I came across the badge section on jwt.io and the 'View on jwt.io' caught my eye. Is there a way to link to jwt.io, which then shows the users JWT token (from my application) and my verification key?
Skimming through the code of their page I couldn't find a clue on how to do that. Did I miss something on their page?
I'm still trying to find the answer on how to preload the secret with my own, to help users see what was happening.
However I did manage to get the link to work correctly though:
https://jwt.io/#id_token=your-token-here
Found it on their blog post:
https://auth0.com/blog/2015/07/21/jwt-json-webtoken-logo/
Not sure how you were supposed to find it before they linked that post on jwt.io.
Also linking this here, because I only just found it. I had been trying to find a nicely formatted documentation for our users for ages (before we just linked them to jwt.io):
https://auth0.com/learn/json-web-tokens/
I know it is many years later, but I have found how to pre-load the keys information (which I could find by using the "Share JWT" option, which actually creates a link).
The jwt.io debugger accepts additional query parameters:
token - the JWT token value
publicKey - as the name implies
Probably it does accept private key parameter, if given, and properly URL encoded, but did not test it. The example below uses a JWK form for the public key, but PKCS#8 and PKCS#1 are also accepted.
Example
Related
So, I'm making this application, and it's required that it has an embed thingy containing the recent LinkedIn posts as well as basic profile info of the company...
Since I like the Law of Minimum effort, the first thing I saw that made my eyes sparkle was the RSS feed... But it seems like it's been phased out. It just redirects to the company page, period.
Then I realized that we have 2 APIs, v1 being superdead since May.
So, I succesfully generated a v2 access token, keeping in mind that it will have to be renewed every 2 months, but hey, nothing's perfect.
Anyway, I know there's a v1 endpoint that would seem to put me on the right track:
https://api.linkedin.com/v1/companies/{id}:
(id,name,ticker,description)?format=json
However, when I go to the v2 docs (https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin/context), there's this entire, very detailed section about Authentication, and a section titled "API guide" which talks about "API Concepts" as well as "Best Practices"... but no section detailing just where the endpoints are and how to use them?????
Please, help me, SO, how do I get a company's recent posts as well as basic info like name and pfp?
Thank you in advance.
UPDATE: I have made progress, I think.
I found this: https://learn.microsoft.com/en-us/linkedin/marketing/integrations/community-management/shares/company-pages-migration
And this: https://learn.microsoft.com/en-us/linkedin/marketing/integrations/community-management/organizations/organization-lookup-api
I am making the call and after basically having to guess how to input my token (it must be included as the oauth2_access_token parameter) I get a 403 error DESPITE me being an administrator for the organization I'm looking up.
Call: https://api.linkedin.com/v2/organizations/XXXXXXXX?oauth2_access_token=my-token
Response:
{"serviceErrorCode":100,"message":"Not enough permissions to access: GET /organizations/00000000","status":403}
This makes me think maybe I need to request extra permissions on authentication... but THAT I do not find anywhere (i.e. what the permissions are. I only find really vague stuff with NO details. eg: https://learn.microsoft.com/en-us/linkedin/shared/authentication/permissions?context=linkedin/context)
UPDATE 2: As suggested by #ManvinderSingh I removed the oauth2_access_token param and instead included my token in the Authorization header. This works awesome for the /v2/me endpoint, for instance, BUT still 403's me on the v2/organizations/XXXXXXXX endpoint for an organization that I am an admin of.
As per the documentation https://learn.microsoft.com/en-us/linkedin/shared/authentication/authorization-code-flow?context=linkedin/context#step-4-make-authenticated-requests.
You have to send the token in the Authorization header like this.
Authorization: Bearer {access_token}
I'm trying to use my generated App Access Token with requests to the Graph API, but for some unknown reason it simply will not work. I always get the dreaded Invalid OAuth access token signature error.
Now, let me clarify: I'm pretty sure I know what I'm doing. I did get it to work with a different FB app. I used the /oauth/access_token call to generate the App Access Token, and I can use that Token successfully in further graph calls for that FB app.
But when I try it for my new FB application, it fails. This is the Rails snippet:
app_access_token = URI.escape(ENV["FACEBOOK_APP_ACCESS_TOKEN"])
url = "https://graph.facebook.com/debug_token?input_token=#{user_access_token}&access_token=#{app_access_token}"
response = HTTParty.get(url)
I've also tried not-encoding the token; as expected, it doesn't work (and shouldn't).
I've double- and triple-checked my App ID and App Secret, and re-ran the generation (via curl), and I think it's all correct and copy/pasted without error. The only possibly-notable difference between the generated token of my old app and that of my new one is that the latter has a hyphen in it. Is that relevant?
I am currently working around this by using <App ID>|<App Secret> in place of the generated token, but I'd really like to get back to doing it the right way.
Argh! It turns out that I had a few extra characters that somehow got attached to the end of my generated token!
I don't know how those got there, but that was the problem. Just dumb old human error.
EDIT: Oh my god, every Facebook developer should know this page:
https://developers.facebook.com/tools/accesstoken/
Why isn't that linked from the docs about the access token? It would have saved me so much time and probably prevented my mistake!
I am writing a simple procedure that automatically makes a facebook
post. From what I understand, I need to have a "user access token" to
do this. I am using Koala (but the philosophy is similar for other
libraries). Anyway, I create a new OAuth account:
#oauth = Koala::Facebook::OAuth.new(app_id, app_secret, callback_url)
The koala instructions then become somewhat unclear. The next two lines are:
#oauth.url_for_oauth_code # generate authenticating URL
#oauth.get_access_token(code) # fetch the access token once you have the code
Where does the "code" variable come from? It doesn't say in the
documentation. Also, does the "get_access_token" method get an "app
access token" or a "user_access_token"? The method name is not clear.
I tried going to the url that the [url_for_oauth_code] method gave me,
but it gives me no code! Where does the "code" variable come from?
On the front page of Koala it states you need to go through the OAuth process described at http://developers.facebook.com/docs/authentication/ (this is an old link but the content within is valid)
Specifically
#oauth.url_for_oauth_code
https://github.com/arsduo/koala/blob/master/lib/koala/oauth.rb#L85
Generates a URL that you need to direct the user to based on the repo it's something like
https://www.facebook.com/dialog/oauth?
client_id={app-id}&
redirect_uri={redirect-uri}&
scope=email
Based on the documentation https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.2#login, when the response_type is omitted the default response type is code. So the above is equivalent to
https://www.facebook.com/dialog/oauth?
client_id={app-id}&
response_type=code&
redirect_uri={redirect-uri}&
scope=email
So on redirect to redirect-uri, this URL will be appended with the code param which you must handle then supply to
#oauth.get_access_token(code)
The access token is a user access token.
Well, I have done all my best to try to solve this problem, but, still, it's too annoying.
I decided to use OAuth with server-side authentication. So, I have followed Facebook documentation, and I have done the following step.
Create a link which redirect people to log in Facebook by https://www.facebook.com/dialog/oauth?client_id={APP_ID}&redirect_uri=http://abc.com/nextStep.php
In nextStep.php, redirect people to https://graph.facebook.com/oauth/access_token?code={CODE GENERATED BY FACEBOOK}&client_id={APP_ID}&redirect_uri=http://abc.com/thirdStep.php&client_secret={APP_SECRET}
The problem exists when proceeding to step 2. The page shows that:
{
"error": {
"message": "Error validating verification code.",
"type": "OAuthException",
"code": 100
}
}
I have googled for lots of time. Some people suggests to add a trailing slash in the redirect_uri, but it doesn't work. What should I do? And how can I get the user information after getting the access_token? Thanks for your help.
Two things:
First, I’d say you’re missing the state parameter in your first URL … you have to make up a value that the docs describe as SOME_ARBITRARY_BUT_UNIQUE_STRING – some unique id/hash/whatever, that no one from the outside would be able to guess. (Yes, that parameter is optional – but you should use it anyway, because as the docs say it helps prevent CSRF and is therefore an important security measure. If you don’t know what CSRF means, please look it up.)
And second, in your step two, you should not redirect the user’s client to that address, but make a server side call to that endpoint instead. You are putting your app secret into this URL (that’s not the mistake, you have to) – so it would be easy for the user to get it if you called that URL in his browser …!
I’d suggest you start with https://developers.facebook.com/docs/authentication/server-side/ again, reading it carefully from the top – you can hardly go wrong if you really follow the instructions given there one-by-one …
I found a good tutorial for building Facebook membership Authentication website which demo file is here > http://niftyandcrackerjack.com/sites/default/files/Test.zip
I wonder this example does not use access token to retrieve Facebook User Info. It use classes inherits from the masterpage. As I am new to ASP.NET, I don't know how to retrieve Facebook user info. Can someone give me and suggestion or explain...... Thanks,
My finding so far indicate that basic information cannot be accessed unless one has either 'userid' or 'username' as in this post.
If one has to try and fetch basic information using following url, then access_token is needed
http://graph.facebook.com/me
Perform an HTTP GET to https://graph.facebook.com/{userid} or HTTP GET to https://graph.facebook.com/{username}
Examples: Click the link below to see the JSON response.
https://graph.facebook.com/4
https://graph.facebook.com/zuck
Pretty cool, eh? And no token needed to get at this public info.
You can get more info on this here: https://developers.facebook.com/docs/reference/api