In my Django website, I want to redirect to an external website, authenticate on this external website and then the external website returns an API token that I want to save.
I have instructed the external website to redirect to 127.0.0.1:8000 (my home page) after I have successfully authenticated. When I'm redirected, I have a URL in this format:
http://127.0.0.1:8000/#access_token={token the external website generates}&token_type=Bearer&expires_in={expiry time}.
How can I get the values after the # in the URL? As I understand the values after the # is not sent back to the Django server.
Yeah that is never sent to the server.
What you could do is grab it with some JS, and submit it manually.
window.location.hash // gets you that value
Related
I started recently working on API's and few API providers are not requesting redirect URL while some others are requesting. I have written an algorithmic strategy for trading using python. When I requested for API to Fyers(stockbroker), the team said me to provide a redirect URL. what is a redirect URL? and how to create it?
I have attached image for reference. In the above image, there is a text box for Redirect URL. Can you please explain what exactly is Redirect URL and how to create one for calling API for authentication if my code is on heroku?
The Redirect URL is required by the oAuth workflow: basically the authorisation server will redirect the user back to the URL registered as "Redirect URL" including an authorization code or a token.
If you register a URL like https://myapp.herokuapp.com you will be redirected to
https://myapp.herokuapp.com?access_code=XXX&app_id=YYY
The Redirect URL needs to be a valid accessible page: if the process is manual you just copy the access_code from the browser and use it accordingly.
If it is an application you need to receive the redirect above (the URL is basically your app), fetch the required information (parameters) and implement your logic.
Default Fyers Redirect URL for Testing
Use the default url from fyers
https://trade.fyers.in/api-login/redirect-uri/index.html
Copy the auth key value
Use it in your python app in the second run
You can also use google collab, to run part of code only (authentication) without restarting the whole project
I am trying to post a message to the wall of a business page. I follow the following steps and everything works fine except that I don't publish the message on the business wall as administrator.
graph = facebook.GraphAPI(access_token='xxx')
If I use graph.put_wall_post(message='test') I publish the text on my personal wall.
With the profile id of business page, graph.put_wall_post(message='test', profile_id='5537xx') I post something like Me > business page
If I try to create the app using the business page, I get the following error:
Users not logged into their personal account cannot access developers.facebook.com
How can I post the message as a text post directly to my business page without error?
You should get an access-token for a page. You are probably getting an access-token for your personal account.
As stated in the Graph API Docs, here and here
With the Pages API, people using your app can post to Facebook as a
Page (...)
Before your app can make calls to read, update, or post to Pages you need to get a page access token. With this token you can view Page settings, make updates to page information and manage a Page.
Therefore, you basically should get the token corresponding to your page
To get the Page access token for a single page call the API endpoint
/{page-id} using an user access token and asking for the field
access_token. You need the permission pages_show_list or manage_pages
to successfully execute this call.
And then make requests to post content, for instance, a message
To post text to a Page's feed, provide a message parameter with the
text along with the Page ID:
POST https://graph.facebook.com/546349135390552/feed?message=Hello
On success, Graph API responds with JSON containing the Page
ID and the ID for the post:
{ "id": "546349135390552_1116689038356556" }
Read the links above and you'll have more information about it.
I have a Flask site that runs inside an iframe of a wordpress site.
Both sites are on the same domain. That is, the wordpress site is on something like www.example.com and Flask site is on api.example.com.
I need to show some user specific stuff in the iframe. So how do I read a cookie that was set by wordpress in Flask? Or check if it is set?
Basically, I want to know if the user is logged in or not (session cookie present) and their username.
The best would be if I could somehow integrate the Flask-Login plugin with the actual Wordpress login, however, I do not expect that to be possible.
When a cookie is created its domain is set. You need to ensure that the domain is set so that both sites domain match the cookie domain. For example example.com will allow the cookies to be viewed by both sites or put another way they will be set along with the request to both servers.
The wordpress login can be integrated with Flask. You will need to extract the session id/cookie contents and then make a request to the wordpress site.
Flask Code:
request.cookies.get('username') # get single cookie
request.cookies # get all as dict
Cookie attribute
This requests check if the session is valid and returns the user credentials.
If it succeeds - meaning the user can be automatically logged in - you then invoke cookies
Note: You will have to synchronize the sessions manually. When a session is created on the api side it will continue to exist until it expires or you manually call logout. Also if you log out of the wordpress side the flask session will continue to exist
More info on cookies
I want to use facebook api for which I will be needing oauth token, so when the program starts the python program will open the the authentication url by webbrowser.open() method after this the user will will give permission and then facebook will generate access token and redirect to a different link. I need to grab this redirected link and retrieve the access token. How do I grab this redirected url.
Afaik there is no simple way to do this (see Python - Getting url a browser was redirected to)
If you have a WebServer set the redirect page to your server and the get Tokens from there.
Otherwise use the python oauth module.
If you have a fb-app (with id and token) you can do it locally, althrough its not a very good/safe way..
I am trying to automate files download via a webserver. I plan on using wget or curl or python urllib / urllib2.
Most solutions use wget and urllib and urllib2. They all talk of HHTP based authentication and cookie based authentication. My problem is I dont know which one is used in the website that stores my data.
Here is the interaction with the site:
Normally I login to site http://www.anysite.com/index.cgi?
I get a form with a login and password. I type in both and hit return.
The url stays as http://www.anysite.com/index.cgi? during the entire interaction. But now I have a list of folders and files
If I click on a folder or file the URL changes to http://shamrockstructures.com/cgi-bin/index.cgi?page=download&file=%2Fhome%2Fjanysite%2Fpublic_html%2Fuser_data%2Fuserareas%2Ffile.tar.bz2
And the browser offers me a chance to save the file
I want to know how to figure out whether the site is using HTTP or cookie based authentication. After which I am assuming I can use cookielib or urllib2 in python to connect to it, get the list of files and folders and recursively download everything while staying connected.
p.S: I have tried the cookie cutter ways to connect via wget and wget --http-user "uname" --http-password "passwd" http://www.anysite.com/index.cgi? , but they only return the web form back to me.
If you log in using a Web page, the site is probably using cookie-based authentication. (It could technically use HTTP basic auth, by embedding your credentials in the URI, but this would be a dumb thing to do in most cases.) If you get a separate, smallish dialog with a user name and password field (like this one), it is using HTTP basic authentication.
If you try to log in using HTTP basic auth, and get back the login page, as is happening to you, this is a certain indication that the site is not using HTTP basic auth.
Most sites use cookie-based authentication these days. To do this with an HTTP cilent such as urllib2, you will need to do an HTTP POST of the fields in the login form. (You may need to actually request the login form first, as a site could include a cookie that you need to even log in, but usually this is not necessary.) This should return a "successfully logged in" page that you can test for. Save the cookies you get back from this request. When making the next request, include these cookies. Each request you make may respond with cookies, and you need to save those and send them again with the next request.
urllib2 has a function called a "cookie jar" which will automatically handle the cookies for you as you send requests and receive Web pages. That's what you want.
You can use pycurl like this:
import pycurl
COOKIE_JAR = 'cookiejar' # file to store the cookies
LOGIN_URL = 'http://www.yoursite.com/login.cgi'
USER_FIELD = 'user' # Name of the element in the HTML form
USER = 'joe'
PASSWD_FIELD = 'passwd' # Name of the element in the HTML form
PASSWD = 'MySecretPassword'
def read(html):
"""Read the body of the response, with posible
future html parsing and re-requesting"""
print html
com = pycurl.Curl()
com.setopt(pycurl.WRITEFUNCTION, read)
com.setopt(pycurl.COOKIEJAR, COOKIE_JAR)
com.setopt(pycurl.FOLLOWLOCATION, 1) # follow redirects
com.setopt(pycurl.POST, 1)
com.setopt(pycurl.POSTFIELDS, '%s=%s;%s=%s'%(USER_FIELD, USER,
PASSWD_FIELD, PASSWD))
com.setopt(pycurl.URL, LOGIN_URL )
com.perform()
Plain pycurl it may seam very "primitive" (with the limited setopt approach),
but it gets the job done, and handle pretty well the cookies with the cookie jar option.
AFAIK cookie based authentication is only used once you have logged in successfully atleast ONCE. You can try disabling storing cookies from that domain by changing your browser settings, if you are still able to download files that it should be a HTTP based authentication.
Try doing a equivalent GET request for the (possibly POST) login request that is probably happening right now for login. Use firebug or fiddler to see the login request that is sent.
Also note if there is some javascript code which is returning you a different output, based on your useragent string or some other parameter.
See if httplib, mechanize helps.