I have created actions on google application with transaction enabled.
Upon successfully placing an order through assistant I am getting a payment token but it is a base64-encoded string and I dont know how to use it to charge the user using Stripe(payment gateway) api.
in actions.intent.TRANSACTION_DECISION, I am getting response by doing :
const arg = conv.arguments.get('TRANSACTION_DECISION_VALUE');
The token I am getting is in this "arg" object :
arg.order.paymentInfo.googleProvidedPaymentInstrument.instrumentToken
Am I supposed to use this encoded token in Stripe or is there some other token?
Thanks.
I spent a while banging my head against the wall on this one I finally found a solution.
const token = JSON.parse(new Buffer(arg.order.paymentInfo.googleProvidedPaymentInstrument.instrumentToken, 'base64').toString('ascii'));
I took this from here:
https://gist.github.com/thorsten-stripe/9928b11dbf45980af058c3284aafd416#file-index-js-L292
Related
I'm writing a dropbox integration against my own account. When file get dropped I respond to a webhook notification and import the files into one of our backend systems.
It's all done in back end server code and there is no real opportunity to pop up a UI to get me to sign in.
I've developed it so far using the access token you can get from the app console but that expires after a few hours.
Are there any auth shortcuts when using the API with just your own account?
I've figured out some shortcuts for myself
First off all as its a background process it needs to be running with "offline" access and using refresh tokens to acquire short lived access tokens.
As there is no UI and its only for my own account I can get an authorisation code via the browser from this URL
https://www.dropbox.com/oauth2/authorize?client_id={{Your APP ID Here}}&token_access_type=offline&response_type=code
then use POSTMAN to get an access Token & Refresh Token:
In Postman:
Post to https://api.dropboxapi.com/oauth2/token
Authorisation Basic
UserName = {{AppKey}}
Password = {{AppSecret}}
Body :x-ww-form-urlencoded
code = <<Auth Code From Browser>>
grant_type = authorization_code
This produces a result with an access_token and a refresh_token
The refresh token will only expire if I withdraw access so that will be safe to add into my config and use to request access tokens or connect to the client.
In my case its c#
using (var dbx = new DropboxClient(refreshToken,appKey,appSecret))
{
var myAccount = await dbx.Users.GetCurrentAccountAsync();
String.Format("{0} - {1}",
myAccount.Name.DisplayName,
myAccount.Email)
.Dump("Account Details");
}
I'm trying to integrate paypal checkout in my website which has a deprecated paypal integration. I'm using server side SDK and I can create and capture a payment with no problems. To do so I'm using clientId and secret generated in paypal Dashboard.
However, in the official documentation it talks about an Access-Token to call APIs but I'm using clientId/secret to do so and until now I haven't had any problems, so what is it for or when is it used?
I also noticed that whenever I made a create order, one of the returned links has "token=XXXXXXX".
Please help.
The client ID and Secret are used to obtain an access token. They are not used for anything else.
An access token is then used for all other REST API calls.
If you are using a server-side SDK, handling of the access token is abstracted by it. You do not need to do anything.
Looking at the docs for the appRequest for actions on google https://developers.google.com/actions/reference/rest/Shared.Types/AppRequest
The user object says that the userId property is now deprecated and that we should use the idToken instead https://developers.google.com/actions/reference/rest/Shared.Types/AppRequest#user
However testing out a V2 action in the simulator, my response only includes a userId property and not the idToken
I'm definitely using V2 of the API and this doesn't say it's an optional field when linking accounts (for what it's worth I haven't done any account linking).
Should this field be included?
That's not quite what that page says.
Yes, it says the userId property is deprecated - it does not show any replacement there. It was deprecated without a direct replacement, although you can create one yourself if needed.
It does not say the idToken replaces it, although you can get a unique ID from the idToken, it doesn't do so directly. It also doesn't give you the idToken unless you take some steps to enable it.
To use the idToken to get a user identifier, you need to do a few things:
Turn on Google Sign In for Assistant.
Request the user sign into your Action using Google Sign In for Assistant or have them sign via other means (Google Sign In for the web or for mobile) to the same project.
When you get the idToken, verify and extract the JWT payload. If you're using the action-on-google library, it will do this for you. If not, this is a standard JWT token which you should verify and the payload includes the ID.
I am playing around with IBM Cloud Functions (OpenWhisk) and trying to setup authentication through OAuth with Facebook as the provider. I have setup an app with Facebook, I am able to successfully connect with this and fetch my token and I am able to verify this by fetching basic profile information (name and userID).
My problems starts when I enable OAuth in the IBM Cloud Functions API. I get a HTTP code 500 back from the call with very little information about what actually went wrong.
{"code":500, "message":"Oops. Something went wrong. Check your URI and try again."}
The only thing that is stated in the dashboard is:
You can control access to your API through the OAuth 2.0 standard. First require an end user to log in via IBM Cloud App ID, Facebook, GitHub, or Google. Then include the corresponding OAuth token in the Authorization header of each API request. The authenticity of the token will be validated with the specified token provider. If the token is invalid, the request will be rejected and response code 401 will be returned.
With this information I got that I need pass the token with the Authorization header. My best guess is that the call fails somewhere when the token is being validated.
I am using Vue and Vue-axios to perform the API call. My current call looks like this:
this.$http.get(API_URL+"?user_id="+localStorage.user_id,{headers :{'authorization':localStorage.token}}).then((response) => {
console.log(response);
});
I have tried adding bearer/Bearer or token/Token in front of the token (some posts I read indicated that you should do this), but this had no impact on the response.
If I disable the OAuth authentication from the Cloud Functions side, the code above works and correctly retrieves the data (with or without the header option).
From the Chrome Dev tools it looks to me like the token is added correctly to the request, since the request headers have the Authorization header with the token.
I am not that familiar with OAuth or IBM Cloud Functions, so the problem might have a very easy fix. However, I am unable to find documentation which clearly shows me how I am supposed set this up. I am also unable to find any logs or more information about what actually fails here. Am I missing something obvious here?
Kjetil
I encounter an issue where I invoke eBay GetOrders API
<faultstring>Auth token is invalid.</faultstring>
<faultactor>http://www.ebay.com/ws/websvc/eBayAPI</faultactor>
<detail>
<FaultDetail>
<ErrorCode>931</ErrorCode>
<Severity>Error</Severity>
<DetailedMessage>Validation of the authentication token in API request failed.</DetailedMessage>
I am able to successfully get a token from eBay and refresh it, I tested the rest API with the same token and it seems to be working properly.
Any ideas how this can be resolved? or what can cause this error? eBay docs provide some hints about the token validity but this was tested and it does not seems to be the issue.
All is written using Java SDK
I managed to solve the issue. There are two ways to authenticate to ebay API, one is using oauth and the other is Auth n Auth. it appears that when you like to use the java soap api you need to get a token via auth n auth method and ask for a session id, once that you have the session id you need to ask for a token. the oauth method is suited for the REST API.
I hope that will help someone
Did You tried to test token by the ebay developer testing tool? There is a tool where You can test tokens, headers, requests etc.
PS. Make sure that You choose right enviroment - sandbox or production. Token for the sandbox is different as token for production environment.