I want to use hello JS only to get the users access token and secret so i can send them to my backend for storage, I tried placing a log like so
twitter.login().then( function(r){
console.log('response===>', r);
}
In the response I can see the access token, but there is no secret, Is there a setting I can enable to get the secret?
many thanks
I found out i can deduce it from the way the auth_token is sent back:
consumer_key:consumer_secret#app_key
Related
Soo...I have an app with flask backend and flutter frontend. It utilizes flask_login to manage users. Problem is - I don't know how to maintain session on client side. Flutter client gets response from server, but I don't see any token, or user_id inside.
So far, I've tried to parse responce, with no luck and I've used solution from How do I make an http request using cookies on flutter?
also, without success.
Server-side https://github.com/GreenBlackSky/COIN/blob/master/api_app/app/login_bp.py
Client-side https://github.com/GreenBlackSky/coin_web_client/blob/master/lib/session.dart
Maybe, using flask_login was not such a good idea after all..
Have you tried with the request_loader approach? You can log in from Flutter client using a url argument and the Authorization header. Quoting from the documentation,
For example, to support login from both a url argument and from Basic Auth using the Authorization header:
#login_manager.request_loader
def load_user_from_request(request):
# first, try to login using the api_key url arg
api_key = request.args.get('api_key')
if api_key:
user = User.query.filter_by(api_key=api_key).first()
if user:
return user
# next, try to login using Basic Auth
api_key = request.headers.get('Authorization')
if api_key:
api_key = api_key.replace('Basic ', '', 1)
try:
api_key = base64.b64decode(api_key)
except TypeError:
pass
user = User.query.filter_by(api_key=api_key).first()
if user:
return user
# finally, return None if both methods did not login the user
return None
If you don't want to use flask_login anymore, I would suggest flask_jwt_extended for your case. Note that authentication will be carried out using JWT tokens instead of sessions.
Basically, you would need to create three routes: one for creating access and refresh tokens when the user logged in, one for refreshing the expired access token with the refresh token and one for removing the tokens when the user logged out. Then you would protect your API endpoints with the #jwt_required decorators.
Please refer to the documentation for detailed implementation.
Ok, so what I am trying to do is a bit odd, so I can't find anything that gives me even a remote idea about how to do this.
I need to access my personal profile posts:
FB.api("/" + myPersonalUserId + "/feed", {limit: 5}, function(data){
console.log(data);
// do stuff with my user info
});
in order to display them on my personal webite, similar to a dynamic blog. But I want it to automatically retrieve these posts without my having to be signed in on each computer that wants to view my site.
Before you get sidetracked on the init, I am using an app and app id that my personal user account has verified access to all permissions.
I know it will require the use of an access token, but how do I get a valid access token without being logged into that computer?
Honestly, I'm starting to question if it is even possible, but if anyone knows how I could accomplish this, that would be awesome!
The best way to achieve this is to just cache the data in your own database and refresh it whenver the user uses your App again.
If that´s not good enough, you have to generate and store an Extended User Token. How to create one is explained in the docs:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
Extended User Tokens are valid for 60 days, there is no User Token that is valid forever. And you should never use Tokens directly on the client, because some user could just copy it from the source. Tokens are meant to be secret, so use it on the server only. You don´t need to use the PHP SDK, a simple CURL call to the Graph API will do it:
https://graph.facebook.com/[your-app-scoped-id]/feed?access_token=[extended-user-token]
Ok, so I found a solution similar to the one above, but offers a permanent access token.
first, build a url:
url = 'https://graph.facebook.com/v2.5/' + {app user Id, not public Id} + '/feed';
url += '?access_token=' + {app Id} + '|' + {app secret};
url += '&fields=id,name,message,full_picture,created_time'; // these scopes should be approved by corresponding user
url += '&limit=5';
then run it by calling a simple ajax request. These variables should be served from the server through ajax, not hardcoded on the client
I'd like my application could read the posts from a group.
To do it, I got the access token in the following url:
https://developers.facebook.com/tools/explorer?method=GET&path=404425692946289%2Ffeed
and I call que following url:
https://graph.facebook.com/404425692946289/feed?access_token=debug_token_generated_from_above_url
And it works like a charm.
But I can't get any results when I call the url above with the token that was generated using my application id and secret:
https://graph.facebook.com/oauth/access_token?client_id=myid&client_secret=mysecret&grant_type=client_credentials <--- The token generated by this url does not work! =(
I am receiving the following data:
{
"data": [
]
}
I supposedly have the read_stream extended permission configured on my application.
One way to check for your self what permissions the token in the API explorer has, is to call /me/permissions
In addition grant_type=client_credentials is for app tokens. You need a user token most likely. Please review the documentation where you got that information from.
So in order to get the insight data for my application I need the access_token with read_insight_data permission. However I don't want a user interaction during the process. Can I get my application's insight data with just application ID and secret?
thanks,
Green
Okay I got it.
First, get client(AKA application) access token:
https://graph.facebook.com/oauth/access_token?client_id=${client_id}&client_secret=${client_secret}&grant_type=client_credentials
facebook will return something looks like:
access_token=XXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Second Use that returned token you can get the application insight data:
https://graph.facebook.com/${client_id}/insights/?access_token=XXXXXXXXXXXXXXXXXXXXXXXXX
I've a simple application in facebook. To change user's facebook status, I need to get code via
https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL
Then I use that code to generate a auth token. With the token I can update user's stauts. It works for one or two days. After that, when trying to generate auth token with code, I got an error like:
{
"error":{
"type":"OAuthException",
"message":"Code was invalid or expired."
}
}
So how long can a code be validate?
There is a way to get an infinite token from facebook. Use the offline_access parameter in requesting permissions, and you will never lose the token.
You just need to grant the publish_stream the first time and get the user id, after that no need to go through this process again and you can just use:
curl -F 'message=Hello World.' \
https://graph.facebook.com/USERID/feed
or in PHP-SDK:
$facebook->api("/USER_ID/feed", "post", array("message"=>"Hello World!"));