With Facebook, I can successfully send a question to myself using /me/questions?question=question&options=["answer1","answer2"].
But I can not send a question to another user. With another user's ID instead of "me" I get an error:
{
"message": "(#240) Requires a valid user is specified (either via the session or via the API parameter for specifying the user.",
"type": "OAuthException",
"code": 240
}
Basically you need a token that incorporates the publish_stream permission for the specified user id. See:
https://developers.facebook.com/docs/reference/api/user/#questions
Related
I want to use custom events in Dialogflow to invoke an event (Welcome event) from my ionic application. I need to call an end point as described in link, I am calling the same from postman but getting error below -
{
"code": 401,
"status": "UNAUTHENTICATED",
"message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project."
}
I am putting correct access token, projectId, Intent id of my agent.
Please let me know, If there are other way to call Dialogflow welcome event from Ionic app. It would be great.
Is there a way to add 2FA to Facebook's Oauth2 flow? The following error is returned when trying to hit the graph API's insights endpoint for a user that has 2FA enabled on their FB Business Manager account:
"error": {
"fbtrace_id": "HrY8K9KfT4U",
"error_user_msg": "Unknown error",
"message": "Two factor authentication required. User have to enter a code from SMS or TOTP code generator to pass 2fac. This could happen when accessing a 2fac-protected asset like a page that is owned by a 2fac-protected business manager.",
"error_subcode": 1404120,
"type": "OAuthException",
"error_user_title": "Ask user to pass two factor authentication",
"is_transient": false,
"code": 415
}
I've seen this issue a couple of times and the problem usually extends from the Business Manager having two-factor authentication enabled, but the user making the API calls does not have two-factor authentication enabled on their account.
In all the cases I've seen, having the user enable two-factor authentication on their account, and pass through the 2-fac login flow has fixed the issue for the user.
I'm looking for a unique identifier for authorized users with oauth2, with scope https://www.googleapis.com/auth/analytics.readonly.
Without google plus scope https://www.googleapis.com/auth/plus.login.
At google document reference i found username field. Description says.
Email ID of the authenticated user
I'm wondering if this field is unique identifier or not.
Any knows anything about this?
This is kind of a round about way of doing it but the Management API has a method called accountSummeries.list it returns a list of google analytics accounts the current authenticated user has access to.
It also returns Username which is their email address.
username string Email ID of the authenticated user
{
"kind": "analytics#accountSummaries",
"username": string,
"totalResults": integer,
"startIndex": integer,
"itemsPerPage": integer,
"previousLink": string,
"nextLink": string,
"items": [
management.accountSummaries Resource
]
}
This is the only method I have found that just uses the google analytics API to get info about the user. Alternative is to request profile or email scopes as well and then go though the people API.
Note: You can also decrypt the token id returned by the authentication which will give you Googles internal unique user id. This is a bit harder way of doing it though.
In a project I am using Authentication multiple times for different providers, so I am relying on standard libraries.
I want to establish connection with Facebook yet it provides not completely standard authorization.
To test the connection I am using REST Console in Authorization part of it I place a key and secret and for
Authorize URL I provide https://graph.facebook.com/oauth/authorize
Access token URL - https://graph.facebook.com/oauth/access_token
Request token URL I leave empty or fill it with https://graph.facebook.com/
And what I get bck looks like this:
{
"error": {
"message": "Expected 1 '.' in the input between the postcard and the payload",
"type": "OAuthException",
"code": 1
}
}
So my question is how to get authenticated forming standard OAuth calls?
EDIT
For the moment (testing stage) I found that data can be retrieved using no standard authentication but access_token with appropriate values. Yet sending http request with api key and secret exposed in the request url can not be the right way of ding it.
on the client side I am using the flash API to sign in and auth the client
Facebook.init(MyFaceBooyKey, faceBookInit);
Then face book sends back to the client a Signed Request and other stuff.
I the client then sends this signed request to my server.
On my server I process the Signed Request and out pops a FaceBook User id (UID)
So now I am assuming that:
The client who sent the valid signed request is the owner of the Face book UID contained inside it, the client must know the password for that UID, and they are loged into facebook ?
Is this system safe ?
how can i safely use user client side facebook auth to then autho in to a second server, eg a sepreak facebook game server.
How can I make suer that the signed reques has not been coped in transit on the web,
and then sent to me by a thirs party, who now logs on to my server under a Uiffrent UID
How to all theas flash based facebook games auth the users ?
also I note that the same book auth vias the Desktop application dose not send a signed reques ? so how to do the auth to my server in this case ?
All of the auth flows with facebook use SLL (https) and so the data you send/get is secured.
The same goes for all of the graph api requests, if you try to make an api request in http while including an access token you'll get this response:
{
"error": {
"message": "You must use https:// when passing an access token",
"type": "OAuthException",
"code": 1
}
}
If you send the signed request and/or the access token to your server then you should do it by https as well and that way that communication will also be secured.
The client (and I assume you meany the flash client) is not the "owner" of the access token/signed request, your app is the "owner".
If you need the access token on the server side I suggest that you use the Server-Side Auth flow to get it.
If you then need the access token on the client side then you can use a client side auth, since the user already authorized the app and authenticated for sure (through the server side flow) the client side process should be completely invisible for the user, and at the end of it you'll have an access token on the client side as well (a different one than on the server).
"message": "You must use https:// when passing an access token",
"type": "OAuthException",
"code": 1
}
} "message": "You must use https:// when passing an access token",
"type": "OAuthException",
"code": 1
}
} "message": "You must use https:// when passing an access token",
"type": "OAuthException",
"code": 1
}
}