I've deployed a Let's Chat application for my own server.
However, instead of using currently built, original Let's Chat web application I would like to develop my own, using its API.
And according to Let's Chat wiki:
Revoke an API Token
In the top-left dropdown menu:
Select "Auth tokens"
Click "Revoke token"
Choose "Yes". This will delete any previously generated token.
Basic Authentication
Use the API token as the username when authenticating. The password
can be set to anything, but it must not be blank (simply because most
clients require it).
So far I've generated own token and tried to send GET request to retrieve all rooms that I have in the app, but I've got an error: 401 - Unauthorized - I've tried to send this request with { data: my_token, password: my_random_password } credentials but without success. So my main question is: how exactly I can authenticate with Let's Chat API using ajax request?
I couldn't find any API url / endpoint dedicated for such task - please help.
EDIT:
I've tried also setting headers but it still doesn't work:
$.ajax({
url: CHAT_URL + 'rooms',
beforeSend: function(xhr){
xhr.setRequestHeader('username', 'NTczYzZ1111111111111111111JiMWE3MGUwYThiNzZhYjhmYjFjOWJkOTQ5ZDQ2YjhjNWUyMzkwNmMzYjhjMQ==');
xhr.setRequestHeader('password', '123qwe');
}
}).done(function(resp){
console.log('1');
console.log(resp);
}).done(function(resp){
console.log('2');
console.log(resp);
});
From that wiki page:
Use the API token as the Bearer token.
This is done by setting the header Authentication to the value bearer YOUR_TOKEN_HERE
So,
xhr.setRequestHeader('Authentication', 'bearer NTczYzZ1111111111111111111JiMWE3MGUwYThiNzZhYjhmYjFjOWJkOTQ5ZDQ2YjhjNWUyMzkwNmMzYjhjMQ==');
If you want to use basic authentication, this answers that question
How to use Basic Auth with jQuery and AJAX?
Related
I am trying to only access a webpage's returned status code but the page is proctected by a login process. I already have the credentials but I cannot directly send http request and see the status code because it returns HTML of login page. I need to find a way such that when I send http request to that web service, it should go through those login process and return me only status code. An advised way is that using scripted browser, but still even if I successfully login to that page and display it, how can I send status code to my local backend ?
If the logon process consists of just giving the correct username and password, you can "fake" it with a single request like
fetch("https://protected.page/login", {
method: "POST",
headers: {"content-type": "application/x-www-form-urlencoded"},
body: "username=you_know_it&password=you_know_it&submit=Logon"
}).then(response => response.status);
But if login involves one-time tokens or captchas, this is of course not sufficient.
I am using caspio rest api to authenticate my users in a mobile app. Upon authenticating, I was given an access token to which I included in my AJAX call under the parameter 'Authorization' : Bearer [access token].
I understand that I can renew the token with the refresh token given to me where I can use the POST call.
My question is: prior to using the POST call for a new token, must I store the access token?
Also, the Caspio website advised this format for the POST call:
Method: POST
URL: Token Endpoint
Body: grant_type=refresh_token&refresh_token= [token value]
Header parameters:
Authorization: Basic [string "Client_ID:Client_Secret" encoded in Base64]
Content-Type: application/x-www-form-urlencoded
Should I also include the client ID and client secret in the parameters? Upon using Firefox's rest client, I'm getting a bad request (400) error.
Thank you for the help!
I never using caspio rest api before. The answer base on my OAuth experiences.
My question is: prior to using the POST call for a new token, must I store the access token?
YES! The OAuth 2.0 using the access token to switch the refresh token at first time.
Should I also include the client ID and client secret in the parameters? Upon using Firefox's rest client, I'm getting a bad request (400) error.
According to the api document. You should include the client ID and client secret in your request, like most OAuth 2.0 do.
The bad request (400) error you may see the rfc6749 to find further information.
I'm having trouble making a POST request to the GitHub API using the JavaScript fetch method:
fetch('https://api.github.com/repos/organization/repo/issues?client_id=CLIENT_ID&client_secret=CLIENT_SECRET', {
method: 'post',
body: {
title: 'Title',
body: {body: "body", title: "title"}
}
})
I am using a client ID and a client secret that I got from registering the application with the GitHub API:
Any help would be greatly appreciated! Thank you!
I guess you need access token to access Github API. If you want to try manually here's my suggestion steps.
I will try to explain from the first step.
Register your app.
On your github account, go to settings -> OAuth Applications
This is the image when you register your application
Get the Client ID and Client Secret.
This is the image after you receive Client ID and Client Secret
Ask for Github Code
Now you have Client ID. Go to this url.
https://github.com/login/oauth/authorize?client_id=b420627027b59e773f4f&scope=user:email,repo
Please define your own client_id and scope.
Get the Github Code
Remember the Authorization callback URL you input when register?
After you go to the link above, you should have redirected to your callback URL with the code as the parameter.
For example http://localhost:8080/github/callback?code=ada5003057740988d8b1
Ask and Get the Access Token
Now you need to do http request post with Client ID, Client Secret, and Code you have got as the parameter.
Request
POST https://github.com/login/oauth/access_token?client_id=a989cd9e8f0137ca6c29&client_secret=307d18600457b8d9eec1efeccee79e34c603c54b&code=ada5003057740988d8b1
Response
access_token=e72e16c7e42f292c6912e7710c838347ae178b4a&token_type=bearer
Post Issue to Github
Now you have access token you can use it to access Github API.
fetch('https://api.github.com/repos/organization/repo/issues?access_token=e72e16c7e42f292c6912e7710c838347ae178b4a', {
method: 'post',
body: {
title: 'Title',
body: {body: "body", title: "title"}
}
})
To achieve what you want you have to implement the web application flow described here.
This means you have to redirect the user to https://github.com/login/oauth/authorize?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI so that he can login to GitHub and authorize your application. After successful login GitHub redirects you to the redirect_uri, which usually points to an endpoint of your application. This endpoint extracts the authorization code from the URI to request an access token from GitHub with it (See here). As soon as you have the access token you can consume the GitHub API by sending the OAuth token in the Authorization header as follows.
Authorization: token OAUTH-TOKEN
I'm working on some test app, that uses auth0 and IONIC. I have established connection with auth0, and now i want to get user data by this code:
$http({
method: 'GET',
url: 'https://api.instagram.com/v1/users/self/?access_token='+store.get('accessToken')
}).then(function successCallback(response) {
console.log(response);
}, function errorCallback(response) {
console.log(response);
});
I get 400 Access-Control-Allow-Origin error. Can anybody tell me what to do? I can't find anythink on internet that'll help me...
Disclosure: I work for Auth0
The AccessToken returned at the end of Auth0 Login flow is an access token valid for calling Auth0's API's and not Instagrams. In order to do this you will need the Identity Provider's access token in this case that is Instagram.
The complete flow will look like the following
User Logs in from Instagram
Your IONIC app makes a call to your server
Your server fetches the IdP Access Tokens from Auth0 using either a non-interactive client flow or using management api v2
Your server makes the call to Instagram
You can do this via a webtask the following example highlights the flow to fetch the IdP Access Token via Management API v2 https://github.com/vikasjayaram/ext-idp-api-webtask
I am suggesting the flow because Starting Aug 16 2016 these tokens will not be sent back in profile.identities array the as they are so far.
I want to use the new vimeo api to fetch videos based on a query, but I getting a 401 Authorization Required with this message "error": "A valid user token must be passed."
I'm using this code :
var urlX = 'https://api.vimeo.com/videos?query=elvis&client_id='+VIMEO_API_KEY;
$.getJSON(urlX, function(data){
console.log(data);
});
So obviously I have an authentication problem.
As client_id I'm using my "Client Identifier" from my app created in Vimeo's dashboard.
The error I keep getting mention "user token", do I have to generate one via Vimeo's dashboard or via php ?
I'm a bit lost here.
client_id through the querystring is not a valid method of making API calls against the Vimeo API.
First you must request an access token either through the oauth2 redirect worfklow: https://developer.vimeo.com/api/authentication, or by generating it on your app page.
Second you must provide that access token with your api request either through the Authorization header:
Authorization: bearer <your_token>
or the querystring
https://api.vimeo.com/videos?query=elvis&access_token=<your token>.
The authorization header is more secure, and will continue to work indefinitely. Some changes will be made soon to the querystring form which could cause problems with your application.