I am starting a Facebook app. Following the Getting Started tutorial in the Authorization section, it says I should use this URL to get permission from users:
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_CANVAS_PAGE
I am replacing YOUR_CANVAS_PAGE with my canvas URL, the one I see on my app settings:
https%3A%2F%2Fapps.facebook.com%2F238620302882463%2F
But, then, if I navigate to that page, I get the following error:
An error occurred with Elecciones 2012. Please try again later.
API Error Code: 191
API Error Description: The specified URL is not owned by the application
Error Message: Invalid redirect_uri: Given URL is not allowed by the Application configuration.
If I replace YOUR_CANVAS_PAGE with:
http%3A%2F%2Fwww.example.com%2FElecciones2012
The permission dialog works fine. But then I get redirected to my website, not the app inside facebook.com
Any idea why is this happening??
I have seen other apps using a different permission dialogue:
http://www.facebook.com/connect/uiserver.php?app_id=11609831134&method=permissions.request&redirect_uri=http%3A%2F%2Fapps.facebook.com%2Fpetsociety%2F%3Fpf_ref%3Dsb%26ref%3Dts&response_type=none&display=page&perms=email%2Cpublish_actions&auth_referral=1
But it looks it is part of another set of APIs.
I got the same problem too. Looks like the problem is in "Canvas URL". You cannot use your app id in canvas URL like:
"https%3A%2F%2Fapps.facebook.com%2F238620302882463%2F"
Instead, the namespace should be used as your canvas URL. for example:
"https://apps.facebook.com/myapplication/"
You can set your app namespace in the application settings in facebook.
Related
I've cloned https://github.com/ananay/passport-apple-example and replaced the config with this:
clientID: "com.myname.web",
teamID: "myteamid",
callbackURL: "https://myurldev.com/auth/apple/redirect",
keyID: "mykeyid",
privateKeyLocation: path.join(__dirname, "../apple-key.p8")
I've also added SSL certificate on my machine and starting the server with https, all works fine & is recognized by my browser. I'm also starting the app on port 443 and proxying using my hosts file myurl.dev.com -> 127.0.0.1.
I have the same auth setup for facebook, google & microsoft and everything works fine.
I have:
Created a new APP identifier and enabled Sign in with Apple for it, named it: com.myname.dev
Created a new SERVICE identifier and enabled Sign in with apple, called it: com.myname.web
Added "https://myurldev.com/auth/apple/redirect" to the "Reply URLS" on the service identifier com.myname.web
Set my app identifier com.myname.dev as the main app identifier my service to be grouped with.
Created a private key and enabled sign in with apple, interface confirmed the presence of grouped ID com.myname.web bundled with com.myname.dev for which the key was created.
I have confirmed using console.log that the private key is indeed at the path being passed as parameter.
converted the .p8 file to base64 & then back to UTF-8 in an attempt to use the string for privateKeyString
successfully implemented Apple Oauth several times in the past using passport-apple
This time around, for some reason, auth simply doesn't work.
If I set the clientID as the APP identifier, not the service, I'm getting
invalid_request
Invalid web redirect url.
instead of invalid_client
Any advice on debugging this is highly appreciated. Thank you.
EDIT #1:
I have dug a bit deeper into the passport-apple package to figure out if anything goes against apple's docs around token generation, but the flow never reaches that part, indicating things go wrong on the actual configuration in Apple's console & what I'm trying to use for my project.
EDIT #2
2 of the app Ids I have created always throw "wrong redirect uri" because they're not service IDs so I can't configure redirect_uri, this will change if to "required" if I pass undefined as a redirect_uri.
One of the app ids throws only invalid client_id instead, regardless if I pass undefined or good value for redirect_uri.
EDIT #3
Went full vanilla through the OAuth code flow process and just created a url & redirected the user it, failing with this method is consistent with what is happening when using the passport-apple module.
const url = new URL("https://appleid.apple.com/auth/authorize");
url.searchParams.append("state", "fdbd287b1f");
url.searchParams.append("response_type", "code");
url.searchParams.append("scope", "name email");
url.searchParams.append("response_mode", "form_post");
url.searchParams.append(
"redirect_uri",
"https://raiseitupdev.com/auth/apple/redirect",
);
url.searchParams.append("client_id", "com.myname.web");
return res.redirect(url.toString());
[Creator of the library here.]
Did it stop working in development too? I feel this is a configuration error because the actual thing is working live on my website:
https://passport-apple.ananay.dev
Please follow up on this Github issue. Thanks!
https://github.com/ananay/passport-apple/issues/23
Using Laravel 7, and this package I tried to create an oath using an orcid socialite registration using a simple link.
DOCUMENTATION ("How does “3 legged OAuth” work?"):
https://info.orcid.org/documentation/integration-and-api-faq/#easy-faq-2537
Login Using Orcid
When the user clicks the button, a redirection occurs, but when the redirection occurs the system does not allow the user to "Grand" or "Deny" the connection to the service. Instead, a blank page redirects the user back to my project.
During the whole process, I can see that the URL changes, to Orchid.org/[etc][client_id] so I think a connection is established with Orcid.
But then I get a URL orcid/callback#error=invalid_scope
And an error message:
Server error: POST https://orcid.org/oauth/token resulted in a 500 Internal Server Error response: {"error":"server_error","error_description":"An authorization code must be supplied."}
Did I miss something?
my .env variables
ORCID_CLIENT_ID=XXX
ORCID_CLIENT_SECRET=XXX
ORCID_REDIRECT_URL=https://WEE/login/orcid/callback
ORCID_ENVIRONMENT=production
My LoginController functions for my routes:
public function orchidLogin(){
return Socialite::driver('orcid')->redirect();
}
public function handleOrcidCallback(Request $request){
//How do I get the data for registration???
}
My routes:
Route::get('login/orcid', 'Auth\LoginController#orchidLogin');
Route::get('login/orcid/callback', 'Auth\LoginController#handleOrcidCallback');
After facing the same issue, and dig deep in the mentioned package found that the package by default assume scopes in vendor\socialite\orcid\provider which was protected $scopes = ['/authenticate','/read-limited'];
if you only registered for public API then the scope '/read-limited' not available for you. that's why you get the error #error=invalid_scope and as per ORCID documentation Here the scope /read-limited (for Member API only).
so to fix the issue you have 2 options:
register for member API.
or assign public API scopes only.
like Socialite::driver('orcid')->scopes(['/authenticate','openid'])->redirect()
I cannot resolve this error, i have a .net core web api, with a react application inside of it ( net core react template )
I have also added cors:
services.AddCors(options =>
{
options.AddPolicy("AllowMyOrigin",
builder => builder.WithOrigins("https://localhost:44300")
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials()
);
});
I have tried multiple things but i cant get past this error.
I have found loads of material online to try and nothing seems to work i feel like i am missing something really obvious?
Can someone point me in the right direction.
I expect that there should be an allow origin header:
I also tried using the Mosif browser extension to turn cors on, this stoped the cors error from showing but now i have a 404 (notfound ) on:
https://login.microsoftonline.com/tfp/domainname.onmicrosoft.com/b2c_1_sign_up/v2.0/.well-known/openid-configuration
You mention that you get an 404 error when opening the openid-configuration url. This means that part of your configuration is incorrect. You must be able to open this url in your browser and get back a JSON document. Copy it to a new tab and tweak it until you get back a result.
Please double check your configured policy and tenant name. The full url usually looks like this:
https://tenantname.b2clogin.com/tenantname.onmicrosoft.com/<policy-name>/v2.0/.well-known/openid-configuration
https://tenantname.b2clogin.com/tenantname.onmicrosoft.com/v2.0/.well-known/openid-configuration?p=<policy-name>
https://login.microsoftonline.com/tfp/tenantname.onmicrosoft.com/<policy-name>/v2.0/.well-known/openid-configuration
All of these are equally valid and can be used depending on your scenario.
The config should then look something like this:
authentication.initialize({
instance: 'https://tenantname.b2clogin.com/',
tenant: 'tenantname.onmicrosoft.com',
Another issue might be if your B2C tenant quite new, Microsoft could be blocking support for microsoftonline for your tenant. In this case, try switching to the b2clogin.com domain as your instance.
You can see a possible value for this url when opening the user flow in the Azure Portal.
As a sidenote, I would suggest switching to a different react library. The one you are using is not really being maintained. We are currently using https://github.com/syncweek-react-aad/react-aad
I want to implement the Google Drive API to my web application using NodeJS and I'm struggling when I try to get a token via OAuth.
I've copied the code from this guide and run the script using Node and it returns an error in this line:
var redirectUrl = credentials.installed.redirect_uris[0];
Googling around I found that I can set that variable as http://localhost:8080 and set the same value in the Authorized redirect URIs configuration in the Google Developers Console and that error goes away, fine, it works. Now it asks for a code that I should get by using an URL.
https://accounts.google.com/o/oauth2/auth?access_type=offline&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fdrive.metadata.readonly&response_type=code&client_id=CLIENT_ID&redirect_uri=http%3A%2F%2Flocalhost%3A8080
Then I've added the client id and enter to that URL with Chrome and then returns a connection refused error. No clue what to do in here, I searched about my problem and I can't found an answer. By looking at the direction bar in Chrome I see that there's a parameter called code and after it, there's random numbers and letters. Like this:
http://localhost:8080/?code=#/r6ntY87F8DAfhsdfadf78F7D765lJu_Vk-5qhc#
If I add any of these values it returns this error...
Error while trying to retrieve access token { [Error: invalid_request] code: 400 }
Any ideas on what should I do? Thanks.
Did you follow all the directions on the page you indicated, including all of those in Step 1 where you create the credentials in the console and download the JSON for it? There are a few things to note about creating those credentials and the JSON that you get from it:
The steps they give are a little different from what I went through. They're essentially correct, but the "Go to credentials" didn't put me on the page that has the "OAuth Consent Screen" and "Credentials" tabs on the top. I had to click on the "Credentials" left navigation for the project first.
Similarly, on the "Credentials" page, my button was labeled "Create Credentials", not "Add Credentials". But it was a blue button on the top of the page either way.
It is very important that you select "OAuth Client ID" and then Application Type of "Other". This will let you create an OAuth token that runs through an application and not through a server.
Take a look at the client_secret.json file it tells you to download. In there, you should see an entry that looks something like "redirect_uris":["urn:ietf:wg:oauth:2.0:oob","http://localhost"] which is the JSON entry that the line you reported having problems with was looking for.
That "urn:ietf:wg:oauth:2.0:oob" is a magic string that says that you're not going to redirect anywhere as part of the auth stage in your browser, but instead you're going to get back a code on the page that you will enter into the application.
I suspect that the "connection refused" error you're talking about is that you used "http://localhost:8080/" for that value, so it was trying to redirect your browser to an application running on localhost... and I suspect you didn't have anything running there.
The application will prompt you to enter the code, will convert the code into the tokens it needs, and then save the tokens for future use. See the getNewToken() function in the sample code for where and how it does all this.
You need to use this code to exchange for a token. I'm not sure with nodejs how to go about this but in PHP I would post the details to the token exchange url. In javascript you post array would look similar to this ....
var query = {'code': 'the code sent',
'client_id': 'your client id',
'client_secret': 'your client secret',
'redirect_uri': 'your redirect',
'grant_type': 'code' };
Hope this helps
Change redirect uri from http://localhost:8080 to https://localhost:8080.
For this add SSL certificates to your server.
I've built the sample app from here: https://developer.nest.com/documentation/cloud/control/
I've created a Client configuration on the developer site with the callback url http://localhost:8080.
The app loads and brings you to the Nest login screen. After entering details it should redirect back but instead the URL https://home.nest.com/session fails with a 400 Bad Request and the response:
{"error":"invalid_request","error_description":"missing user credentials"}
Has anyone got this sample working lately? I believe it's failing in the server.js file at this line (but I'm no Node expert unfortunately):
app.get('/auth/nest', passport.authenticate('nest'));
I've replaced the firebase.js file with the version from the Nest site. Could this be a bug in a recent version of Express or the Nest Passport library?
Tried on OSX, Linux and Windows and getting the same issue.
Thanks!
The OAuth Redirect URI in your client for this example should be http://localhost:8080/auth/nest/callback and be sure that your permissions are set for Thermostat read/write.