After you have the client ID and client secret, you send an HTTP POST to the OAuth 2.0 device endpoint at https://accounts.google.com/o/oauth2/device/code with your client_id and a list of scopes. Unlike the other OAuth 2.0 flows, response_type and redirect_uri are not needed in the device flow. The following is an example request for a user code:
POST /o/oauth2/device/code HTTP/1.1
Host: accounts.google.com
Content-Type: application/x-www-form-urlencoded
client_id=812741506391-h38jh0j4fv0ce1krdkiq0hfvt6n5amrf.apps.googleusercontent.com&
scope=email%20profile
I have tried but it results all time:
{
"error" : "invalid_scope",
"error_description" : "Some requested scopes were invalid. {invalid=[rad365rad#gmail.com]}",
"error_uri" : "http://code.google.com/apis/accounts/docs/OAuth2.html"
}
can anyone solve this..where i am wrong please
You can start from here, this should help get you the device code
curl -d "client_id=xxxxxxxxxxxxxxxxx.apps.googleusercontent.com&scope=email profile" https://accounts.google.com/o/oauth2/device/code
Related
here is the link
https://developer.amazon.com/en-US/docs/alexa/account-linking/app-to-app-account-linking-starting-from-your-app.html
Steps that I followed in my Android App.
I completed the LWA fallback url setup , in fallback URL I have used client ID that is received from Account linking page of Alexa custom skill.
After open the LWA url in browser , page asked to Login in Amazon after that I can see the page where my skill asked to access the lwa details with an Allow and Cancel button
After Allow My Application is getting Auth-Token , From that Auth-Token I am calling token API and getting Access Token.
after that I am calling below activation skill api
POST /v1/users/~current/skills/{skillId}/enablement HTTP/1.1
Host: api.amazonalexa.com, api.eu.amazonalexa.com,
api.fe.amazonalexa.com
Content-Type: application/json
Authorization: "Bearer {Amazon Access Token}"
{
"stage": "skill stage",
"accountLinkRequest": {
"redirectUri": "https://yourRedirectURI",
"authCode": "Your user's authorization code from your authorization
server",
"type": "AUTH_CODE"
}
}
I have used parameters values like below
Amazon access token - Got that from Amazon token API.
redirectUri = https://pitangui.amazon.com/api/skill/link/XXXXXXXXXXX
authCode = got after perform successful login with amazon.
But I got 400 bad request error with Message
{"message":"Invalid account linking credentials"}
I am not able to get what I am doing wrong . Help me out if anyone have some suggestions.
The 400 bad request "Invalid account linking credentials" it's because you are receiving wrong credentials, so make sure that you are using correct client ID and secret to use skill Activation API.
I would recommend following this article.
https://amazon.developer.forums.answerhub.com/articles/240817/app-to-app-account-linking-debugging-tips.html
POST https://www.googleapis.com/youtube/v3/commentThreads?part=snippet&key=[YOUR_API_KEY] HTTP/1.1
Authorization: Bearer [YOUR_ACCESS_TOKEN] issue is here how to resolve this, i am confused.
Accept: application/json
Content-Type: application/json
I finally found an explanatory answer to this problem that I was also facing, it may help you and others!!
Basically, you have two strings:
the ClientId (it's used on both: client and server)
the SecretKey (that must never come to the client-side!)
The user sees in the page a link: Click here to login (e.g.). When he clicks there he is redirected to the Google pages. He is asked to accept your application. If he clicks the Deny button you will get an error message: Access denied by the user (probably..). If he clicks Yes, you will get a temp code that is used to get the access token. You will make a POST request to https://accounts.google.com/o/oauth2/token providing the client_id, secret_key, code, redirect_uri, and grant_type parameters in the form data.
Then you will finally get the access token!
Complete discussion link:
https://github.com/IonicaBizau/youtube-api/issues/5
My goal is to validate user purchases on google server as described here > Purchases.products: get
but i need to authorise the request > Authorisation Documentation
According to Google Play Developer API Authorization Doccumentation in order to generate access and refresh token :
"... sending a POST request to https://accounts.google.com/o/oauth2/token with the following fields set:
grant_type=authorization_code
code=<the code from the previous step>
client_id=<the client ID token created in the APIs Console>
client_secret=<the client secret corresponding to the client ID>
redirect_uri=<the URI registered with the client ID>
A successful response will contain your tokens in JSON format:
{
"access_token" : "ya29.ZStBkRnGyZ2mUYOLgls7QVBxOg82XhBCFo8UIT5gM",
"token_type" : "Bearer",
"expires_in" : 3600,
"refresh_token" : "1/zaaHNytlC3SEBX7F2cfrHcqJEa3KoAHYeXES6nmho"
}
"
i successfully generated code, client_id, client_secret, redirect_uri from console.developers.google.com but when i send the POST request
https://accounts.google.com/o/oauth2/token?grant_type=authorization_code&code=my_generated_codeA&client_id=generated_client_id&client_secret=generated_client_secret&redirect_uri=my_redirect_uri
i get the the following response when i used Postman:
{
"error": "invalid_request",
"error_description": "Missing header: Content-Type"
}
with status code = 400
i get the the following response when i used Chrome :
{
"error": "invalid_request"
}
How can i get the right response?
The https://accounts.google.com/o/oauth2/token?grant_type=authorization_code&code=my_generated_codeA&client_id=generated_client_id&client_secret=generated_client_secret&redirect_uri=my_redirect_uri is GET request, it's not POST request because there is no request body.
Also, when using Postman the response
{
"error": "invalid_request",
"error_description": "Missing header: Content-Type"
}
means that you select the wrong header. You should select application/x-www-form-urlencoded option in Bodytab in Postman. Then write down key pair value. You will get something like this:
I'm trying to get logged in soundcloud by using their API. I manage to got a code with a success response from /connect but when I try to get a token, I end up with a 401 error. Here is what I send :
POST /oauth2/token HTTP/1.1
Host: api.soundcloud.com
Content-Type: application/x-form-urlencoded
Cache-Control: no-cache
Postman-Token: 255c7769-0f65-5c40-27bc-9429ea8c38ea
client_id=<my client id>&
client_secret=<my secret id>&
redirect_uri=http%3A%2F%2Fmywebsite&
grant_type=authorization_code&
code=a99cfc85c0e46235d7fdb9ca74b7dddd%23
Does anyone knows what I miss here to get a working request ?
It turned out I was not calling /connect correctly, this is the correct way :
https://soundcloud.com/connect?
client_id=<my client id>
&redirect_uri=<my redirect url>
&response_type=token
&scope=non-expiring
&display=popup
With response_type=token, we directly receive an access token so we don't need to call /oauth2/token then.
I'm trying to get Yahoo messenger notifications (comet style) to work on my Android app but I got a problem:
I have all the oauth tokens + IM cookie, I make the call to notify server but it responds with
403 Bad IM cookie or URI credential
The IM cookie which is sent is correct because it is the same as the one I got from POST /session.
The call:
POST to:http://rproxy2.messenger.yahooapis.com/v1/pushchannel/user_id?sid=T3qRkifs3BiGXCW4LOSoThi3lG2HvWNagr.mGA--&rand=-1131022177&count=10&seq=1&format=json&IM=2x5A0IOr9Js_8er8BgSYUCB9fjB.d20FbKds7NdJdkzWK4u2A92k5dMrM72OetLz9.q70NQCwZpAqafQ5.XM-|QTvOT1rY3ukBC8o4Z0zeRg--&oauth_consumer_key=dj0yJmk9cFNKb2NKbTdINEtFJmQ9WVdrOVpHMW1aVXhKTjJNbWNHbzlNamcyTnpNMU1UWXkmcz1jb25zdW1lcnNlY3JldCZ4PWJh&oauth_nonce=939bc51c9a594c7cbf903643bc10f7d1&oauth_signature_method=PLAINTEXT&oauth_timestamp=1328108171163&oauth_token=A%3DosG_yqL.hxped9sV4ZMVD2A5vugclvEOSKIw85DOg17vQa8N1jQK6UcGqeLGLXKFalrxnYA_iA_ArmhbN6oJ_CEINGwiq7MWsVjO_vQT5bwhmcBMwBLByhusduuH2BFJw1Zd2w_uDj5fEUVMK9bMDzg.fYEpdm1uK.OgwyYLPCwdkzW0w6ujPpaFAea7gwmsSBYHECzjXm8wduoe1Sw3rpJH4z9PGIe8Hkt3wrbyJpW9BuiU4g6OyE1f8nhzHVkcG_70KQiIR_oV3tP8_l4SCsbbHMvSzlyZjK1V6gJp0Q94fAcfuIWQ1Vd.iD.UZPEyzdzYK.k5Q6pE4H3At8czcXFOpmOL5eUwfbeQEtXePCL1b2v9oY4BxtH_dCUVTMhzQsV.YpKZV.ZRZzK8ThveL5gfGuqYcBZLHwVilQnQWo477XwT10GbvWUzJ2EH4v5m9q.sGMViSIKWjbE2O6YfwhYXAgQMA3d8wQLL7IoY4QC0.IR4T8M_KnZVlKoi_EiED8VuK9h7h3emBZeXoM15rqGk2..HUJQEuIe1d0YbTPEGKdM.fbCcT7_Y0Szzw3abf9b1Xjzm8VkNSKL.LXAmy8c9PyNatUT_hKFmzmWMd1RRYfd8rF7i6i7Ec_cVv06QhwCQyKlEsCQh7UChUe9JykUmiA6JOm4JOpsbTQWS1Iec35zrltc4YwouUlMx.y6JbzB_VYL9jkzeuu&oauth_version=1.0&oauth_signature=2cd720831677df11508571218aed6c36c9cf2b51%26e57b0e111092b000a43b4ae9c928178fd5da4b9f
connection: keep-alive
cookie: IM=2x5A0IOr9Js_8er8BgSYUCB9fjB.d20FbKds7NdJdkzWK4u2A92k5dMrM72OetLz9.q70NQCwZpAqafQ5.XM-|QTvOT1rY3ukBC8o4Z0zeRg--
User-Agent: Dalvik/1.2.0 (Linux; U; Android 2.2; sdk Build/FRF91)
Host: rproxy2.messenger.yahooapis.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
The server responds with:
HTTP/1.1 403 bad IM cookie or URI credentials
Connection: close
I followed all the instrunctions from docs, not sure how can make it to work.
Thanks.
Your HTTP POST is empty (Content-Length: 0), the docs state:
Note: even though all inputs are optional, the server
still expects an empty POST body (JSON: "{}")
so, change your Content-Type to "application/json;charset=utf-8" and include
{}
as the body of the HTTP POST.
Long lived connections need to be GET calls; see "Notification Management (Comet-Style Push) API", here.