Post LinkedIn changes (around May 2015) have disabled our use of the share feature, via API call using the URL http://api.linkedin.com/v1/people/~/shares?format=json. We are now receiving a "403 authorization failed".
Steps taken to rehabilitate our share function:
Confirmed that ClientId & Client Secret keys are still the same as being used in our app
The Default Application Permissions have been confirmed, w_share is selected...which used to be rw_share (no longer available). Other selections made are r_basicprofile, r_emailaddress, & rw_company_admin...which are seemingly not related.
Authorized Redirect URLs are still applied for the domain we are using our application under.
Content type has been set to "application/xml", as suggested by other postings.
We have tried for months...hoping that any post changes to LinkedIn would have resolved our problem, yet nothing we have researched has helped. We figure that this might be a glitch from the permission modification update done by LinkedIn...since our code has never change, yet has worked for 2+ years prior to the May 2015 changes.
We would appreciate any insight as to what is going on here....as we are continuing to have this problem.
I found the problem, it was because the security of Linkedin changed. We had to had to alter the statement:
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Ssl3;
to this:
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls;
If you are relying on the "default application permissions", you may also want to double check that your OAuth code is not still requesting the old (no longer available) member permissions (e.g. rw_nus) via the ?scope= URL parameter, which will trump the "default application permissions" settings you've defined in your LinkedIn app's config.
Otherwise, the w_share permission should still be providing you the ability to post a share to LinkedIn.
Related
I've been trying to use Google's OAuth for authentication on a Catalyst app. I've tried using CatalystX::OAuth2 and Catalyst::Authentication::Credential::OAuth but it seems I get stuck on configuration.
I'd like to get it working on Google and then proceed to Facebook
Any good advice out there? I've googled to death, but there doesn't seem to be a lot out there.
I realise this question is almost 2 years old but just in case it helps anyone else, here is some information obtained from a couple of weeks of testing and debugging. I've also published a test oauth2 client project using CatalystX::OAuth2 at https://github.com/simonamor/oauth2-client - it sort of works with Google although I've not done anything with the token yet such as fetching user profile information and the 'protected' page is broken currently. It might be enough to point you in the right direction though.
There seemed to be a problem with CatalystX::OAuth2 in that it didn't send a scope value, nor could I find a way to make it send one and yet Google's API requires one. Not all providers have this requirement so work ok. Having made a slight alteration to a local copy of CatalystX::OAuth2, I managed to get it to authenticate via Google. The (minor) changes are in a fork of this module, also in my github account.
Visit the Google developers console and create the OAuth2 credentials to use. You'll need them below.
To my oauth2client.yml (from the github project referenced above) I added the following:
Plugin::Authentication:
default:
credential:
grant_uri: [provided by google, ends]/o/oauth2/v2/auth
token_uri: [provided by google, ends]/oauth2/v4/token
client_id: [issued by google]
client_secret: [issued by google]
scope: [provided by google, ends]/auth/userinfo.profile
I don't have a reputation high enough to post more than two links so apologies for missing out parts of the urls above!
This was the only real configuration I needed to setup. By modifying the credential settings I've also used it successfully with dropbox.com as well.
I'm still working on the OAuth2 server side of things and those are the default config within the project which is why you need to add an extra section for Google.
if you provided some info, like where you are stuck and why, I might be able to help.
The cpan has an example config. If you are not using a config file, you can also add it in your Catalyst app, though I would recommend using a config file, there just paste in the example with the data you need specifically.
Using this link I can see that my (tonylampada) id on github is 218821
https://api.github.com/users/tonylampada
How could I do the opposite? Given the user id = 218821, what's the username?
Update
Answering nulltoken here because it's a long story and it won't fit in a comment.
FreedomSponsors is a django application that uses django-social-auth to enable login with Github (and others).
(You should check it out, btw, please see the about page in the blog :-)
Django-social-auth has a configuration flag that allows the application to store the github username on the database.
A few days ago I deployed a new version of FS with github login enabled, but with "storeGithubUsername" set to false.
A few users registered their github accounts, and now the database has their github ids, but not their usernames.
You can se in my profile that I have github as a "connected account" but there's no link to my github page.
I need it to make the link point to https://github.com/tonylampada
I'm ready to deploy a new version that fixes this, by setting the "storeGithubUsername" (that's not what it is called, I'm just simplifying here) to true.
But I'd like to patch the database with the already github-registered users. I have their github ids, but not their github usernames.
We need to do this on Gitter to deal with the situation where a user has changed their username on GitHub and we get a 404 response when querying their old username.
Here's an undocumented endpoint, so use as your own peril, but it does work for now.
Use the endpoint: https://api.github.com/user/:id, where :id is the ID of the user.
Similar endpoints exist for repos and orgs, at
https://api.github.com/repositories/:id and https://api.github.com/organizations/:id respectively.
Note that the new repository redirects preview API only supports repositories, not renamed users or organizations. In fact, the HTTP 301 redirect actually points to https://api.github.com/repositories/:id, so there's a good chance that these "ID" endpoints may in fact become official soon.
There's no documented feature, nor undocumented ones that I know of, that expose the retrieval of the username from the id. From the GitHub API consumer perspective, the user id is an "implementation detail". The real key is the username.
From what I understand, you only require a batch of usernames given a list of ids. And this would be a one time only request, not a permanent need.
As your request seems legit and limited in its scope, you might get this answer directly from GitHub support by dropping them an email at support#github.com.
Indeed, xpaulbettsx, a GitHubber, even tweeted about this:
Support# is good for Anything you want to tell GitHub - bugs, features, high 5s; everything but security which go to security#
By the time I answer this question, the method that works is:
https://api.github.com/user/USER_ID
Remark: It is similar to what Andrew shared in 2015; you just have to remove the colon in the URL he shared.
I am developing an IM client for iPhone, which will have support for an FB account as well. I am using facebook-ios-sdk for getting auth token.
But whatever token I fetch, it does not contain any "|" character as a delimiter. Isn't it supposed to be like <app-id>|<session-id>|<digest>? Thats what I have read. Now, there is no such delimiter. How do I go about fetching the session key now? Or is there any new method for XMPP communication?
Further, is this one of the changes in OAuth2? I see that it will be deprecated from Nov 5 (as of latest update), so the delimited string will not work after that? So that instead of using older authentication mechanism, I should be working on the new mechanism?
I would be really grateful if you could provide some documented evidence regarding this. Thanks.
from where u get the said format?
the access token that you received is likely to be an encrypted token. In your fb app settings, see if the option "OAuth migration" is enabled or not. If it is enabled, then try to set it to disabled and see if this helps.
I found what I was looking for here:
Any way to pull out session key from access token returned by Facebook iOS SDK?
So the point is that with Single-sign-on, we cant get a token that can be used for xmpp. So if you want to make a chat app, you must use the dialog method, and for that, make the changes as suggested in that answer.
I'm developing a small CMS in PHP and we're putting on social integration.
The content is changed by a single administrator who as right for publishing news, events and so on...
I'd to add this feature, when the admin publishes something it's already posted on facebook wall. I'm not very familiar with facebook php SDK, and i'm a little bit confused about it.
If (make it an example) 10 different sites are using my CMS, do I have to create 10 different facebook application? (let's assume the 10 websites are all in different domains and servers)
2nd, is there a way for authenticating with just PHP (something like sending username&password directly) so that the user does not need to be logged on facebook?
thanks
You might want to break up your question in to smaller understandable units. Its very difficult to understand what you are driving at.
My understanding of your problem could be minimal, but here goes...
1_ No you do not create 10 different facebook application. Create a single facebook application and make it a service entry point. So that all your cms sites could talk to this one site to interact with facebook. ( A REST service layer).
2_ Facebook api does not support username and password authentication. They only support oauth2.0. Although Oauth is not trivial, but since they have provided library for that, implementing authentication is pretty trivial.
Please read up on http://developers.facebook.com/docs/.
Its really easy and straight forward and well explained.
Your question is so vague and extensive that it cannot be answered well here.
If you experience any specific implementation problems, this is the right place.
However to answer atleast a part of your question:
The most powerful tool when working with facebook applications is the Graph API.
Its principle is very simple. You can do almonst any action on behalf of any user or application. You have to generate a token first that identifies the user and the proper permissions. Those tokens can be made "permanent" so you can do background tasks. Usually they are only active a very short time so you can perform actions while interacting with the user. The process of generating tokens involves the user so that he/she has to confirm the privileges you are asking for.
For websites that publish something automatically you would probably generate a permanent token one time that is active as long as you remove the app in your privacy settings.
Basically yuo can work with any application on any website. There is no limitation. However there are two ways of generating tokens. One involves on an additional request and one is done client side, which is bound to one domain oyu specifiedin your apps settings.
Addendum:
#ArtoAle
you are right about every app beeing assighend to exactly one domain. however once you obtained a valid token it doesnt matter from where or who you use it within the graph api.
let me expalin this a little bit:
it would make no sense since it is you doing the request. there is no such thing as "where the request is coming from". of course there is the "referer" header information, but it can be freely specified and is not used in any context of this.
the domain you enter in your apps settings only restricts where facebook redirects the user to.
why?
this ensures that some bad guy cannot set up a website on any domain and let the user authorize an app and get an access token with YOUR application.
so this setting ensures that the user and the access token are redirected back to YOUR site and not to another bad site.
but there is an alternative. if you use the control flow for desktop applications you don't get an access token right after the user has been redirected back. you get a temporary SESSION-TOKEN that you can EXCCHANGE for an access token. this exchange is done server side over the REST api and requires your application secret. So at this point it is ensured that it is YOU who gets the token.
This method can be done on any domain or in case of desktop applications on no domain at all.
This is a quote from the faceboo docs:
To convert sessions, send a POST
request to
https://graph.facebook.com/oauth/exchange_sessions
with a comma-separated list of
sessions you want to convert:
curl client_id=your_app_id \
-F client_secret=your_app_secret \
-F sessions=2.DbavCpzL6Yc_XGEI0Ip9GA__.3600.1271649600-12345,2.aBdC...
\
https://graph.facebook.com/oauth/exchange_sessions
The response from the request is a
JSON array of OAuth access tokens in
the same order as the sessions given:
[ {
"access_token": "...",
"expires": 1271649600, }, ... ]
However you don't need this method as its a bit more complex. For your use case i would suggest using a central point of authorization.
So you would specify your ONE domain as a redirect url. This domain is than SHARED between your websites. there you can obtain the fully valid access token and seamlessly redirect the user back to your specific project website and pass along the access token.
This way you can use the traditional easy authentication flow that is probably also more future proof.
The fact remains. Once the access token is generated you can perform any action from any domain, there is no difference as ther is literally no "domain" where the request is coming from (see above).
apart from that, if you want some nice javascript features to work - like the comments box or like button, you need to setup up open graph tags correctly.
if you have some implementation problems or as you said "domain errors" please describe them more clearly, include the steps you made and if possible an error message.
Right now when I use Facebook's new OAuth2 system, it tells the user that my app is requesting to "Publish content to your Wall". How do I disable this (for fear of scaring off users), as I don't need this enabled. Possible?
Getting the user to authorize one of the extended permissions for your app is kind of the point behind authenticating. You may want to see if the data you need is exposed without authenticating (if you in fact need data). If you can get the uid you can see what is exposed to everyone, and per the privacy changes, I mean everyone. Until the privacy "fire", there was quite a bit exposed to everyone, now 'everyone' means the least restrictive tier among multiple privacy tiers rather than the happy-go-lucky default.
So really the question is, what permission are you trying to get?
There are a few unknown variables here such as what type of app you are making etc.
Check your code for one of the extended permissions, you are probably sending one of them such as offline_access in your auth call.