Maybe title is not that clear but..
I have created a POST query that works in Postman using OAuth 1.0 authentication.
Mu calls are made to url:
https://lo.enghist.liveperson.net/abc/api/def/1234567/ghi/search
How does postman know all other urls - to request token url etc.
I’m trying to rewrite it in a custom C# app but have no idea how to track what happens when I click send - if I go to Developer Console I only see the final request with final params that were obtained somewhere?
Is it always sth default like:
https://lo.enghist.liveperson.net/oauth/request_token
Answering myself:
I didn't correctly understand OAuth 1.0. I first thought that there is a different URL that we make calls to receive the token which we then use to make the final call. This is not the case, we create our token using secrets, nonce (random string) and few other rules, then it's all hashed and sent to WebService which does the same and compares both values.
Postman now provides you with code - below the button "Send" there is a link "Code" which gives you so many languages and one of them is C# using RestSharp.
Regarding above, it sadly shows a semi working solution - quite a lot of logic is skipped and all the values are precalculated so I was thinking I need to calculate them myself even if RestSharp can do that for you, please check my final working code here:
https://stackoverflow.com/a/64819771/1619684
Related
Morning all,
I've not posted on SO for quite some time, but I need to ask the question, I’ve spent a day and a half trying to get this to work - it’s super frustrating considering I managed to implement v2 with posting a tweet in 2 - 3 hours but because I need the media endpoint (does not exist in v2), I rebuilt my flow into v1 to upload media.
Ok, so my app allows the user to authenticate with twitter and tweet/upload media. I’m using (I think) the 3-legged oauth flow.
Currently, the flow is :
https://api.twitter.com/oauth/request_token - 200 status code and I
confirm the callback URL
I use the access token from step 1, and then call/redirect
https://api.twitter.com/oauth/authorize?oauth_token={accessToken}
this obviously redirects to my endpoint.
I extract the oauthToken and oauthVerifier and call:
https://api.twitter.com/oauth/access_token, this returns an
oauthToken and oauthTokenSecret, I store the values.
All of the above conforms to what is in the docs, but when I use the stored values from step 3 to post a tweet I get unauthorized.
The signing logic works because it’s what’s used in “Request access token” - with a couple of changes.
I'm learning more towards a flow issue due to trying various nuget packages(tweetinvi in particular) and I get exceptions in those too.
Any help is greatly appreciated.
Not really an answer per-se, but rather notable actions.
At this point in time, you cannot upload media with V2 of the API, whilst you can integrate quite quickly and send a tweet, it's almost pointless without media.
So, you'll need to build/integrate with V1.
The unknowns and curve balls:
The most important! V1 requires elevated access! Which you'll need to
apply for, not all get accepted! but V2 just integrate and tweet with
no elevated access - very strange.
Always ensure to read the resp correctly, and try few times in code, postman,
fiddler etc. Whilst the resp contains a collection of errors object,
you'll never get a collection of errors.
If you're not using any sort of package/library, pay close attention
to crafting the request signature - it's a pain.
So I've been working on an api that, using RESTful, allows the user to get data from a database. Pretty simple, URL is along the lines of local:port/projects/[id of project]. The api returns some xml with 4 or 5 results.
What I'm having trouble with is PUT. As far as I understand it, I should use the same url, but use the PUT request method, and include the data that I want sent in a parameter. The problem seems to be that when I run the PUT, it just returns the same data as a GET.
I'm using the following site to test this: wst dot mytechlabs dot com (won't let me post two links here;?)
The code for my controller is located here: http://pastebin.com/3HXXR4YY
Thanks in advance, I'll monitor this, so let me know if I forgot any info that would help.
I'm using Google Apis, instead of Google Sign In, to connect to Google on my app because I'm developping with Xamarin.
This is the library I'm using : https://github.com/xamarin/google-apis
When I'm logging in, i get this error :
Authentication Error
Unexpected character '<'. At line 1, column 0.
Maybe it's because my AccessTokenUrl is not good, but I've tried many things. I know for a fact that my ClientId, my RedirectUrl and my Secret are okay.
When logging in, Google asks correctly for the good permissions that I want, but after I accept, this is when I receive the error.
I've tried finding the request to see if there was the '<' in it but had no luck accessing it.
Is there a good way to connect to Google with Xamarin using this library or I'm just doing something bad?
Should I just do it nativaly on iOS and Android?
Thanks
I just encountered a similar problem using Xamarin.Auth to hit a custom OAuth service (i.e. not Google). In my case, the accessTokenUrl pointed to an action on a controller that was entirely protected by the [Authorize] attribute. Naturally, the user was required to login before hitting the /oauth/authorize endpoint using a web browser, but the request to /oauth/token to exchange the resulting authorization code for an access token was not inside the same web browser/session. It was trying to get back token data in JSON format but was being redirected to an HTML login screen. Once I changed the token endpoint for anonymous access, things started working (Note: A valid authorization code cannot be obtained without authenticating).
General Recommendations
The error message strongly suggests that the response coming back is HTML (or at least some form of XML). This could be an authentication redirect as it was in my scenario, or possibly some sort of error page. I would first start by setting up a proxy. I used Charles Proxy to uncover some interesting information. You will need to configure SSL on the proxy to see anything except high level information. This will show the exact requests coming out of your app to the OAuth application.
Another technique I used was simulating the requests that the OAuth2Authenticator would be making in a web browser and/or Postman. The first request would be to authorize:
https://your.domain.here/oauth/authorize?client_id=<some_client_id>&redirect_uri=https%3A%2F%2Fyour.domain.here%2F&response_type=code&scope=<some_scope>&state=<some_state>
That endpoint should be protected, so you will likely be redirected to something like this:
https://your.domain.here/Account/Login?returnurl=%2Foauth%2Fauthorize%3Fclient_id%3D<some_client_id>%26redirect_uri%3Dhttp%253A%252F%252Fyour.domain.here%252F%26response_type%3Dcode%26scope%3D<some_scope>%26state%3D<some_state>
After authenticating, the authorize endpoint should redirect to your redirect URI with the authorization code and state included as query string parameters. You will use the code in the next step.
Lastly, using a fresh web browser (i.e. new session), you should hit the token endpoint with your new authorization code and other client information.
https://your.domain.here/oauth/token?client_id=<some_client_id>&client_secret=<some_secret>&grant_type=<your_grant_type>&code=<your_authorization_code>&redirect_uri=https%3A%2F%2Fyour.domain.here%2F
If the response is not JSON data, it should give you an indication about what is failing with Xamarin.
Got the same error.
Solved by using https://accounts.google.com/o/oauth2/token as AccessTokenUrl
I have been trying to establishing an integration with twitter, what i need is just below features.
I should be able to extract all the tweets for my account and display it in my application.
I should be able to post status when i enter a text in my textbox and click on submit.
I have tried multiple ways, even used 3rd party Libraries like TweetSharp(it worked pretty well.) As i need to deliver this to a client, i dont want to use any third party tools, as there will be no one to support in case of any issues.
First think it should be completely free. So i have tried using OAuth as explained in the below link. i have updated the twitter api version to 1.1 and added my Consumer Key, Secret, AccessToken and Secret. I executed the application. To my surprise, my message was posted on to the twitter. but when i changed the status and executed again, it stopped working and it keep gives my un authorized error.
The example i m following might not be the complete one, may be i need to regenerate a access key and do something else. I m confused. can you please help me how i can proceed further and with link to any post with complete code.
http://www.codeproject.com/Articles/247336/Twitter-OAuth-authentication-using-Net
Thank you.
Every status must be unique, or you'll receive an error. For this reason, I append the date/time to the end of the tweet when testing.
BTW, if you ever change your mind about 3rd party libraries, check out LINQ to Twitter.
Just for Info:
New API is more strict while sending headers and creating Signature.
Make sure you fulfill these requirements:
Header values should be in sorted order(lexicographically)
GET Request:
Header should not include any querystring values.
Signature base should contain all values including querystring values
POST Reqeust:
Header should include post parameter values.
Signature base should contain all values including parameter values
Post request Url should append all prameter values in QueryString and requst should be sent to that
This should solve most authorization issues.
How do you use the Twilio sandbox mode with C#? I have a ashx.cs file that I am using to write my code. Would I put it there? If so, what does that look like?
There is no real great examples on their website on how to do this except for CURL and Ruby.
We are using TwiML to general an XML file tha t parses our data to send back and forth to the Twilio service. We don't want to be charged every time we send a test text message.
How would we set the Sandbox up so we could do some testing.
I found the Test auth Token and account Sid, but how do I use those?
We don't have them in our current application and we are specifying our .ashx page in Twilio to process our code.
Thanks in advance.
Twilio evangelist here.
So if you just want to test that your ASHX handler is generating the right results the easiest way to do this is to just fake a POST or a GET request to that handler. This lets you simulate the GET or POST request that Twilio will make to your app when it gets a text message.
You can see the parameters that Twilio will pass to your app when it receives a text message here:
http://www.twilio.com/docs/api/twiml/sms/twilio_request#synchronous
There are a whole bunch of ways to simulate these requests. cURL is one of them. If your ASHX is expecting query string values, you can also just load the ASHX directly in the browser and append those values in the URL. If the handler is expecting a POST request, I used a chrome plugin called Simple REST Client to make these.
Of course you can also Fiddler to make just about any HTTP request.
The Test Credentials really are more for simulating the use of the REST API (programatically sending SMS messages). I just wrote a blog post that shows how to use the test credentials to create integration tests:
http://www.twilio.com/blog/2013/05/automating-twilio-integration-tests-with-test-credentials.html
Hope that helps.
Devin