When I send a request to https://graph.facebook.com/me/home?access_token=(access code goes here) Facebook gives me this error message:
{
"error": {
"type": "OAuthException",
"message": "An unknown error has occurred."
}
}
Every other API call works. If anybody knows anything about this issue, please help me.
Facebook does not have very good error messages...
Apparantly, "An unknown error has occurred" means that I did not have valid permissions to access the user's news feed.
You have to include "read_stream" in your scope, or else facebook will reject your request with an ambiguous error message.
I <3 you facebook API
In addition to the other answers provided here...
In our production app (working with thousands of access tokens for several years), it appears that we occasionally get this error due to a temporary glitch in the API. I'm still not sure what the root cause is, but simply retrying the API call a few minutes later seems to consistently resolve the issue for us.
I get this error when the access token is the application's token. With the user-specific token, the api calls succeed.
Before the oauth upgrade, the application's token worked. The user-specific token worked and usually returned even more data.
Of course with facebook there's no way of knowing whether the current behavior (fails when using application token) is a bug or just the new way.
According to http://developers.facebook.com/docs/reference/api/, the parameter is access_token, not access.
I had this same issue and fixed it. For me, I was passing a single JSON object in the "batch" field, but Facebook wanted a JSON array.
For example, this will work, because it has a JSON array denoted by square brackets:
POST /v2.11 HTTP/1.1
Host: graph.facebook.com
Content-Type: application/json
Cache-Control: no-cache
{
"access_token":"YOUR_ACCESS_TOKEN",
"batch":[{"method":"GET", "relative_url":"me/friends?limit=50"}]
}
This will not, because there is no JSON array denoted by square brackets:
POST /v2.11 HTTP/1.1
Host: graph.facebook.com
Content-Type: application/json
Cache-Control: no-cache
{
"access_token":"YOUR_ACCESS_TOKEN",
"batch":{"method":"GET", "relative_url":"me/friends?limit=50"}
}
Related
I'm working on a RESTful API. I have a complex authorization condition: let's say that you can access the API if you have three different conditions (let's call them A, B, and C). When one of the conditions is not met, the server responds 403 Forbidden (or 401 Unauthorized if the user should log in, or 404 Not Found based on security concerns). However, I would also like to give feedback on why the authorization failed, showing different friendly errors depending on what condition failed. I know that 404 has no body (nor I would want to send one) while 401 and 401 should only have authentication schemes to help the user authenticate.
Is there a way to send responses like 403("reason: A") or 403("reason: C")?
I know that 404 has no body [...]
You seem to be messing the things up. While responses with 204 must have no response body, there's nothing wrong in sending a response body along with 404.
Is there a way to send responses like 403 ("reason: A") or 403 ("reason: C")?
You surely can return details on why the request has been forbidden (just be careful to not give away too much information that could be exploited by a malicious user).
Have a look at the RFC 7807, which defines simple JSON and XML document formats to inform the client about a problem in a HTTP API. It's a great start point for reporting errors in your API and it also defines the application/problem+json and application/problem+xml media types.
For reference, check the example provided by such RFC:
HTTP/1.1 403 Forbidden
Content-Type: application/problem+json
Content-Language: en
{
"type": "https://example.com/probs/out-of-credit",
"title": "You do not have enough credit.",
"detail": "Your current balance is 30, but that costs 50.",
"instance": "/account/12345/msgs/abc",
"balance": 30,
"accounts": ["/account/12345",
"/account/67890"]
}
I'm following step by step guide on Microsoft's site (https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow#refresh-the-access-token), everything is working correctly but every time I try to refresh the access token, I get this error: AADSTS70000: Provided grant is invalid or malformed. error_codes: 70000.
I've created a Postman collection for testing, also downloaded the official postman collection from the Microsoft's site, everything is working correctly until the access token does not expire. When it expire, trying to refresh the token always lead to an error and I'm pretty stuck with it. I've double and triple checked correspondence between redirect_url, permission, grant, copy/paste errors, waited for the access_token to expire before trying to refresh... I've done almost 100 tests, and every time I'm stuck at the refresh part!
I start with doing the normal call to Microsoft Login API in my browser, and getting the code in query string from the browser (no problems here) (please note that client_id is URL encoded because, in my test environment, client id is an URL due to the configuration of the Drupal portan we're using, I'm truing to recreate the same behaviour in postman)
https://login.microsoftonline.com/{tenant_guid}/oauth2/v2.0/authorize?client_id={myclient_id_urlencoded}&response_type=code&redirect_uri={redirect_uri_urlencoded}&scope=offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fuser.read&state=12345
Then with the code in query string, i POST to the token endpoint:
POST /{tenant_guid}/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-url-form-urlencoded
cache-control: no-cache
Postman-Token: a0456a8d-6979-491f-b61e-86b5d614c577
client_id={myclient_id_urlencoded}
scope=https%3A%2F%2Fgraph.microsoft.com%2Fuser.read
redirect_uri={redirect_uri_urlencoded}
grant_type=authorization_code
client_secret={client_secret_urlencoded}
code=OAQABAAIAAADCoMpjJXrxTq9VG9te-7FXujKZhF...
I receive back an accesso token (that is working like a charm in accessing https://graph.microsoft.com/v1.0/me for an hour) and a refresh token. I would love to get a new pair of access/refresh token when the original access token expires, using the refresh_token grant_type
POST /tenant_guid/oauth2/v2.0/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-url-form-urlencoded
cache-control: no-cache
Postman-Token: 5d71f813-768e-476c-a97f-c109fba3165e
client_id={myclient_id_urlencoded}
scope=https%3A%2F%2Fgraph.microsoft.com%2Fuser.read
redirect_uri={redirect_uri_urlencoded}
grant_type=refresh_token
cclient_secret={client_secret_urlencoded}
refresh_token=OAQABAAAAAADCoMpjJXrxTq9VG9te-7FX8m6YMg-.....
But no matter if I try before access token expiration or after, closing and reopening postman, I always receive that error back. I've done almost 50 tests (always with the full round of login/authorization to use always a fresh refresh token) with no luck.
Seems like I'm missing something really stupid here because I can't imagine that everybody else is behaving correctly... but really can't find a way out!
So I just got mine working! Here are the required parameters I needed:
client_id = your client id
refresh_token = the refresh token here
grant_type = refresh_token,
client_secret = secret
NOTE: Everything I read told me to URLEncode the values. I found it worked with them UNENCODED - no idea if it will really make a difference or not. Since it is going in the body of the post, which means it is TLS encrypted.
The other important thing was the url I posted to. There seem to be so many examples and none seem to be consistent. I used this format:
https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token
The last thing is to be sure you are using the correct app id. In my case I was using the appId for the wrong app and it didnt have consent. Hope this helps. I do wish Microsoft would make a concerted effort to spell out things consistently and think like someone who doesn't do security for a living.
Finally resolved thanks yo the Azure Support.
The problem is the client id: as I supposed before, Microsoft allow you to define another application name, but always want to use the GUID client id to submit any request. Unfortunately, it was warning me when I didn't url-encoded it, but did not alert me that it was not correct until I tried to use the refresh token.
So just read very very well the documentation: client_id: The Application (client) ID that the Azure portal – App registrations experience assigned to your app (so not the one you choose).
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow
Maybe including a format validation in the documentation would help!
I wrote the code of getting the Facebook's post data about 8 months ago, was working fine but now I run the code and I am getting
the exception of
HTTP Error 400: Bad Request.
It is on getting the likes of a post. The link is
https://graph.facebook.com/https://www.facebook.com/143462899029472_1786215864754159 fields=likes.limit(0).summary(true)&access_token=*************UmG4GyioZATAGkzXSP5k7IxqsRCpIBxhD5EvNxHAwuZAOIp3ksLWTZA0yMgvEuST1oHBNfgSZCCcYG0vZAqNitdSNoIObWagZC8oZATOfYVmBldQWjayZA0fv7zrCZAvlsGymC2w5vKzETUJiogzSIQoKAzy2UTJJ4UUmmGPKEZD
On manually accessing the link in browser it is giving;
{
"error": {
"message": "(#100) Tried accessing nonexisting field (likes) on node type (URL)",
"type": "OAuthException",
"code": 100,
"fbtrace_id": "Bj6UP6k1Mu2"
}
}
Any help? Why it is so?
Why it is so?
Because they make changes to the API. You did not specify an API version in your API call, so it will fall back to the lowest one your app can use. And when that gets shut of, it moves to the next version, and so on.
But your approach was rather convoluted to begin with. This is a post on Facebook, so why treat it as an external URL?
All you need to do is make a request using the post id - then you can request the likes for that post directly.
https://developers.facebook.com/tools/explorer?method=GET&path=143462899029472_1786215864754159%3Ffields%3Dlikes.limit(0).summary(1)&version=v2.8
The problem is resolved. My bad. I use the link https://graph.facebook.com/https://www.facebook.com/143462899029472_1786215864754159 fields=likes.limit(0).summary(true)&access_token=.....
Notice in the link https://graph.facebook.com/ and then unfortunately https://www.facebook.com/ in one link.
The problem is resolved by using only https://graph.facebook.com/143462899029472_1786215864754159 fields=likes.limit(0).summary(true)&access_token=.....
I have registered in FITBIT.
I am making a request to fitbit api(POST /oauth/request_token) with consumer key. I have referred https://wiki.fitbit.com/display/API/OAuth+Authentication+in+the+Fitbit+API
My request is:
POST /request_token HTTP/1.1
Host: oauth
Authorization: OAuth realm="https:/api.fitbit.com/oauth/request_token",oauth_consumer_key="XXXXXXXXXXXX",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1399958922",oauth_nonce="H8xxW0",oauth_version="1.0",oauth_signature="80M1tag6%2FYk2JV%2FQdQ%2BucxxDrLA%3D"
Cache-Control: no-cache
I am getting invalid signature error with below json object:
{
"errors": [
{
"errorType": "oauth",
"fieldName": "oauth_signature",
"message": "Invalid signature: 80M1tag6/Yk2JV/QdQ+ucxxDrLA="
}
],
"success": false }
We have Consumer Key and Consumer Secret Key. Don't have Token Secret at this stage. please give me a solution to get this API working.
Thanks,
Kalyan
Like WestDiscGolf mentioned, you need to make sure that your callback URL matches the callback URL in the application you are writing. Usually when you sign up for a developer account to access API's, they ask for a callback URL, and the callback URL has to match what you put in when you request an access token.
If you're getting an invalid signature error, though, then the callback URL probably isn't the issue. You need to make sure that the signature matches exactly what they specify in the API documentation. Signatures can be tricky, and there are a number of libraries that are available to help with that. I use Java primarily, and for Java the Scribe library is great (https://github.com/fernandezpablo85/scribe-java).
I'm trying to call getAllSiteAccounts using the following URL:
https://rest.developer.yodlee.com/services/srest/restserver/v1.0/jsonsdk/SiteAccountManagement/getAllSiteAccounts
When I make the call, I get back:
oauth_error_problem=invalid_url_access&oauth_error_code=418
A 418 error code is:
STATUS_HTTP_DNS_ERROR_EXCEPTION
Problem Updating Account(418): We could not update your account because the site is experiencing technical difficulties. Please try later.
Am I using the correct URL? I know they really don't want us to use this call in evaluation mode as it could time out, but I would think I'd get back a different error if that was the case.
Thanks,
Chris
This URL is working. I tried this REST API using an external REST client and successfully got the response.
Below is the request which is being sent.
POST /services/srest/restserver/v1.0/jsonsdk/SiteAccountManagement/getAllSiteAccounts HTTP/1.1
Host: rest.developer.yodlee.com
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded
cobSessionToken=xxxxxxxxxxxxx&userSessionToken=xxxxxxxxxxxxxxxxxx
Can you test this again.