When I use OAuth to connect an application to a twitter account I put the access token and the user data in my database as follow:
$this->consumer = new Zend_Oauth_Consumer($this->configTwitter);
if(!empty($_GET) && isset($_SESSION['TWITTER_REQUEST_TOKEN']))
{
$token = $this->consumer->getAccessToken($_GET, unserialize($_SESSION['TWITTER_REQUEST_TOKEN']));
// Get user info
$twitter = new Zend_Service_Twitter(array(
'username' => $token->screen_name,
'accessToken' => $token,
'callbackUrl' => $this->_getParam('SettingsWebsiteUrl').'/news/index/connecttwitter',
'consumerKey' => 'XXXXXX',
'consumerSecret' => 'XXXXXXX'
));
$response = $twitter->account->verifyCredentials();
// place in database
$this->NewsService->TokenSocialMedia(
$token,
'twitter',
serialize($response)
);
$_SESSION['TWITTER_REQUEST_TOKEN'] = null;
$this->_helper->flashMessenger(array('message' => $this->view->translate('The CMS is successfully connected to your twitter account'), 'status' => 'success'));
$this->_helper->redirector('settings', 'index');
}
else
{
$token = $this->consumer->getRequestToken();
$_SESSION['TWITTER_REQUEST_TOKEN'] = serialize($token);
$this->consumer->redirect();
}
This works fine. The response looks like this below and I have no clue of how to format this and display it to the user. Only thing I want is to store the twitter id, twitter name (not screen_name) and the image url.
O:23:"Zend_Rest_Client_Result":2:{s:8:"�*�_sxml";O:16:"SimpleXMLElement":34:{s:2:"id";s:9:"150638034";s:4:"name";s:20:"De Graaf & Partners ";s:11:"screen_name";s:15:"GraafenPartners";s:8:"location";s:9:"Culemborg";s:11:"description";s:34:"Full service communications agency";s:17:"profile_image_url";s:78:"http://a2.twimg.com/profile_images/1191111069/Logo_DG_P-CMYK_Square_normal.jpg";s:3:"url";s:31:"http://www.degraafenpartners.nl";s:9:"protected";s:5:"false";s:15:"followers_count";s:1:"0";s:24:"profile_background_color";s:6:"C0DEED";s:18:"profile_text_color";s:6:"333333";s:18:"profile_link_color";s:6:"0084B4";s:26:"profile_sidebar_fill_color";s:6:"DDEEF6";s:28:"profile_sidebar_border_color";s:6:"C0DEED";s:13:"friends_count";s:1:"0";s:10:"created_at";s:30:"Tue Jun 01 12:47:51 +0000 2010";s:16:"favourites_count";s:1:"0";s:10:"utc_offset";s:4:"3600";s:9:"time_zone";s:9:"Amsterdam";s:28:"profile_background_image_url";s:60:"http://a3.twimg.com/a/1296525272/images/themes/theme1/bg.png";s:23:"profile_background_tile";s:5:"false";s:28:"profile_use_background_image";s:4:"true";s:13:"notifications";s:5:"false";s:11:"geo_enabled";s:4:"true";s:8:"verified";s:5:"false";s:9:"following";s:5:"false";s:14:"statuses_count";s:1:"6";s:4:"lang";s:2:"en";s:20:"contributors_enabled";s:5:"false";s:19:"follow_request_sent";s:5:"false";s:12:"listed_count";s:1:"0";s:21:"show_all_inline_media";s:5:"false";s:13:"is_translator";s:5:"false";s:6:"status";O:16:"SimpleXMLElement":15:{s:10:"created_at";s:30:"Mon Jan 03 08:41:11 +0000 2011";s:2:"id";s:17:"21848534684794880";s:4:"text";s:53:"De Graaf & Partners wenst iedereen een creatief 2011!";s:6:"source";s:3:"web";s:9:"truncated";s:5:"false";s:9:"favorited";s:5:"false";s:21:"in_reply_to_status_id";O:16:"SimpleXMLElement":0:{}s:19:"in_reply_to_user_id";O:16:"SimpleXMLElement":0:{}s:23:"in_reply_to_screen_name";O:16:"SimpleXMLElement":0:{}s:13:"retweet_count";s:1:"0";s:9:"retweeted";s:5:"false";s:3:"geo";O:16:"SimpleXMLElement":0:{}s:11:"coordinates";O:16:"SimpleXMLElement":0:{}s:5:"place";O:16:"SimpleXMLElement":0:{}s:12:"contributors";O:16:"SimpleXMLElement":0:{}}}s:10:"�*�_errstr";N;}
How do I need to format the data, or how can I store the data better?
If all you want to store is their image url, then you just need their username, then use this:
http://img.tweetimag.es/i/oprah_o
where oprah_o is the username.
You don't need to use OAuth and Zend_Service_Twitter to do that. If you want to be able to get data from a non public feed, or publish tweets to their accounts, that's where you need Zend_Service_Twitter.
If you want to get data from that resultset, just do:
$result_obj = unserialize($token);
Related
I'm currently trying to pull the list of company pages a user is the admin of with the LinkedIn API and am getting the following response:
Array
(
[response] => {
"errorCode": 0,
"message": "Member does not have permission to get companies as admin.",
"requestId": "R1LHP32UKD",
"status": 403,
"timestamp": 1482357250945
}
[http_code] => 403
)
The call works perfectly when authenticated as the same user in the LinkedIn API Console.
Has anyone else come across this?
I figured out the problem.
Even though I had made sure the app had the rw_company_admin permission checked off, I wasn't passing that in the scope when requesting oath2 authorization.
My fixed code below:
The call:
return $linkedin->getAuthorizationUrl("r_basicprofile w_share rw_company_admin", $thisurl);
The function:
public function getAuthorizationUrl($scope, $callback)
{
$params = array('response_type' => 'code',
'client_id' => $this->api_key,
'scope' => $scope,
'state' => uniqid('', true), // unique long string
'redirect_uri' => $callback,
);
// Authentication request
$url = 'https://www.linkedin.com/uas/oauth2/authorization?' . http_build_query($params);
// Needed to identify request when it returns to us
$_SESSION['Linkedin_state'] = $params['state'];
$_SESSION['Linkedin_callback'] = $callback;
// this is where to send the user
return $url;
}
First you have to get user token of linkedin user
Use Socialite or REST API package for oauth.
Once you having user token it is pretty simple to fetch Company list under admin user
$token = 'uflefjefheilhfbwrfliehbwfeklfw'; // user token
$api_url = "https://api.linkedin.com/v1/companies?oauth2_access_token=".$token."&format=json&is-company-admin=true";
$pages = json_decode(file_get_contents($api_url));
You have get $pages json array of list of company profile.
I am trying to serve a Facebook gallery for a client, and due to the server the site is being hosted on, the request needs to be authenticated.
I have set up an app using our company Facebook developer account. Although I have set the domain of the app to that of our client's, the gallery returned in the request is empty.
I am assuming that I will need access to the client's facebook account so I can create an app associated directly with their facebook account - the one where I want the galleries from? EDIT - just thought I'd point out that the client would prefer not to give me their passwords for their facebook account...
Here is the auth code I have used, if anyone will be kind enough to point out any school boy errors I may have made.
$no_albums = 6;
$latest_albums = null;
$user_id = "xxxxxx";
$app_secret = "xxxxxxxxxxxxxxxxxxxx";
$app_token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $user_id
. "&client_secret=" . $app_secret
. "&grant_type=client_credentials"
. "&scope=user_photos";
$response = wp_remote_get($app_token_url);
$access_token = $response['body'];
error_log(print_r($response,true));
$query = 'https://graph.facebook.com/'.$user_id.'/albums?' . $access_token;
$albums = json_decode(file_get_contents('http://graph.facebook.com/'.$user_id.'/albums') );
And this is the response I get ( $albums ) in my error logs:
Array
(
[headers] => Array
(
[access-control-allow-origin] => *
[cache-control] => private, no-cache, no-store, must-revalidate
[content-type] => application/json; charset=UTF-8
[etag] => "1050253aec7b29caff644806927dabfa81406eee"
[expires] => Sat, 01 Jan 2000 00:00:00 GMT
[pragma] => no-cache
[x-fb-rev] => 812093
[x-fb-debug] => 9I0lRzV3GZxrflP/19iBvhly6FLUVI9jCHJAXcw0Dm0=
[date] => Mon, 13 May 2013 10:45:39 GMT
[connection] => close
[content-length] => 11
)
[body] => {"data":[]}
[response] => Array
(
[code] => 200
[message] => OK
)
[cookies] => Array
(
)
[filename] =>
Thanks.
You've got a couple of basic problems here.
First, in your API request, you are looking for albums associated with your APP_ID. There are none. You should be using the client's PAGE_ID or USER_ID in the request to the graph API.
Second, you should be using the Facebook PHP SDK instead of file_get_contents() to make your requests. Especially if this is to be a production environment.
If your clients albums are publicly visible, you may not need to authenticate a user to view them. To know this for sure, you'd need to share your client's Facebook username.
I have a page tab app. When the user clicks on the "Go to App" and is sent to my page tab edit url i am trying to determine if they are a page admin or not.
I have tried two different methods. I have tried from the only admin/owner of the page
method 1 used from https://developers.facebook.com/blog/post/2011/09/05/platform-updates--labor-day-edition/
$page_info = $facebook->api("/".$pageID."?fields=access_token");
$pageAccessToken = $page_info['access_token']
$is_admin_url = "https://graph.facebook.com/" . $pageID
. "/admins/" . $FBuser . "?access_token="
. $pageAccessToken;
$response = file_get_contents($is_admin_url);
response is {"data":[]}
I have also tried::
path = '/'.$pageID.'/admins/'.$FBuser;
$params = array(
'app_id' => FB_APP_ID,
'access_token' => $pageAccessToken
);
$is_admin = $facebook->api($path, 'POST', $params);
Although PAGE_ID/admins is a valid request, you need an admin's access_token to see the list. I.e. only admins can see who else is an admin.
What you can do is approach this from the other end by yielding a list of pages that the user is an admin of (using the https://graph.facebook.com/USER_ID/accounts/ data and the manage_pages permission) and search through that list for your application.
However, I would understand if some users would be reluctant to give the manage_pages permission, as it also provides an access token to authenticate as that page, which would be something of a security hole on their part. Unfortunately, there does not seem to be another way to access a list of pages for which that user is an admin.
Simplest way will be signed Request.
A signed_request parameter is POSTed to an application when the app is loaded inside a Page Tab.
You can get a lot of information from signed_request
require '../fb_sdk/facebook.php';
$config = array();
$config['appId'] = '45916xxxxxx';
$config['secret'] = '59caxxxxxx';
$facebook = new Facebook($config);
$facebook->setFileUploadSupport(true);
$signed_request = $facebook->getSignedRequest();
print_($signed_request); will have output like
Array
(
[algorithm] => HMAC-SHA256
[expires] => 1347210000
[issued_at] => 1347203265
[oauth_token] => AAAGhmv67ki8BAAfBwtxxxx
[page] => Array
(
[id] => 192430xxxxxx
[liked] => 1
[admin] => 1
)
[user] => Array
(
[country] => in
[locale] => en_US
[age] => Array
(
[min] => 21
)
)
[user_id] => 10000020xxxxx
)
You can use $signed_request[page][admin] value to determine whether a user is admin of current page, in which your app in loaded in Page Tab. If it's set to 1 then user is admin of the page else not an admin i.e. set to 0.
More About Signed Request
i had some luck using admin_only = true
https://developers.facebook.com/docs/graph-api/reference/user/groups/
I am using Zend Gmail Oauth 1.0 for implementing login with Gmail feature.
After successful authentication, how can I get authenticated user's profile, specifically user's unique gmail id? Here is the code:
$THREE_LEGGED_SCOPES = array('https://mail.google.com/',
'https://www.google.com/m8/feeds');
$options = array(
'requestScheme' => Zend_Oauth::REQUEST_SCHEME_HEADER,
'version' => '1.0',
'consumerKey' => $THREE_LEGGED_CONSUMER_KEY,
'consumerSecret' => $THREE_LEGGED_CONSUMER_SECRET_HMAC,
'callbackUrl' => getCurrentUrl(),
'requestTokenUrl' => 'https://www.google.com/accounts/OAuthGetRequestToken',
'userAuthorizationUrl' => 'https://www.google.com/accounts/OAuthAuthorizeToken',
'accessTokenUrl' => 'https://www.google.com/accounts/OAuthGetAccessToken'
);
if ($THREE_LEGGED_SIGNATURE_METHOD == 'RSA-SHA1') {
$options['signatureMethod'] = 'RSA-SHA1';
$options['consumerSecret'] = new Zend_Crypt_Rsa_Key_Private(
file_get_contents(realpath($THREE_LEGGED_RSA_PRIVATE_KEY)));
} else {
$options['signatureMethod'] = 'HMAC-SHA1';
$options['consumerSecret'] = $THREE_LEGGED_CONSUMER_SECRET_HMAC;
}
$consumer = new Zend_Oauth_Consumer($options);
/**
* When using HMAC-SHA1, you need to persist the request token in some way.
* This is because you'll need the request token's token secret when upgrading
* to an access token later on. The example below saves the token object
* as a session variable.
*/
if (!isset($_SESSION['ACCESS_TOKEN'])) {
if (!isset($_SESSION['REQUEST_TOKEN'])) {
// Get Request Token and redirect to Google
$_SESSION['REQUEST_TOKEN'] = serialize($consumer->getRequestToken(array('scope' => implode(' ', $THREE_LEGGED_SCOPES))));
$consumer->redirect();
} else {
// Have Request Token already, Get Access Token
$_SESSION['ACCESS_TOKEN'] = serialize($consumer->getAccessToken($_GET, unserialize($_SESSION['REQUEST_TOKEN'])));
header('Location: ' . getCurrentUrl(false));
exit;
}
} else {
// Retrieve mail using Access Token
$accessToken = unserialize($_SESSION['ACCESS_TOKEN']);
}
near as I can tell you can't.
Gmail doesn't have an api just a read only feed.
However if you want that feed the scope url is:
https://mail.google.com/mail/feed/atom/
There are some api's for working with gmail accounts in the context of Google Apps.
I've written a script that authenticates against Google's OAuth API for Latitude, using Net::OAuth. It correctly authenticates (as I can successfully fetch data out of the API). However, when I try to add an historical entry, I get a 401 Unknown authorization header response. I'm using the following code:
my $location_data = $json->encode(\%data);
$request = Net::OAuth->request("protected resource")->new(
consumer_key => $c_key,
consumer_secret => $c_secret,
token => $token,
token_secret => $token_secret,
verifier => $verifier,
request_url => 'https://www.googleapis.com/latitude/v1/location',
request_method => 'POST',
signature_method => $s_method,
timestamp => time,
nonce => &nonce(),
extra_params => {
key => $s_key
}
);
$request->sign;
$ua->default_header("Authorization", $request->to_authorization_header);
$ua->default_header("Content-Type", "application/json");
my $res = $ua->post('https://www.googleapis.com/latitude/v1/location?key=' . $s_key,
Content => $location_data);
All of the variables are used in the fetch portion of the API, so I know those are all ok. I'm not sure if I'm using the correct URL to post against, and I've tried what's in the sample above, as well as $request->to_url.
Any suggestions would be greatly appreciated.
After some back and forth with the Latitude API team, it was determined that this error comes from the fact that the Content-Type is not actually being set to application/json. Changing the above code to:
$ua->default_header("Authorization", $request->to_authorization_header);
my $res = $ua->post('https://www.googleapis.com/latitude/v1/location?key=' . $s_key,
'Content-Type' => 'application/json',
Content => $location_data);
And everything works as expected.