I'm trying to use a new dropbox datastore API with my chrome extension. If used as specified in tutoria, auth will fail with error 400:
Invalid redirect_uri: "chrome-extension://anzbpdekhbhcbekwmfazaophjcaabshl/chrome_oauth_receiver.html". It must exactly match one of the redirect URIs you've pre-configured for your app (including the path)
If i add this URL to my app profile at dropbox website, all works fine. But "anzbpdekhbhcbekwmfazaophjcaabshl" is a computer-unique value, it will be different for each extension installation for each user. Is it possible to somehow fix this or dropbox datastore API is intended to be used on static websites where redirect url is known?
Update 1
Extension ID is random for manual/non-public extension installation.
Update 2
I have found a way to make extension ID persistent: just pack it, generate a public key fro private .pem key and set this key's base-64 encoded value as 'key' in manifest.
Moving my comment to an answer (and see updates to the question for details):
I thought that the extension ID (the part right after chrome-extension://) was not user- or computer-specific and remained the same everywhere the Chrome extension is installed.
I'm successfully using the Datastore API from a Firefox extension. The trick is to attach the dropbox scripts to an actual webpage, not a local page. I have a blank page hosted on my server, and the extension opens that page and attached the necessary scripts. From there it redirects the user to the Dropbox authentication page.
Once the user has authenticated I open the same page in a "headless" tab using the page-worker API. (I don't know if Chrome extensions have the equivalent functionality)
The redirect URL has to be https so you'll need to get an SSL certificate for it to work.
Related
We have a multi-site environment where each site has its own redirect URL. We want to use a single Client ID and Secret for our application but register multiple redirect URIs to it. Is it possible to add multiple URLs in below registration form:
I don't think there is possible solution to add on multiple URLs on the SharePoint online app registration form.
But from what i understand there is another way to achieve use a single Client ID and Secret for application and perform multiple redirects.
You can control the redirect url using the appredirect.aspx by specifying the redirect_uri parameter if you need to redirect from the default one check here for reference.
Basiclly it call the subsite page containing the below JS to install the app.
var url = String.format(
"{0}/_layouts/15/appredirect.aspx?client_id={1}&redirect_uri=https://***.azurewebsites.net/<<controller>>/<<view method containing the code to install the app>>?{{StandardTokens}}",
<<subsite url>>, "<<client id>>");
window.location.href = url;
The above javascript calls the appredirect.aspx page which then calls the app site as below,
https://****.azurewebsites.net/home?SPHostUrl=<<subsiteurl>>&SPLanguage=en-US&SPClientTag=1&SPProductNumber=**&SPAppWebUrl=<<weburl>>
Note: The above can be extended to check for the successful installation of the app and display an error message accordingly.
SPWeb.LoadAndInstallWeb equivalent REST / Javascript CSOM is also available here.
Here are some relevant links:
Use the redirect URL in an add-in that asks for permissions on the fly
Redirect URIs and a sample redirect page
hellojs twitter error
When i run the twitter demo from demo folder and clicked on twitter button it give me following error
url is undefind in hello.js file on this line if(url.indexOf(x)>-1){
how to fix this error
thanks
When running the demo page in question
http://adodson.com/hello.js/demos/twitter.html
You'll see...
hello.init({
'twitter' : TWITTER_CLIENT_ID
},
{
redirect_uri:'../redirect.html',
oauth_proxy: OAUTH_PROXY_URL
});
The setup includes an OAUTH_PROXY_URL variable. This tells HelloJS the location of the server-side shim in order for this to work with OAuth1 authorisation providers like Twitter (unlike OAuth2 providers which can share authentication tokens purely client-side)
If running this from a local domain like //localhost this will have been an undefined value.
You'll need to do two things to get the demo working.
Define the oauth_proxy option in the demo code. See http://auth-server.herokuapps.com for setting one up. OR remove it entirely and by default it will use the above service - you'll need to register third party apps there (recommended).
Change your development environment in your host file to something other than //localhost, that way you can register OAuth2 providers which are domain sensitive and often wont let you use localhost when registering your apps callback URI. If you change your development environment to be local.knarly.com with hello.js project as a subfolder - then you can skip step 1 as the oauth_proxy will be defined correctly.
I am working on an app where I have to use Yahoo account to login.
I had gone through this link and followed the procedure as it was there.But I am unable to get back to my app after authentication.After googling I found an answer here.Here he said that "Add an URL Scheme in your info.plist file with the YOUR_APP_ID_OR_BUNDLE_ID" I did the same,but unable to redirect from yahoo to my app.If any one worked on this please help me.Thanks in advance.
This is what I had done in my URL Schemes
where JCzOzd44 is my app ID.
In yahoo account while creating the app.what should I give in "Application Domain"
I didn't work with the Yahoo! API yet, but in oauth it works like that:
Create an url scheme in your app. You can do that in the Info section of your project settings (URL types). Name the scheme whatever you want, for example your app id.
When you authenticate your app, you can pass a parameter named oauth_callback. Here you have to pass the name of the just created url scheme.
This should be it - when the login is ok on the Yahoo side, it will try to open the app that is registered for the url scheme it got as callback parameter.
UPDATE:
From the Yahoo! API documentation - this is the call you do when requesting the oauth token somewhere in your code (I filled in your url scheme as the callback, this is how it should look like):
https://api.login.yahoo.com/oauth/v2/
get_request_token?oauth_nonce=ce2130523f788f313f76314ed3965ea6
&oauth_timestamp=1202956957
&oauth_consumer_key=123456891011121314151617181920
&oauth_signature_method=plaintext
&oauth_signature=abcdef
&oauth_version=1.0
&xoauth_lang_pref="en-us"
&oauth_callback="JCzOzd44://"
Of course the request should be signed.
I have found the solution though with a little overheads.
Steps are: 1> Create a PHP script in you own server (say named, YRedirect.php).
2> Paste the following code in it-
CODE
<?php
$query = $_SERVER['QUERY_STRING'];
header("Location: com-mycompany-myapp://oauth-response?" . $query);
>
Where "com-mycompany-myapp" is your bundle identifier
3> Add an URL Scheme in your info.plist file with the YOUR_APP_ID_OR_BUNDLE_ID. That's it and you are DONE with the authentication problem.
In your code
[self.session sendUserToAuthorizationWithCallbackUrl:#"http://yourdomain.com/YRedirect.php"];
Then, register a custom URL scheme for your iPhone application from your Info.plist file, and then setup your server side script to redirect Safari back to your application via the URL scheme you just set up.
Thanks for this valuable information. Following your instructions I got the auth & call back working and the php page loads the app.
I'm developing my first Facebook app using custom Open Graph actions and objects, and I'm trying to avoid needing to deploy after each code-change (in this case, to my automatically setup heroku-account).
The problem started while I was getting set up to test the publishing of my first custom action. I was trying to set up everything in terms of the dev-version of my facebook-app, except for my "object" page, which, as I understand it, needs to be publicly accessible (to scrape the OG meta-tags).
I made a test-page for my custom object, copied the auto-generated set of OG meta-tags into it (citing the dev-version of my app_id, but with the public URL of the prod-version of my app for og:url) Then, I used the facebook "lint" tool on that test-page, and it, I guess not surprisingly, complained about that public domain being invalid for the relevant app (the dev-version of my facebook app).
Object Base Domain Not Allowed: Object at URL
'http://foo.herokuapp.com/testEventPage.php' of type 'foo:product' is
invalid because the domain 'foo.herokuapp.com' is not allowed
for the specified application id '(the app_id)'.
Then, I learned about using Tunnlr to port-forward from a public site to my local env and proceeded to get that set up.
I'm using MAMP with a virtual host config as follows:
<VirtualHost *:8888>
DocumentRoot "(the relevant docroot)"
ServerName foo.local
SetEnv FACEBOOK_APP_ID (my dev FB app-id)
SetEnv FACEBOOK_SECRET (my dev FB secret)
</VirtualHost>
And I'm using tunnlr, with the cmdln for it pointing to port 8888.
Using the public URL provided by Tunnlr, I am successful in accessing my local pages, but, when I try to use the "Login" button on the page that came with the example PHP-code from Facebook, the login-dialog pops up but immediately disappears, though when accessing it directly locally it works fine.
Could this be cookie-related? Something to do with port-forwarding and cookies?
Is there a better way to develop Facebook apps, in particular ones involving custom Open Graph actions and objects?
EDIT: like the doctor said, if it hurts when you move your arm like that, don't move your arm like that! In other words, access the Tunnlr-URL via the Facebook-Canvas URL, which POSTs the embedding page's current login to your own page; and, as a user (optionally a test-user), don't use the example-code's login-button; instead use the embedding page's login-feature. So, I've answered my own question.
I am developing flash application as single swf file, without HTML wrapper (but for sure I have this swf located at my hosting). I have create application at developers section. The problem I have faced is: when I post this SWF to the my wall at FaceBook I can not get any call from this SWF of the URLloader or ExternalItreface.
For example, I need to do Signed Request in order to get user information but I have got Security Error which say that my domain cannot get information from apps.facebook.com
The request I am doing is a simple:
var urlRequest:URLRequest = new URLRequest("http://apps.facebook.com/my_app_name");
Is there any way to inform faceebok that my hosting is a security save?
If you want to grab things cross domain, the easiest way is to use a script on your server. If you're using php, you can easily connect to http://my.domain/my_script.php which can then CURL the info from http://apps.facebook.com/my_app_name or anywhere else. You can then (parse and) pass that info to your swf.
Otherwise, you're going to need permission from the target to add a crossdomain rule for you.