I wonder if someone can help me understand the difference between Access Tokens, App Access Tokens and when to use each.
My problem if that when I use the restFB libraries to obtain the access token:
AccessToken accessTokenT =
new DefaultFacebookClient().obtainAppAccessToken(appID, appSecret);
As I would expect it returns the App Access token. However, when i use that token to instantiate the FacebookClient object:
FacebookClient facebookClient = new DefaultFacebookClient(accessToken);
It fails with the following message:
Exception in thread "main" com.restfb.exception.FacebookOAuthException: Received Facebook error response of type OAuthException: (#200) The user hasn't authorized the application to perform this action (code 200, subcode null)
If I go to the graph explorer and manually get an access token, then use that in my code, everything works fine.
I'm sure there's something subtle I'm missing and any help would be greatly appreciated.
Many thanks
Primarily there are 3 types of access tokens-
User access token
Page access token
App access token
The documentation by facebook: Access Tokens, explains a lot about them. You can have a look.
You should initialize the facebookClient with the user access token. The user access token is obtained when a user login/authorizes the app. This token is used to query about the user(for what he has given permissions to the application). The App access token has very limited powers like: posting on behalf of the user once he has given app the authorization, or send the requests etc.
Related
I follow the steps in the Spotify Web Api Tutorial using the authorization-code from the Spotify Accounts Authentication Examples. Everything is okey, I register an application with Spotify, authenticate a user and get authorization to access user data and when the page show me the user data the refresh token is different each time I authenticate myself. I think refresh token shuld not change.
The only modification I did in the example code was replace the client id, client secret and the redirect uri with the correct values from my application.
Any advices?
For the Authorisation Code Flow you just need to do that initial authentication you're already doing. It will always return a new refresh token however that token can be used over an over with 4. Requesting a refreshed access token; Spotify returns a new access token to your app from Authorisation Guide that will return you a new access token for subsequent calls and you won't need to do the Authentication Step you're doing multiple times just keep doing that one.
I follow the guide on this URL for acquire a azure accessToken.
https://github.com/Azure-Samples/active-directory-java-native-headless
I'm able to acquire the token both accessToken and idToken.
In result I can also access to user info.
But when I'm going to use the access Token for query graph I have unauthorized access ( 401 ) .
Also if i use the same accessToken from Postman is the same.
According to the guide, it just grants the user.Read permission, so you could get the user info with token.
If you want to access other graph resource, you need to grant the other delegate permisson.
We could get the premissions information from the corresponding Microsoft Graph API.
Take get user API for example at least User.Read is required. If you want to access other Microsoft Graph API, we need to know what permission is needed. If possible, you could add the related information into the question.
How to add the delegate permissons, please refer to this screenshot
I have an application in whick an user can login with google. Than the user during his experience into the application can choose to integrate also the GoogleCalendar service. In order to achieve this my actual system works like the follow:
-when the user log in with google the system store his access and refresh token and calls Google to retrive basic profile information. In order to do that I create a GoogleCalendar object using the following call:
GoogleTokenResponse response = flow.newTokenRequest(code).setRedirectUri(GOOGLE_CALLBACK_URI).execute();
GoogleCredential credential= new GoogleCredential.Builder().setJsonFactory(Constants.JSON_FACTORY)
.setTransport(Constants.HTTP_TRANSPORT).setClientSecrets(Constants.GOOGLE_CLIENT_ID, Constants.GOOGLE_CLIENT_SECRET).build();
credential.setAccessToken(response.getAccessToken());
credential.setRefreshToken(response.getRefreshToken());
-When the user choose to integrate the calendar service another Oauth iteration starts and the with a new code. I ask the GoogleCredential like before and access the service.
-When the systems need to perform some operations accessing Google Calendar I create a GoogleCredential object with the following call:
GoogleCredential c= new GoogleCredential.Builder().setJsonFactory(Constants.JSON_FACTORY)
.setTransport(Constants.HTTP_TRANSPORT).setClientSecrets(Constants.GOOGLE_CLIENT_ID, Constants.GOOGLE_CLIENT_SECRET).build()
.setAccessToken(user.getAccessToken()).setRefreshToken(user.getRefreshToken());
Ans then ask for the service. But in this last case I get an error reporting 403 code and "Insufficient Permission" message.
I have checked that the stored access and refresh token I set into the GoogleCredential are the same I receive the first time getting the GoogleCredential with the "code". I also search a lot online but no solution would work. I'm really blocked into this error. Thank you in advance for the help and sorry if I miss specifing something or if I make some mistake in asking the question.
If I understand the problem you're describing correctly, incremental authorization may be what you're looking for: https://developers.google.com/accounts/docs/OAuth2WebServer#incrementalAuth
Specifically, add include_granted_scopes=true to your authorization URLs which should cause the resulting tokens to include the sum of all so-far-granted authorizations.
I'm trying to generate access token for specific user on facebook for restfb so i could share photos with my java app.
I succeded to generate the token by entring facebook and copying it into my code.
My question is is there any way to generate to token from the code itself?
And if so how can i support the upload even when the user is not connected to facebook? Because i'm getting the error:
Exception in thread "main" com.restfb.exception.FacebookOAuthException:
Received Facebook error response of type OAuthException:
Error validating access token: The session is invalid because the user logged out.
(code 190, subcode 467)
Thanks a lot.
Facebook allows you to generate long lived token that lasts 60 days maximum. You have no option to create non-expiring token.
You might want to extend it, but it cannot be generated as non-expiring token, as described here: https://developers.facebook.com/docs/facebook-login/access-tokens#extending
I want to get users' access_token by using Google Drive SDK in JAVA.
I completed to get access_token when user log-in first time. But, I really want to direct-login. I know access_token be expired, so 'refreshToken' can be my solution. But refreshToken is always 'null'. How can I perform direct-login? Many advices welcome.
You need to separate "login" from "access drive". Once your application has an access token for a given user/scope, it can access Drive on behalf of the user. There are two (main) ways your application can obtain an access token.
It can request access which will involve the user being logged in to grant access.
In step 1, it can request "offline" access, in which case it will be given an access token and a refresh token. It can subsequently use the refresh token to request more access tokens without the user being present.
I suspect that you want to do option 2. This is described quite well at https://developers.google.com/accounts/docs/OAuth2WebServer#offline
If you have tried this and you having problems, please paste your code and the http trace so we can look at the problem with you.