I want to use following OLA APis,
Products: Checks availability of taxis from pick up address
Products: Checks ride estimate from pick up address to drop off address
bookings/create: To book a Taxi
First two of them requires X-App Token, which I implemented successfully, but Booking a taxi requires X-App Token and authorization both. I got X-App Token while registering app. but unable to get authorization.
I suppose we can get authorization token after login. But no API available for login. So could anyone please tell, where we can get authorization token.
It may be possible we can get authorization token from "http://api.ola.gemius.com/auth/login", but it says "Wrong email or password", while I am already registered on OLA.
After registration of your APP, you will get below details
X-APP-TOKEN
OAuth URL
Redirect URI
If you run above OAuth URL, it will ask to login/register. After successful login, it will ask to accept/deny, click on accept then it will redirect to "Redirect URI" with the access_token value. check the below sample code.
localhost/ola/getdetails.php#access_token=1b0f48c26ee149cda389319106b17078&state=state123&scope=profile%20booking&token_type=bearer&expires_in=15551999
Note: access_token is the one which you want substitute against authorization
There are login apis-
Check the below link-
http://api.ola.gemius.com/doc/#authorization-login
http://developers.olacabs.com/api/3
You can also have a look at the following resources-
http://blog.attify.com/2015/02/01/ola-cabs-privacy-security-issue-discovered-appwatch/
https://medium.com/#CodeTheDevil/busting-ola-wallet-1ceea6174b1f
Related
here is the link
https://developer.amazon.com/en-US/docs/alexa/account-linking/app-to-app-account-linking-starting-from-your-app.html
Steps that I followed in my Android App.
I completed the LWA fallback url setup , in fallback URL I have used client ID that is received from Account linking page of Alexa custom skill.
After open the LWA url in browser , page asked to Login in Amazon after that I can see the page where my skill asked to access the lwa details with an Allow and Cancel button
After Allow My Application is getting Auth-Token , From that Auth-Token I am calling token API and getting Access Token.
after that I am calling below activation skill api
POST /v1/users/~current/skills/{skillId}/enablement HTTP/1.1
Host: api.amazonalexa.com, api.eu.amazonalexa.com,
api.fe.amazonalexa.com
Content-Type: application/json
Authorization: "Bearer {Amazon Access Token}"
{
"stage": "skill stage",
"accountLinkRequest": {
"redirectUri": "https://yourRedirectURI",
"authCode": "Your user's authorization code from your authorization
server",
"type": "AUTH_CODE"
}
}
I have used parameters values like below
Amazon access token - Got that from Amazon token API.
redirectUri = https://pitangui.amazon.com/api/skill/link/XXXXXXXXXXX
authCode = got after perform successful login with amazon.
But I got 400 bad request error with Message
{"message":"Invalid account linking credentials"}
I am not able to get what I am doing wrong . Help me out if anyone have some suggestions.
The 400 bad request "Invalid account linking credentials" it's because you are receiving wrong credentials, so make sure that you are using correct client ID and secret to use skill Activation API.
I would recommend following this article.
https://amazon.developer.forums.answerhub.com/articles/240817/app-to-app-account-linking-debugging-tips.html
Situation
I have simple android app where user gets data from Google Fusion Tables with REST api. For this I was using OAuth 2 authorization to get Access Token and Refresh Token. I have web view in my app which will show login screen as well as consent screen. I was planning to get access token from web view and use it for further API calls. I am using retrofit to execute my http calls. I use following query parameters,
"client_id" = CLIENTID
"client_secret" = SECRET
"code" = 4/XXXXXXXXXX //Code got from redirect url
"grant_type" = "authorization_code"
"access_type" = "offline"
"approval_prompt" = "force"
"redirect_uri" = REDIRECT_URL
So far so good. But when I exceute post request with above query parameters, I get following response,
{
"access_token": "ya29.XXXXXXXXXXXXXX",
"token_type": "Bearer",
"expires_in": 3599,
"id_token": "XXXXXXXXXX"
}
Question
Where is refresh token? I need refresh token because I couldn't do API call through app later on with access token and I don't want user to get access token every time.
What I have tried
I have already followed instructions from this post and have tried revoking permission to application from settings. I have also tried using different google accounts in case there was some permission issue, but still no luck. I have also tried removing query parameter "approval_prompt" and "grant_type" but that also didn't help.
I got answer after searching and banging head for 5-6 hours. This answer saved me! Answer to people looking for this in future,
Add "access_type" = "offline" query while requesting for access token rather than exchanging, i.e. in URL which asks for consent.
Instead of specifying grant_type=offline in the authorization request, you need to provide access_type=offline to request a refresh token.
I am working on an app in which I have to use facebook login for accessing data from my backend server. I have search on this and got that:
First, the user will enter username and password of facebook then the request goes to server.
If user authenticated then fetch access token of user.
Send this access token on server.
The server will verify this access token.
I have successfully connected my app with facebook i.e, now user can logged from my app to facebook. But I don't now how can I get the access token of user and also how I can verify this access token on server.
Can you provide me some sample code for this. Please help me I am stuck in it from a long time.
I'm not sure if it is best practice, but this is how I do it.
When you log a user in Android on the client device via any of the SDKs, you get an user access token. The token can be accessed as follows
AccessToken token = AccessToken.getCurrentAccessToken();
if (token != null) {
Toast.makeText(getActivity(), token, Toast.LENGTH_LONG).show();
}
You can then pass this token to the backend as a POST variable:
'access_token': '32b409xceBV78d2932b409xceBV78d29'
Using a backend SDK, you can get the user info again. Here's a example in python
facebook_graph = facebook.GraphAPI(access_token)
If the email and fbid match the user information stored in your database, you grant access:
user = get_user(email=facebook_graph['email'], fbid=facebook_graph['fbid'])
login(request, user)
To access the data of the facebook user you have to take permissions and the following link may be useful for you. Just check it out...
https://developers.facebook.com/docs/howtos/androidsdk/3.0/fetch-user-data/
how can i use oauth2.0 to get users google profile info on android app. I need the proper code/ example for an android app. I need the users information like :
profile photo
birthday
gender
location
Thanks
Google OAuth will require the following steps:
1.Register with Google here. after registering ,in the INSTALLED APPLICATION section you will get your REDIRECT_URI and CLIENT_ID
2.The REDIRECT_URI and CLIENT_ID obtained above now will be used in the following url.
https://accounts.google.com/o/oauth2/auth?" + "scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email+https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.profile"+ "&redirect_uri=" + REDIRECT_URI + "&response_type=code" +"&client_id=" + CLIENT_ID;
3.This url will take you to the Google Authentication page, here google takes over and you enter your account details. Further, it is redirected to the approval page, where the user allows your app to use their google data.
4.Now, as a response to this you get ACCESS CODE from google as a JSON or in the title of the html page. Parse the ACCESS CODE.
5.With the ACCESS CODE you will now make a POST request with the following post data to get the ACCESS TOKEN.
'code' // this is the access code
'client_id' // same as earlier
'client_secret' // you will find this on the google page where you registered
'redirect_uri' // same as earlier
'grant_type' = "authorization_code" // as is
6.You will now get the ACCESS TOKEN in a JSON as "access_token" . parse this access token.
7.Make use of the Access token to make a call on the following url
https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=your_access_token_here
8.You will get the users data as a response to this call as a JSON.
Here are additional docs that you may need:
https://developers.google.com/accounts/docs/OAuth2InstalledApp
Is it possible to authenticate the user on server side using auth token retrieved by Android applicaton from Facebook?
In other words Android application uses SSO and obtain auth token. Then sends this token to backend application deployed on Google App Engine. Then backend application verifies the user against Facebook using the token.
I guess it's not feasible because retrieved token can be used only by Android application, but who knows? Maybe it may be reused somehow?
The Token you get from Android API can be sent to your server, who can check the validity of the token by querying the graph ( using /me?auth_token=.... for example).
The problem is that the same token can be used by any third party - it's not client specific - and so if you base server identification based on that, you have a problem (since a third app could use its user token and get authenticated by you). I am trying to find a way to solve this issue, but I don't have good ideas yet...
Facebook actually has an Android SDK that lets you do this. Information can be found here.
Yes you can. A valid access token is a valid access token. The Graph API does from where the token came, but only that the token has the appropriate permissions to access that portion of the graph api. Keep in mind, though, that the token is only valid for 24 hours from the time of its issuance. (is that really a word?) From the time it is issued?
When using facebook android sdk with SingleSignOn (SSO), the access token format actually changed.
Instead of getting traditional auth token which contains userid & session key as a part of authToken
now we get a different format of authToken
As Facebook Devs are still in process to support there rest apis with newly formated access token
meanwhile we can disable the SSO on android facebook sdk by changing DEFAULT_AUTH_ACTIVITY_CODE to -1 from 32665 (in Facebook.java)
This will invoke Traditional dialouge for granting acess token and in return you'll get access token which will contain session key in it.
Those who are looking for generating secure session key you need to add your own method in Facebook.java like
public String getSessionSecret(String accessToken) throws MalformedURLException, IOException
{
Bundle b = new Bundle();
b.putString("method", "auth.promoteSession");
b.putString("access_token", accessToken);
b.putString("session_key_only", "true");
String response = request(b);
return response;
}