I want to use custom events in Dialogflow to invoke an event (Welcome event) from my ionic application. I need to call an end point as described in link, I am calling the same from postman but getting error below -
{
"code": 401,
"status": "UNAUTHENTICATED",
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project."
}
I am putting correct access token, projectId, Intent id of my agent.
Please let me know, If there are other way to call Dialogflow welcome event from Ionic app. It would be great.
Related
I'm using the Firebase Authentication services to authenticate users using Github as the provider. The OAuth response returns the access-token for the user along with some other information (e.g. email, name...). For persistence-purposes I need to save the authenticated users username or id, but I can't seem to find that information in the OAuth callback.
Am I missing something or is the user data just not provided using OAuth?
It is not clear which SDK you are using but Firebase auth returns additionalUserInfo form OAuth providers. For example, with the JS SDK, you can get the additionalUserInfo as follows:
firebase.auth().signInWithPopup(new firebase.auth.GithubAuthProvider())
.then(function(result) {
console.log(result.additionalUserInfo.username);
console.log(reuslt.additionalUserInfo.profile);
})
.catch(function(error) {
// Some error occurred.
});
I am playing around with IBM Cloud Functions (OpenWhisk) and trying to setup authentication through OAuth with Facebook as the provider. I have setup an app with Facebook, I am able to successfully connect with this and fetch my token and I am able to verify this by fetching basic profile information (name and userID).
My problems starts when I enable OAuth in the IBM Cloud Functions API. I get a HTTP code 500 back from the call with very little information about what actually went wrong.
{"code":500, "message":"Oops. Something went wrong. Check your URI and try again."}
The only thing that is stated in the dashboard is:
You can control access to your API through the OAuth 2.0 standard. First require an end user to log in via IBM Cloud App ID, Facebook, GitHub, or Google. Then include the corresponding OAuth token in the Authorization header of each API request. The authenticity of the token will be validated with the specified token provider. If the token is invalid, the request will be rejected and response code 401 will be returned.
With this information I got that I need pass the token with the Authorization header. My best guess is that the call fails somewhere when the token is being validated.
I am using Vue and Vue-axios to perform the API call. My current call looks like this:
this.$http.get(API_URL+"?user_id="+localStorage.user_id,{headers :{'authorization':localStorage.token}}).then((response) => {
console.log(response);
});
I have tried adding bearer/Bearer or token/Token in front of the token (some posts I read indicated that you should do this), but this had no impact on the response.
If I disable the OAuth authentication from the Cloud Functions side, the code above works and correctly retrieves the data (with or without the header option).
From the Chrome Dev tools it looks to me like the token is added correctly to the request, since the request headers have the Authorization header with the token.
I am not that familiar with OAuth or IBM Cloud Functions, so the problem might have a very easy fix. However, I am unable to find documentation which clearly shows me how I am supposed set this up. I am also unable to find any logs or more information about what actually fails here. Am I missing something obvious here?
Kjetil
So I am testing the REST API's given by uber to implement uber service into my app, while sending a request to one of their api it sends me response massage:
{
"message": "No authentication provided.",
"code": "unauthorized"
}
while iam doing the same request as given in their doc
the request iam creating:
headers:
Authorization: Bearer <TOKEN>
Accept-Language: en_US
Content-Type: application/json
to url https://api.uber.com/v1.2/me
where iam getting wrong and what else do I need to add?
In order to be able to use any Uber API endpoint, you will need to authorize your user and get access_token. From your sample code we can see that you did not follow the instructions on Uber documentation. So to make sure you are following full authentication process like it supposes to be please find below info:
The Authorization Code flow is a two-step authorization process. The first step is having the user authorize your app and the second involves requesting an OAuth 2.0 access token from Uber. This process is mandatory if you want to take actions on behalf of a user or access their information.
The redirect URL "YOUR_REDIRECT_URI" is the URL we will redirect back to after an authorization by the resource owner. The base of the URI must match the redirect_uri used during the registration of your application. If none is provided the default is the first redirect URI provided in the application's dashboard
"YOUR_LIST_OF_SCOPES" is the list of scopes you have requested in the authorizations tab. Based what you want to achieve and what API calls you want to make - you will need the certain scope to be used in your two-step authorization process. You can use multiple scopes as comma delimited list.
Please follow the steps of the authentication guide.
Briefly, you need to:
• Send user to authorize url. It starts by redirecting the user to the authorize endpoint: https://login.uber.com/oauth/v2/authorize?client_id=YOUR_CLIENT_ID&response_type=code&redirect_uri=YOUR_REDIRECT_URI&scope=YOUR_LIST_OF_SCOPES .
• Receive the redirect with an authorization code. After the user approves the scopes the user will be redirected to the redirect_uri with an auth code that you can post to the /v2/token endpoint to receive an access token.
• Make a POST call to: 'https://login.uber.com/oauth/v2/token'. This call will return access_token and refresh_token.
• After you get your access_token you can use it in the API's endpoints
In a project I am using Authentication multiple times for different providers, so I am relying on standard libraries.
I want to establish connection with Facebook yet it provides not completely standard authorization.
To test the connection I am using REST Console in Authorization part of it I place a key and secret and for
Authorize URL I provide https://graph.facebook.com/oauth/authorize
Access token URL - https://graph.facebook.com/oauth/access_token
Request token URL I leave empty or fill it with https://graph.facebook.com/
And what I get bck looks like this:
{
"error": {
"message": "Expected 1 '.' in the input between the postcard and the payload",
"type": "OAuthException",
"code": 1
}
}
So my question is how to get authenticated forming standard OAuth calls?
EDIT
For the moment (testing stage) I found that data can be retrieved using no standard authentication but access_token with appropriate values. Yet sending http request with api key and secret exposed in the request url can not be the right way of ding it.
on the client side I am using the flash API to sign in and auth the client
Facebook.init(MyFaceBooyKey, faceBookInit);
Then face book sends back to the client a Signed Request and other stuff.
I the client then sends this signed request to my server.
On my server I process the Signed Request and out pops a FaceBook User id (UID)
So now I am assuming that:
The client who sent the valid signed request is the owner of the Face book UID contained inside it, the client must know the password for that UID, and they are loged into facebook ?
Is this system safe ?
how can i safely use user client side facebook auth to then autho in to a second server, eg a sepreak facebook game server.
How can I make suer that the signed reques has not been coped in transit on the web,
and then sent to me by a thirs party, who now logs on to my server under a Uiffrent UID
How to all theas flash based facebook games auth the users ?
also I note that the same book auth vias the Desktop application dose not send a signed reques ? so how to do the auth to my server in this case ?
All of the auth flows with facebook use SLL (https) and so the data you send/get is secured.
The same goes for all of the graph api requests, if you try to make an api request in http while including an access token you'll get this response:
{
"error": {
"message": "You must use https:// when passing an access token",
"type": "OAuthException",
"code": 1
}
}
If you send the signed request and/or the access token to your server then you should do it by https as well and that way that communication will also be secured.
The client (and I assume you meany the flash client) is not the "owner" of the access token/signed request, your app is the "owner".
If you need the access token on the server side I suggest that you use the Server-Side Auth flow to get it.
If you then need the access token on the client side then you can use a client side auth, since the user already authorized the app and authenticated for sure (through the server side flow) the client side process should be completely invisible for the user, and at the end of it you'll have an access token on the client side as well (a different one than on the server).
"message": "You must use https:// when passing an access token",
"type": "OAuthException",
"code": 1
}
} "message": "You must use https:// when passing an access token",
"type": "OAuthException",
"code": 1
}
} "message": "You must use https:// when passing an access token",
"type": "OAuthException",
"code": 1
}
}