For box.net is it possible to get the OAuth2 Authorization Code without using the browser?
I am trying to use perl and have managed to get to the grant access page. This is the page where user presses the grant access button in the browser.
Sending post via perl in earlier stages works fine, but it does not work simulating the grant accrss button and returns
HTTP/1.1 500 Internal Server Error
Connection: close
with message "Your Box account may be temporarily unavailable. We're working on resolving the issue and should be back up soon."
i got the same response when i used curl. If i try it with the browser it works fine by returning the authorization code in the url part of the browser.
No, the purpose of that page is for the owner of the Box resources to consent to giving your app access. If he's not logged in, he will have to enter credentials and then consent. You see the consent page, because you are likely to be authenticated already; but the general use is that your app is requesting a user access ti his data in box.
ok i solved my problem....turned out i was missing some parameters, so i used fiddler and found out the post/get parameters that where needed and i recreated the requests using libcurl. And in doing so i was able to bypass the browser.
Related
Iam new to gadgets.
Iam using the oauth2 example for facebook authentication which is bundled with Shindig 2.5.0
The file is under /gadgets/oauth2/oauth2_facebook.xml
I don't know whether this is an issue or not?
I created a gadget container like commoncontainer is created.
Inside the gadget url i have given the above facebook gadget url.
I have created a facebook app and i have configured all the details in oauth2.json file.
When the gadget is rendered, it is asking for facebook username and password. After that it is returning some data.
The main problem here is, after this whenever i access the same gadget over the container it is not asking for the facebook credentials. Simply it is logging with the earlier credentials(I donno how the conainer is storing). Even I access the same gadget in other browser also, it is not asking for creadentials.
I googled it but i didn't find anything regarding this.
Even after deleting all the cookies in the browser, it is not asking for the credentials unless I restart the app server.
Please help me on this.
Is there anyway restrict this kind of behaviour?
Shindig stores the access token on the server. In a production implementation the access token would be stored by individual user, but the sample implementation does not have this concept right now. OAuth access tokens are usually long lived, so the user should not have to go through the oauth dance for a while. Once the access token expires you would have to do the dance again.
when I do a get request to
https://graph.facebook.com/[userid]
with the access_token i get all the basic info
but when I do
https://graph.facebook.com/me
with the same token i get an error message: An active access token must be used to query information about the current user
I have tried to under stand what can cause that.
I even tried to token that comes with the signed request
I'm on classic asp, with JSON library, I want the auto to be server side if possible. the FB.api("/me" is working but it is not what i really want to achive
I am pretty sure you don´t have a user access token. Did you login the user? Of course you get the public data of every user with your first link, even without any access token. You can even put it directly in the browser and will get results. But for "/me" you have to authorize the user to your app.
See here: https://developers.facebook.com/docs/howtos/login/server-side-login/
It is the same problem as in the other thread for sure, just a different Programming language.
Remember: If the user did not accept at least the basic permissions in a dialog or redirect, he is not logged in and you will never know anything about him in the app (except for some specifics in tab apps, like language, like-status and stuff).
I'm trying to get an auth token for a user using OAuth.
Everything works fine and I'm getting the token wonderfully when the users tries to access the app using HTTPS, meaning from https://apps.facebook.com/APPNAME . However, if the user is coming from HTTP (which most users are) I get a 400 error from facebook when trying to get:
https://graph.facebook.com/oauth/access_token?code=XXXXXXXX-XXXXXX-XXXXXXXXX&client_secret=YYYYYYYYYYYYYYYYYYYYY&redirect_uri=https://fb.myapp.com/fb_connect/&client_id=ZZZZZZZZ
{
"error": {
"message": "Error validating verification code.",
"type": "OAuthException"
}
}
Why is this happening?
We have experienced a similar issues since Facebook began to require SSL certificates on apps.
OAuth 2.0 works correctly with PHP SDK 3.1.1. If you are using earlier versions, go to GIT HUB and upgrade.
However, even with 3.1.1, signed requests return NULL from http:// when Facebook users have not enabled secured browsing.
Solution is to 1. use javascript to add a redirect at the top of your script or 2. add a (a href =https://your app url*) link somewhere.
There is a major flaw in FB as all of FB links in the left side page menu are http:// when user has not enabled secured browsing.
I had the same problem but I found out that it was because the user did not confirm the e-mail address yet. So you won't get any token for a new user that has not confirmed his email address. Just in case, I thought it was useful for this topic.
A problem for me with the "Error validating verification code" were the redirect_uri.
Between the request for user authentication (returnung the code) and app authorization/authentication should be the same.
TL;DR version:
Can you authenticate with Facebook without having a callback URL for a web application since the web application isn't actually running on a server.
Full explanation:
I'm working on building a connectedTV platform application where the "app" itself is a bunch of HTML/JS/CSS running locally (like File -> Open on your desktop browser) and I'd like to integrate Facebook into this.
The problem is that all of Facebook's OAuth calls for the web require you to have a callback URL to redirect the user to in order to complete authentication. Here's the gotcha -- there is no URL for this application -- it's a locally running webpage on the device.
I know this is what out-of-band authentication was designed for, but I can't seem to find any documentation on how to use this (or how to do a non-callback OAuth flow) with the Facebook OAuth system.
You're describing desktop authentication or any situation where you are authenticating to FB without a server. The redirect URL you pass to the OAuth dialog is https://www.facebook.com/connect/login_success.html When the browser redirects you can get the access token. You can read all about it in the FB documentation, way at the bottom in the Desktop Apps section (https://developers.facebook.com/docs/authentication/)
Just reread your question and since the application runs inside a browser you will need to open another window to authenticate and get the access token from that.
If you're doing HTML/Javascript, use their Javascript SDK. You can log the guy in simply by using FB.login and getting the access token from the callback from that.
I really don't think this is directly possible. Unless there is something totally undocumented, Facebook has no mechanism to send authentication data except by loading a url. I'm sure it's meant at least partly as a security measure, functioning as sort of a "whitelist" of where auth data will be sent.
The only way I can think of for you to work around it might be to set up a url on a server somewhere that could answer the redirect and store the auth data, and have your client-side code poll that server to get it. Kind of a proxy authentication service, in effect. You would probably have to open a second browser window with the Facebook auth screen in it, but in theory it could work.
just to recap the process:
I call https//graph.facebook.com/oauth/authorize?client_id=.. to get a code.
This redirects the user to the facebook login page. They login. A FB session is created in their browser.
The browser redirects to http//www.mysite.com/connect/callback?code=..
I take that code and exchange it for a token: https//graph.facebook.com/oauth/access … ent_id=...
I use that token to call the Graph and REST APIs, doing stuff on the users behalf like querying on me.
To clarify, I know the token works as I can request information on /me.
My problem is that when I access facebook.com in another tab, I get told that I need to log in and it kicks me out.
I've added in functionality to curl to save cookies and I get:
# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.
.facebook.com TRUE / FALSE 1134567810 datr 1121456789-111cabef6e8b649338941b9ab289739a38803ec932211a0bec3ee8
Is this correct? Is there anything more that should be there?
Should I be able to authenticate to FB with my external site and then access FB without getting kicked out?
Thanks for any help, I will appreciate it.
Ignore this, as I was always using 1 tab for the facebook page and refreshing it. Apparently theres something in the links of facebook that carry session data. Once I started closing the link when I logged out of facebook and then opening either a new window or tab and then logging into facebook, its fine.