We are seeing strange behavior between our Personal Access Token and the tokens we get from users authorizing in via OAuth. We are trying to get metadata.interactions via this call:
"https://api.vimeo.com/me?fields=account,bio,created_time,link,location,metadata.connections,metadata.interactions,name,pictures,preferences,uri,websites".
When we use our personal access token, we do get interactions. When we use the actual user authorized token, we don't get the interactions in the response for the same /me? request authorized as the account owner. Is this by design?
Related
I was writing a simple logic to list pictures using the Google Photos REST API. I'd like to print the connected user profile once they are logged into my app. But I cannot find any endpoint in the REST API to get the user profile as in Gmail or Drive REST APIs.
https://developers.google.com/photos/library/guides/get-started#request-id
Meanwhile, I have tried to get the user details from the oAuth2 access token, but it does not give any user details like mail id or name.
GET https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=ACCESS_TOKEN
Response:
{
"issued_to": "xxxxx.apps.googleusercontent.com",
"audience": "xxxxxx.apps.googleusercontent.com",
"scope": "https://www.googleapis.com/auth/photoslibrary",
"expires_in": 3522,
"access_type": "offline"
}
Is there any way to retrieve user profile from the above oAuth2 access_token (independent to the scope)?
I'm afraid that at the moment this is not possible. The oAuth2 token does not contain the user's e-mail. The only way of getting the user's email through the Google APIs would be to allow the https://www.googleapis.com/auth/userinfo.email scope, and use the oAuth2 API or the People API. The calls you could use may be any of the following:
GET https://www.googleapis.com/oauth2/v2/userinfo
GET https://www.googleapis.com/userinfo/v2/me
GET https://www.googleapis.com/plus/v1/people/me
Is there any support in Yammer REST Api for extracting ACLs (Access control list) of the logged in user. Like what if I want to know that the given message is accessible to the given user or some group containing this user.
There isn't a way to get an ACL exactly, but depending on how your app works, you may be able to get the answer you need. If you a verified admin of the Yammer network has authenticated with your app, then you can use the Impersonation API https://developer.yammer.com/docs/impersonation to impersonate the user in question and then simply attempt to access the given resource. If the response is a 401, then the user doesn't have access.
I was able to create a project to connect an app to google data, for a specific account (followed Google People API)
But now I would like that each customer log in hisself to his account and manage his data.
I can' t create project in the Google API Console for each customer, my app needs to read auth from each user who will use my app and "auto" create auth to read google contact data of the logged user.
Is possible?
Could you suggest me articles about how to do?
It sounds like you are trying to do exactly what OAuth 2.0 (see the page you linked to) gives you: authenticating users. This differs from using an API key, which is only authorizing your project and has nothing to do with a user's credentials.
OAuth 2.0 combines a Client ID (associated with your Google Developers Console project) and a user's login (specific to the user who is accessing your app/site) to give you an authorization token. This token will let your app act on behalf of that user when calling that API. Just make sure to request the necessary scopes as part of the OAuth 2.0 authorization prompt given to the user.
How to give this prompt varies by environment, but many common options are listed on that link.
Note that you always use the same Client ID, so you only need one Google Developers Console project, but you are given a unique token specific to that user's login when they authorize your app, so this lets you act as any user which grants your app access to their account.
I have a list of 500 Instagram usernames in a spreadsheet. I want to extract the bio of all 500 accounts and put those in a spreadsheet. I am using Google Apps Scripting. I don't know how to get access to instagram's api where I can access the bio. I've look at other websites where I can pull up the Instagram accounts bio (like http://www.pikore.com/humordailyy) but those still don't have API. Is there a way I can get API? If not, is there a way I can crawl through the HTML or something to get the bio? Thank you.
As discussed in documentation, Instagram API requires authentication - specifically requests made on behalf of a user. Authenticated requests require an access_token which you could receive by doing the following:
Direct the user to our authorization url.
If the user is not logged in, they will be asked to log in.
The user will be asked if they would like to grant your application access to her Instagram data.
The server will redirect the user in one of two ways that you choose:
Server-side flow
Implicit flow: This method is less secure, but allows applications without any server component to receive an access_token.
For Implicit Authentication Flow which is for applications without any server component, simply follow these steps:
Step One: Direct your user to our authorization URL
https://api.instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=token
At this point, Instagram present the user with a login screen and then a confirmation screen where they grant your app’s access to their Instagram data. Please note that you may provide an optional scope parameter to request additional permissions outside of the “basic” permissions scope.
Step Two: Receive the access_token via the URL fragment
Once the user has authenticated and then authorized your application, Instagram redirects them to your redirect_uri with the access_token in the url fragment. It will look like this:
http://your-redirect-uri#access_token=ACCESS-TOKEN
Simply grab the access_token off the URL fragment and you’re good to go. If the user chooses not to authorize your application, you’ll receive the same error response as in the explicit flow.
error: access_denied
error_reason: user_denied
error_description: The user denied your request
For the example get request:
https://api.twitter.com/1/statuses/user_timeline.json?include_entities=true&include_rts=true&screen_name=twitterapi&count=2
As documented here:
https://developer.twitter.com/en/docs/tweets/timelines/api-reference/get-statuses-user_timeline.html
I have an oauth user token and user token secret, plus my app credentials...
The docs state that authentication is supported, but how do I include it in the get request for screen names that are not publicly accessible?
If I understand your question right, you want to be able to get the tweets from a third-party user with the OAuth token and secrets belonging to a user on your site. The tweets from the third-party user are not publicly accessible, but your user has access rights to them. Is this right?
Generally if you want to access private ressources on behalf of your user, you have to sign the request with the OAuth token and your application credentials. Then Twitter can check, which user is signed in on your site and if the user gave your site access rights.
That signature is sent within the header of your GET request in a format like this:
Authorization:
OAuth oauth_consumer_key="xvz1evFS4wEEPTGEFPHBog",
oauth_nonce="kYjzVBB8Y0ZFabxSWbWovY3uYSQ2pTgmZeNu2VS4cg",
oauth_signature="tnnArxj06cWHq44gCs1OSKk%2FjLY%3D",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="1318622958",
oauth_token="370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb",
oauth_version="1.0"
There is also documentation from Twitter on how to calculate the signature.