I’ve seen a couple examples of this ( Storing auth tokens in a cookie )already; but I’d like to understand the reason for doing this.I think this would create more problems because you have to specifically remember to delete the cookie after you’re finished. For my specific example ; I am dealing with Instagram via the API
Thank you for any and all help
I`m not sure exactly what you're asking for. You need to know how to store the token? However, then is no need to remember to delete a cookie, just set an expiration date.
Regarding the API, you will need a valid token everytime you do a request to API, so don`t delete it, otherwise you will need to re-authenticate everytime.
Note: For Instagram Business Accounts you need to use Facebook API.
https://developers.facebook.com/docs/instagram-api/v2.10
Related
I am struggling to understand exactly how JWT-based authentication should be implemented in Django (I am using simplejwt). I am just a beginner, so please brace yourselves for some silly questions. The rest-framework-simplejwt documentation is very minimal and does not provide enough detail for a newbie like me.
path('token/obtain', jwt_views.TokenObtainPairView.as_view(), name='token_create'),
path('token/refresh', jwt_views.TokenRefreshView.as_view(), name='token_refresh'),
So, I've created the paths in my urls.py as suggested by the official documentation. Where do I go from here? I guess my confusion comes from the fact that I am not sure where exactly in the code I have to issue my tokens. Let's say, I am logging in the user. So, in order to obtain the token, do I have to send a request to the 'token_create' endpoint from inside my view? Or do I have to somehow indicate it in one of my serializers? What about the 'refresh_token' endpoint? Is there a specific method that I need to use?
Then, what do I do with the token once it has been issued? Clearly, I shouldn't save it in the database since it defeats the entire purpose of using JWTs in the first place. From my understanding, I should attach it to the headers so that the subsequent requests by the user contain the tokens in the headers.
The frontend will be written in ReactJS and will be on a separate server from my Django backend API, and the communication between the two will be configured through CORS.
In this case, how do I attach the token to the headers and make it so that the user's browser sends in the token with each request? Is there some sort of package that could be useful for that?
I think you just mixed everything up, I'm gonna explain everything however you may already know some stuff.
JWT simply is a way to authorize users, you usually create an endpoint to create a token for the users, this endpoint can be named login, create_token, 'generate_token', or anything! doesn't really matter!
However maybe if u use a specific library maybe it forces you to use a specific endpoint but in Flask it's really what you like.
This login (whatever you call it) endpoint will take a username and password and checks if it exists and it's correct, then generates a JWT with a library like PyJWT, You can configure the JWT to be expired in for example 20 mins or more, then you encrypt a dictionary(JSON?) which usually contains user_id which you query from the database. example of the JSON you provide to the user with:
{
"user_id": something,
"role": something,
...
}
Then it will be encrypted to a long string.
now when the user sends a request, he/she needs to have that long string as the Authorization header of the request.
In postman --> Authorizations, choose Bearer Authorization and then insert that long string.
We also give the user a refresh_token.
This is the example of the JSON you provide the user with when he/she calls the login endpoint:
{
token: some_long_string,
refresh_token: some_long_string,
}
So what is refresh Token?
it's just the token that when the main token expires instead of making the user enter username and password again, he just sends the refresh token we gave him while he called login.
One more point: This was the whole flow and logic you need to implement. Do it as you like, libraries or anything you like, doesn't really matter.
I need to call an API in Power BI from a SaaS located here: https://apidocs.unleashedsoftware.com/AuthenticationHelp
I already have my API ID and API Key.
The endpoint I am trying to work with is /StockOnHand and it requires 4 headers, one of which requires the API Key to be encrypted with HMAC-SHA256, which is not possible in PowerBI directly. The documentation is pretty good on the site, but I am struggling and keep getting 403 forbidden errors in Postman so I know it is an auth issue.
I don't care if I need to use Python/Powershell/C# or whatever it may be, but I need some help encoding this properly.
Yes I have looked at somewhat similar SO posts, but to no avail.
I'm trying to automatically delete certain comments on posts within a facebook group which I admin.
When I try and delete it, I get this:
facebook.GraphAPIError: (#3) Publishing comments through the API is
only available for page access tokens
I happen to have a page which I have a page access token for. When I use it I get:
facebook.GraphAPIError: Unsupported delete request. Object with ID
'722227087901405' does not exist, cannot be loaded due to missing
permissions, or does not support this operation. Please read the
Graph API documentation at
https://developers.facebook.com/docs/graph-api
I've set every permission possible and have also tried to see if it's possible to get a page access token for the group I admin to no avail.
Is what I'm trying to do possible or just not supported?
Also I don't know how much it matters but I'm doing this with the python SDK.
Any help would be appreciated, thank you!
I try to get the comments of a post from a group that I am a member (only member) and that by the way, the group is closed, but it does not return anything ..
I try it this way: {postid}/comments
I really do not know if you're allowed what I'm trying to do. What if you let me get is information about the videos that have been posted in the group.
I have never used the Facebook API before, so I know very little about the topic.
If I remember right facebook api allows you to programmatically access content of only public groups. To get data from private/closed groups you need to be admin, as user #WizKid pointed out
Does facebook allow to use one person's access token to fetch post info of another person (post comments, likes)?
I am thinking of implementing a pool of tokens in my app, so if token is broken I can use other persons token. Wondering if it's allowed and whether facebook have some restrictions on such a use case.
Additionally, I am currently using FQL, is there a difference for Graph API in how tokens work?
Short answer: It is not possible. That would be an incredibly large privacy problem anyway.
Also, for user postings you need the "read_stream" permission and you probably will not get this one approved:
This permission is reserved for apps that replicate the Facebook
client on platforms that don’t have a native client.
(https://developers.facebook.com/docs/facebook-login/permissions/v2.0)
About FQL: There is no difference, although keep in mind that FQL is deprecated and will be removed when support for v2.0 runs out. See this link for more information: https://developers.facebook.com/docs/apps/versions#versioning
(thanx to Tobi for clarification)