I'm trying to get a refresh token for Google through Oauth.io but I'm having trouble finding the endpoint to send the code to. I'm using C# so I can't use the server-side SDK. I've also looked at Getting refresh tokens from Google with OAuth.io but that answer doesn't help me get the actual refresh token. I've looked at their server-side flow documentation which tells me I can get my refresh token at /auth/access_token but when looking at the web API documentation I don't see that endpoint listed.
I've also looked at their example here and I don't see the endpoint they use listed on the API documentation either. It also doesn't say which key/secret to use with that request - is it the one listed for my OAuth.io app, or is it the one for my provider (in this case Google)?
Any help going forward would be greatly appreciated.
I've just updated the documentation on docs.oauth.io, it was effectively /auth/access_token.
Take a look at the node.js SDK implementation: https://github.com/oauth-io/sdk-node/blob/master/coffee/lib/authentication.coffee#L99
The request is a POST on https://oauth.io/auth/access_token and require 3 parameters:
code : the code to be exchange against the access token / refresh token
key : the OAuth.io public key
secret : the OAuth.io secret key
Related
Let us assume :
An iframe embedded in a webpage for chatting with Bot.
Every time we refresh the page, a new conversation ID is assigned(c# bot solution with SDK's being used provided by microsoft. Microsoft Bot builder).
I need to get a token(secret) for the specific conversation ID mentioned above.
Note : we already have the conversation ID and Direct line secret on Azure, using these i need to get token to send messages to chat window asynchronously.
How do i get the token using Direct Line API 3.0, any ideas?
If you want to generate token you can do this way
Refer this More HelpFull
Generates a token that is valid for one conversation.
POST /v3/directline/tokens/generate
Refreshes the token.
POST /v3/directline/tokens/refresh
Whole Description
I have found a way to do the same,
Please refer https://learn.microsoft.com/en-us/azure/bot-service/rest-api/bot-framework-rest-connector-send-and-receive-messages?view=azure-bot-service-3.0
We need to make use of serviceUrl
I'm very new to APIs and I need a GET request to this api called WordTracker. WordTracker gives me an app id and an app key to authorize usage of their api. I've searched everywhere on how to authorize api request but none are working for me. I continue to get a 403 forbidden error. If anyone can help me or could just give me a template to authorize, I would really appreciate it. I'm using c# on a windows form application.
The documentation states that you need to pass the app_id and app_key in the query string. Hence, you should try to append them to your GET-request, e.g.: http://url?app_key=xxx&app_id=yyy.
I would like to post to my company Yammer feed from Console C# application.
Before, I created Javascript and Rest Application. But now, I do not know How to get access Token.
I tryed to use HttpWebRequest Class to Endpoint
https://www.yammer.com/dialog/oauth/?client_id=[my_client_id] &response_type=code&redirect_uri=[redirect_url]
However, Httpresponse Not contain "code".
Someone who know get access token, please tell me how to get access token.
There are a number of ways to get a sample token. You can now generate one within the screen where you created your client application. Go to https://www.yammer.com/client_applications/ and select the app you want to get a token for.
There is a link for 'Generate a developer token for this application'
For the API request you have listed I think the user would need to authenticate first then get a dialog box to accept\reject the app which would then redirect to get the code to exchange for an access token.
Docs are here:
https://developer.yammer.com/docs/oauth-2
So, I've basically got this working, except for one issue. I've got a google service account set up so it can access our domain contacts. And it can batch query them perfectly!
But if I call cr.Retrieve("some-contact-url-here"), it throws an error griping about not having a Refresh token. I'm using a service account though, so I don't get a refresh token when I authenticate.
And I can't seem to find any good answer as to how I'm supposed to get a refresh token for a service account. There's one or two stackoverflow posts which actively mention getting a refresh token with a service account....but what they linked to has since been redirected. Anything else I've found to do with refresh tokens has basically been about authenticating manually and storing the token. Because I need to use a Service Account, that is not a possibility.
A service account's credentials, which you obtain from the Google Developers Console, include a generated email address that is unique, a client ID, and at least one public/private key pair. You use the client ID and one private key to create a signed JWT and construct an access-token request in the appropriate format. Your application then sends the token request to the Google OAuth 2.0 Authorization Server, which returns an access token. The application uses the token to access a Google API. When the token expires, the application repeats the process.
Check this page for more information.
Ok, based on several hours of bashing my head violently against the API, it looks like there's basically no way to get a refresh token when you're authenticating as a Service Account. Expected behavior, really.
Anyway, to get around the issue, you can load all of the contacts into memory,
feed.AutoPaging = true;
foreach (var c in feed.Entries)
{
contactList.Add(c);
}
And you can update|delete|etc then. Grossly inefficient though. Especially if your contact list gets rather big.
I've created a web application that uses the OAuth authentication and universal connectors as explained in this tutorial, and started to fiddle around a little to add support for other providers like Yahoo and LinkedIn. So the authentication part works and users are created in the asp.net Membership provider. Also, all the providers return the accesstoken which I supposedly can use to retrieve more information regarding the user.
I'd really like to acquire the profile image, but it seems every provider has a different way of requesting this information. Twitter even describes a way to authorise every request by changing the HTTP header information.
Whilst reading this information on the websites of the various providers I was wondering whether this functionality isn't also already included somewhere in DotNetOpenAuth.AspNet or Microsoft.AspNet.Membership.OpenAuth implementation.
How can I use DotNetOpenAuth.AspNet and/or Microsoft.AspNet.Membership.OpenAuth to request the profile image of the loggedin user using the just acquired accesstoken?
UPDATE in response to Leo's answer
I use the following code to make a call on LinkedIn's API.
string accessToken = extraData["accesstoken"]; // Extra Data received from OAuth containing the accesstoken.
WebRequest request = WebRequest.Create("https://api.linkedin.com/v1/people/~:(id,first-name,last-name,date-of-birth,email-address,picture-url)?oauth2_access_token=" + accessToken);
using (WebResponse response = request.GetResponse())
{
// do something with response here.
}
Error message is "The remote server returned an error: (401) Unauthorized.".
What am I doing wrong?
The answer is simple...you can't use any of these. These are wrappers of OAuth and OAuth only specifies how you can authenticate a user. Now, to request the user's profile photo you will need to use the external provider's own API and you will need most likely a valid access token. So, you will need to use one of these implementations of OAuth to authenticate a user and the recieve an access token, store the access token somewhere (usually a cookie) and then use the access token to make sub-sequent calls to the provider's APIs. Examples and links....
Facebook's Graph API allows you to retrieve users profiles
https://developers.facebook.com/docs/graph-api/quickstart/
notice that all examples in the link above will require you to include the access token in a parameter named access_token, for example
https://graph.facebook.com/me?method=GET&format=json&suppress_http_code=1&access_token={your-access-token}
Google...
https://www.googleapis.com/oauth2/v3/userinfo?access_token={your-access-token}
LinkedIn...
https://api.linkedin.com/v1/people/~:(id,first-name,last-name,date-of-birth,email-address,picture-url)?oauth2_access_token={your-access-token}
You can get more specific information from these providers' websites
Let me know if you have any other doubts I might be able to help you since I have implemented stuff like these before.
Cheers, Leo