I have an Android / GAE application. We need to validate the Android user against GAE using OAuth.
We're currently using the Signpost library for this.
We've run through lots of the samples out there and we do seem to get a correct token.
Our problem is once we go to use that token to on our site - we get a 401 - Authorization Failed. The trace from GAE is below:
##TRACE## APIBase:: authenticate() InvalidOAuthParametersError!
The client provided OAuth parameters with the request, but they are invalid.
We've tripple checked our consumer keys, and the other information and we don't know really where to do from here.
Does anyone have any Android to GAE examples that they've used successfully?
Thanks
I learned a lot from the Android2Cloud guys
You can see how they do it at http://code.google.com/p/android2cloud/
Related
I need to send post request to get token from here https://developers.google.com/android-publisher/authorization
But on step 4 I don't have client_secret
I have code / client_id / redirect_uri the JSON does not have it
The most recommended mobile solution is to use AppAuth libraries, which involves these 2 steps:
Use Authorization Code Flow (PKCE)
Login via System Browser (Chrome Custom Tabs)
In this case the request to get a token uses a runtime code_verifier rather than a client_secret. My blog posts and code sample may give you something to compare against, but mobile OAuth can be quite intricate.
Google Mobile OAuth
Google generally recommend AppAuth for mobile logins. The playmarket API is just a scope value, so I see no reason why it wouldn't work.
References to client secrets in the Playmarket page may just be incomplete documentation. I haven't used this particular API but have used similar Google resources.
Quick Next Steps I'd Recommend
Try running the Google AppAuth sample - this blog post of mine makes this very easy.
Then repoint the sample to your Google Auth Server and add the Playmarket scope. You should then get a token and be able to successfully access Playmarket resources.
If there are no problems, integrate the solution into your own app. If you run into usability problems, have a read of my blog posts.
Coding Aspects
Not sure what language you're using, but my Kotlin sample code uses the libraries with a modern async await syntax.
following this tutorial I tried to receive Access Token from my company's site but,
I also had to add headers to the POST method and since the author of the tutorial didnt, I had to do this on my own, but im super new to these things and dont know if i did it the right way. And because of that (possibly?) all i get is a 401 response here are all the files from my project : click me!
If anyone could help me, Id be greatful
I would suggest to use AppAuth-Android, and not implementing the authorization flow by yourself, which can be complicated.
AppAuth for Android is a client SDK for communicating with OAuth 2.0 and OpenID Connect providers.
AppAuth handles the authorization flow (i.e. The performActionWithFreshTokens() method handles the token refreshing automatically).
You can follow Google's AppAuth-Android codelab, which demonstrates how to implement this library.
Hope it helps!
I am following this link to validate the token. It is mentioned in the link that for more than 100 requests we should follow below approach.
Using one of the Google API Client Libraries is the recommended way to validate Google ID tokens in a production environment.
The link provides code sample in Java. However I am trying to implement the same in Node.js. But did not find any help on this.
Can anybody help me in this?
I am trying to integrate Quickbook API for android but I am not able to find the way to authenticate and access api. They have provided sample for java swing and .net but there is nothing for android. I have tried to use oauth but cant find correct url and parameter for oauth.
Please guide me how I can resolve this issue.
For getting consumer key, consumer secret and apptoken, you can follow the link below.
https://developer.intuit.com/docs/0025_quickbooksapi/0010_getting_started/0010_signup
Using the above tokens and Oauth playground tool, you can get access token and access secret corresponding to you QBO account
https://appcenter.intuit.com/Playground/OAuth
After getting all these tokens, you can use SignPost lib to call QBO REST endpoints from your android client application.
You can follow this SO post - Quickbooks Online filtering with Signpost returns 401 error
(you'll find all endpoint related details in the QBAPI docs.
QB API Docs Link - https://developer.intuit.com/docs/0025_quickbooksapi
Hope it will be useful.
Thanks
I have a problem with linkedin integration in my app. I have created own API's to connect with linkedin.
I have used HttpConnection to get the data and post the data. All the web services are running fine when I run each web service separately but when I run all the web services at a time its showing Http errors.
The first web service is working fine but when it comes to second web service its showing Http error code 401.
Please can anyone let me know why is it not working.
If you're not using a standard OAuth library there are various pitfalls you can encounter when trying to sign requests. There's an existing Android library linkedin-j on the LinkedIn Libraries and Tools page here:
https://developer.linkedin.com/documents/libraries-and-tools
That having been said, if you want to proceed with your own OAuth implementation, there are a few things you can do to try to troubleshoot issues. A 401 error usually means that the OAuth signature is incorrect, so I suspect one of the following is happening:
Your code is re-using the signature from a previous request
Your code is making a different type of request (POST vs. GET)
You're adding query parameters directly via the URL
Each of these can cause the incorrect signature to be generated when the OAuth signature generation isn't being done correctly.
There's a page on common OAuth errors here:
https://developer.linkedin.com/documents/common-issues-oauth-authentication
And a page on debugging API calls here:
https://developer.linkedin.com/documents/debugging-api-calls
The OAuth Test Console here can be used to verify that the signature you're generating is correct for the call you're making:
https://developer.linkedin.com/oauth-test-console
Good luck, and if you're still having trouble try posting your request headers/body and response headers/body so it's possible to troubleshoot.
scribe.jar is another third party jar that you can use for linkedin integration to android application.It encapsulates all the linkedin functions like getting profile informations, posting network updates, etc and very simple to use. You can find examples here : https://github.com/fernandezpablo85/scribe-java/blob/master/src/test/java/org/scribe/examples/LinkedInExample.java