So I've been trying to make a program using Python that refreshes my Discord user token once every five minutes, but most of the tutorials online are about refreshing your Oauth2 access token, so I am currently very confused. Can anyone help me on the modules and functions to use, or are the Oauth2 access token and user token same things. Thanks!
Your Discord Token change when changing the password of your account so you will need to change your password every 5 minutes using some api calls and get the current token from another specific api call. you can find the api call urls and the data you need to post / get in the browser devconsole.
Related
I'm currently facing an issue with OAuth2 access token. Currently, my app periodically uses the google OAuth2 Tokens to get events from my personal google calendar and is able to add new events to the google calendar. However, an exception occured saying that the token expired. After searching through google, I found out that you cannot set the access token to have no expiry date, and using API key wouldn't work as I cannot then add new events to the google calendar(Is this true ?)
I am using the Credentials.from_user_authorized_files and build from the credentials to access the API. It appears that even when I provide no value in the "access_token" field it still works, that must mean that my refresh token was the one needed and it expired. I read up online that for refresh tokens to be permanent, the app needed verification from google, otherwise it will expire in 7 days. I am unsure on how to solve the issue. I generated a new refresh token and it seemed to work. How do I prevent the refresh token from expiring ? Or is this not a problem with the refresh tokens ? Are there any other way I can make this work without having to manually change the refresh token every 7 days ? Thanks in advance !
I am using django-allauth in my Django application, and my registration process is handled by Twitch, using allauth's Twitch provider. As of now, users can register on the website using Twitch, log out, and later log back in using Twitch with no problem. However, for making requests to some of Twitch API endpoints, I need the user's Twitch access token to be able to make requests on their behalf (such as following a channel, etc.).
On a very old github issues page I came upon a question regarding how to access the user's access token and the answer was to query the SocialToken model and find the logged-in user and the desired provider. But in my case my SocialToken model is empty and there are no tokens to be seen there, and I have no clue how to proceed to populate the model and add every new user's access token there, so that I can make requests on their behalf, given I have the correct scope.
Is there a way to add every new user's access token in SocialToken model? And is there a way to update the access token using the refresh token?
P.S. I'm thinking about having a celery task that makes a request to Twitch API every time a new user registers, and later refreshes the access token when it expires. But that seems like a hack, and not really a viable solution, plus, I need a user to be redirected to a certain callback URI as per Twitch API docs Maybe I'm just missing something.
I'm trying to get the html from https://discord.com/channels/#me the problem i'm running into is that there has to be some kind of login procedure that i can't figure out how to do with requests. the only information i have to login is the token(my friend doesn't trust me with his login info), so I can't just login with the user and pass, I've attempted to figure out if i can change local storage of the site so i can put in the token but to no avail, any ideas?
The token you want to use to log into discord might have a time validity. (that's the token security) for example, you can use it for 1 hour an not after.
The easiest way to log you on discord would be to use Selenium in order to automate tasks of your browser.
I am using python and django for my web application, and I am trying to use Microsoft Graph API for user sign in authentication to my app using their office365 credentials. I've read up on examples on the web and have been able to successfully get an authorization code and an access token. However I am not able to get a valid response from my GET API call, and get_me function. I keep getting a 500 error. I am using in my scopes openid, profile, and email. Any suggestions on what I am doing wrong
pythoncontacts ties Django and Office 365 together and Microsoft provides an example of connecting to the Graph API via Python.
The scopes you list won't be enough to actually make any API calls. Those scopes will get you an ID token and refresh token in the response, but that's it. To call API calls, you need to add the required scope (depending on what API calls you want to make).
If you're trying to call the Graph endpoint (https://graph.microsoft.com/) then, for example, if you want to just read the user's email, you can add Mail.Read to the scope array.
If you find the API call you want to make at https://graph.microsoft.io/en-us/docs, it should list what scope is required.
This post is a followup to How to do OAuth-requiring operations in a GAE cron job?, where I realized I'm mis-using the #oauth_required decorator from OAuth2DecoratorFromClientSecrets.
As described by the OAuth 2.0 explained presentation, Oauth 2.0 solves the problem of:
Building a service...
... accessed by a user...
... and accessing the user's data from a third party.
That's what #oauth_required abstracts, and it does it well (currently my app "works": if I trigger the refresh page, I'm being asked to authorize access to my youtube data to my app, and the rest follows). But that's not what I want! My app does something simpler, which is creating a youtube playlist every day with my credentials and without any user input. So to compare to the above 3-tier negociation, I want:
A service
... accessed by users
... but only accessing "server-owned" YouTube playlist data. I don't want any access to the user's YouTube data, I just want to modify a playlist I (i.e. me / a userid persisted by the server) own.
But I still need help to do that; here is my current state:
After a few searches I learned that what I want to do is called Offline Access (emphasis mine, which is almost exactly my use case):
"In some cases, your application may need to access a Google API when the user is not present. Examples of this include backup services and applications that make blogger posts exactly at 8am on Monday morning. This style of access is called offline, and web server applications may request offline access from a user. The normal and default style of access is called online."...
→ So I should keep doing what I'm doing right now, keep requesting access to my YouTube account, but do it using the type_access=offline flag to get a token, and persist/use it for subsequent requests.
The Offline Access and Using a Refresh Token sections make total sense, but stay at a general HTTP level. Being still a newbie, I don't see how to integrate those principles into my Python code, and I didn't find any sample Python code around....
→ Could anyone help me with one Python example illustrating how and where to use this flag?
... and in particular, after studying oauth2client.appengine.OAuth2Decorator.oauth_required, I'm still not sure if I can bend it to my case, or if I should do my own thing.
→ What do you think?
Thanks for your time; if needed I'm also hanging out on irc://irc.freenode.net/#appengine as ronj.
Offline access is the default when retrieving tokens; you may have noticed this in the OAuth dialog that comes up:
Perform these operations when I'm not using the application
When your user accepts the OAuth dialog in a method decorated with decorator.oauth_required the credentials for that user will be stored in the datastore, including the refresh token.
Once you have one of these credentials objects, you can use it so authorize an HTTP object for calling APIS:
import httplib2
http = credentials.authorize(httplib2.Http())
and once authorized, it will do all the work for you. So if the access_token is expired, the first API response will be a 401 and so the credentials object will use the refresh_token to get a new access_token and make the request again.
If you know the user ID, you can retrieve the credentials from the datastore as described in How to do OAuth-requiring operations in a GAE Task Queue?:
from oauth2client.appengine import CredentialsModel
from oauth2client.appengine import StorageByKeyName
credentials = StorageByKeyName(
CredentialsModel, user_id, 'credentials').get()
Note/Gotcha:
If a user has already authorized your client ID, the subsequent times you perform OAuth for these users they will not see the OAuth dialog and you won't be given a refresh token. A refresh token can only be given if they go through the OAuth dialog, but since the user had already authorized your client ID, the spec assumes you would already have a refresh token around.
This often comes up when developers are testing OAuth, since they will go through the flow multiple times with a test account and after accepting the 2nd, 3rd, 4th, ... times, they never see the refresh token. A simple way around this is to use approval_prompt=force as an argument to the OAuth2Decorator constructor. This will force the OAuth dialog to appear every time you perform OAuth for a user.
However, this will not cause the dialog to show up every time a request is served for a given user; this would be a TERRIBLE user experience. Instead, the SACSID cookie from the request can be used (by the client library and some App Engine libraries) to determine who the current user is. Once the the library knows that current user, it can get your existing stored token/credentials for that user from the datastore and no jarring dialog will be needed.