I am creating a new application in Twitter Twitter API
It is asking for CallBack Url what is main use of callback URL and its mandatory to use callback url as for me i am creating new app to get Access-Token so that i can use this to work with Twitter4j?
Twitter4j is used to integration Twitter API with Java.
I want following from this API
Login in my website through Twitter Like Stackverflow given login with OPENID
User Information
Number of follower
All Tweets of any account
Search on some Keyword basis
If i will not give Callback Url everything will work fine?
The purpose of the API is for you to make requests to Twitter.
Twitter needs to know where to send the results of your request.
Otherwise how will you know what happened? This is how you get the token to use it in your code.
Related
I start oAuth2 with Facebook from client side and I get code after successful user login. Now I want exchange code for an access_token like here: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow
How can I exchange code for token? I need do REST GET Request with WebClient or do simple redirect with Spring Controller? I want to do this without any external library.
My flow I think should look like:
User clicks Login with Facebook
Redirected with code to backend
Gets code and exchanges for a access_token
Call Graph QL for user data
Save user data, generate JWT and back to frontend.
From the question I understand you need to basically implement Authorization code flow of the OAuth2.0 protocol.
After you receive code, you have to exchange it for a token. For this you would have to send a POST request(through your spring controller) to access token endpoint of Facebook. With this you would have to send additional details like client_id, client_secret which you have received when you created a fakebook client application.
PS:I understand you might have constraints with using third party libaries to achive this, but have a look at this awsome open-source library.
I've successfully implemented user login in my android app with Google Identity Toolkit. I've also created an App Engine Endpoint to communicate from the Android app. Now I want to secure the endpoints with auth.
I know I can create a custom Authenticator for endpoint and do any kind of verification of the data in request header in there and get the job done.
But I don't know how to do the Gitkit verification there.
Basically
What data should I pass to reach endpoint calls from Android app?(token ID?)
What should I do in the custom Authenticator of endpoint to ensure the requests are valid?
I saw people suggesting to use Session or cookies. Will these work if I'm using the endpoint from Android app? If yes please give me some reference on how it can be done.
Gitkit tokens are JWT format, so you validate them on server-side just as any other JWT token.
See example documentation on how to validate JWT here: https://developers.google.com/identity/sign-in/web/backend-auth It's the same format.
I have also my own project to integrate it with Jersey server:
https://github.com/dlazerka/gae-jersey-oauth2. It uses recommended com.google.api-client library to actually verify the token.
Hello everyone!
I am writing an application in Java which retrieves information from Instagram server by their API, accumulates it and builds a visualization map.
The problem is that I cannot automate the authentication process. The official Instagram API documentation states that:
In order to receive an access_token, you must do the following:
Direct the user to our authorization url.
If the user is not logged in, they will be asked to log in.
The user will be asked if they would like to grant your application access to her Instagram data.
The server will redirect the user in one of two ways that you choose:"
So it is a compulsory step for a user to login manually into his/her account. I believe that this is done in order to grant permissions to an app that uses Instagram API on behave of a user, for example, if it makes some posts in his/her account. However, I am not going to use any user's personal account. In fact I set up a seperate account for my application and registered the app (I got client_id, client_secret and set the redirect_uri). So I want only to use those credentials in order to get updated access token and make some REST API posts to Instagram.
What I do now, I make a GET request, receive back a login html page, parse it, insert my account credentials and after I make a POST request I receive the 400 code:
Sending 'GET' request to URL : instagram.com/oauth/authorize/?client_id=CLIENT_ID&redirect_uri=localhost&response_type=code
Response Code : 200
Extracting form data...
Sending 'POST' request to URL : instagram.com/oauth/authorize/?client_id=CLIET_ID&redirect_uri=localhost&response_type=code
Request content:CONTENT&username=LOGIN&password=PASSWORD&=Log+in
Response Code : 302
Sending 'POST' request to URL : www.instagram.com/oauth/authorize/?client_id=CLIENT_ID&redirect_uri=localhost&response_type=code
Request content:CLIENT_ID&username=LOGIN&password=PASSWORD&=Log+in
Response Code : 400
I don't understand why am I redirrected one more time. I am assuming that is because some security issues, maybe some hidden fields... do you have any ideas?
I appriciate any ideas and possible solutions to the problem. Thanks!
As i can understand from the requests it uses oath protocol which is common for google , twitter and more popular site authentication protocol.
Why not trying an oath library such as
https://github.com/google/google-oauth-java-client
For the moment I'm just trying to get up a simple driver in Java to hook into the Twitter streaming API and gather some tweets. But the sample code provided on the twitter4j site doesn't work and it provides little direction as to how to properly authenticate to Twitter.
For now this is what I have (literally copied from the site):
http://pastebin.com/7udeFT9i
I did it programmatically this time, but obviously it doesn't authenticate with nothing but *'s. But I'm not sure what values to put into the ConfigurationBuilder. I've seen some that have hardcoded values and others that call a getter from a Twitter instance, but in general I'm just not sure what Twitter needs for me to be able to access the stream.
Use Scribe -
https://github.com/fernandezpablo85/scribe-java
You need to use OAuth to access twitter programmaticly. You should start with the Twitter OAuth docs:
https://dev.twitter.com/docs/auth/oauth/faq
I'm trying to write a facebook application using Java tomcat with RestFB.
the restfb documentation shows the following:
Create a Facebook Application
Request https://graph.facebook.com/oauth/authorize?client_id=MY_API_KEY& redirect_uri=http://www.facebook.com/connect/login_success.html& scope=publish_stream,offline_access,create_event
Facebook will redirect you to http://www.facebook.com/connect/login_success.html? code=MY_VERIFICATION_CODE
Request https://graph.facebook.com/oauth/access_token?client_id=MY_API_KEY& redirect_uri=http://www.facebook.com/connect/login_success.html& client_secret=MY_APP_SECRET&code=MY_VERIFICATION_CODE
Facebook will respond with access_token=MY_ACCESS_TOKEN
I think that i may be looking at the wrong instructions and this is for a facebook connect or anything else besides an actual facebook application inside apps.facebook.com/app_name.
I would really appreciate any relevant information regarding the issue. I'm simply trying to create a simple facebook application that prints the name of the user.
In general after I fetch the acces token of the user i can do the following:
FacebookClient facebookClient = new DefaultFacebookClient(MY_ACCESS_TOKEN);
User user = facebookClient.fetchObject("me", User.class);
out.println("User name: " + user.getName());
My problem is how do i properly fetch the access token of the user? in the information i showed at the top of the post, it shows that i need to make 2 requests. the first for the code and the other for the acess token. and the request for the access token actually reveals my app secret key to the user because each time i forward him to a different page the user can easily view the get and set parameters.
so i guess i'm pretty lost here.
please help! :)
thanks
update after comments
with these instructions i need two times to redirect the user's page. first to get the code and then to get the access token. the user can see these two redirections and because of that he can easily see the facebook application key and secret key from the get parameters. how do i make sure that these steps are hidden from the user?
As stated in the comments, these are the steps you need to take to access Facebook's graph API. However, to answer your second question:
"How do I make sure that these steps
are hidden from the user?"
Only the first request should be performed by the user's browser. The purpose being that Facebook wants to make sure it is the sole authorization provide for the user's Facebook identity. Depending on the application you are writing, you would either use the redirect URL to point to the default redirect URL that you specified, or specify a custom url on your website that you will use to retrieve the token. The first approach is typically used by stand-alone applications such as mobile devices that can control how the browser handles redirects. The second approach would be used for a custom web-based application. Once you receive the access token, then you would perform the second operation within your code (using your favorite http apis) and not through the browser. The redirect on the access_token url is compared against the redirect url specified on the authentication-url. Facebook uses it for validation only and does not perform an actual redirect on the successful completion of the request.
Here are the high-level steps:
Redirect user's browser to the authentication-url specifying the appropriate redirect_uri
Retrieve verification token from redirected browser request
Perform access_token retrieval using your preferred HTTP framework (no user input required)
Parse results and retrieve access token
Initial restfb with token and use as needed
The REST API has been deprecated. You should look in to the JavaScript and Graph APIs instead - there is a good article on this here: http://ocpsoft.org/opensource/creating-a-facebook-app-setup-and-tool-installation/ (Three part series, very detailed :)