I am coding up a Spotify app with a microservices architecture.
I have a few services, including a frontend (built in React/Ionic) and an auth service (Python FastAPI). These services are running in docker-compose.
I have the auth service handling all of the Spotify Authentication, and I just need a button on the front end to redirect to the Spotify login page.
above is the code that is executed when the button is clicked. I have a setupProxy.js file configured, so the url is fine.
The flow is this : button click > GET request to auth service > auth service returns a redirect response > once user is logged in, Spotify redirects back to auth service with code, should post access code to database. Then return to frontend page. The frontend will pull the access code from the database.
The problem is I am not getting redirected to the spotify page from the frontend. I know the redirect works, because I have another backend service, which I made a test call to the auth service from and it redirects me.
This is what is executed on the auth service call.
This is the test call from the backend to auth that definitely works.
I basically need an equivalent of the /test route above in React/Ionic.
Any help would be appreciated as I am completely stuck.
Update:
Spotify code is now coming through (i.e. button is clicked, browser redirects to my auth service, then redirects again to callback address with access code in URL, but even on a new browser I am not asked to sign into spotify it just comes straight back.
Related
I went through the Flask OAuth api, and its pretty clear how to do authentication for a web app. The web app gets redirected to the authentication provider login page, where access is granted, and returns back to the web app with a token.
However, for web api scenarios, where a client is pre authorized to call the web api, the request will have a Bearer token along with the call. Is there any example on how to validate this token? I see apis like validate_access_token() in the OAuth2 library, but I cant see any examples where people use it for web apis.
I use Azure AD for authentication, and have created an AAD application, and am able to get a token from it through the adal package on the client side (with the clientId and clientKey from AAD). But I havent been able to authorize it yet on the web api side, because it seems most scenarios look at web app authentication and not web api scenarios. Any ideas on how to authenticate on server side?
I'd like to be able to post tweets from a Python script, that runs from a server cron. I've been following the Twython documentation (https://twython.readthedocs.org/en/latest/usage/starting_out.html#obtain-authorization-url) but i'm not sure if I require a callback_url.
Only pass callback_url to get_authentication_tokens if your application is a Web Application
Desktop and Mobile Applications do not require a callback_url
Does anyone know if I require one? I tried putting in "google.com" but returned a 401 error.
Here's my code currently:
app_name = "AppNameTestScript"
APP_KEY = "exAmPlE"
APP_SECRET = "exAmPlEexAmPlEexAmPlE"
twitter = Twython(APP_KEY, APP_SECRET)
auth = twitter.get_authentication_tokens(callback_url='http://google.com.au')
If you use application-level authorisaion, you should use Oath2 authorisation path
Oath1 authorisation is a bit trickier, your application is authorised to act on behalf of an end user, so the latter has to grant this authority to your application. End user opens auth['auth_url'] url and grants permissions to your app on twitter.com, then he is redirected back to the application, that is where callback is used for. By processing this redirect, a web-based application communicates for access token. Read oauth begguide for more details.
There is a pin-based authoriazation flow in case you can't implement redirect handling. For this, you don't need to provide callback_url, as user acceptance is handled differently. Your end user however still need somehow communicate to your application his pin code. See twython docs for steps starting from when you know pin implementation details
I installed Django Facebook and I am using this method to post to a Page:
from open_facebook.api import OpenFacebook
graph = OpenFacebook("my_access_token")
graph.set('me/feed', message='hello world')
It's working on my local dev machine when I am logged in to my Facebook account. It stops working as soon as I sign out and I get this message:
OAuthException: Error validating access token: The session is invalid because the user logged out. (error code 190)
I got my access token from Graph API Explorer by passing /me/accounts
So the question, how do I make my code work on production when of course I'll not be logged in?
Please note that I'll only be posting to a Page that I own.
If you want to use 'me/feed' offline;
You can use the APP Access Token, once you've authorized the app and call USER_ID/feed to post.
Note: use user_id instead of me- me is only used when a user is in session, but you want to do the action after logout.
To get the app access token,
GET /oauth/access_token?
client_id={app-id}
&client_secret={app-secret}
&grant_type=client_credentials
buddies
One of my GAE restful service needs login with admin account. And I'm writing an automation script in python for testing this service. The script simply do a HTTP POST and then check the returned response. The difficult part for me is how to authenticate the test script as an admin user.
I created an admin account for testing purpose. But I'm not sure how to use that account in my test script. Is there a way that my test script can use oath2 or other approach to authenticate itself as a test admin account?
Ok I think this might be what you are looking for, client libraries to authenticate and yeah I believe appengine now recommends using the oauth2 for any kind of authentication:
https://developers.google.com/accounts/docs/OAuth2#libraries
Then you get an auth token where you pass in headers on your restful request like:
# Your authenticated request
Authorization: Bearer TokenHere
Then in your handler you get it like:
try:
user = oauth.get_current_user('https://www.googleapis.com/auth/userinfo')
except NotAllowedError:
user = None
# then from the first link you should be able to access if
user.is_current_user_admin()
This is how I authenticate on android, but I only do this once and store it in session and just enable cookie jar on the httpclient.
I'm new to FB app development. Once the user authorize my app, facebook does the following request
http://www.example.com/response#access_token=...&expires_in=3600
Now my python do not see the part after the '#'. How do i get the part, or am i doing something wrong?
You cannot use this. That is part of client side auth. URI fragments (the stuff after the #) are never sent to the server by the browser. You need to look up server side auth.
Short answer: you need to fill in YOUR_URL in https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL, next the facebook app (in python) needs to filter the return URL and yank out the access_token in the callback.
For more information, drop by https://apps.facebook.com/fileglu/technical - i am using facebook's access_token and dropbox's access_token to enable dropbox access inside Facebook App.
Have hooks for Google Oauth 2.0, anyone requires google docs access within Facebook?