is there any way to check for username availability for tumblr? i want to check if a username is available to register on tumblr.
I tried checking HTTP response of urls like username.tumblr.com but the one that returns 404 are still not available for registration. Any idea?
Thanks!
This is the closest I got:
curl 'https://www.tumblr.com/svc/account/register' --data 'user%5Bemail%5D=x#apple.com&tumblelog%5Bname%5D=USERNAMETOCHECK&form_key=!1231473848212%7CKpTkShMIsrNRL3V1GPCfNlpw6V8&action=signup_account'
BUT:
It's not a public API so your IP might be blocked or it might just stop working without notice.
the form_key parameter might expire after a little while; you should be able to parse that from https://www.tumblr.com/ to get a new one.
Notes:
I found this request from the registration screen in Chrome's developer tool, "copied it as CURL", and removed everything that wasn't necessary.
x#apple.com is just the shortest non-used email address I could think of.
The response will be something like:
{
"redirect": false,
"redirect_method": "GET",
"errors": [
"Someone beat you to that username.",
"You forgot to enter your password!"
],
"signup_success": false,
"next_view": false,
"usernames": [
"..."
]
}
If Someone beat you to that username. is present in the errors, then the username is taken.
Your alternative is using one of the many services and APIs that probably do the same thing.
Related
I want, for example, create a new client with admin user using admin-cli client.
The token generation works fine:
POST /auth/realms/master/protocol/openid-connect/token
b'username=admin&password=admin&grant_type=password&client_id=admin-cli'
Using that token I can also do some queries like when I need to get id of a client:
GET /auth/admin/realms/master/clients?clientId=my-test-cli
H' Authorization: Bearer xyz
H' Content-Type: application/json
However, when I want to create a new client-role or a new client I always get 400 error. I changed the log level to DEBUG in the Keycloak server but there is nothing useful there other than seeing logs that says the token successfully created.
POST /auth/admin/realms/master/clients/7534ac42-fe8b-4cde-b6c6-c385f4958e3b/roles
400 {"error":"unknown_error"}
I am using Python v3.x and Keycloak v14.0.0 running with JBoss Wildfly container.
Looking at admin user, it seems it has all the roles like admin, default-roles-master, create-realm and I don't see any role in the listings to assign because it seems it has it all. The same for the admin-cli client. The configuration of these two (admin user and admin-cli) are the default configuration that you start the server for the first time.
Do I need anything extra like creating a new role or something in order to get this working?
My payload to create a confidential client:
payload = {
"name": "Some Name",
"clientId": "some-name",
"secret": "some-name-secret",
"enabled": true,
"publicClient": false,
"authorizationServicesEnabled": true,
"redirectUris" : ["/*"]
}
I want to answer my question so that everyone with similar situation won't face the same issue.
Turned out that the payload that I was sending was not correct, thanks to #JanGaraj who pointed that out. But what I want to answer here is that how to find out what should the request body look like.
First, do not look at the documentation. In the documentation all the fields are optional and URLs are not correct either.
The simplest way is to start Keycloak server locally and log into the admin console in Firefox or Chrome, then press F12 to open Development Mode. Then you can see all the requests/responses in there.
For example, if you want to see how to update a role, go to Roles menu item on the main menu and select a role and update it. You can see PUT request with its body. That tells you what you need to pass in and to what URL.
As a hint, you don't need to pass everything when updating, normally only IDs and the fields that you want to update are enough.
I am developing a web API which will return Forbidden http status for multiple reasons-
User is blocked.
IP is blocked.
Request limit exceeded.
User is unverified.
I am returning response in following way-
return Content(HttpStatusCode.Forbidden, message); //message : "Limit reached" etc.
Now, I need to handle these reasons differently at client. Should I identify the reason from returned message? This message is to be displayed to user and might change in future.
What is the best practice for this?
What is the best practice for this?
Rather than trying to invent a schema of your own, you should probably look for something standardized, like Problem Details for HTTP APIs.
Problem Details describes a human readable "title" and "detail" field, and a "type" that is a link to human readable documentation.
Consumers MUST use the "type" string as the primary identifier for the problem type; the "title" string is advisory and included only for users who are not aware of the semantics of the URI and do not have the ability to discover them (e.g., offline log analysis). Consumers SHOULD NOT automatically dereference the type URI.
Consumers SHOULD NOT parse the "detail" member for information; extensions are more suitable and less error-prone ways to obtain such information.
Your error message should be descriptive for your client. Ideally you need to include the following information:
developers message (technical description - "cache is out-of-date", "service A is unavailable")
human-readable message (business description - "this time is booked already", "company A is closed and cannot be modified")
hint how to solve ("refresh your cache", "try again in 5 minutes", "request permission A from administrator")
href to your online documentation
Header like "error_code: 100". A custom code should also be described in the documentation. This one you may rely on in your client's code and handle appropriately
Also what do you mean by:
User is unverified.
In case user is not Authenticated (api doesn't know who is he), api is supposed to return 401 http status code. If user lacks some permission and therefore cannot modify the resource than 403 is totally fine. However it would be great to describe which permission exactly is missing
I've been using Parse REST API for push notifications to targeted users (using "where"), it works well . I am now trying to add a custom data field so the devices can handle a tapped notification (i.e. redirect to specific object id etc). From what I have read, I should add the custom properties in the data json node, at the same level as alert, like the documented example below. But every time I make the request I get a 400 Bad Request. But, when I use the Parse.com web console with json: { "alert":"Notification Message","CustomObjectId":"12345" } ... it works - I see the CustomObjectId in the push notification (on the parse.com push tab).
Why is my REST API request failing, but the seemingly same request on the Parse.com website console is working? What am I missing?
My Parse REST Request:
{"where":{"UserId":"MyUserId"},"data":{"alert":"Notification Message","CustomObjectId":"12345"}}
Example from documentation (note this is using channels, not a where though) https://parse.com/docs/rest/guide/#push-notifications :
{
"channels": [
"Indians"
],
"data": {
"action": "com.example.UPDATE_STATUS",
"alert": "Ricky Vaughn was injured during the game last night!",
"name": "Vaughn",
"newsItem": "Man bites dog"
}
}
Thank you for the help,
Tim
For anyone else running into this, make sure you have "REST push enabled?" set to true in your Parse settings on the website. It's defaulted to false. Parse seems to allow 5 or so requests through per day with "REST push enabled" set to false. So after you wire this up, you may think you've successfully integrated with Parse, but then you start getting 400 Bad Request errors. This would lead many to think the issue is with their code possibly malforming requests or missing required parameters, not an authorization level issue like "REST push enabled" is not allowed.
Well, I have done all my best to try to solve this problem, but, still, it's too annoying.
I decided to use OAuth with server-side authentication. So, I have followed Facebook documentation, and I have done the following step.
Create a link which redirect people to log in Facebook by https://www.facebook.com/dialog/oauth?client_id={APP_ID}&redirect_uri=http://abc.com/nextStep.php
In nextStep.php, redirect people to https://graph.facebook.com/oauth/access_token?code={CODE GENERATED BY FACEBOOK}&client_id={APP_ID}&redirect_uri=http://abc.com/thirdStep.php&client_secret={APP_SECRET}
The problem exists when proceeding to step 2. The page shows that:
{
"error": {
"message": "Error validating verification code.",
"type": "OAuthException",
"code": 100
}
}
I have googled for lots of time. Some people suggests to add a trailing slash in the redirect_uri, but it doesn't work. What should I do? And how can I get the user information after getting the access_token? Thanks for your help.
Two things:
First, I’d say you’re missing the state parameter in your first URL … you have to make up a value that the docs describe as SOME_ARBITRARY_BUT_UNIQUE_STRING – some unique id/hash/whatever, that no one from the outside would be able to guess. (Yes, that parameter is optional – but you should use it anyway, because as the docs say it helps prevent CSRF and is therefore an important security measure. If you don’t know what CSRF means, please look it up.)
And second, in your step two, you should not redirect the user’s client to that address, but make a server side call to that endpoint instead. You are putting your app secret into this URL (that’s not the mistake, you have to) – so it would be easy for the user to get it if you called that URL in his browser …!
I’d suggest you start with https://developers.facebook.com/docs/authentication/server-side/ again, reading it carefully from the top – you can hardly go wrong if you really follow the instructions given there one-by-one …
I am trying to use FBGraph to let my app publish messages on the users wall. However, all of the APIs are kind of foreign to me and I am just trying to change things and see what happens. Right now, I am getting this error message
{
"error": {
"type": "OAuthException",
"message": "Invalid redirect_uri: Given URL is not allowed by the Application configuration."
}
}
Does anyone know what it means by redirect_uri? What would it be on my Application Settings page on facebook?
Florin is correct. Just a note here.. when testing locally you will need to set it to:
http://localhost:3000/ (or whatever your app server port is)
Then when you move it to production, set it to your regular URL:
http://yourdomain.com/
I have a separate facebook app that I use in development to test, so I don't have to change back and forth between them and I set up the keys in a settings file, which has my tokens for development and production apps.
Anyways, looks like you are almost there. It is making it back to the callback url at least. Should be fine once you update the facebook_connect URL
I am not a facebook expert, but I hit the exact same problem as you a few hours ago when I was trying to login a user inside a web application with Facebook.
It seems that the redirect_uri which you specify in your call to "https://graph.facebook.com/oauth/authorize" must be on the same domain as the Connect Url of your application. (you can set that connect url from the Connect section in your application's settings)
Regards,
Florin
May need to check your Settings > Basic > Basic Info > App Domain. I believe hat needs to be set correctly for the redirect_uri as well.
I had the same issue.
In my case, I had configured site url on facebook as: "http://localhost:3000", it was a wrong URL to facebook.
The reason is, it lack of the / in the end of url, so the correct site url should be:
"http://localhost:3000/"
Just verify your 'Application ID'. In my case I had that problem because I was using ID from my other project that I was working on. Fairly obvious but I lost some time.
I had to make sure I had the scope in there too:
config.omniauth :facebook, 'xxxx', 'xxx', :scope => 'offline_access,email,publish_stream'
Plus you really need to make sure you wait a couple of minutes because it does take time to propagate..