I am trying to make twitter api requests in my browser (I wan to look at the JSON before writing code to parse it in my android app) but every request is returning:
{"errors":[{"message":"Bad Authentication data","code":215}]}
So how do I properly authenticate the request?
I've been using OAuth.io for a while to do proper authenticated requests: they specifically have a feature called Request API or something like that: check their Documentation this might help you I hope.
Related
I am trying to develop a chrome extension in which I need to use 3rd party Oauth2 authentication. The third party service I want to use, only supports POST requests. But it seems that the launchWebAuthFlow method in the Chrome Identity API, only supports sending GET requests, as all the query parameters are sent in the URL itself. Is this correct? If yes, how should I do authentication?
UPDATE : The API I want to connect is that of Pocket
Partially you're right about POST requirements. But it is only used to initialize Oauth flow.
According to the documentation:
1) You must make a POST request to obtain a request token from Pocket auth service
2) Redirect user to the auth page: https://getpocket.com/auth/authorize?request_token=YOUR_REQUEST_TOKEN&redirect_uri=YOUR_REDIRECT_URI
Which means that you have to make a simple XHR to retrieve request token and then you can use chrome.identity.launchWebAuthFlow function to begin Oauth flow.
Did you try launchWebAuthFlow? You may find that it works. Once authenticated, you can exercise the API via POST, using XMLHttpRequest. (launchWebAuthFlow only handles the authentication, not the API itself.)
I will explain in detail, I am trying to authorize the youtube my webapp. For that I post as below
https://accounts.google.com/o/oauth2/auth?
client_id=1084945748469-eg34p0an9fut6urp5.apps.googleusercontent.com&
redirect_uri=http://www.abc.com/site/video&
scope=https://gdata.youtube.com&
response_type=token
And youtube respond that request by JSON object
http://www.abc.com/site/video#access_token=ya29.AH6RkxRG81F7H9vZLcA4wmzzzgJlmBSduk-oDxom5w&token_type=Bearer&expires_in=3600
Now I want to send the access_token since this is hastag data I can't access it anyway using php on server side, I know I have to send it to server using AJAX or JSON somehow. Also I am using Yii framework if there is some Yii method I would be happy to use. If no choice I will use
I have written a mosync application that interacts with a REST we service. I am using the AMDownload package. Wat is the right way to send the json payload required by the REST API?
The HTTP 400 Bad Request perhaps happens because the MoSync Android runtime messes up the URL, causing the server to return this error. Alternatively, perhaps the MoSync Android runtime considers the URL to be wrong, and sends back the HTTP 400 Bad Request.
Is it possible for you to test on an Android device? To see if the result is the same.
Also, is it possible to find the exact URL/data sent to the server? Perhaps using some network monitor software. If you have access to the server, can you see the request it receives? If you would enter the same request in a client like the Firefox RESTClient, do you get the same response?
I'm currently working in HTTP JSON API for a touristic webapp. The webapp will be developed by a third-party company and it'll consume the API within the browser.
So I need for the API some sort of authentication to the third-party webapp can consume it. I've been researching a little bit about OAuth, but with this, I have a solution for a user-wide but not for application-wide authorization.
Because the webapp will consume the API within the browser(with Ajax), I'm concerned they will have to put the credentials to consume the API in the user browser.
Another solution would be place the credentials for the API in the server-side, but this don't depend on me.
You could always use something similar to google's method, with a client ID and then a private key used to generate a signature.
https://developers.google.com/maps/documentation/business/webservices#generating_valid_signatures
That page has some code samples as well.
I'm try to authorize to Salesforce APIs using the Chrome Extension OAuth Library, but I get the following response from Salesforce when I send a signed request using oauth.sendSignedRequest() method:
<response><error>LOGIN_OAUTH_INVALID_DSIG</error><message>Failed: Signature Invalid</message></response>
Any thoughts on what could be causing this?
Can you post your oauth object here.
I bet you are using 'consumer_key': 'anonymous',
'consumer_secret': 'anonymous',. You need to check weather Salesforce accepts consumer key and secret as anonymous or not.
I ended up creating my OAuth 2.0 Library for Chrome Extension that works fine with Salesforce. Ping me if you would like to get a copy of the library.