I'm using the Dropbox API in my Java desktop application. I implemented the authorization process with the redirect to localhost to get the access token.
Everything works perfect so far but if I later try to connect to Dropbox to share some files, an exception is thrown:
com.dropbox.core.DbxException$BadRequest: {"error": "v1_retired"}
So I think the retrieved access token is only an OAuth1 token. In the API bundle I found a OAuth1Upgrader to convert the token. But that seems a bit too complex.
So my question: Is there a way to get an OAuth2 token immediately during the authorization process?
Dropbox deprecated their v1 API on Sept 28th (see this post). All API calls from that day forward to v1 endpoints return a 400 error with the message:
{“error”: “v1_retired”}
as happened here.
They published a migration guide here. Reading through it, there's a mapping between the v1 endpoint you're probably using and the v2 endpoint you should be able to use to get the OAuth2 token:
/1/oauth2/authorize:/oauth2/authorize
Related
I'm stuck trying to call Google DecodeIntegrityToken API from my Android APP. There is no documentation or examples on how to do it.
I have completed the setup and managed to get an IntegrityToken up to this point.
The setup: https://developer.android.com/google/play/integrity/verdict
Here I found calling the API in LARAVEL: Decode integrity token using Google PlayIntegrity API
and this one in .NET: How to get a decoded Play Integrity API token using the Google Client API for .NET
But how can I call it from Java? There is no information. I can't find a way to call the API to decode the Integrity Token.
The response you can decode using Java based hosted service. The integrity token can be sent to the Google server from hosted service and you can verify the response received from google. Enable PlayIntegrity API in Google Cloud Platform against the app and download the JSON file and configure the code. Similarly, you should enable PlayIntegrity in Google PlayConsole
Please check my answer
For those who are looking for the node.js solution check my answer here
Decode integrity token using Google PlayIntegrity API
UPDATE 2
SOLVED, I was missing Header String tutorial instructions at https://developer.twitter.com/en/docs/basics/authentication/guides/authorizing-a-request.html
Answer to my question: Headers must not contain any json data.
Here's my fully functional project, just insert your credentials and you are ready to send Twitter direct messages:
https://github.com/ricarrrdo/gs-rest-service
Note: I'm using Spring deprecated AsyncRestTemplate, so if someone knows how to use the new WebClient, please upgrade restASyncClientBody() method inside Application.java - it would be much appreciated!
UPDATE 1
https://github.com/ricarrrdo/gs-rest-service/blob/master/src/main/java/hello/Application.java#L2-L12
This link above is my spring boot project which recreates Twitter given example at https://developer.twitter.com/en/docs/basics/authentication/guides/creating-a-signature.html to authenticate and authorize a API request.
It's working fine, just compile/run with mvn spring-boot:run and watch console output.
You can check lines 41-52, which are the same parameters used in Twitter example.
Problem/Question
I'm trying to send a Direct Message on Twitter via Twitter API but I keep getting Bad Authentication data error. How should I change my code to be able to send direct messages?
I mean: In https://developer.twitter.com/en/docs/basics/authentication/guides/creating-a-signature.html there's an example with how to create a valid Oauth header using x-www-form-urlencoded parameters. But how can I create valid Oauth headers when sending Json?
Twitter tutorial for direct messages here -
https://developer.twitter.com/en/docs/direct-messages/sending-and-receiving/api-reference/new-event
Notes
Authorization header needed to send a direct message:
authorization: OAuth oauth_consumer_key="YOUR_CONSUMER_KEY",
oauth_nonce="AUTO_GENERATED_NONCE",
oauth_signature="AUTO_GENERATED_SIGNATURE",
oauth_signature_method="HMAC-SHA1",
oauth_timestamp="AUTO_GENERATED_TIMESTAMP",
oauth_token="USERS_ACCESS_TOKEN", oauth_version="1.0"
I've successfully implemented user login in my android app with Google Identity Toolkit. I've also created an App Engine Endpoint to communicate from the Android app. Now I want to secure the endpoints with auth.
I know I can create a custom Authenticator for endpoint and do any kind of verification of the data in request header in there and get the job done.
But I don't know how to do the Gitkit verification there.
Basically
What data should I pass to reach endpoint calls from Android app?(token ID?)
What should I do in the custom Authenticator of endpoint to ensure the requests are valid?
I saw people suggesting to use Session or cookies. Will these work if I'm using the endpoint from Android app? If yes please give me some reference on how it can be done.
Gitkit tokens are JWT format, so you validate them on server-side just as any other JWT token.
See example documentation on how to validate JWT here: https://developers.google.com/identity/sign-in/web/backend-auth It's the same format.
I have also my own project to integrate it with Jersey server:
https://github.com/dlazerka/gae-jersey-oauth2. It uses recommended com.google.api-client library to actually verify the token.
I'm building a backend for my Android app using GAE, and I'd like to authenticate users with their Google accounts, sent from the Android app.
Before OAuth2, you were able to use a Cookie retrieved from the _ah/login endpoint to authenticate users into your web app, but that method is deprecated and I'd like to be able to use the updated OAuth2 method.
In my Android app I've been able to generate a JSON Web Token using the following line:
String jwt = GoogleAuthUtil.getToken(FamiliarActivity.this, Plus.AccountApi.getAccountName(mGoogleApiClient), "audience:server:client_id:1234567.apps.googleusercontent.com");
or an OAuth token:
String oauth2 = GoogleAuthUtil.getToken(FamiliarActivity.this, Plus.AccountApi.getAccountName(mGoogleApiClient), "oauth2:server:client_id:1234567.apps.googleusercontent.com:api_scope:https://www.googleapis.com/auth/plus.login");
Either, manually, I can pass to my API and validate against Google. But I haven't been able to figure out a way to use a token like this to trigger authentication in GAE like the Cookie used to. The documentation seems to indicate passing it as a header: Authorization: Bearer <TOKEN> but that doesn't seem to work.
What is the correct way to retrieve and pass a token to my GAE endpoint so that it authenticates the user?
The correct and documented way to accomplish this is to:
1) Create an OAuth protected endpoint with the
https://www.googleapis.com/auth/plus.login
or
https://www.googleapis.com/auth/userinfo.email
scope and authorized Client ID for the Android client app.
2) Generate client library and integrate with your app.
I Started working on Android Development for a while now. According to the tutorials im following im trying to retireve JSON info from the Twitter API...
As it was instructed in the tutorial, this is the code to use:
"http://api.twitter.com/1/statuses/user_timeline.json?screen_name=write the username"
HOWEVER, i got a response saying that the API is no longer available and i should migrate to API v1.1.
Could anyone please help on what to do to replace the url i was instructed to use??
NOTE
When i used the new url from API v1.1 : "https://api.twitter.com/1.1/statuses/user_timeline.json?screen_name=twitterapi&count=2"
i get the following:
"{"errors":[{"message":"Bad Authentication data","code":215}]}"
Old Twitter API did not require Authentication for retrieving user_timeline, but v1.1 requires authentication to retrieve data(https://dev.twitter.com/docs/api/1.1/get/statuses/user_timeline). According to Twitter API document user authentication is required for all the API v1.1 requests.
You can read more about authentication here
https://dev.twitter.com/docs/auth/oauth#v1-1