So I am using seatgeek api. The grant type is an authorisation code. Therefore you are provided with an authorization url. This authorization url will then redirect user back to the redirect url you created.This time with the code appended to it. Next you will use this code to retrieve the access token.
The authorization url is
https://seatgeek.com/oauth2?scope=offline_access,&client_id=xxxxxxxxxxxxxxxxxx
the redirect url look something like this.
https://name/oauth/fin?code=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE2NzEzNTMzNjUsImV4cCI6MTY3MTM1Mzk2NSwiY2xpZW50X2lkIjo5NjU2LCJ1c2VyX2lkIjozMDQ4NDIzNCwiY29kZV9jaGFsbGVuZ2UiOm51bGwsImNvZGVfY2hhbGxlbmdlX21ldGhvZCI6bnVsbH0.eVly0CYTi4DWyRQE3MerAz911LxBj6MdXcw3pAXT1Wk
looking at the above urls, the authorization url will redirect the user to https://name/oauth/fin? however the code needed is appended this time. this is the code you will need to request an access token.
I did this in my browser.However I wan to know how to set it up using retrofit and refresh it whenever it expires. Any help will be greatly appreciated.
here is the seatgeek documentation
https://partners.seatgeek.com/enterprise-client-integration/oauth if you need more info
Related
I have set up third party OAuth authentication on my Node.js server using passport.js.
It works well from browser. The flow is the following:
Get request to myserver.com/auth/instagram
Passport redirects me to instagram website to login
I type my credentials
I am redirected to the callback url, which is my server.com/auth/instagram/callback
I do further processing and finally res.send(myAccessToken) to the client.
I am having troubles implementing this in Android. To type third-party credential, a browser page will be needed. But then how am I going to get the final result in my app?
Option 1
Start the browser.
Intent i = new Intent(ACTION_VIEW);
i.setData(Uri.parse("https://myserver.com/auth/instagram"));
startActivity(i);
Issues:
I cannot easily set proper headers needed for my server.
I cannot programmatically read the final response! The action is given to the browser app, which goes to the end and will never notify my app. The user is shown a blank page with myAccessToken printed.
Option 2
Connect using some http library.
final Request request = createRequest()
.url("https://myserver.com/auth/instagram")
.get()
.build();
Response response = client.newCall(request).execute();
Issues:
Does not work! Even if I set okhttp to follow redirects, I get a 200 response pointing to some instagram url. Of course the user is never prompted his instagram credentials, because no browser ever opened.
How to deal with this?
Notes:
I have used instagram as an example, the third party service is not relevant to the question. I am looking for a general solution to receive the result callback in my Android app.
I am not willing to implement client-side auth. I am willing to trigger steps 1.-5. from my Android app and receive the final result in a Java callback.
So I want to login to a webpage which uses Basic Authentication to login.
If I send HTTP Get with the Authorization Header, I get the successful response as HTML. But afterwards, it asks me again, to login, because it didn’t remember that I’m already logged in.
So my question is:
How can I save this information, that I have already been logged in?
I know, I already asked that question before, but since no one answered any more on the other thread my last hope was to open another.
The other thread: Android doesnt notice when i do an WWW-Authenticate
EDIT:
So what i wanna do is:
Intent browserIntent = new Intent(Intent.ACTION_VIEW,Uri.parse("The Website with the Authentication")); // Here, i want to add the request header
handler.startActivity(browserIntent);
But i have no idea how, because, the only thing you can send the intent is the Url (and no request headers).
Hope this makes things clearer.
Basic authentication doesn’t save state on the server end. Every request requires that you include the login information.
What happens normally is that:
The browser makes a request for a URL, lacking any authentication.
The server returns code 401, that this URL requires basic authentication.
The browser asks (either the user, or some database of its own) for the username and password. If it asked the user for the password, the browser then stores the username/password in an internal database, keying it against this URL.
For every further request for this URL, the browser includes that username and password in the HTTP GET request.
So the basic answer is, the server doesn’t remember that you have already logged in. The browser remembers that. Since you’re writing the browser, it’s up to you to have your application remember the username/password combination for that URL. Whatever you are doing now after you receive a 401 response, you simply always do for that URL. You don’t even need to wait for the 401 response.
I have created my own webservice which is protected by Oauth2. I am currently using restlet for this. It makes sense providing a redirect url when you are developing a javascript client on a certain url, but what redirect uri do you provide when you are calling from a WebView.
I currently just make it redirect to localhost and register that to the oauth authorization server. Can anyone tell me if that is the correct way of handling this or am I getting this completely wrong? The redirect page can ofcourse not be found on the android device, but you can fetch the token from the url which was appended to the localhost url.
you can make your own URL schema and use it for redirect URL check this link for customize your schema
I have a problem to login to API server with my code,
in API documentation I should login using username,password and key to use the API.
The url login is : http://xxx.xxx.xxx.xxx/api/Session/login?context=api&skey=2354e5rufygbiuk7bikuyhboulygh&USR=zzzz&PWD=xxx.
When I execute the url above using httpURLConnection, the server give "OK" response which mean login is succesfull.
But when I try to check that i has login or not using : http://xxx.xxx.xxx.xxx/api/Session/isLogin?context=api , the server give "FALSE" response which mean that i hasn't loged in,so i can't use the API.
It just happen when i try to conect using my android application,but when i try to login via web browser, login is successfull and successfull when i check it.
Anyone can help me please?
Try to get the session info from the first request by getHeaderField, and get the session info by regex.
String session_value=getHeaderField("Set-Cookie");
And use the session info for the next request.
URL url = new URL(link);
HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection();
//fetch session
session_value = urlConnection.getHeaderField("Set-Cookie");
String[] sessionId = session_value.split(";");
//set session to do more operation
urlConnection.setRequestProperty("Cookie", sessionId[0])
Hope it will work for you.
I think TimonWang has given a good respons that should probably help you.
If you manage the server yourself, I would suggest another solution. In other cases, just ignore this post.
If I were you I would make the API more RESTful, that means that you will not work with sessions to save your state. The login should in that case return something like an authentication token (which is unique for every login/user) which has to be saved somewhere. When the login is successful the authentication token can be used for later requests. So the authentication token should be saved on the device during the complete session, and should be added to every request you send to the server during that session. The server can see which of the users it is, because of the uniqueness of the authentication token.
So:
Login: returns auth_token
Every request: http://example.org/api?key=value&auth_token={auth_token}
How can I get the pin for the twitter 4j ?
accessToken = twitter.getOAuthAccessToken(requestToken, pin);
please help..!
If you take a look to the twitter4J Code Examples, you see that the user is suppose to write the pin that he gets from the Twitter website where he will be redirected. If you want to take the pin from the URL without the user having to introduce it manually, I think the pin comes in the URL as "oauth_verifier". I did all the login with signpost because I didn't want the user having to write anything and I wasn't able to do it using only Twitter4J. Once I have the access token, I create the Twitter object from twitter4j with twitter = twitterfact.getOAuthAuthorizedInstance(consumerKey, consumerSecret,accessToken);and it works fine. This way it was much easier for me.
You need to redirect the user with a request token (that you can get from Twitter) to the twitter site, where the user enters the username/password and gets the pin back.
See e.g. https://github.com/pilhuhn/ZwitscherA/blob/master/src/de/bsd/zwitscher/account/LoginActivity.java#L69 on how to direct to Twitter
and then https://github.com/pilhuhn/ZwitscherA/blob/master/src/de/bsd/zwitscher/account/LoginActivity.java#L91 when the user has the pin and needs to proceed
You should be able to get away without using the PIN.
Twiiter4j DOC
Blog Post stating it is not required by Twitter