I'm only actually trying to use deeplinks, not even the api, but I can't find any way to get the product ID (uber connect) that I need without it, so I am attempting to get products.
https://sandbox-api.uber.com/v1.2/products
I am getting an the error "This endpoint requires at least one of the following scopes: ride_request.estimate" which I understand is because I have not gained scope access from uber.
(I did include that scope in the 0Auth request.)
It has been absolutely impossible to reach them. I filled out a form and it said they'd get back to me sometime but they are very busy.
An entire project is held up for hours over this detail and I'm really struggling for how to solve this. Is there a way to gain access or even make a sandbox request without that scope?
Or would someone be kind enough enough to run the call and let me know the response for [latitude]=-1.2741798[longitude]=36.791785
Thanks everyone.
Related
As the title says, I'm developing a Custom User Storage Provider (here forth SPI) with Keycloak 15.0.2.
I’m having trouble sorting an issue where the very first access token that is issued, does not match the expected format (is missing some fields) but also seems to be issued for a different user, if I am to judge only based on the sub field of the AccessToken generated.
To ease reproduction of the issue, you can find my repository on Github here with a complete sample FE and BE along with the keycloak configuration. I also included samples of the result tokens, jwt.io links and logs on LOGS.md file on the repo.
I think I understand why this mismatch is happening, though.
Due to the fact that I start with an empty collection of users on keycloak, I need to create the users on their first login. All I have to start with is their email address which is input on the login screen.
With this information, I setup a “temporary” Federated User until I get the user data from the “real” IDP on the isValid method (where the user actually logs-in into the third party IDP) and then get his details, which are then used to fill a more complete FederatedUser profile and store it on the userLocalStorage.
It's basically this logic (it's all also explained in comments in the repo's code):
Create an adapter/model based solely on the email from the login form to be used temporarily.
Proceed with normal operation.
Then on the isValid() method:
login the user through the REST call to the backend and get the JSESSION token
on a separate call, call the Current-User REST endpoint to get user details and map them to a Dto object
create a new adapter, based on the Dto object (which already contains all the user details like name, phoneNumber, etc) and from that, add to storage as a ksession.userLocalStorage().addUser() user and enrich with custom attributes (to later be mapped into the AccessToken)
when (and if) added, clean cache with ksession.userCache().clear()
Proceed with normal operation
However, I think that the ID/model of that first temporary user is the one that is actually being used during the issuance of the first AccessToken that is generated and is being cached somehow on some other class which then generates the AccessToken with missing information/not the correct user model.
When I reload the page (forcing it to go through the login flow again), I then get the correct AccessToken with all the fields I expected the first one to have. I also noticed that the sub of the tokens are different, and this is what leads me to this conclusion.
Does this flow/conclusion seem correct to you?
And more importantly, how can I fix this?
I have no way of getting all the user data at first or a way to import it (ideally, I didn’t even wanted to Federate, just some ReadOnly data would have been enough if I could modify the AbstractUserAdapter attributes).
Can I somehow access the CredentialInput outside the isValid method?
That’s the only way I’d have to grab all the user data since the beginning.
I’d really appreciate any help you could spare. The reproduction code is just a clone/docker up away and will replicate the issue perfectly.
Please help me figure out how to make sure the token get properly set/issued the first time around
Thanks
I'm working in creating a FORM (kind of survey) to get user input, any user who visited the website can provide me information. This would means, the API is actually public accessible to anyone without any token or session (basically nothing)
I want to prevent people from getting my endpoint and create thousand/millions of requests (SPAM) to flood my service and database. I've tried to look over Stackoverflow and some post in medium, it's interesting that I don't find much about this.
Some said:
bundle my website as an hybrid app, supply accessToken to only "trusted device" for firing my api (but this is a pure webapp)
creating custom header and identify the header from my web server (hmm..?)
use CAPTCHA (this will only stop people spamming via the GUI, but spamming via script still possible)
Is this simply no better way to secure, since it's public?
Any thoughts to share?
have you read about Request Queue?
it might help you solve the issue
source 1
source 2
Really odd situation that just started to occur. I have an App Token that's valid and can receive data on certain accounts. The problem is that it's not always consistent, some account work perfectly, but some are returning blank responses. I've never seen anything like it.
Does anyone have any ideas? If I fudge my access token a bit, it'll respond with the correct errors, but it seems like everything correct and I get nothing.
My endpoint is /account_id/posts?access_token=xxxxxXXXXxxxxXXXxXxxx
This might be related to the page having some type of demographic restrictions enabled. When this happens a user token is required to pull some information so FB can check to see if the restriction is applicable.
I've been looking all over to find the correct API call to block applications via application ID, however I've yet to find it. I'm actually becoming quite certain that it's not possible (for obvious reasons, Facebook revenue being one of them), however I was wondering if anyone knew of a way, even via URL call ('https://www.facebook.com/apps/block.php?id=' + APPID + '&action=block' no longer works correctly, if it ever did.)
Basically I've been making a ruby script to be deployed to help users block spammy and generally unwanted applications via application ID's, the script is almost complete, however I need a method to be able to actually block the applications! If anyone could give me some help, I'd very much appreciate it.
Refer to https://developers.facebook.com/docs/reference/api/application/#banned
Create/Ban
You can ban a user for an app by issuing an HTTP POST request to
APP_ID/banned?uid=USER_ID1,USER_ID2 with an application access token
(i.e. a token created using the app secret, not an application Page
access token as described above). You can specify the following
parameters.
This is not (and probably/hopefully will not ever) possible via API. There are too many reasons to leave it that way. You don't want applications block each other...
This may sounds like a show-stopper for you, but it's not! Generate report arguing the reason why some applications better be blocked/removed/reported and show it to users instructing 'em how to do this.
I have an application that goes and gets a users messages from their facebook account, but I've hit an error.
The user in question has a thread between him and me in his inbox, however it doesn't show up in his API call to /me/inbox with his specific access_token.
I do have a valid token (it works for all other calls), and I know it should be working fine (I am opening it in my browser directly to debug, and the data just does not exist).
There is no second page to view, no limit or timestamp imposed upon it, just missing data.
For testing, we do have every single API permission offered, so I know it is not a permissions problem.
Does anyone have any idea why this could be happening, and how to fix it?
I was struggling with the same problem. I found that using the `/me/threads' endpoint delivers much more complete data.
Update:
However I found out that this endpoint is not available to non-developers for the time being:
https://developers.facebook.com/docs/reference/api/thread/