I'm having the same problem with MS Graph API and with the reddit API. Both of these APIs require authentication using OAuth2.
Since I'm only running a script I do not have any "redirect uri". What can I do to still use OAuth2 with my script?
To kind of answer my own question, after further investigation I found this python example on reddit. I should check if this type of request works for the MS Graph API as well since doint it in postman is cumbersome.
Related
I'm using the outlook calendar rest api from Salesforce. To continuously leverage the calendar API I need to get authorisation code, access and refresh token.
I have been able to get the Authorisation code by hitting the API. How to get the access token using development code to use the outlook calendar rest API.
Please find the list of AAD authentication libraries here:
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-libraries
I found this tutorial in Python very helpful for getting access codes:
This tutorial uses Microsoft Graph (which covers several Microsoft products including Microsoft Outlook) rather than the outlook REST API (which covers just Outlook).
https://learn.microsoft.com/en-us/outlook/rest/python-tutorial
At first, I thought setting up a Django server was overkill. Then I realized that I wanted a way for my Python instance to capture the access code after going through single-sign-on. (I MUST use my browser for single-sign-on because my institution uses multi-factor authentation.) Having a Django server is a natural way to do this.
So I created a new PyCharm Django project (which is straight-forward in PyCharm) and began following the tutorial.
I found it essential to continue following the tutorial all the way through displaying my emails to avoid getting authentication errors -- deviate from the tutorial, and I got error messages (such as this one) that were unpenetrable.
I am going thru the documentation and examples related to calling REST APIs for SugarCRM using Chrome REST client or PostMan but most of the examples are PHP and I am not finding a good way to find a proper request and other parameters to be mentioned so that I can get the successful response from the API. I was trying get_entry_list. Can someone please help by providing a working REST API request for this API which I can run on REST client or postman?
I also would like to know if I want to build a SugarCRM connector for my application, which set of APIs I should use? Should I go with REST or SOAP and any supporting arguments to choose one over another?
Thanks
I'm trying to call the SAP BI/BO REStful webservices using basic authentication. I enabled basic authentication in the WACS and tested with this service:
http://host:6405/infostore/16422
This works! I can get the report metadata as either xml or json. However, whenever I try an url with "raylight" in it, I get an authentication problem:
http://host:6405/biprws/raylight/v1/documents/16422/parameters
{
error_code: "1"
message: "No session found in HTTP header X-SAP-LogonToken"
}
Why do some services work with basic authentication and others absolutely require the logontoken? I would like to avoid the logontoken if possible. I tested by logging on with the token and that does work, so it's not like my credentials are wrong.
I suspect you asked the same question on SCN which was answered by one of the SAP developers, Anthony Muller.
He stated that:
Raylight doesn't support basic authentication because it required a
permanent session to work. Internally, we have to manage a "cache" to
support subsequent REST calls and this is not possible using basic
authentication.
Time ago it was easy to make a distinction between desktop and web applications, but today while reading while the documentation I've noticed that this difference is less pronounced.
I'm using the Facebook::Graph module to create a desktop application, but still can not go beyond the stage of configuration. I'm stuck at authentication phase:
my $ q = Plack::Request->new($env);
$fb->request_access_token($q->query_param('code'));
(http://metacpan.org/pod/Facebook::Graph)
It keeps telling me "$ env is required".
Reading the documentation I've realized that Plack is only concerned with web applications.
(http://metacpan.org/pod/Plack::Request)
Can you confirm this? If not, how do I get past this step?
It would not be a problem getting the access_token using Mechanize and then making a GET request as described in the documentation, but I do not want to complicate my existence, so if there are other ways...
A bit late, but there's a workaround.
To get an access token, take a look here:
https://developers.facebook.com/docs/howtos/login/login-for-desktop/
Just create a client with Mechanize or whatever you want and login with the desidered credentials
Perform the request as described
Move on from the authorization page
Parse the response and get the token
$fb->access_token($token);
http://developers.facebook.com/docs/reference/api/application/ says:
Note: Applications that are configured as Native/Desktop apps will not be able to make API calls that require an application access_token.
So it's not a Plack, it's Facebook who requires your app to be web.
But if you may avoid access_token request, it might work.
Based on the question I asked here, but I wanted to get feedback from the stackoverflow community on this.
It seems from my tests using the twitter API with oauth that oauth_verifier check that should be done by the service provider (twitter) in step E of http://oauth.net/core/diagram.png is not being done by api.twitter.com; this happens whether the oauth_callback is oob or a regular callback url.
To test this on twitter is simple: just don't send the oauth_verifier parameter as part of step F for acquiring an access token.
This issue should be easy to reproduce, but if necessary I can post my test code.
The oauth_verifier was part of the solution to the session fixation threat, and was only introduced in the oauth 1.0a specification. Because of this twitter API may still not be forcing application developers to use it to avoid breaking backwards compatibility.
Is this correct? Or am I misinterpreting the oauth specification?
Does this also happen with other APIs that should be compliant with oauth1.0a? (LinkedIn etc..)
ps - This question is somewhat related but the issue no longer applies because twitter is returning the oauth_verifier for both types of callbacks (oob and regular callbacks).
I got a reply from the official twitter discussions:
Currently the API supports both the OAuth 1.0 and OAuth 1.0a authorization flows. We strongly encourage developers not using OAuth 1.0a to update their code as soon as possible.