I'm having some troubles getting a custom app installed on my test shop using django and app engine. I downloaded the appropriate zip file on github for the app engine project (https://github.com/shopify/shopify_django_app).
I created the app on the partner admin with the callback url
http://localhost:8000/login/finalize
SHOPIFY_API_KEY = '6a17608.......'
SHOPIFY_API_SECRET = '1fddc.......'
Now I load it up and am greeted by the login page.
Now one of 2 things happen.
I enter https://crooks-and-sons5046.myshopify.com (test shop) and it sends me to the partner login form which I do and login. Then it just redirects me to my stores admin page and it doesn't bring up the install frame like I see on the online demo example.
OR I enter crooks-and-sons5046 and I get a 500 error kicked back from the server that says
Exception Value:
cannot concatenate 'str' and 'NoneType' objects
Exception Location: /Users/timwhitaker/gae/mfshopify/shopify/session.py in
__computed_password, line 87
This is the relevant line
return md5(self.secret + self.token).hexdigest()
My api key and secret key are both entered in the shopify_settings.py so this leads me to believe the token is not being created for the session.
The online demo here https://shopify-django-example.appspot.com/ works perfectly for me and I didn't mess around with any of the files that were in the included zip.
Any ideas?
Is your Shopify App configured to use Legacy or OAuth Authentication? I think the example app zip file for app engine is quite old, so probably only works with Legacy Authentication.
However, the master branch for the shopify_django_app project has been updated to support OAuth with Shopify. That along with the newer version of the shopify_python_api would be needed to be updated to use OAuth Authentication.
Related
I am trying to set up SAML Single Sign-On (SSO) with my Django app, but I am getting an error when I try to login to my app.
I go to the app url, Microsoft processes the request (the url displays microsoft.loginonline.com/etc briefly), and then I get redirected to this page:
https://my-app.azurewebsites.net/.auth/login/aad/callback
which displays this error:
{"code":400,"message":"IDX10501: Signature validation failed. Unable to match keys: \nkid: '[PII is hidden]', \ntoken: '[PII is hidden]'."}
The reply url is set to:
https://my-app.azurewebsites.net/.auth/login/aad/callback
I did the set-up following both the Azure docs and following this documentation: https://django-auth-adfs.readthedocs.io, it's ostensibly working on my localhost, just not on the actual azure app service... I am unsure of what I am doing wrong, and the error message is not very informative for me as I am new to back-end programming and cloud.
Any help is appreciated, thanks!
As stated by you, you have configured SAML SSO with Django app in the backend and encountering the said error while logging in. As per the error reported, the ‘PII value is hidden’ due to which the signature keys couldn’t be validated by the AAD. So, you will need to add some strings to your ‘settings.py’ file to notify the Django web app the returned value of token from AAD. Please find the below strings to be added to the respective file: -
Please add the below string to AUTHENTICATION_BACKENDS section in ‘settings.py’ file.
Microsoft.IdentityModel.Logging.IdentityModelEventSource.ShowPII = true;
After adding the above string to the said file, the app should work and so the SSO too.
Also, please find the below link to a similar thread for your reference: -
JWT token authentication fails with message "PII is hidden"
Thanks
Im trying to scrape Reddit with the praw.reddit command and I keep getting the following:
prawcore.exceptions.OAuthException: unauthorized_client error processing
request (Only script apps may use password auth)
Heres the top of my code:(I removed the sensitive items)
import praw
import pandas as pd
import datetime as dt
reddit = praw.Reddit(client_id='zlpcoz08aNK8Bw', \
client_secret='', \
user_agent='comment_scraper 1.0 by /u/bullybear77777',
\
username='', \
password='')
I think it's because of my user_agent ID? I looked online and found that this appears to be the structure but im not sure. Any helps here would be greatly appreciated
This sort of error is caused by the type of app associated with that client id. Logging in with a password is restricted to script type apps.
When you create a new application, there are three types of apps to choose from:
web app: A web based application
installed app: An app intended for installation, such as on a mobile phone
script: Script for personal use. Will only have access to the developers accounts
If the application has the web app or installed app types then this form of authentication can't be used. You can't change the app type once it's created, but you can simply create a new one with a script type.
I installed Django Facebook and I am using this method to post to a Page:
from open_facebook.api import OpenFacebook
graph = OpenFacebook("my_access_token")
graph.set('me/feed', message='hello world')
It's working on my local dev machine when I am logged in to my Facebook account. It stops working as soon as I sign out and I get this message:
OAuthException: Error validating access token: The session is invalid because the user logged out. (error code 190)
I got my access token from Graph API Explorer by passing /me/accounts
So the question, how do I make my code work on production when of course I'll not be logged in?
Please note that I'll only be posting to a Page that I own.
If you want to use 'me/feed' offline;
You can use the APP Access Token, once you've authorized the app and call USER_ID/feed to post.
Note: use user_id instead of me- me is only used when a user is in session, but you want to do the action after logout.
To get the app access token,
GET /oauth/access_token?
client_id={app-id}
&client_secret={app-secret}
&grant_type=client_credentials
I'm trying to make a simple program to post something to my wall on Fcebook in Python. I tried using this example from pythonforfacebook:
import facebook
oauth_access_token = "****"
graph = facebook.GraphAPI(oauth_access_token)
me = "****"
profile = graph.get_object(me)
graph.put_object(me, "feed", message="I am writing on my wall!")
I tried going to the developer center and making an App. For "Select how your app integrates with Facebook",I chose "Website with Facebook Login" (I don't actually have a website, I just have a program that should post to my facebook wall, but this is the closest option that matches what I want to do...).
However, when I run this, it says:
$ python a.py
Traceback (most recent call last):
File "a.py", line 7, in <module>
graph.put_object(me, "feed", message="I am writing on my wall!")
File "/usr/lib64/python2.7/site-packages/facebook.py", line 140, in put_object
post_args=data)
File "/usr/lib64/python2.7/site-packages/facebook.py", line 298, in request
raise GraphAPIError(response)
facebook.GraphAPIError: (#200) The user hasn't authorized the application to perform this action
How can I log in as the user and authorize my App? Am I even taking the right approach? I don't actually have a website, I just have a program, for the website field I literally entered "http://google.com" and it worked.
I made it work by getting a new token with permissions to post on my wall (specifically, the "publish_actions" permission). I did this by using the Graph API Explorer, selecting my application in the dropdown menu, pressing "Get Access Token" and checking "publish_actions". The only problem is the token expires after an hour.
You must authorize the user for publish_action/publish_stream permission to post on your wall.
If your only task is to post on the wall/ get the basic info; you can use the APP Access Token instead of user access token for performing the action once you've authorized the app. To get the App Access Token, you can uuse-
GET /oauth/access_token?
client_id={app-id}
&client_secret={app-secret}
&grant_type=client_credentials
Or, directly from here. But do not hard code it in your app (for security reasons)
Or, if you want to perform other actions too on the user's behalf you can extend the user token to 2 months validity. Read here for more details
For those of who stumble upon this post after April 24th, Facebook has stopped support for such API calls.
As of April 24,2018, the publish_actions permission has been removed. Please see the Breaking Changes Changelog for more details. To provide a way for your app users to share content to Facebook, we encourage you to use our Sharing products instead.
I've been working on using python to get access to Facebook insights information. I was able to get public information (e.g. 'likes' from cocacola's page) in addition to app insights for apps that I have developed.
Because I am the admin and developer for both pages and apps, when I go to facebook.com/insights I will see a section for pages and a section for apps. I want to be able to get insights for both from the graph api and store them on my personal database. Getting the app insights were not difficult. I obtained my app_id and app_secret when I created my app and then followed the process under App Login at this page http://developers.facebook.com/docs/authentication/. This gave me an app access_token which I could use to get app insights.
When attempting to do the same for pages, I have had more trouble. As many previous posts have mentioned, most of the facebook documentation has to do with a facebook app getting an access_token to manage or read insights from a page. I understand that this is useful for apps that interact with a user's page. However, my instinct says that I should be able to get an access token with read_insights for a page that I am the administrator of without having to go through an external app.
The only way that I've been able to read the insights for my page has been using the Graph Api Explorer. I used the Explorer to obtain an access_token (through the access_token button, allowing the Explorer to access my personal data and requested manage_pages and read_insight extended permision). Then I followed the instructions under Page Login at the /docs/authentication/ page that I posted above, to get an access_token for the facebook page I administer. Then I could finally run https://graph.facebook.com/PAGE_ID/insights?access_token=RETRIEVED_TOKEN. However, this is an incredibly cumbersome way of finding the access_token. Is there a way to get this token that is less cumbersome? Thanks for your help. I've been struggling with this for quite a while.
I've also included the code that I used to get the access token for my app.
def get_access_token():
args = dict(client_id=FACEBOOK_APP_ID, client_secret=FACEBOOK_APP_SECRET, grant_type="client_credentials" )
url = "https://graph.facebook.com/oauth/access_token?" + urllib.urlencode(args)
response = urlparse.parse_qs(urllib.urlopen(url).read())
access_token = response['access_token'][0]
return access_token
Why not using classic way:
Create an app and login to it using facebook (JS SDK for example), with the offline_access and read_insights permission.
The offline_access will give you a permanent access_token that you can use to access the insights anytime you want.
The JS SDK (method FB.login) will return an object, containing the access_token you need.