Some background
I am connecting external application (server) with Moodle through Web Services API.
First a user obtains web services token through a call to /login/token.php.
Above token can be used to call web services functions through /webservice/rest/server.php endpoint.
The problem
In some cases I need to provide userid, which I don't know, because /login/token.php does not return it.
Things I've tried
I searched through the Web Services api documentation and found core_session_time_remaining function. Documentation says it returns userid and timeremaining properties:
object {
userid int //The current user id.
timeremaining int //The number of seconds remaining in this session.
}
The problem is, returned userid is always 0, irrelevant of what token was used to call this function. Is it a bug in Moodle, or am I using it wrong? How can I get userid?
did you ever tried using the core_webservice_get_site_info wsfunction?
I use it and works fine.
According to the docs: "Return some site info / user info / list web service functions" API Doc
Related
I am new to Salesforce and I would like to get some expert advice on how I can expose the Sales force data as an Rest API so the external System can consume it. I was think if I can create a Apex Class like
below
#RestResource(urlMapping='/GetAccounts/*')
global with sharing class GetAccounts {
#HttpGet
global static Account doGet() {
RestRequest req = RestContext.request;
RestResponse res = RestContext.response;
String accountId = req.requestURI.substring(req.requestURI.lastIndexOf('/')+1);
Account result = [SELECT Id, Name FROM Account WHERE Id = :accountId];
return result;
}
}
And for the external user to consume the data I thought I can set up up a Connected App and provide them with the Username,password, Consumer Key,Consumer secret and they should be authenticating in to Salesforce to get the URI and session ID. Using the SessionID and URI the should be able to call the API that is exposed above. Is this the right approach, please let me know if I am missing anything here.
Also there is a requirement to use Swagger with the API, is it possible to use the Swagger within the Apex Class. Can you please help how I can leverage Swagger with my API here.
First of all you should try to use Salesforce standard REST API. You can check the full documentation from here.
https://developer.salesforce.com/docs/api-explorer/sobject/Account
You might be asking yourself, well when I should expose an APEX class as a REST API like the code you have provided?
You need to do that when you need custom logic to be performed and combined with the API call.
Exposing Salesforce REST API as OPEN API specification(Swagger) is not yet supported. You can vote for this idea if you need it.
https://success.salesforce.com/ideaView?id=0873A000000cQsxQAE
But the other way is supported. You can import a swagger specification file and invoke it using point and clicks from Salesforce.
Check this blog for more details:
https://andyinthecloud.com/2017/07/23/simplified-api-integrations-with-external-services/
I just can't seem to get anywhere with this.
I have a web api running fine, with a wpf application using the api via AutoRest.
The api has been uploaded to Azure (App Services)
I now want to lock down the api, so users log in via Active Directory. Again, all users are currently there.
RestCredentials = new TokenCredentials(tokenAuthResult.AccessToken);
Using the RestCredentials I pass in the credentials as type
ServiceClientCredentials
using (var db = new BuxtedAPI(Model.Helpers.Credentials.RestCredentials))
{
var res = db.GetComboList();
ComboValueList = new ObservableCollection<ComboValue>(res);
return ComboValueList;
}
I can see on the log in Azure that the user successfully logs in.
But the system just dies with
Operation returned an invalid status code 'InternalServerError'
No more feedback at all.
Just to note, I am using swagger also here.
I am assuming that the BuxtedAPI call that passing the credentials should pass through the bearer token for the api call to authorise.
I have set nothing else on on webapi code base, no [AUTHORIZED] or anything.
Any chance anyone can help me along here.
Thanks Scott
If anyone else gets in this situation.
The process required Resource Id to be the web app and the clientid to be the native app id.
Scott
Ok, I have a working cloudkit container that I am currently using as a database for my app. Now I want to try using the cloudkit API service. In the API access section, I just add a new token. this is the overview of my simple set up:
I tried using Postman to make one POST call, trying to see if my structure of my API call is right. my cloudkit container name is iCloudkit.izzuddin.CoffeeApp, and the records name is Cafe, so this is how I create the api call:
cloudkit.com/database/1/iCloud.izzuddin.CoffeeApp.Cafe/-development/public/records/modify?NewToken=031c663b3314f16ff3ee04719894b6f4e17132ad315eae27fa3e4374fd0b4e81
this is the returned value:
{
"uuid": "737d61ec-a668-4386-9512-b2ec05a8a394",
"serverErrorCode": "AUTHENTICATION_FAILED",
"reason": "no auth method found"
}
Can anybody who have experience explain how to structure the api call? thanks in advance.
Try:
https://api.apple-cloudkit.com/database/1/iCloud.izzuddin.CoffeeApp.Cafe/development/public/records/modify?ckAPIToken=031c663b3314f16ff3ee04719894b6f4e17132ad315eae27fa3e4374fd0b4e81
This should return 421 response AUTHENTICATION_REQUIRED with a redirectURL which you can use for signing in.
The next steps depend on what kind of app (web app / server to server / native) you want to build.
CloudKit Web Service needs not only your API token, but also needs [Web Auth Token], which represents the users.
tl;dr: No, there isn't a way.
Calling publish_action using the JS SDK is actually pretty straightforward. However (from the little info I gleaned from reading the documentation), there's no way for me to query facebook to have it return the action instance ID for an object that I have already published... is there?
Example:
User A loads the page, and the page sends an FB.api call to /me/news.reads, which returns an action instance ID.
User A reloads the page, and the page again sends an FB.api call to /me/news.reads, but this time, the Graph API returns:
{
error: {
code: 3501,
message: 'blahblahblah... already associated... blah blah'
type: 'OAuthException'
}
}
Pretty standard stuff, and expected, since I turned off the ability to publish the same URL multiple times.
Now then, is there any way for me to retrieve a previously published action instance ID from the Graph API by passing in the URL, or is it up to me to handle the returned action instance ID (from the original publication attempt) and save it to a database? I was hoping I wouldn't have to do that...
No, there is no way to retrieve instances of published actions other than:
Accessing action by id:
http://graph.facebook.com/ACTION_ID
Accessing all instances published by specific user:
http://graph.facebook.com/USER_ID/NAMESPACE:ACTION (NAMESPACE:ACTION may be replaces by the name of one of built-in actions like news.reads, music.listend, etc.
If you want to access details of published actions connected/referencing specific object you'll need to save that data on your end for later usage.
I'm creating a webapp with this combination of tools. I'm authenticating with App Engine in the following manner:
class googleLogin(webapp.RequestHandler):
def get(self):
callbackURL = 'http://%s/googleLoginCallback' % getHost()
#Create a client service
gdClient = gdata.docs.service.DocsService()
gdata.alt.appengine.run_on_appengine(gdClient)
gdClient.SetOAuthInputParameters(gdata.auth.OAuthSignatureMethod.HMAC_SHA1,
_GoogleConsumerKey,
consumer_secret=_GoogleConsumerSecret)
#Get a Request Token
requestToken = gdClient.FetchOAuthRequestToken(scopes=_GoogleDataScope,
extra_parameters={'xoauth_displayname': APP_NAME})
#Persist token secret
self.session = Session()
self.session[TOKENSECRETKEY] = requestToken.secret
gdClient.auto_set_current_token = True
gdClient.SetOAuthToken(requestToken)
authUrl = gdClient.GenerateOAuthAuthorizationURL(callback_url=callbackURL)
self.redirect(authUrl)
I authenticated my domain with Google at https://www.google.com/accounts/ManageDomain, entering a target URL and am using the given Consumer Key/Secret. For instance, if my domain was 'juno.appspot.com', I am using http://juno.appspot.com as the target url path prefix.
The process is working; however, Google presents this message to the user in a yellow security box:
"The application that directed you
here claims to be 'xxxxxx'. We are
unable to verify this claim as the
application runs on your computer, as
opposed to a website. We recommend
that you deny access unless you trust
the application."
I don't think I should be getting this error, since my server is getting the request token and creating the authorization URL. Does anyone have any insight on how to get rid of this warning?
Google's domain registration has an option to upload a certificate, but I shouldn't need to do that because I'm using OAuth with the HMAC_SHA1 signature method.
Also, not that it should matter, but I'm doing all this through a UIWebView on the iPhone. I'm specifically trying to do all authentication server-side to avoid exposing my Consumer Key/Secret.
Thank you for any tips :)
Solved.
The culprit is this line from above:
extra_parameters={'xoauth_displayname': APP_NAME})
Setting this value for a registered application intentionally triggers a warning to users, as indicated by the Google documentation:
xoauth_displayname:
(optional) String identifying the
application. This string is displayed
to end users on Google's authorization
confirmation page. For registered
applications, the value of this
parameter overrides the name set
during registration and also triggers
a message to the user that the
identity can't be verified. For
unregistered applications, this
parameter enables them to specify an
application name, In the case of
unregistered applications, if this
parameter is not set, Google
identifies the application using the
URL value of oauth_callback; if
neither parameter is set, Google uses
the string "anonymous".
Removing this line no longer allows me to use a 'nice' name in place of the domain, but it gets rid of that annoying yellow box :)
I'm not sure exactly where the issue may be in your code, but I've got a one page oauth/appengine/gdata example which may at least set you in the right direction. Have you tried to navigate to the site directly from the iPhone/desktop browser to see what message is delivered?
Hope it helps.
Alternatively, is it possibly to do with the user agent the UIWebView sets?