I'm using the gdata OAuth controllers to get an OAuth token and then signing my requests as instructed.
[auth authorizeRequest:myNSURLMutableRequest]
It works great for GET requests but POSTs are failing with 401 errors. I knew I wouldn't be able to remain blissfully ignorant of the OAuth magic.
The Google Reader API requires parameters in the POST body. OAuth requires those parameters to be encoded in the signature like they were on the query string. It doesn't appear the gdata library does this. I tried hacking it in the same way it handles the query string but no luck.
This is so difficult to debug as all I get is a 401 from the Google black box and I'm left to guess. I really want to use OAuth so I don't have to collect login credentials from my users but I'm about to scrap it and go with the simpler cookie based authentication that is more mature. It's possible I'm completely wrong about the reason it's failing. This is my best guess.
Any suggestions for getting gdata to work or maybe an alternative iphone friendly OAuth library?
I was on the right path. The GData OAuth classes needed to support signing the POST params but what I didn't know is the keys needed to be sorted differently.
http://groups.google.com/group/gdata-objectivec-client/browse_thread/thread/adc4e2ba154fbc5f?hl=en
Related
I'm building a Rails API with a proper front-end to go along with it (probably React). I'm currently implementing the API and haven't written a single line of front-end. I'm trying to implement OAuth with Facebook as explained in #a14m's answer for this post.
However the problem is that my API would require an authentication code so that it can exchange it for an access token with Facebook. As far as I understand, the code is obtained via a login dialog on the front-end. Now I want to test whether or not my API is getting a valid access token from Facebook in exchange for the code. But to get the code I have to open a dialog on the "front-end" which I have not implemented yet.
Any way I could open the dialog for Facebook login and get the code without writing the front-end? I probably think Postman would help but I don't know how. Also if there is a way to obtain the token without triggering the dialog would also get my job done. So I just want a way to access the code without a front-end.
You can definitely use Postman for this. I write Rails APIs often and I always use Postman to hit the endpoints without having a front-end. All you have to do is find out what you need to send to the Facebook API and set it up as a form body on Postman.
I am trying to retrieve a web auth token for CloudKit using their web services and postMessage API token. According to Apple's documentation, token should be returned as part of "data" object through the message callback, but all I am getting is the ckSession variable. It seems like documentation is wrong, or I am missing something.
Is there any additional API which should be called to retrieve the web auth token after this step? I tried being naive and passed ckSession to record listing APIs but that doesn't seem to work. Also, if I use a different token retrieval method, like custom URL scheme, for example, token gets retrieved correctly. This issue seems to only be related to postMessage option.
"Allowed origins" is set to "all domains" and I'm calling auth API from localhost. I am running Windows 10 and am using Chrome browser (if it means anything here, probably not).
It seems like someone had the same issue a couple of years ago and it was posted on the Apple forums, but it hadn't got much love back then.
Any help would be greatly appreciated. Also, I can provide more information, if needed.
As I understand it, you can only obtain the web auth token (ckWebAuthToken) via the front-end JavaScript API. It should be returned after the user signs in with their Apple ID. You could then POST that value to your back-end app and store it somehow (probably as a session variable).
You can read more about getting the web auth token on this page.
If you have since learned more about solving this and know more than I do, I'm all ears. :)
Likewise, I never managed to intercept the ckWebAuthToken with the postMessage method. I suspect it can be used only with the sign in button generated by setUpAuth in the JS SDK.
So instead I redirected to a page of mine hosted somewhere, where I grabbed the token from the query string and sent it to my host app, all in JavaScript. Clunky but it worked! :)
I want to use http://api.twitter.com/1/blocks/create.json?screen_name=xxxxxxx (Twitter API) to block particular friends or followers from my account with the use of Twitter & Account Framework in iOS 5,
So what should i do to solve this issue, because i just want to use Twitter account , don't want to use OAuth.
It generate an error like : HTTP/1.1 401 API is secure. Needs security Credentials
The Twitter API requires OAuth authentication. However, if you're happy with targeting iOS 5 and up you can use the in-built Twitter framework to perform the OAuth calculations on your behalf, which will save you a lot of time. Take a look at the documentation for TWRequest:
http://developer.apple.com/library/ios/#documentation/Twitter/Reference/TwitterFrameworkReference/_index.html
Actually you need to put parameters of post requests in the body. This is described in the OAuth tool description under Request query:
This tool is available on the right of every rest API documentation page like this if you are logged in
You can use apigee console for twitter to test it but you will get the same error unless you include the screen_name parameter in the body
We're using the Facebook JS SDK to authenticate users to our application, then sending that information to the server back end to log our user into the application (we support multiple forms of authentication but we can only support FB using a client side flow).
FB is able to log in correctly, I'm able to authenticate the user and everything else, but there's one wrinkle that I'm not sure how to handle, and I'm having difficulty finding anything in the documentation about it. Facebook sends back an accessToken in addition to an id. My question is, how do I verify on the server side that the accessToken is correct for the given id? I want to make sure that the data the user sends us matches what Facebook sent them, and I can't imagine this is that out of the ordinary, yet I can't seem to find any documentation on it.
In the response from Facebook should be a signed_request string that can authenticate that the data is genuine with and decoded to yield the user id and an oauth token for the user.
Passing this along with the other response to your server-side code should allow you to validate everything pretty easily.
May I suggest this answer from another question! It uses try-catch. It is probably the only way to verify that the authentication and the permissions are valid! That's how they do in their examples
Facebook OAuthException: (#1)
I dont think facebook provides any other way of checking
i want to get oauth_request_token for my application but when i request for the page of request_token in twitter it is giving me error that "failed to validate to oauth signature and token".
Please help me in solving this problem
using oauth in objective-c is no minor accomplishment. my advice would be to take a look at oathconsumer and its tutorial. I've used it successfully for oauth and xauth. You may also want to look around for existing twitter oauth obj-c libraries on github and googlecode.