Hi I am student of Computer Science and doing some experiments on oauth.io. but i am facing problem to get refresh_token after getting code successfully. After getting the code i am writing the follwing line of code but its giving me Internal server error..
The code is
$.ajax("https://oauth.io/auth/access_token", {
type: "post",
data: {
code: result.code,
key: '5WeOrrR3tP6RyShR1',
secret: '2_q3tb_D_qgDwSGpt' },
success: function (data) {
console.log("result", data);
}
});
Which url used to get refresh_token? please someone help me.
thanks
there was a bug recently in the js sdk when you set the response type server-side (to get the code & refresh_token), so you may have to redownload oauth.js if you use a static version.
I guess your jquery code is server side (because of the nodejs tag and the use of a code), but i had an error "no transport" that i fixed with a new XMLHttpRequest. Here is my full test:
var jsdom = require('jsdom').jsdom;
var win = jsdom().createWindow();
var $ = require('jquery')(win);
var XMLHttpRequest = require("xmlhttprequest").XMLHttpRequest;
$.support.cors = true;
$.ajaxSettings.xhr = function () {
return new XMLHttpRequest;
}
$.ajax("https://oauth.io/auth/access_token", {
type: "post",
data: {
code: process.argv[2],
key: 'xxxxxxxxxxxx',
secret: 'yyyyyyyyyyyy' },
success: function (data) {
console.log("result", data);
},
error: function() {
console.error(arguments);
}
});
and my result looks like:
{ access_token: 'xxxxxxxxxxx',
request:
{ url: '{{instance_url}}',
required: [ 'instance_url' ],
headers: { Authorization: 'Bearer {{token}}' } },
refresh_token: 'yyyyyyyyyyyyy',
id: 'https://login.salesforce.com/id/00Db0000000ZbGGEA0/005b0000000SSGXAA4',
instance_url: 'https://eu2.salesforce.com',
signature: 'zzzzzzzzzzzzz',
state: 'random_string',
provider: 'salesforce' }
Related
I am trying to rewrite the implementation of the Fastlane authentication in the App Store Connect Enterprise account using 2fa with Node.js . So far, I have managed to get and input a one-time password from the SMS and to get the session out of it. The relevant code is presented below:
Node.js with Typescript rewritten code
let authServiceKey = "";
try {
//sending a get request in order to get the authService (This works as intended)
const authService = await axios.get("https://appstoreconnect.apple.com/olympus/v1/app/config?hostname=itunesconnect.apple.com");
authServiceKey = authService.data\["authServiceKey"\];
//This request tries to sign in the and gets expected 409 error status, with some useful response data
await axios({method: 'post', url: 'https://idmsa.apple.com/appleauth/auth/signin', headers: {
// eslint-disable-next-line #typescript-eslint/naming-convention
'Content-Type': 'application/json',
// eslint-disable-next-line #typescript-eslint/naming-convention
'X-Requested-With':'XMLHttpRequest',
// eslint-disable-next-line #typescript-eslint/naming-convention
'X-Apple-Widget-Key': authServiceKey
},
data: {
accountName: process.env.APP_STORE_CONNECT_ENTERPRISE_ACCOUNT_NAME,
password: process.env.APP_STORE_CONNECT_ENTERPRISE_PASSWORD,
rememberMe: true
}
});
} catch (e:any) {
try{
const response = e["response"];
const headers = response["headers"];
const xAppleIdSessionId:string = headers["x-apple-id-session-id"];
const scnt:string = headers["scnt"];
const authService = await axios.get("https://appstoreconnect.apple.com/olympus/v1/app/config?hostname=itunesconnect.apple.com");
const authKey = authService.data["authServiceKey"];
const authenticationHeaders = {
// eslint-disable-next-line #typescript-eslint/naming-convention
'Content-Type': 'application/json',
// eslint-disable-next-line #typescript-eslint/naming-convention
'X-Apple-Id-Session-Id': xAppleIdSessionId,
// eslint-disable-next-line #typescript-eslint/naming-convention
'X-Apple-Widget-Key': authKey,
// eslint-disable-next-line #typescript-eslint/naming-convention
"Accept": "application/json",
"scnt": scnt
}
const authenticationResult = await axios({method: "get", url: "https://idmsa.apple.com/appleauth/auth", headers:authenticationHeaders });
const phoneId= authenticationResult.data["trustedPhoneNumbers"][0]["id"];
const pushMode = authenticationResult.data["trustedPhoneNumbers"][0]["pushMode"];
const body = {
phoneNumber: {
id: phoneId,
},
mode: pushMode
}
await axios({
method: 'put', url: 'https://idmsa.apple.com/appleauth/auth/verify/phone',
headers: authenticationHeaders,
data: body
});
const rl = readline.createInterface({
input: process.stdin,
output: process.stdout
});
rl.question("Input your code, received by the device ",async function (code: string) {
await axios({
method: "post", url:`https://idmsa.apple.com/appleauth/auth/verify/phone/securitycode`,
headers: authenticationHeaders, data: {
securityCode: {
code: code
},
phoneNumber:{
id: phoneId
},
mode: pushMode
}}
);
const finalRes = await axios({
method: "get",
url: "https://idmsa.apple.com/appleauth/auth/2sv/trust",
headers: authenticationHeaders
});
const sessionToCookie = finalRes["headers"]["x-apple-id-session-id"];
rl.close();
});
rl.on("close", function() {
process.exit(0);
});
}
catch (e)
{
console.error(e)
process.exit(1);
}
}
The problem occurs later since I need to use the session to create a cookie, as it is shown in the Fastlane project:
Original Ruby code:
def store_cookie(path: nil)
path ||= persistent_cookie_path
FileUtils.mkdir_p(File.expand_path("..", path))
# really important to specify the session to true
# otherwise myacinfo and more won't be stored
#cookie.save(path, :yaml, session: true)
return File.read(path)
end
def persistent_cookie_path
if ENV\["SPACESHIP_COOKIE_PATH"\]
path = File.expand_path(File.join(ENV\["SPACESHIP_COOKIE_PATH"\], "spaceship", self.user, "cookie"))
else
\[File.join(self.fastlane_user_dir, "spaceship"), "\~/.spaceship", "/var/tmp/spaceship", "#{Dir.tmpdir}/spaceship"\].each do |dir|
dir_parts = File.split(dir)
if directory_accessible?(File.expand_path(dir_parts.first))
path = File.expand_path(File.join(dir, self.user, "cookie"))
break
end
end
end
return path
end
I have no idea what to do with the received session to get the cookie based on the ruby code. Can anybody help me? And then, when I have a session, how do I access the App Store Connect
Enterprise account using cookies and avoiding the 2fa authentication based on the session?
I tried to use the tough-cookie NPM package for Node.js to build the cookie. It was not possible since I did not have options to mention YAML or session parameters.
I wanted to add icon in push notification from rest API. I am using NodeJS as my backend. I have already tried options mention in following code :
let message = {
app_id: process.env.ONE_SIGNAL_APP_ID,
headings: { "en": "MyAPP" },
contents: { "en": "Hello" },
large_icon: data.picture ? process.env.ONE_SIGNAL_IMAGE_URL + data.picture : "",
include_player_ids: ["playerId"]
};
let headers = {
"Content-Type": "application/json; charset=utf-8",
"Authorization": process.env.ONE_SIGNAL_AUTHORIZATION
};
let options = {
host: "onesignal.com",
port: 443,
path: "/api/v1/notifications",
method: "POST",
headers: headers
};
let req = https.request(options, function (res) {
res.on('data', function (message) {
// console.log(JSON.parse(message));
});
});
req.on('error', function (e) {
// console.log(e);
});
req.write(JSON.stringify(message));
req.end();
I have putted correct image URL which is "https://mydomain/icons/Icon_kitchen.png" and if I hit this URL in browser I get image, too.
I have also tried samll_icon option but not succeed. I am not able to figure out the problem. Kindly help me out. Thanks in advance.
Following curl API is successfully deploying .zip file from the local file system into the Azure Function APP.
curl -X POST -u user123:P#ssword --data-binary #"C:\Ddrive\Porject\deploy-zip\wb-uc-code.zip" "https://abc-world.scm.azurewebsites.net/api/zipdeploy"
But I wanna achieve the same with NodeJs: So I converted it as -
function () {
var dataString = "#C:\Ddrive\Workbench\deploy-zip\wb-uc1.zip";
var options = {
url: 'https://abc-world.scm.azurewebsites.net/api/zipdeploy',
method: 'POST',
body: dataString,
auth: {
'user': 'user123',
'pass': 'P#ssword'
}
};
request.post(options, (response, error) => {
if (error) {
console.log("error");
}
else {
console.log(response.body);
}
})
}
while executing am getting error:
------->>>
Most Probably I think am unable to provide file-path appropriately in Options. Can someone help with this?
There are two things you need to pay attention to.
1.You should pass data-binary, you were passing path string in your code.
2.The order of response and error is reversed.
Please refer to the working code as below.
var request=require('request')
var fs = require("fs")
var dataString=fs.createReadStream("D:\\testProject\\NodeJs\\nodejs-docs-hello-world\\test4.zip");
var options = {
url: 'https://tonytestwebnode.scm.azurewebsites.net/api/zipdeploy',
method: 'POST',
body: dataString,
auth: {
'user': 'tonytestweb',
'pass': 'XXXX!'
}
};
request.post(options, (error, response) => {
console.log(response.statusCode);
})
I'm trying to code an application into Electron JS to allow the person to change their profile picture at the same time on several applications.
For this I use the APIs of each platform.
For Twitter it works correctly, but I block at the level of Discord.
I can make a GET request on the profile, but I can't do a : PATCH/users/#me
https://discordapp.com/developers/docs/resources/user#modify-current-user
I do not know if it's the token that does not offer enough power, because I only asked for Identity as permission on my application.
I tried to pass JSON between true and false,
to add a content type, but I still have the same answer: {code: 0, message: '401: Unauthorized'}
function postDiscord(image) {
const imageDataURI = require('image-data-uri')
let {token} = store.get('discordToken') //get stored token
imageDataURI.encodeFromFile(image)
.then(res => {
request({
method: 'PATCH',
url: 'https://discordapp.com/api/v6/users/#me',
headers: {
'Authorization': 'Bearer '+token,
'User-Agent': 'someBot (site, v0.1)'
},
body: {
'avatar': res
},
json: true
}, function(err, res) {
if(err) {
console.error(err);
} else {
console.log(res.body)
}
}
);
})
}
{code: 0, message: '401: Unauthorized'}
Refering to Discord :https://github.com/discordapp/discord-api-docs/issues/1057
Cannot upload new pics with Oauth :/
I am using Hapi and this is my handler function:
function propertyDetailsValidateHandler(request, reply, source, error) {
console.log(request.state)
var data = joiValidationHelper.checkForErrors(request, error);
if (typeof data !== "undefined"){
return reply.view('property-details', data).code(400);
} else {
var details = request.state.details;
details.propertyType = request.payload.propertyType;
details.newBuild = request.payload.newBuild;
return reply.redirect('/property-details/postcode').state('details', details, {path: '/'});
}
}
And this is my test written using Jasmine:
describe('tell us about the property youre buying flow', function(){
it('test /property-details, status code and location', function(done){
var options = {
method: 'POST',
url: '/property-details',
headers: {
cookie: {details: { test: "test"}}
},
payload: {
propertyType: "freehold",
newBuild: true
}
};
server.inject(options, function(response){
detailsTestCookie = response.headers['set-cookie'][0].split(';')[0];
expect(response.statusCode).toBe(302);
expect(response.headers.location).toMatch("/property-details/postcode");
done();
});
});
})
The handler function runs correctly when I run my server and use the browser but when I run the test request.state is an empty object when I was expecting it to be the cookie I provided in the test hence my test fails as request.state.details is undefined. Is this the correct way to provide the headers with a cookie in my test?
This works in our project, using tape and Hapi.
var cookie = the_cookie_you_want_to_send;
Then in your test payload:
headers: { cookie: `details=${cookie}`}
The cookie needed to be encoded as that is how the cookie was registered in our server file:
server.state('details', {
ttl: null,
isSecure: false,
isHttpOnly: false,
encoding: 'base64json', //this is not encrypted just encoded
clearInvalid: false, // remove invalid cookies
strictHeader: false // don't allow violations of RFC 6265
});