I am writing a Python program part of which authenticates with OAuth 1.0 to access a privileged API. I have figured out how to get the authorization URL. After signing in, the browser redirects to http://localhost which I registered as the callback with the provider. How do I get the request to localhost and continue with my bot? I figure I need to have a http server of some sort. I would rather not install a full Apache server. What is a lightweight alternative that can receive the request and forward the token to my bot code to continue with API calls?
Related
I am using python's request library to interface with JIRA's API but when I try to do a GET request, I get a Microsoft error saying that I am not authenticated. I was able to do a work around by passing my session cookie in with the request but the issue is that the cookie expires every 4 hours. How can I authenticate with both Microsoft AD and JIRA to send my GET request?
I want to protect my Flask REST endpoints using Okta and OpenID connect.
I have seen how to do it for routes that are views of the application, but is there a way to integrate Okta with REST endpoints? When I make calls to my API, I get the html for Okta as a response, even if I'm logged in in the browser.
What HTML do you get from Okta? in one case you might get a HTML page with a self-submitting form that is meant to be sent back to your client, and that's normal.
But at the same time, the openid-connect implementation in the API is different from your client applications. The API should not deal with user-redirects, instead it should only listen for access-tokens in the authorize request header. The API should for the received tokens validate them against Okta.
To add token to request, then see this question Flask Rest API - How to use Bearer API token in python requests
I would like to use the python instagram api but am struggling over the correct setting for the redirect url.
I have been able to feed the authorize url in by hand into a browser and get a
token back in the return url. I that case; I set the URI to localhost (127.0.0.1)
Whenever I do this via the api I end up with 400 returns.
What I would really appreciate is
1) a working example
2) when running via a script; what should be listening for the server's response that contains the token in its url ?
Thanks for any and all help
I am developing an AngularJS website that uses an API backend on a different domain.
The front-end website is hosted at: www.example.com
The API is hosted at: api.example.com
I use Angular's $http.post to make an authentication request to the API which sets a cookie. I then make a secondary $http.get call to the API and the cookie that was set from the POST request isn't being sent back to the server. It looks like the cookie is getting lost somewhere.
The API is a Flask Python app and I'm using flask-cors to enable cross-domain calls. The Access-Control-Allow-Origin header is set to http://www.example.com The domain on the cookie being set is api.example.com
I have setup the application to run under one domain using nginx and url rewriting. So the front-end website is located at www.example.com and the API is accessed by www.example.com/api/ and the cookies are being saved/used as expected.
I can't tell whether this is a problem with my front-end or API website configuration.
Since you are sending the http requests from another domain, you need to make sure that your $http is able to send cookies. In your app's config, add:
$httpProvider.defaults.withCredentials = true
This will allow AngularJS to send your browser's cookies to the server.
I need refresh token so that I can send messages to registered Chrome browsers using GCM. However most of the tutorials I consulted require a server to be running at my side and I have to do everything manually, open the auth url, authenticate it and get redirected to my server to get refresh token.
I was hoping if there is a way to do this without running a server at my side. Is it possible to get refresh token just using client id and client secret?
Once I get a refresh token I have to do a POST to GCM server to send notifications.
You can not get refresh token just using client_id and client_secret. Only in authorization code flow, refresh token is issued. Good news is refresh token will not be expire until user revoke it, so you can use it for a long long time. So you can once get it and use it. In authorization code flow, you need a server to get redirected tokens.