I'm using python-oauth2 to authenticate API calls to Dropbox's API.
There are two problems I'm having:
I don't know how to provide a callback function to OAuth. I tried making the request as follows:
resp, content = client.request(request_token_url,\
"POST",body=urllib.urlencode({'oauth_callback':callbackURL}))
However, the function at callbackURL is not called.
At the moment, I've just modified the example code given in the README for python-oauth2, and I've managed to redirect the user to the Dropbox authentication page. However, I've written no code to explicitly sign my requests. Is that being done by the module, or are the requests I am making just unsigned? If its the latter, I'm really confused as to how things are working.
Help much appreciated. Thanks!
--Edit--
So I was reading the API docs, and the authorization URL takes two parameters - one is the access_token and the second is oauth_callback. I managed to created a URL that had these two parameters, and now, once the user authenticates my app, they are successfully redirected to my website. However, this seems like a very crude hack, and I'd love to learn to do this in a better way.
Related
I have a Python FastAPI Backend which gives me an endpoint in order to retrieve some oAuth data. The Endpoint works when i put it manually in my Browser. It first does a redirect retrieves an accessToken which it then adds to a second link and opens it. So the functionality works. Now i'm a bit stuck on how to get this data in my Frontend. I tried a GET request on the original endpoint but then get the response with the redirect link. What would be a clever way to handle this? I would like to store the data in the Frontend in order to manipulate it
Thanks for helping me!
After doing many OAuth2 interactions, I recommend you use a library; OAuth2 flow is fairly complicated with the interactions between Client, Backend, Identification, & Authorization servers. Using a library helps ensure you are doing all the key swaps properly and securely; Also it will save you lots of time :).
Here is a library I would use in your shoes; https://github.com/manfredsteyer/angular-oauth2-oidc
I'm working in Flask on creating a JMML ("Join my mailing list") widget that submits data to an email marketing platform, and the platform follows an OAuth2 flow. The basic flow is:
I create access URL using a the base API URL, an API key, and a redirect URI
The program accesses this URL, and the user of the program is redirected to the marketing platform to log in and grant access.
The marketing platform performs another redirect back to the redirect URI that I provided. The URI is appended with the access token that I need to provide with app POST requests of my JMML. Here's an example of what the returned URI looks like:
http://localhost:5000/redirect_url#access_token=2C1zxo3O0J1yo5Odolypuo9DSmcI
Here's the problem I'm having: I have no idea how, programmatically, to use that final redirect url/uri as a variable in Python.I could make the user copy/paste it into a field, but there's gotta be a better way. I honestly don't even know the terminology for a redirected-redirect like this.
It's pathetic, and I'm lost, but here's what I have so far:
#app.route('/redirect_url')
def redirect_url():
# I have no idea how to actaully get the parameter out of the redirect url.
pass
I've checked the API documentation for the email marketing company's API, but they only provide code tips for handling Oauth2 in Ruby and PHP. Help!
There is a good blog post by Miguel Grinberg, where he describes how to work with OAuth in the flask application. Though I think that workflow will stay the same with any other web application.
Based on this it seems like you should be able to get the access token by getting the variable parameter from the url. I do not have your full code so i cant test, nor have I tried it with an # in the url, but this should work
#app.route('/originalurl')
#app.route('/redirect_url#<access_token>')
def show_user_profile(access_token):
if access_token:
#do work
return redirect(url_for('Anotherview')
return render_template('template.hmtl')
Otherwise we need more info on the api you are using Oauth with
All,
I am trying to build a library for onedrive.
Not to give too much detail but I have constructed the request and if I call this from a browser everything works fine, and i eventually get a json response.
https://login.live.com/oauth20_authorize.srf?client_id=CLIENT_ID&scope=wl.signin%20wl.basic&response_type=code&redirect_uri=http://someaddress.com/redirect.html
My problem is that I cannot get the authorization code in python using urllib2 and geturl() method as the redirect that yields the code is not seen by urllib2.
When I call the geturl() method I get the original url, not the redirect url containing the code.
Regards,
Frage
With the release of the OneDrive API there is pretty solid documentation on how to implement the OAuth 2.0 standard from scratch. Following what that doc lays out should make the authentication flow in your application pretty straight-forward.
I am trying to find the easiest way how to use Facebook Graph API using my favorite Requests library. The problem is, all examples I found are about getting user access token, about redirects and user interaction.
All I need is only application access token. I do not handle any non-public data, so I need no user interaction and as my final app is supposed to be command-line script, no redirects are desired.
I found something similar here, but it seems to be everything but elegant. Moreover, I would prefer something using Requests or Requests-OAuth2. Or maybe there is library for that? I found Requests-Facebook and Facepy (both Requests based), but again, all examples are with redirection, etc. Facepy does not handle authorization at all, it just accepts your token and it is up to you to get it somehow.
Could someone, please, provide a short, sane, working example how to get just the application access token?
Following https://developers.facebook.com/docs/technical-guides/opengraph/publishing-with-app-token/:
import requests
r = requests.get('https://graph.facebook.com/oauth/access_token?grant_type=client_credentials&client_id=123&client_secret=XXX')
access_token = r.text.split('=')[1]
print access_token
(using the correct values for client_id and client_secret) gives me something that looks like an access token.
If you just need a quick/small request, you can manually cut and paste the access token from here into you code: https://developers.facebook.com/tools/explorer
Note: Unlike Richard Barnett's answer, you'll need to regenerate the code manually from the graph api explorer every time you use it.
Backdrop: Am building a shopify app using a test store provided by shopify. #Python #Django-
Problem: I have setup shopify webhooks for my test store using the python API for the topics "products/update" and "products/delete". But my endpoints are not called by shopify when I manually update or delete a product on my test store.
My detective work so far: I have checked the following:
I have confirmed that the webhooks were successfully created using the API. I simply listed all the existing webhooks using the API for the store and mine are there.
The address/URL I specified in the webhook for shopify to call in the event of a product update or delete is a public url, as in it is not on my localhost. (not 127.0.0.1:8000 etc.)
My webhook endpoint is fine. When I manually call my endpoint in a test case, it does what it should.
I contacted the shopify apps support guys, and I was asked to post this issue here.
Another minor issue is that I cannot find in the shopify API docs exactly what JSON/XML the webhook will POST to my URL in the event it should. So I do not know what that JSON will look like...
Any help would be appreciated!
I don't have the creds to comment apparently, so I'll put this in an "answer" - to use the term very loosely - instead. I ran into something similar with the Python API, but soon realized that I was doing it wrong. In my case, it was toggling the fulfillment status, which then fires off an email notifying customers of a download location for media.
What I was doing wrong was this: I was modifying the fulfillment attribute of the order object directly. Instead, the correct method was to fetch / create a fulfillment object, modify that, point the order attribute to this object, than save() it. This worked.
I don't know if this is your issue as there's no code posted, but I hope this helps.
--Matt
Thanks for the answers guys, but I found out that the issue was something else.
I forgot to make a CSRF exemption for the POST request URL that Shopify calls and also forgot to add a trailing slash '/' at the end of the URL I told the webhook to call.
I guess I would have caught these errors if I used something like postcatcher.in as suggested in the comments above. I din't bother doing that as it looked like too much of a hassle.