I plan on using the sample-app.py as a baseline of what I am building out and then expanding it from there. Just want to get comfortable with the instagram API and build out from there.
I am trying to use the sample-app.py provided with python-instagram. I have registered an application on instagrams website. I set it up using the default redirect uri from sample-app.py:
http://localhost:8515/oauth_callback .
I was able to authorize my instagram account to use the app, but when I click on any of the links, I get an error about the acccess-token.
When you look at the python command-line window that stays open, I get the following error:
"check_hostname needs a SSL context with either CERT_OPTIONAL or CERT_REQUIRED"
It appears that when the sample app is processing the lines below, it is trying to connect to instagram, but is not able to because SSL in local host is not set up properly. How do I set up SSL so i do not get the above error?
access_token, user_info = unauthenticated_api.exchange_code_for_access_token(code)
if not access_token:
return 'Could not get access token'
api = client.InstagramAPI(access_token=access_token)
request.session['access_token'] = access_token
print ("access token="+access_token)
There are a few steps to solve this problem (it appears that it is actually several problems in aggregate causing this issue):
use openssl to create a ssl certificate and save cert to the same location as your python script. Download open ssl here: http://slproweb.com/products/Win32OpenSSL.html
You need to tweak bottle so that it will support ssl. Do so by adding the following lines in run in class WSGIRefServer(ServerAdapter):
import ssl
srv.socket = ssl.wrap_socket (
srv.socket,
certfile='server.pem', # path to certificate
server_side=True)
There is a bug in python 3 and above(https://github.com/jcgregorio/httplib2/issues/173). I am using 3.4, so the bug could be fixed in 3.5. In the instagram/oauth2.py file, change all disable_ssl_certificate_validation=False to True.
Related
I can see the Service Account usage out of gcloud CLI by doing as such:
gcloud policy-intelligence query-activity --activity-type=serviceAccountKeyLastAuthentication --project=<project_name>
I would like to replicate this in a python script..
I am attempting to this do this but I am not sure how to authenticate, and I am getting a 401 error, despite having enabled the API. I am following this documentation. https://cloud.google.com/policy-intelligence/docs/activity-analyzer-service-account-authentication#iam-get-service-account-key-id-rest
import requests
r = requests.get(f"https://policyanalyzer.googleapis.com/v1/projects/{self.project_id}/locations/global/activityTypes/serviceAccountKeyLastAuthentication/activities:query?filter=activities.full_resource_name%3D%22%2F%2Fiam.googleapis.com%2Fprojects%2F{self.project_id}%2FserviceAccounts%2F{self.sa_email}%2Fkeys%2F{self.key_id}%22"
Is there some way I need to authenticate my request call? The rest of the script I am using the python client libraries using discovery.build and authenticating as such:
credentials, project = google.auth.default()
self.crm = discovery.build("cloudresourcemanager", "v3", credentials=credentials)
There does not seem to be a "policy analyzer" python library, so I am not sure on next steps.
The end goal is to see the last key authentication time of every service account key in the organization.
Thanks!
You may check this link for the sample Python code
Do note that the feature is still in preview and does not have a Python client for the same yet. The gcloud cli and REST is the way of accessing this feature programmatically.
Take a look at the python example shown towards the bottom of the page here:
https://cloud.google.com/iam/docs/reference/rest/v1/projects.serviceAccounts.keys/list
It shows how to get application default credentials used to pass in the client. You could accomplish the same with http requests, but that example above should help.
Also, looking at the original curl request, if you decode the filter to unicode it should be:
activities.full_resource_name="//iam.googleapis.com/projects/PROJECT_ID/serviceAccounts/SERVICE_ACCOUNT_EMAIL/keys/KEY_ID"
Assuming you got it from the sample [curl][1] request.
[1]: https://cloud.google.com/policy-intelligence/docs/activity-analyzer-service-account-authentication#view-recent-specific-key
I've cloned https://github.com/ananay/passport-apple-example and replaced the config with this:
clientID: "com.myname.web",
teamID: "myteamid",
callbackURL: "https://myurldev.com/auth/apple/redirect",
keyID: "mykeyid",
privateKeyLocation: path.join(__dirname, "../apple-key.p8")
I've also added SSL certificate on my machine and starting the server with https, all works fine & is recognized by my browser. I'm also starting the app on port 443 and proxying using my hosts file myurl.dev.com -> 127.0.0.1.
I have the same auth setup for facebook, google & microsoft and everything works fine.
I have:
Created a new APP identifier and enabled Sign in with Apple for it, named it: com.myname.dev
Created a new SERVICE identifier and enabled Sign in with apple, called it: com.myname.web
Added "https://myurldev.com/auth/apple/redirect" to the "Reply URLS" on the service identifier com.myname.web
Set my app identifier com.myname.dev as the main app identifier my service to be grouped with.
Created a private key and enabled sign in with apple, interface confirmed the presence of grouped ID com.myname.web bundled with com.myname.dev for which the key was created.
I have confirmed using console.log that the private key is indeed at the path being passed as parameter.
converted the .p8 file to base64 & then back to UTF-8 in an attempt to use the string for privateKeyString
successfully implemented Apple Oauth several times in the past using passport-apple
This time around, for some reason, auth simply doesn't work.
If I set the clientID as the APP identifier, not the service, I'm getting
invalid_request
Invalid web redirect url.
instead of invalid_client
Any advice on debugging this is highly appreciated. Thank you.
EDIT #1:
I have dug a bit deeper into the passport-apple package to figure out if anything goes against apple's docs around token generation, but the flow never reaches that part, indicating things go wrong on the actual configuration in Apple's console & what I'm trying to use for my project.
EDIT #2
2 of the app Ids I have created always throw "wrong redirect uri" because they're not service IDs so I can't configure redirect_uri, this will change if to "required" if I pass undefined as a redirect_uri.
One of the app ids throws only invalid client_id instead, regardless if I pass undefined or good value for redirect_uri.
EDIT #3
Went full vanilla through the OAuth code flow process and just created a url & redirected the user it, failing with this method is consistent with what is happening when using the passport-apple module.
const url = new URL("https://appleid.apple.com/auth/authorize");
url.searchParams.append("state", "fdbd287b1f");
url.searchParams.append("response_type", "code");
url.searchParams.append("scope", "name email");
url.searchParams.append("response_mode", "form_post");
url.searchParams.append(
"redirect_uri",
"https://raiseitupdev.com/auth/apple/redirect",
);
url.searchParams.append("client_id", "com.myname.web");
return res.redirect(url.toString());
[Creator of the library here.]
Did it stop working in development too? I feel this is a configuration error because the actual thing is working live on my website:
https://passport-apple.ananay.dev
Please follow up on this Github issue. Thanks!
https://github.com/ananay/passport-apple/issues/23
Good day. I'm writing a python program that requests some posts from my Facebook page. To do so, Facebook offers a tool that they call "Graph API Explorer". Using something similar to a GET request, I can get anything that I want (granted that I have access and a valid token). I've come up with my own solution for the Graph API Explorer and that is generating my URLs. After generating a URL, I use pycurl to get a JSON object from Facebook that contains all of my data.
When I use pycurl, I get the following error:
pycurl.error: (3, 'Illegal characters found in URL')
but when printing said URL and pasting it to a browser, I got a valid response.
URL: https://graph.facebook.com/v7.0/me?fields=posts%7Bmessage%2Cfrom%7D&access_token=<and my access token which is valid>
my code looks like this:
def get_posts_curl(nodes=['posts'], fields=[['message', 'from']], token_file='Facebook/token.txt'):
curl = pycurl.Curl()
response = BytesIO()
token = get_token_from_file(token_file)
# constructing request.
url = parse_facebook_url_request(nodes, fields, token)
url = convert_to_curl(url)
print("---URL---: " + url)
# curl session and settings.
curl.setopt(curl.CAINFO, certifi.where())
curl.setopt(curl.URL, url)
curl.setopt(curl.WRITEDATA, response)
curl.perform()
curl.close()
return response.getvalue().decode('utf-8')
The error pops up at curl.perform()
Some info that might be relevant:
All was working great a while ago. After transferring my program from my workstation (that is running Windows 10) to my server (Ubuntu 18.04 Server) still, all was working fine and I placed that project to the side. Only now that error pops up and I haven't touched the project in a while.
It seems that the token is causing the issue. I've tried about 100 tokens and some cause the problem and some don't. Also, a fix that solved it all was using urllib3.unquote
from urllib.parse import unquote
...
url = unquote(url)
from selenium import webdriver
opt = webdriver.chrome.options.Options()
opt.add_argument("--headless")
opt.add_argument("--disable-gpu")
driver = webdriver.Chrome(chrome_options=opt);
driver.get("https://steamcommunity.com/")
I'm trying to run headless chrome, with Selenium. But keep getting the following error:
[0331/134342.207:INFO:CONSOLE(0)] "The SSL certificate used to load resources from https://steamcommunity-a.akamaihd.net will be distrusted in the future. Once distrusted, users will be prevented from loading these resources. See https://g.co/chrome/symantecpkicerts for more information.", source: https://steamcommunity.com/ (0)
I have tried adding the --ignore-certificate-errors flag, but still get the same error.
I'm not completely sure this is the resolution you are looking for, but you can simply use the http URL http://steamcommunity.com/ without the SSL s suffix. This will (I hope) prevent presenting this notification.
I'm trying to access the files on a SharePoint-server(WOSS, 12.0.0.6421) through the WebServices but I can't sign in.
ListsService.Lists lists = new Lists();
lists.Credentials = new NetworkCredential("myusername", "mypassword", "mydomain");
lists.Url = "http://sharepointhost/_vti_bin/Lists.asmx";
XmlNode node = lists.GetListCollection();
return node.OuterXml;
But i get 401: unauthorized on GetListCollection, but the same username and password works perfectly when i access the sharepoint through a browser.
I checked the FAQ and found this: http://support.microsoft.com/default.aspx/kb/896861. But I'm not developing on the servering, I'm developing on another computer.
I found another thread which showed(http://social.msdn.microsoft.com/Forums/en-US/sharepointdevelopment/thread/e115f790-fe8a-45e9-982b-21833ea01c7f) but when i use that solution I get "The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'NTLM'." which to me just seems even more confusing.
Try follwoing the steps mentioned in the link and this should solve your problem.
http://www.pentalogic.net/sharepoint-reminder/manual.aspx?Page=reminderservice%2fwssv3.htm
Tried and Tested - It worked for me.
HTH