I configured a twilio phone number with sms and set the messaging request url to a twimlets.com/echo url
that returns....
When I send an sms to the twilio number, a "Why" response comes back as expected.
When I change the request url to point to my web-app, which returns output that looks like this...
The inbound sms is logged, but no "Checking.." response comes back to the sms client.
Looking at the inbound log for the number, I see the message was received, but with a warning...
Further inspection finds the body of the response is html indicating a mis-direction somehow.
now, changing the url from https: to http: I see the following.
As you have figured out by now, this webapp is a google apps script web app hosted on google drive... any clue why this link would be failing when called by twilio, but not from my browser?
Thanks for the help Philnash, using incognito mode led me to discover that the problem was that I had published my apps script web app incorrectly.
create a new version of my apps script File > Manage versions
publish the new version (and be sure to select the new version #)
Twilio developer evangelist here.
I just clicked on the link you provided as your application and was met with a page telling me I did not have permission to view the script. My guess is that's the page Twilio is getting right now and why you're able to see the XML but Twilio sees HTML. I'd take a look at the permissions for the script and try to open it up so that Twilio is able to see the page. Checking in a browser in private/incognito mode should help.
Related
I'm researching for the possible development of a Gmail addon.
I will need to be able to check if a user is logged in to our service before sending API calls to retrieve data. We can ping the service which will respond with a 200 if the token is valid. If it is not valid we need to prompt them to login.
I figure we ping the server when the browser first starts and loads the Gmail addon. Is that possible?
Cheers
I haven't tried anything because I don't know where to look!
I am implementing Web Push Notification in an application and I have successfully registered the client app with GCM. I have the subscription object that contains the endpoint that looks like this.
"https://android.googleapis.com/gcm/send/dV4lSfI5J6Q:APA91bEU28F9YG5qNr3xSjvYlH2Mh1GPgiqMaRcjandHbpfqnVyAeZxqoE31OXYq4yzW2_vrkn74YHdgsITZP_6SELO8-xHf1hylquJefJdY85-Xx9AWTAPP9H6kfq7CKp23dsoQHbH
I read and found out that we need to use a third party library like web-push to send push using this endpoint to the clients because the payload needs to be encrypted according to spec. My objective is to send notifications to all my users, web + mobile, at once, using Firebase Console's Notification feature.
Is there a way to send push to web clients using Firebase console or to convert the GCM endpoint to an FCM token?
Update: If I try to use Firebase console to send push the token generated above, I get the following error.
As per testing this out, for some reason, registration tokens for Web are not working or allowed in the Firebase Console. Only tokens for Android and iOS do:
The request could still proceed where the console would show that it is sent/complete, but there wouldn't be any messages received.
Today the Facebook oauth login to my website broke. I fired up the debugger and found that parsing the access token was failing. This appears to be because Facebook changed the format of the oauth response. It used to be CGI parameters:
access_token=EAAFO...cBUZD&token_type=bearer&expires_in=5183996
But all of a sudden it appears to be coming over as JSON:
{"access_token":"EAAFO...cBUZD","token_type":"bearer","expires_in":5183996}
The fix in my code looks pretty simple. I just need to change the parser from a CGI parser to a JSON parser and get the same variable that I'm interested in: access_token.
My question is about versioning of this. I don't like it when my site breaks.
Why did Facebook change this? Is this change documented? Is there some sort of versioning on Oauth that I should be using to prevent breakages like this? How do I get notified of future changes to Oauth by Facebook?
The Facebook API upgrade tool does not list any changes that I need to my app for the latest version of the API. In any case, none of the URLs that I'm using for Oauth appear to have a version number embedded in them:
https://www.facebook.com/dialog/oauth
https://graph.facebook.com/oauth/access_token
As WizKid states, it was announced in Facebook Developers Changelog two years ago under the title "[Oauth Access Token] Format". Facebook does have a tool to try to find things that will break, because of API changes, but it didn't alert this one.
You can put API version numbers into Oauth URLs for Facebook. With version numbers, the flow for Facebook login is:
Redirect the user to https://www.facebook.com/v2.9/dialog/oauth with a bunch of required parameters such as your client id, the list of permissions you are requesting, and a return URL.
Facebook lets the user log in, asks them to accept the permissions you requested, and then redirects them back to your site with a "code" parameter
Server-side you contact https://graph.facebook.com/v2.9/oauth/access_token with that code (and some other stuff) as parameters. Facebook responds with a token
Server-side you contact https:///graph.facebook.com/v2.9/me with that token to request information about the user
This is the process that is pretty much documented here: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow
I have a GAS application that reads rows from an existing sheet, formats the data into a URL that matches a "pre-filled" URL for a form that I own, and attempts to auto-submit the form data using URLFetchApp.fetch() to a response sheet that I own. The formatted URL looks like this (Id removed):
https://docs.google.com/a/mycompany.com/forms/d//formResponse?pli=1&ifq&entry.887301985&entry.902886422=Account+Name&entry.2050597172=ContactName&entry.491359467=ModelName&entry.405418589=TLINmumber&entry.1727979741=SerialNo&entry.551688184=SRNo&submit=Submit";
This application was working fine until the last couple weeks. Now, it returns an HTTP 200 response, but the data is not (usually) written to the response sheet. I say "usually" because every once in awhile it works.
The response content of the HTTP response, when saved to a doc and opened in a browser, is a Google Apps authentication page, but I can't figure out why it wants to authenticate me when I own all the components involved.
Also,
1) Attempting to sign in using this page gives me an error that cookies are disabled in my browser, when they are not.
2) I can copy/paste the same URL into a page in the same browser as the same user id (plmgdocs) and it works just fine - no authentication page.
This is running in a private corporate google environment.
Any ideas are appreciated. Thanks!
I'm playing around with AppScript and try to get an oAuth 2.0 access token.
Any sample out there how to get this working in AppScript?
I am working on a cleaner tutorialized version of this, but here is a simple Gist that should give you some sample code on how things would work -
https://gist.github.com/4079885
It still lacks logout, error handling and the refresh_token capability, but at least you should be able to log in and call a oAuth 2 protected Google API (in this case its a profile API).
You can see it in action here -
https://script.google.com/macros/s/AKfycby3gHf7vlIsfOOa9C27z9kVE79DybcuJHtEnNZqT5G8LumszQG3/exec
The key is to use oAuth 2 Web Server flow. Take a look at getAndStoreAccessToken function in the gist to get the key details.
I hope to have this published in the next few weeks but hopefully this will help in the mean time.
UPDATE - adding in info on redirect_uri
The client secret is tied to specific redirect URIs that the authorization code is returned to.
You need to set that at - https://code.google.com/apis/console/
The highlighted URI needs to match the published URI (ends in /exec). You get the published URI from the script editor under Publish -> Deploy as web app. Make sure you are saving new versions and publishing the new versions when you make changes (the published URI stays the same).
I've modified the example above to use the newish state token API and the CacheService instead of UserProperties, which is now deprecated. Using the state token API seems to make things a little more secure, as the callback url will stop accepting a state token after a timeout.
The same caveats apply. Your redirect URIs have to be added to your (script) project in the developer's console, meanwhile you have to yank the CLIENT_SECRET and CLIENT_ID from the console and paste them in. If you're working within a domain, there don't seem to be any guarantees on what URL will be returned by ScriptApp.getService().getUrl(), so I wound up basically having it get the address dynamically, then waiting for to fail on the the (second) redirect, and then hard-coded the resulting URI.
https://gist.github.com/mclaughta/2f4af6f14d6aeadb7611
Note that you can build an OAuth2 flow using this new API, but it's not a complete sample yet:
https://developers.google.com/apps-script/reference/script/script-app#newStateToken()
In particular, you should not pass 'state' directly to the /usercallback URL yourself, because the OAuth2 service provider is responsible for round-tripping the 'state' parameter. (Instead, you pass 'state' to the auth URL, and the service provider automatically attaches it to the callback URL.)