I'm trying to make my first facebook tab app with django.
I did some resarch and found out that fandjago is the best.
So I'm using it , but when I try to require users to authorize I use the decorator
facebook_authorization_required
see : https://fandjango.readthedocs.org/en/latest/usage/authorization.html
I get the following error :
{
"error": {
"message": "Invalid redirect_uri: Given URL is not allowed by the Application configuration.",
"type": "OAuthException",
"code": 191
}
}
with this url:
https://graph.facebook.com/oauth/authorize?scope=publish_stream%2C+publish_actions%2C+user_photos&redirect_uri=https%3A%2F%2Fwww.facebook.com%2Fpages%2FWissals-testing%2F368147096656989%3Fid%3D368147096656989%26sk%3Dapp_269443246412431&client_id=269443246412431
This is my redirect uri :
facebook_redirect_uri = "https://www.facebook.com/pages/mypage-testing/36814709662989?id=36814709686989&sk=app_26944328962431"
Please tell me what I am doing wrong, I searched all topics related to th eissu but couldn't figure it out
EDITED
It worked,I had to add my url in my app configuration "Valid OAuth redirect URIs"
But the problem now is that it gets me out of my app to that url, although I need it to stay on the app!!
I'm taking a guess here,
you might need to set FANDJANGO_AUTHORIZATION_DENIED_VIEW to fully contain your canvas url
I finlly solved it
I had to add the same url of my facebook_redirect_uri to my app settings in facebook, advanced tab, field named : Valid OAuth redirect URIs
The URL to redirect to after the user clicks a button in the dialog. The URL you specify must be a URL of with the same Base Domain as specified in your app's settings,
A Canvas URL of the form
https://apps.facebook.com/YOUR_APP_NAMESPACE
or a Page Tab URL of the form
https://www.facebook.com/PAGE_USERNAME/app_YOUR_APP_ID
Related
I'm trying to use cloudscraper (a Python package that bypasses Cloudfare blockers for certain websites) to automate logging in to Crunchbase (and ultimately scraping information off their platform, without an API, since this is only available to enterprise users).
payload = {
"email": "...",
"pass": "..."
}
with scraper as session:
session.post("https://www.crunchbase.com/login", data=payload)
I'm trying to figure out parameter values for my payload variable to post to the login page, but I'm not sure what these are and the 'Network' tab on Chrome is not showing any 'login' element as being posted (POST) to the Crunchbase site after I login - please see screenshot.
Some help as to what the correct parameter values for the payload could be would be much appreciated - thank you :)
I am trying to capture my access token that is returned by an API during authentication process. The official method of doing the authentication process from the API is:
from xyz_api import accessToken
app_id = "your_app_id"
app_secret = "your_app_secret"
app_session = accessToken.SessionModel(app_id, app_secret)
response = app_session.auth()
The above will return a json like:
{
"code" : 200,
"data" : {
"authorization_code": "some random code"
},
}
Now, the following code is used to generate a URL:
authorization_code = “your_authorization_code”
app_session.set_token(authorization_code)
url = app_session.generate_token()
Now this is where I start having issue.
At this stage, what is recommended by the API author is:
1. Use the generated URL and copy paste it into a browser.
2. The browser will then do the authentication and return the access token to a redirect
url (I used http://localhost:5000).
3. Copy and paste the access token from redirect URL
What I want:
To be able to finish the authentication and get the access_token from
python code itself.
What I tried:
Using requests.get(url), but it doesn't work.
Is there any way to do this all using python only, without having a need to open a browser?
PS: The API I am trying to use is: https://api-docs.fyers.in/v1#authorization
Further Investigation
On further investigation, I discovered the following:
The API uses oauth
The URL obtained from the following code provided by the API author
url = app_session.generate_token()
is same as when I write the following code:
oauth = OAuth2Session('app_id')
authorization_url, state = oauth.authorization_url(url)
The url returned in both cases is of the form:
https://api.fyers.in/api/v1/genrateToken?authorization_code=some_auth_code&appId=my_app_id
If I copy paste this URL in a browser, it send back the access_token to my redirect_url (http://localhost:5000)
I am trying to get the access token using oauth::fetch_token with the following code, which is failing:
oauth1 = OAuth2Session('app_id', state=state, redirect_uri="http://localhost:5000")
token = oauth1.fetch_token('https://api.fyers.in/api/v1/genrateToken/',
client_secret='app_secret',
code='the_auth_code_returned')
Truly appreciate the help.
you are accessing only with Python...
you dont need to do anything manually in a browser..
This API not sure if what you wnat to.
I Believe you registred an APP , got your app_secret
the step
response = app_session.auth()
answer you with a authorization_code
"data" : {
"authorization_code": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJqaGdqZzg3NiQ3ODVidjVANjQ3NTZ2NSZnNyM2OTg3Njc5OHhkIjoiWElHVFVYVjBSSSIsImV4cCI6MTU2MTU5NzM5Ny41NjQxNTV9.Agl-Uus63NforrUEdbG7YUlPcbFXu9hLYm4akGuIBkU"
you may access that authorization token like that
import json
r = json.dumps(reponse)
authorization_token = r['data']['authorization_code']
The authorization token AND you app_id must be passed as querystring to https://api.fyers.in/api/v1/genrateToken?
the REAL user will be then asked to accept login trought your app
and if accepted , the user will be redirected to the URL *I imagined you inform in your app register.
let me know if it make sense
I'm sending an event request to Google Analytics server-side using a POST request to https://www.google-analytics.com/collect from Python/Flask (via the requests library). I'm testing it by looking at the real-time events page.
If I try my request on the GA Hit Builder, it works perfectly.
If I paste the request directly into my browser with the URL parameters, it works perfectly.
If I post from my app, I get a status 200, suggesting it has worked, but nothing appears in the live events view.
If I post from my app to /debug/collect I get this response, which looks OK to me, but nothing in the live events view:
{
"hitParsingResult": [ {
"valid": true,
"parserMessage": [ ],
"hit": "/debug/collect?v=1\u0026tid=UA-18542058-16\u0026cid=ax5b51b5beaa4f0\u0026t=event\u0026ec=Tasks\u0026ea=View task\u0026el=25\u0026ev=0"
} ],
"parserMessage": [ {
"messageType": "INFO",
"description": "Found 1 hit in the request."
} ]
}
The request is: https://www.google-analytics.com/debug/collect
v=1&tid=UA-18542058-16&cid=ax5b51b5beaa4f0&t=event&ec=Tasks&ea=View+task&el=25&ev=0.
I cannot figure out what I'm doing wrong here. Any ideas?
Try to specify dl (document location URL) parameter in the hit or both dh (document host name) and dp (document path) parameters:
https://developers.google.com/analytics/devguides/collection/protocol/v1/parameters?hl=it#dl
Alternative disable any filter in the view and the tick to exclude bots.
I'm using both Appcelerator Titanium and Python's Django to create a mobile app. As you might have guessed, Django is being used for the back-end. At the moment I'm trying to create a login form which requires a CSRF token to accept the data correctly. I'm trying to retrieve the CSRF token from Django, but I've tried and failed, and Google doesn't have any answers for me.
The problem is normally you'd get an HTML page with a CSRF token included in the form and just send it. What I'm trying to do now is send a POST without knowing the CSRF. In appcelerator, I've tried running
HTTPSession.open(GET, *url*)
token = HTTPSession.getRecievedHeaders("X-CSRF-TOKEN")
HTTPSession.open(POST, *url)
HTTPSession.getRecievedHeaders("X-CSRF-TOKEN", token)
HTTPSession.send(data)
But this doesn't work because of how Titanium works. So how can I get the token? Do I need to create a specific url just to create a session and display a CSRF token? I'm just worried that once I've recieved the token, I'll need to reconnect to the server and the token will have changed.
During my Googling, I found that Drupal has a function for this at the url: services/session/token
Is there an equivillant for this in Django? Or do I need to create my own page showing just a CSRF token?
If you are using Titanium for app creation you can use SetRequestHeader for setting the token with the request.
Hope it helps.
I needed to create my own function in Django to achieve this, but I finally got it working!
function getCSRF() {
var csrfHTTP = Ti.Network.createHTTPClient({
onload : function() {
Ti.App.Properties.setString("csrf", this.responseText);
}
});
csrfHTTP.open("GET", "http://website.com/api/csrftoken/");
csrfHTTP.send();
}
Then retrieve it via
Ti.App.Properties.getString("csrf")
and use it:
loginHTTP.setRequestHeader("X-CSRFToken", Ti.App.Properties.getString("csrf"));
Connecting to the website once creates a session in Django also creating a csrf token for that specific IP to use so you can retrieve it multiple times if needed
I am trying to develop a app which will post on user's Facebook page.
Steps I followed are:
1.Created a fb App, with permission : manage_pages and publish_actions
2.Redirected user to 'https://www.facebook.com/dialog/oauth
With parameters:
client_id=FACEBOOK_APP_ID
redirect_uri=FACEBOOK_REDIRECT_URL
scope=manage_pages,publish_actions
Where user allowed app against each permissions
3.On call back url (FACEBOOK_REDIRECT_URL), cought CODE sent by facebook api
4.Now I sent get request to url = https://graph.facebook.com/oauth/access_token with parameters:
'client_id':FACEBOOK_APP_ID
'redirect_uri':FACEBOOK_REDIRECT_URL
'client_secret':FACEBOOK_SECRET_KEY,
'code':CODE
from respose sent by facebook, I filtered TOKEN
5.sent get request to url = https://graph.facebook.com/me/accounts. with parameters:
'access_token':TOKEN
from response I received, I saved page id as PAGE_ID, page_token as PAGE_TOKEN
6.I tried to post something on user's facebook page, I sent post request to url = https://graph.facebook.com/PAGE_ID/feed , with parameters:
'access_token':TOKEN'
'message': MESSAGE_TEXT,
Snap! in response I received:
{
"error": {
"message": "(#200) The user hasn't authorized the application to perform this action",
"type": "OAuthException",
"code": 200
}
}
I couldn't figure out What mistake I am committing, Do I need to get my app reviewed before posting ? If yes, How can I test my app?
I also tried this by creating a test user. I got the same error.
Thanks to #dhana,
In order to Post on a facebook page, App need manage_pages and publish_action app centre permission, and manage_pages , publish_action and status_update scope while requesting
url = https://www.facebook.com/dialog/oauth?\
client_id='+FACEBOOK_APP_ID+'&\
redirect_uri=' +FACEBOOK_REDIRECT_URL+'&\
scope=manage_pages,publish_actions,status_update