There are questions related to fb messenger. but as none answers my question, here it is.
I have been given a developer account for API to work on which is 'http'. Meaning I won't be able to use it as Callback URL. I am not authorized to request developer for https too.
How should I proceed?
Facebook requires that the callback url for receiving events use HTTPS as the scheme and specify a verify token in the app's webhook section.You should try to get the server you are working with to install the necessary SSL certificate(s) and update your webhook to point at it.
Facebook requires https. You can use ngrok to convert your local URLs to https based public URL and use them on webhook subscription url.
Related
We have configured two redirect urls (different domain and valid https urls) in the slack app's oauth and permission section. When we try sso it works fine for the first redirect url and when doing sso for the second one we are getting {"ok":false,"error":"bad_redirect_uri"}. Please help us in resolving the issue
I had the same issue. The problem is that there are 2 more places where you have to specify the redirect_uri:
In the URL where you send users for authentication to get the verification code
https://slack.com/oauth/authorize?scope=your_scopes&redirect_uri=your_redirect_uri&client_id=your_client_app_id
When you exchange the verification code for an access token in the POST request to
https://slack.com/api/oauth.access. If you don't provide the redirect_uri specified in the API method documentation https://api.slack.com/methods/oauth.access you will get the {"ok":false,"error":"bad_redirect_uri"} response.
So i'm building a website that requires the user to be github authenticated in order to create and publish blog posts via the netify cms.
so in github i've added the application.
the homepage is set as:
https://example.netlify.com
in order to reach the admin area of the site to post blogs and such the user must navigate to
https://example.netlify.com/admin/ and authenticate via github.
now the authentication part is working, i am logging into my github account but it loops back to the oauth page but with a weird url:
https://example.netlify.com/admin/?error=redirect_uri_mismatch&error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.&error_uri=https%3A%2F%2Fdeveloper.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch&state=5d971eb88a5073cf804e90d5#/collections/blog
I've set my Authorization callback URL to:
https://example.netlify.com/admin/#/collections/blog
which is where the user should log in to, in order to post blogs and articles
so why does it keep looping? i've obviously set up a field incorrectly, i'm assuming that my Authorization callback URL to is incorrect?
Error = redirect_uri_mismatch
error_description=The+redirect_uri+MUST+match+the+registered+callback+URL+for+this+application.
error_uri=https%3A%2F%2Fdeveloper.github.com%2Fapps%2Fmanaging-oauth-apps%2Ftroubleshooting-authorization-request-errors%2F%23redirect-uri-mismatch
The main clue in this error message is redirect_uri_mismatch if you take that and google it you will begin to understand the problem. Part of the security with Identity servers is that the Redirct uri, that being the redirect uri that the Identity server returns your authorization to must be registered on the idnetiy server itself. Someone cant just send a request on behalf of your application and get the authorization back on their own site.
So what ever redirect uri you are sending in your application needs to be registered over on Github for the authorization to work. Its currently not.
You can read more about it here Troubleshooting OAuth App access token request errors
I am trying to configure my bot with facebook messanger through webhooks. But when I put my url into the webhook url field I get a message that it is not an HTTPS url. Did they force it to be only HTTPS? Does that mean that everyone who wants to set up his custom webhooks needs to set up SSL certs too?
Anyways, from facebook's Documentation
Webhook Security
All webhook calls to developer-defined callback URLs are made via HTTPS, ensuring transport-level security for webhook payloads.
To provide additional security a HTTP header X-Hub-Signature is included in each POST payload, which you should use to verify that the payload came from a Facebook server.
I need to scrap a URL with server authentication. I've tried to pass login and password in URL like: http://login:password#example.com but no succeed. Any idea if its possible to pass the authentication on Facebook Debugger?
Thanks!
No, the debug tool does not support that - the URLs you provide to Facebook need to be reachable by Facebook's crawler if you want it to pull metadata from those URLs
I have an app that only runs on https. So my Pag Tab URL and Secured Page Tab URL have the same https url.
I have noticed that I get a blank signed request for users who are using Facebook on http.
Is there a way by which I can get the users to see my secured content even when they are accessing facebook from http?
Facebook says that this configuration is not supported by design. Apps must be available via both HTTP and HTTPS.
Source: http://developers.facebook.com/bugs/210713629051920/
Unfortunately it is necessary you always provide a HTTP alternative
for FB users who want to visit your App under HTTP. In your specific
case, in your http endpoint you will be able to display an specific
message to these users encouraging them to visit the HTTPS version of
your App.