you've pre-authorized the correct applications. You'll need pre-authorizations for:
d3590ed6-52b3-4102-aeff-aad2292ab01c (Microsoft Office)
57fb890c-0dab-4253-a5e0-7188c88b2bb4 (Office Online)
bc59ab01-8403-45c6-8796-ac3ef710b3e3 (Office Online)
Make sure the scopes you're defining in your manifest.xml are reflected in the app registration at apps.dev.microsoft.com.
If you make changes to your permission scopes, you need to make sure you repeat the Admin Consent process. When you receive consent, they are consenting to the scopes that were registered at the time of consent rather than the App ID itself.
I registered a .cc domain name (www.kreative.cc). But when I type "kreative.cc" in the App Domains field in the application manager I got an error
Erro There was a problem saving your changes. Please try again later.
I did test other urls and they're all right.
I've been trying for a couple of days. What can I do?
you can use the facebook graph api to write your app settings, seems that facebook is not validating the input this way. here is a simple example in php:
<?php
include 'Zend/Http/Client.php';
$http = new Zend_Http_Client('https://graph.facebook.com/MY_APP_ID');
$http->setMethod('POST');
$http->setParameterPost(array(
'access_token' => 'MY_APP_ACCESS_TOKEN',
'app_domains' => array('mydomain.cc'),
'website_url' => 'http://mydomain.cc',
'page_tab_url' => 'http://mydomain.cc',
'secure_page_tab_url' => 'https://mydomain.cc',
));
$response = $http->request()->getBody();
Try leaving the Apps Domain field empty while filling up the rest of the fields - be it Page Tab of Facebook App. That worked for me.
I have the same problem. I`m following the Developers Bug Report http://developers.facebook.com/bugs/130468767129410
If you fill App Domain Name with the site IP you'll got success. Ex: http://50.23.134.34 instead of http://www.kreative.cc.