Currently am using Graph Explorer to get a short-lived user access token and than converting it to a extended token(60 days) by a call to facepy get_extended_access_token method.
Now. consider the scenario where my user access token becomes invalid because of either user logging out or the token expires itself. So, in both the cases I need to get a new user access token because get_extended_access_token requires access_token so that it can extend it.
So, my question is how to retrieve this token using python? Is there any particular url which I can send a request and it will return a new/updated token in resonse.
Update:
So, after following this post and making a request to
https://graph.facebook.com/oauth/access_token?client_id=xxxx&client_secret=yyyy&grant_type=client_credentials
I got this token which I believe is an app access token
access_token=123456789|12abcdef234 #changed from original
But what I need is an user access token through which I can read my mailbox.
If the access token has expired or been invalidated you need to go back through the Auth Dialog, i.e. a user must manually re-grant access to your application. Retrieving it programmatically defeats the whole purpose of token invalidation/expiry.
Once you get this token, you can then use get_extended_access_token to get the long lived one
App tokens can be used to publish a post on the user's behalf.
Related
I just want to make a hello world post on LinkedIn.
One method is to use selenium, but i would rather use the API if possible.
Another method is to use the API which is well explained here:
https://www.jcchouinard.com/how-to-post-on-linkedin-api-with-python/
I execute the code, and get an access token from the website.
I then use the access token to get the user info.
From this i can make the post.
However, the issue that i have is that the access token can expire:
{
'serviceErrorCode': 65600,
'message': 'Invalid access token',
'status': 401
}
There is a way to get the new token manually here:
https://pypi.org/project/python3-linkedin/
with this instruction When you grant access to the application, you will be redirected to the return url with the following query strings appended to your RETURN_URL: "http://localhost:8000/?code=#############################################&state=########################"
My question is this: Is there a way to get a refreshed access token without having to do this manually ?
(In particular the LinkedIn site indicates that the token is valid for 2 months)
I am currently developing integration for users and groups through Azure AD. I have set up everything to retrieve an access and refresh token upon login, I am only having trouble storing both of them in the sessions. I am assigning the tokens to a session and trying to retrieve them as shown below.
self.session["access_token"] = json.dumps(access_token)
self.session["refresh_token"] = json.dumps(refresh_token)
then I am fetching both tokens on another page, using
access_token = json.loads(self.session.get('access_token'))
refresh_token = json.loads(self.session.get('refresh_token'))
I can only for some reason get the access_token inside the other page, the refresh token is always None. For reference I am using the BaseHandler module on both pages.I was thinking of storing both in the database being a solution, but I want to know if it is possible to configure it in some way to work with self.session. Any help is greatly appreciated!
I am building a command line tool using python that interfaces with an RESTful api. The API uses oauth2 for authentication. Rather than asking for access_token every time user runs the python tool. Can I store the access_token in some way so that I can use it till its lifespan? If it is then how safe it is.
You can store the access token in a file on your user's desktop.
You can do so using a storage. Assuming you use oauth2client:
# Reading credentials
store = oauth2client.file.Storage(cred_path)
credentials = store.get()
# Writing credentials
creds = client.AccessTokenCredentials(access_token, user_agent)
creds.access_token = access_token
creds.refresh_token = refresh_token
creds.client_id = client_id
creds.client_secret = client_secret
# For some reason it does not save all the credentials,
# so write them to a json file manually instead
with open(credential_path, "w") as f:
f.write(creds.to_json)
In terms of security, I would not see much of a threat here as these access tokens will be on a user's desktop. If someone wants to get their access token, they would need to have read access to that file for that time frame. However, if they can already do that, they most likely also can use your script to send them a copy of the user's access token every time it is authenticated. But take my word lightly as I'm not a professional in that area. See information security stack exchange.
A post in information security stack exchange did talk about this:
these tokens give access to some fairly privileged information about your users.
However, the question was addressed to a database instead.
In conclusion, you can keep it in a file. (But take my word with a grain of salt)
Do you want to store it on the service side or locally?
Since your tool interfaces RESTful API, which is stateless, meaning that no information is stored between different requests to API, you actually need to provide access token every time your client accesses any of the REST endpoints. I am maybe missing some of the details in your design, but access tokens should be used only for authorization, since your user is already authenticated if he has a token. This is why tokens are valid only for a certain amount of time, usually 1 hour.
So you need to provide a state either by using cookie (web interface) or storing the token locally (Which is what you meant). However, you should trigger the entire oauth flow every time a user logs in to your client (authenticating user and providing a new auth token) otherwise you are not utilizing the benefits of oauth.
I want to code that post facebook. So I decided to use python-sdk (https://github.com/pythonforfacebook/facebook-sdk).
Then I hit a problem.
graph = facebook.GraphAPI(oauth_access_token)
How can I get this "oauth_access_token"?
You need to use an authorization flow. Access tokens are the keys used after getting proper authorization.
An access token is an opaque string that identifies a user, app, or
page and can be used by the app to make graph API calls. Access tokens
are obtained via a number of methods, each of which are covered later
in this document. The token includes information about when the token
will expire and which app generated the token. Because of privacy
checks, the majority of API calls on Facebook need to include an
access token.
There are various ways to obtain an access token all explained in https://developers.facebook.com/docs/facebook-login/access-tokens/
For testing, one must create an app at https://developers.facebook.com/apps and can be issued an access token at https://developers.facebook.com/tools/access_token
Here is a way to get the user access token :
instance = UserSocialAuth.objects.get(user=request.user, provider='facebook')
token = instance.tokens
graph = facebook.GraphAPI(token['access_token'])
Maybe you've already figured this out, just in case somebody else is looking for it
I am currently using django-social-auth to manage oauth2 registration with google-oauth2 for access to Google Drive. I have added offline access to my extra_arguments. Therefore Google returns a refresh token and it is stored by django-social-auth. The problem is that django-social-auth never uses this refresh token to update the access token. Therefore the access token expires after one hour, and I can't use it to perform offline requests. I want to keep the access_token valid 24/7 so I can keep my database synced with each users Google Drive.
GOOGLE_OAUTH2_AUTH_EXTRA_ARGUMENTS = {'access_type':'offline'}
GOOGLE_OAUTH_EXTRA_SCOPE = ['https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/userinfo.profile']
SOCIAL_AUTH_USER_MODEL = 'accounts.GoogleDriveUser'
SOCIAL_AUTH_EXTRA_DATA = True
SOCIAL_AUTH_SESSION_EXPIRATION = False
Is there a way to force django-social auth to update the access_token every time it expires using the refresh_token. I would love to see an example of how this problem could be solved.
It looks like UserSocialAuth objects now have a .refresh_token() method, which allows you to use .tokens and get the updated token.
There's no way directly implemented in django-social-auth at the moment (I've raised a ticket to track it https://github.com/omab/django-social-auth/issues/492), meanwhile this snippet will do the work, it just need to be improved a little to suite your needs.