How can I enable the file upload permission? - actionscript-3

I'm trying to upload images generated in my Flash application to an album on Facebook. This was working earlier in the year, but revisiting the code I now get the following OAuthException:
(#324) Requires upload file
I am using the most recent version of the ActionSccript Facebook API. The setup works like this:
First I do the authentication check with PHP to ensure users have granted permission before having to wait for the Flash to load. I'm requesting the publish_stream and user_photos permissions. The access token comes back correctly.
Once the user is authenticated the Flash is loaded and performs its own initialisation, passing fileUpload=true as part of the init object:
var initObject:Object = {
channelUrl : "myChannelURL.html",
fileUpload : true
}
Facebook.init(
'myAppID',
myCallbackFunction,
initObject,
myAccessToken
);
This seems to work as expected, the callback receives the uid of the current user.
At the end of my application I POST a Bitmap object to a predetermined album:
Facebook.api(
albumID+"/photos",
onImagePost,
{
message:"",
image:new Bitmap(myBitmapData),
fileName:''
},
URLRequestMethod.POST
);
At this point Facebook returns a 400 response:
"error": {
"message": "(#324) Requires upload file",
"type": "OAuthException"
}
What more do I need to do to ensure that this permission is being included?

It turns out that this was not a permissions error at all. Since I last deployed this code Facebook have tightened up their restrictions a bit, and the fileName parameter passed as part of the api call can no longer be an empty string. Simply passing any old text as a file name fixes the problem.
Facebook.api(
albumID+"/photos",
onImagePost,
{
message:"",
image:new Bitmap(myBitmapData),
fileName:'FILE' // required to be non-empty
},
URLRequestMethod.POST
);

Im not sure if this is a solution that can be translated into the Actionscript SDK... But, with the PHP SDK there is a method inside the facebook SDK that is called setFileUploadSupport - try looking in the code for a place to set that parameter to true.

Related

Chrome.identity works perfectly without asking for credentials

I have implemented the chrome.identity launchWebAuthFlow to authenticate users of a web extension against an oauth2 provider and the entire flow works perfectly, I receive the access token back in the redirect URL, I extract the token using a regex and then it is valid and accepted to query the APIs.
However, I do not understand why it does not prompt anymore for credentials when I launch again the launchWebAuthFlow. Instead, it retrieves another (valid !) token in the background. Don't get me wrong, I like this, and I prefer it works in the background, but I just don't understand how. Even after clearing all cookies and local data, when I launch the launchWebAuthFlow again it just works in the background without asking for credentials...where are they stored?
Also, not sure if that helps, but my flow is the following:
extension ->oauth2 server->azure ad SSO->enter credentials->redirect to extension
So the real authentication is managed by Azure AD. However, even when I'm signed out from Microsoft, the extension keeps getting a valid auth token when the below code is triggered and without asking for credentials...so the credentials must be stored somewhere...
chrome.identity.launchWebAuthFlow(
{
url: dev.identity_url(),
interactive: true
},
function (responseWithToken) {
// the access token needs to be extracted from the response.
console.log(responseWithToken);
let token = responseWithToken.match(/(?<=access_token=).*(?=&token_type)/);
token = token[0];
chrome.storage.local.set({ "auth-token": token }, function () {
console.log(`Access Token has been saved: ${token}`);
});
}
);

VimeoUpload not re-authenticating After Deletion of App Access on Vimeo.com

I was able to connect and upload videos using the library but when I deleted the app connection on Vimeo.com (as a test) the app didn't authorize again.
the upload looks like it's working but nothing is uploaded as the app is no longer connected.
I deleted the app on the phone and restarted but it still won't re-authorize the app.
This comes up in the output:
Vimeo upload state : Executing
Vimeo upload state : Finished
Invalid http status code for download task.
And this is in OldVimeoUpload.swift: ( didn't include the actual access code!)
import Foundation
class OldVimeoUpload: VimeoUpload
{
static var VIMEO_ACCESS_TOKEN :String! // = "there's a string of numbers here"
static let sharedInstance = OldVimeoUpload(backgroundSessionIdentifier: "") { () -> String? in
return VIMEO_ACCESS_TOKEN // See README for details on how to obtain and OAuth token
}
// MARK: - Initialization
override init(backgroundSessionIdentifier: String, authTokenBlock: AuthTokenBlock)
{
super.init(backgroundSessionIdentifier: backgroundSessionIdentifier, authTokenBlock: authTokenBlock)
}
}
It looks like the access token number is commented out. I deleted the 2 forward slashes to see if that would fix it but it didn't.
I spoke too soon.
It sounds like you went to developer.vimeo.com and created an auth token. Used it to upload videos. And then went back to developer.vimeo.com and deleted the auth token.
The app / VimeoUpload will not automatically re-authenticated in this situation. You've killed the token and the app cannot request a new one for you. You'll need to create a new auth token and plug it into the app.
If this is not accurate and you're describing a different issue let us know.
If you inspect the error that's thrown from the failing request I'm guessing you'll see it's a 401 unauthorized related to using an invalid token.
Edit:
Disconnecting your app (as described in your comment below) has the same effect as deleting your auth token from developer.vimeo.com.
Also, VimeoUpload accepts a hardcoded auth token (as you see from the README and your code sample). It will not automatically re-authenticate, probably ever.
If you'd like to handle authentication in your app check out VimeoNetworking or VIMNetworking. Either of those libraries can be used to create a variety of authentication flows / scenarios. Still, if a logged in user disconnects or deletes their token, you will need them to deliberately re-authenticate (i.e. you will need to build that flow yourself). In that case, the user has explicitly stated that they don't want the app to be able to access information on their behalf. It would go against our security contract with them to automatically re-authenticate somehow.
Does that make sense?

How to set description in the BoxFileUpload request?

I am using the Box windows V2 SDK to upload files to my Box account using the following code:
BoxFileRequest request = new BoxFileRequest()
{
Parent = new BoxRequestEntity() { Id = "0" },
Name = attachment.Name,
Description = "This is failing to be sent..."
};
client.FilesManager.UploadAsync(request, new MemoryStream(attachment.FileContent)).Result;
Uploading the file works great. However, I can not get the description field sent to the box server. Is it possible to upload a file with a description, or do I have to call FilesManager.UpdateInformationAsync after the file has been uploaded to accomplish this? It would be nice if this was an option so I could reduce the number of API calls..
The description must be set in a separate API request after uploading the file.
We have heard reusing some of the request objects may cause some confusion on what can be done with each request. We are evaluating whether or not this should be changed

FaceboookDesktop user stays logged in after I call FaceboookDesktop.logout

Having the same issue as this user
As3 Graph API Logout
and this user
Facebook Kiosk Logout
Using the AS3 FacebookDesktop SDK for an AIR desktop based kiosk application
http://facebook-actionscript-api.googlecode.com/svn/release/current/docs/com/facebook/graph/FacebookDesktop.html
I can login, upload successfully.
Additionally when I call
FacebookDesktop.logout(handleLogout, APP_ORIGIN)
the response object returned in handleLogout = success
I have also defined APP_ORIGIN to = the same url associated with my APP_ID.
and set FacebookDesktop.manageSession = false
The problem is the user stays logged in after I upload and I need to log them out automatically after each upload.
This solution suggests targeting logout.php passing the ACCESS TOKEN.
https://stackoverflow.com/questions/7771821/log-out-from-facebook
But I don't have an access token, only a user ID.
Can anyone suggest a solution that works with an AIR desktop application?
see this thread
https://code.google.com/p/facebook-actionscript-api/issues/detail?id=206
'I had this problem and i solved using this workaround, you have to
download the source code of the 1.7 dist. Then open the
FacebookDesktop.as file and look for the logout function (not the
static one), then find the value 'params.next =
"http://static.ak.fbcdn.net/connect/xd_proxy.php#origin="+(appOrigin?appOrigin:"")'
and change it to 'params.next = "http://www.facebook.com/"'.

AS3.0 facebook api: getSession() returns null for user name

I'm starting a facebook app using iframe method.
I am using flex and so far I am able to connect to fb (login and out). Now I am trying to retrieve current logged in user name. In the document I see this function is what I need. Facebook.getSession().
A tutorial in adobe site uses desktop api and it works for desktop (AIR app) but not for web app. (yes, i fixed Facebook.getSession() instead of FacebookDesktop.getSession();
Also, I am able to see the uid but not the user. User returns null. I am guessing this is because uid is a string and user is an object. But on the desktop app, FacebookDesktop.getSession().user.name returns the name perfectly. but on the web, it does not.
Any help on this would be appreciated because I have been banging my head on this for 2 days.
It turns out that when you use FacebookDesktop to log in, it automatically makes an API call to the me object to get the information about the user. For some reason the Facebook class does not do this for you. In your login handler, you have make the call. So your login handler will contain something like:
if (success)
{
Facebook.api("/me", api_getMeHandler);
}
Once you get the /ME object you can directly read the user name:
protected function api_getMeHandler(result:Object,fail:Object):void{
// load name and birthday
var fbName:String="";
if( result.name != null) {
fbName = result.name;
bottomLabel.text = fbName + "Logged IN";
}
else {
bottomLabel.text = "User Name NULL";
}
}
I am working with the 1.5 Version, which includes the AS class wrapper for JS.