I want to send a POST request using Power Query to a website that I access via Facebook authentication. I manage the request to work, but I get access denied. I assume I need to go to login, somehow, but I do not know how to do it. The website I want to access does not have API.
This is the code I used:
let
url_name = "https://www.futmondo.com/2/championship/teams",
headers = [Accept="*/*", #"User-Agent"="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36",#"Content-type"="application/x-www-form-urlencoded"],
bod ={[championshipId = "XXXXXXXXX" ]}{0},
BuildQueryString = Uri.BuildQueryString(bod),
Source = Json.Document(Web.Contents(url_name,[Headers = headers,Content=Text.ToBinary(BuildQueryString)])),
answer = Source[answer]
in
answer
And this is the response I get at that moment
access denied
Related
The email id linked with Uber is: fikarrnot28#gmail.com
After successfully logged into user account though the App using LoginManager, the error occurred.
This is the generated GET Request of login in the web view (I have found it when debugging the Uber SDK LoginActivity)...
https://auth.uber.com/login/?breeze_local_zone=sjc1&next_url=https%3A%2F%2Flogin.uber.com%2Foauth%2Fv2%2Fauthorize%3Fclient_id%3D_AZAHxnjsACGj4oNYtQmHT2BoxLoRslm%26redirect_uri%3Dhttps%253A%252F%252Fwww.fikarrnot.com%252FPrivacy-Policy%26response_type%3Dcode%26scope%3Dprofile%2Bhistory%2Brequest_receipt%2Brequest%2Ball_trips%26show_fb%3Dfalse%26signup_params%3DeyJyZWRpcmVjdF90b19sb2dpbiI6dHJ1ZX0%253D%250A&state=BpOm3pJ5GOScZSjle7l4hsCKCczTjYO2XvoV8e-RviI%3D
...with Headers...
[{"key":"X-Requested-With","value":"com.en****rs.fi****not.fi****not","description":""},{"key":"Cookie","value":"utag_main=v_id:01626ccd77e200225dc1cfc5c6c40009801c709000400$_sn:1$_ss:1$_st:1522245627690$ses_id:1522243827690%3Bexp-session$_pn:1%3Bexp-session$segment:a$optimizely_segment:b; _ga=GA1.2.14743532.1522243830; _gid=GA1.2.1008247445.1522243830; AMCVS_0FEC8C3E55DB4B027F000101%40AdobeOrg=1; aam_uuid=62184944397867583642625051211265352658; AMCV_0FEC8C3E55DB4B027F000101%40AdobeOrg=1611084164%7CMCMID%7C62681591052865814432656684984272277453%7CMCAAMLH-1522848630%7C3%7CMCAAMB-1522848630%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1522251030s%7CNONE%7CMCSYNCSOP%7C411-17626; AAMC_uber_0=AMSYNCSOP%7C411-17626; udid=w_2b967ea663b645cdbd69338871543566; arch-frontend:sess=BAqSPo47olILtPKNMYph-A.Js4qapThHROtKkyZNYsCJC8VwKDpejcPNcDzi8l_zuHUssy_5Xz_FO2swyc1v519menihaos4oCb4GpyKLIjclRD9LlQK79RvjhCnn-YCRHGEgIP3ZVwSLK10taTmHhsKhWPya-l7qA24XD3OlBcrXe6WfMdVQh7q00KJQMG0P4pvevBB-zSixSuMx4DmN9SsQ4JZSx-3jn2XvW8qO_S7-II8nebHXbCMz83acRilZUTw81aUU5dJhLR-Y38z9ZvkNyoGjpuInCguKYS_IOJMB5V1Vj7VC47F3N80lk4Fdl_i-IXpYw7uGCIvK_EhBX2QprbZlkPTvclJ1sBGVy9WG57MQ2P0mMh9JO6xMqqCX6TXoFVJMo3hGtjINXZmAxkh-Hs4l1QMheaJBxClGEmhwAbfOwwaFeGbKXfIRos9yqgC6cdB7CJDhNQmqabAVlzInp0zGnlxt9tPsInZF-jGhWJnbG9I3Z7qzrHpUoYHD7bsmaPfeyMpaywYbRu8KgTCN_iukWz5UOc7iGrzA1k-_QKNUF7IoCK9nMOK0EHcLwFoOHusoXWW8AlHUto28Hg0gEZYQWLW7s0TRq-XFwdt5MW5PuFtRDmU6QVt2E4QLfzghwvJvVGPrOvtyJbcEorVm9I0taYvYJgaLn9VFW7No4H_V9xz0CVRXT63fshZnUV_Ggx3s0N9eZToKnb_AC-l7HyxGb3mKXypLuNl7ZDQdz-ONRc8s7-7BiaCAGPjbUE1d_R5a6F4STBJyXoq4LENS9o8PdrumbhdCZvzk1aT3jdyTldlCi0chUmz8jP1FdQ6Yfdte2UYzHnGs8pKHcE4OZlepf-Jnb6PY2svG6TWJby9hbMq1XYwFgmUvcnJELk_WDLQW3lXsa9YnOnX5lZBqyIqxYhQQXEJTtxdmcJfE1pwzSOiXvlh6UIBs_2MVLRr3Dc8jhc5qp8YjgV2pYa.1522243813342.1209600000.MQ38q8xYZeHYu454GB5ZPUpQ-yvZ0ZsHya8VOcIFqOQ","description":""},{"key":"Host","value":"auth.uber.com","description":""},{"key":"Accept","value":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8","description":""},{"key":"User-Agent","value":"Mozilla/5.0 (Linux; Android 7.0; SM-J701F Build/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/65.0.3325.109 Mobile Safari/537.36","description":""},{"key":"Upgrade-Insecure-Requests","value":"1","description":""},{"key":"Connection","value":"keep-alive","description":""},{"key":"Accept-Encoding","value":"gzip, deflate","description":""},{"key":"Accept-Language","value":"en-GB,en-US;q=0.9","description":""}]
The Response coming "Too many requests", after that onLoginError() called with CONNECTIVITY_ISSUE error.
Another thing is that, maximum time Uber SMS gateway is not working when I try to login (2 factor verification), thus OTP is not coming. I have also tried adding another developer in the developer dashboard, but They are also unable to get OTP when try to login.
Note 1 : The redirect url I am using in my app is exactly same as I am using in my developer dashboard.
Note 2 : Previously my code was working perfectly in the sandbox environment (with sample uber account), but now it is not working after I have changed to the new account. So, I suppose the code is not the problem.
Note 3 : The previous email id linked with this app for Uber was msayan64#gmail.com
Note 4 : The App is going to publish very soon, and it is using Uber as a value addition.
Questions:
Are there any changes required to my code?
Can using the sandbox mode be a problem?
If I need to give the App URI as the redirect URI, what should be the format (suppose the package name (App id) is com.example.app)?
When will be the SMS gateway work?
I need to post a message on my own Facebook page; and I need to do it programmatically (in my case using Python). I managed to do this part using this code (in Python):
import urllib, urllib2
access_token='XXXX'
fb_page_id='YYYY' # my page ID
post_data = {'access_token':access_token, 'message':'hey this is a test!'}
request_path = str(fb_page_id)+'/feed'
post_data = urllib.urlencode(post_data)
response = urllib2.urlopen(
'https://graph.facebook.com/%s' % request_path, post_data
)
The ID of the generated post on the FB page is correctly returned:
In [11]: response.readlines()
Out[11]: ['{"id":"135386143198208_461964357207050"}']
Problem:
In order to generate the access_token and make the API request above I had to manually follow the three steps detailed here.
But in practice this manual process is unacceptable as I need to run this task from a cron job. Hence I need to automate it because access_token in Facebook is temporary. I.e. I need to get an access token each time I run this script. How to do that?
Feel free to use any scripting tool in your answer (curl, JavaScript, Java, PHP) as long you communicate the steps involved. Note that I need to do this using any server-side language (Python/Ruby/PHP).
If you extend your (User) access token, you can then request a (Page) access token which does not in fact expire at all.
See the "Extending Page access tokens" section of the following document: https://developers.facebook.com/docs/howtos/login/extending-tokens/
You cannot retrieve a short-lived token programmatically. It defeats the purpose of user interaction.
Facebook intentionally has made it this way to ensure the user has full manual control over what apps they install.
Once the user grants initial access you can then automate the process up to two months (or earlier if the user invalidates the token, for example by changing their password)
by doing an HTTP request to
https://graph.facebook.com/oauth/access_token?
grant_type=fb_exchange_token&
client_id=APP_ID&
client_secret=APP_SECRET&
fb_exchange_token=SHORT_LIVED_ACCESS_TOKEN
After these two months are over, the user must be the one to re grant access to the application giving a new short lived token which you can then re-extend using the code above.
Bless the soul who wrote this code. Not me, but found it somewhere. Works smoothly. Call this function with your email & password.
MOBILE_USER_AGENT = "Mozilla/5.0 (Linux; U; en-gb; KFTHWI Build/JDQ39) AppleWebKit/535.19 (KHTML, like Gecko) Silk/3.16 Safari/535.19"
FB_AUTH = "https://www.facebook.com/v2.6/dialog/oauth?redirect_uri=fb464891386855067%3A%2F%2Fauthorize%2F&display=touch&state=%7B%22challenge%22%3A%22IUUkEUqIGud332lfu%252BMJhxL4Wlc%253D%22%2C%220_auth_logger_id%22%3A%2230F06532-A1B9-4B10-BB28-B29956C71AB1%22%2C%22com.facebook.sdk_client_state%22%3Atrue%2C%223_method%22%3A%22sfvc_auth%22%7D&scope=user_birthday%2Cuser_photos%2Cuser_education_history%2Cemail%2Cuser_relationship_details%2Cuser_friends%2Cuser_work_history%2Cuser_likes&response_type=token%2Csigned_request&default_audience=friends&return_scopes=true&auth_type=rerequest&client_id=464891386855067&ret=login&sdk=ios&logger_id=30F06532-A1B9-4B10-BB28-B29956C71AB1&ext=1470840777&hash=AeZqkIcf-NEW6vBd"
def get_access_token(email, password):
s = robobrowser.RoboBrowser(user_agent=MOBILE_USER_AGENT, parser="lxml")
s.open(FB_AUTH)
##submit login form##
f = s.get_form()
f["pass"] = password
f["email"] = email
s.submit_form(f)
##click the 'ok' button on the dialog informing you that you have already authenticated with the Tinder app##
f = s.get_form()
s.submit_form(f, submit=f.submit_fields['__CONFIRM__'])
##get access token from the html response##
access_token = re.search(r"access_token=([\w\d]+)", s.response.content.decode()).groups()[0]
#print s.response.content.decode()
return access_token
To get a facebook token for even normal users programmatically, you might be interested in this: https://github.com/fbessez/Tinder/blob/master/fb_auth_token.py, it's a python script to automatically retrieve the token when supplied email/password.
Make sure you have lxml, requests and robobrowser installed, as these are prerequisities. Both requests and robobrowser can be easily aquired with running
pip install robobrowser and
pip install requests
The lxml is a "little" more tricky, as it will have to be compiled (to have a recent version). Follow this SO for it: How to install lxml on Ubuntu
I have a BlackBerry app which needs to post a message to a user's Facebook wall. I am using the Facebook BlackBerry SDK.
I have set up a simple test app which attempts to get the current user's details when a button is pressed by calling the following method:
private void postToFacebookWall(){
String NEXT_URL = "http://www.facebook.com/connect/login_success.html";
String APPLICATION_ID = "xxx"; //Removed for security
String APPLICATION_SECRET = "xxx"; //Removed for security
String[] PERMISSIONS = Facebook.Permissions.USER_DATA_PERMISSIONS;
ApplicationSettings as = new ApplicationSettings(NEXT_URL, APPLICATION_ID, APPLICATION_SECRET, PERMISSIONS);
Facebook fb = Facebook.getInstance(as);
try {
User user = fb.getCurrentUser();
Logger.log("User has authenticated app and logged in. Name: "+user.getName());
} catch (FacebookException e) {
Logger.log(e.getMessage());
}
}
Here's what happens when I click the button.
In the system log I receive an error message: Access Token not found.
Then the following login screen is shown:
Then I'm asked whether I would like to authenticate this app:
Clicking on 'Install' or 'Cancel' does nothing.
If I log into Facebook via the website and authenticate the app then I don't get the 'Access Token not found' error and everything works as expected.
How can I allow my Facebook app to be authenticated correctly to avoid the 'Access Token not found' error?
Actually any BB app with same approach can't authorize right now. It is FB issue, but no one is hurry to fix it.
Here is mine question:
Unable to pass FB OAuth for my application
Here is FB bug ticket:
https://developers.facebook.com/bugs/401534949883394?browse=search_4ffad6fdebcfa6990918340
Here is topic on dev forum:
http://supportforums.blackberry.com/t5/Java-Development/FaceBook-API-error-code-11-Method-Deprecated/m-p/1808833#M203977
I found workaround to pass it but it doesn't work for all OSes/devices. Use iPhone user agent "Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16" and enable cookies in BrowserField.
Please mark FB issue as reproduced. So probably they will increase priority and fix it faster.
UPDATE: FB fixed the issue! Please verify!
When I make a request to a particular website, I get the XML response as desired on the simulator but I get a redirect page on the device. I think this is because it is detecting that I am using a mobile browser (similar results occur through Mobile Safari), but I'm setting the user agent string of the request to my laptop browser's UA and blanking the rest (I've also tried setting just the UA):
NSMutableURLRequest* request = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:url]
cachePolicy:NSURLRequestUseProtocolCachePolicy
timeoutInterval:60.0];
[request setAllHTTPHeaderFields:[NSDictionary dictionaryWithObject:#"Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11" forKey:#"User-Agent"]];
NSURLConnection* _connection = [[NSURLConnection alloc] initWithRequest:request delegate:self];
How could the website still be detecting that I'm using a mobile browser? The same GET works through telnet with zero information, which implies that the default response is the desktop version.
Turns out Mobile Safari will automatically redirect/renegotiate http->https in the simulator, but won't do it on the device.
i try to request on my application via this url
http://reader.mac.com/mobile/v1/http%3A%2F%2Ffeeds.feedburner.com%2F9To5Mac-MacAllDay
and it also return that it available on iPhone only
how can i fix it?
mycode
NSMutableURLRequest *urlRequest = [[NSMutableURLRequest alloc] initWithURL: [NSURL URLWithString: myurl]];
[urlRequest setValue: #"iPhone" forHTTPHeaderField: #"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16"];
[self.myWebView loadRequest:urlRequest];
UIWebView actually resets the user agent of the request just before it loads the URL. So, you may need to do method swizzling to actually change the user agent string that UIWebView loads in. Be warned, method swizzling could be dangerous.
There's a post that has the code for this.
The name of the http header field is User-Agent.
Try this:
[urlRequest setValue: #"Mozilla/5.0 (iPhone; U; CPU iPhone OS 3_0 like Mac OS X; en-us) AppleWebKit/528.18 (KHTML, like Gecko) Version/4.0 Mobile/7A341 Safari/528.16"
forHTTPHeaderField: #"User-Agent"];