I was able to create a system where upon authorization, I can grab the access token from Spotify's API. But this process requires me to go to the https://accounts.spotify.com/api/token site where I then have to manually click 'Authorize' in order to get the access code. I was wondering if it is possible to automate this entire process. I'm thinking that I have to create a server where I can just authorize it every hour in order to get a new access token, and then I can just fetch the access token from that server, but this doesn't get around the fact that I still have to manually click Authorize to get a new refresh code to get an access code. Any help would be appreciated!
Related
Sorry for the long question but I simply wonder: how do I add more time to be able to for example run my app during the whole day and be able to fetch calendar events through google API using oauth2 authorization...
I'm having issue in my project and get an error invalid_request in the terminal and I'm pretty sure it is because it kind of, does not let me try to get events after a certain of time.. which I think is around 1h approximately. I'm building my project with react, nodejs, express, using google API.
If you need more content let me please know! thank you
Google Access Tokens expire after 3600 seconds (default). You will need to refresh the access token periodically. You can do this without prompting the user if you requested offline access.
You can decode an access token. One of the fields is the expiration time (exp), so that you can determine when to refresh. See the second link below. You do not actually need to call a Google endpoint as you can decode the access token in code. If I remember correctly it is a base64 encoded JWT.
I am not sure what API you are using as there are several, but this link will point you in a direction on how to refresh access tokens.
Refreshing an access token
Calling the tokeninfo endpoint
I want to fetch the data(Pageview, Session, Users and all) from Google analytics and show it on another website but my problem is that I don't know how to get access token using JavaScript.
I referred some Google docs for getting access token Query Explorer, OAuth 2.0 Playground but this access token is expired in 60 minute and I want to save this access token for future use(long live access token). Anyone know about how to get access token using js or how to get refresh token for using future use.
Whenever I used expired access token and fire the API so I got this error:
{"error":{"errors":[{"domain":"global","reason":"authError","message":"Invalid Credentials","locationType":"header","location":"Authorization"}],"code":401,"message":"Invalid Credentials"}}
And my Google analytics API which is generated by Query Explorer included access_token.
https://www.googleapis.com/analytics/v3/data/ga?ids=ga%3A123456&start-date=2016-10-21&end-date=2016-11-20&metrics=ga%3Asessions%2Cga%3Apageviews&dimensions=ga%3AlandingPagePath&start-index=3&max-results=1&access_token=za29.aaaaaaaaabbbbbbbbbccccccccdddddddmmvermrm
Access tokens are only good for 60 minutes.
What you are looking for is a Refresh Token. Refresh tokens are used are good as long as they are valid. They can be used to request a new access token from the server at anytime.
Answer: It is not possible to extend the time that an access token is good for. It is not possible to get a refresh token with JavaScript. This is probably for security reasons.
Option: Switch to a server sided programing language if you want to get a refresh token. If this is your own personal account and you wont be accessing user data I would recommend you looking into service accounts instead. You will need to use a server sided language for service accounts as well.
I'm using Yammer JS SDK to authenticate users to access some web service. I'm using JS SDK to obtain a token and I store it in session. Current flow is following (may be wrong, correct me, if necessary):
User accesses any page, PHP is checking for token stored in session vars. If not - user is redirected to login page
Using Yammer SDK I'm getting an access token and save it to session vars (POSTing it to our server side login service) and render the requested page.
Problem so far - I can't find any way in Yammer API to check if the access token stored\passed to my web service is actually the right thing. Which means, that potentially anyone can generate some random gibberish data, use that as a token and view content - the rest of Yammer functionality will be broken, but content will be visible.
The smartest way I thought of so far is to try and get some client info from Yammer REST API using the token and if response is invalid - delete the session stored token.
How do I do that the proper way?
Checking for HTTP status code 401 Unauthorized Access on a request is the only way I know of to determine if your Token is valid. There are a couple instances where you will get a 401 back with a valid token, but this is pretty rare.
I have an app and i have created the required API for in php I could also create it using firebase.
The app is meant to be used by people who are new to technology. I don't want any login authentication.
As I have created API any one who goes through my code can see the API link and can get the data which i don't want.
What i want to achieve is the API to serve data when the request is from my app only
How can i achieve this without any user login?
create an access token and store it in your application, then on each ajax request you will compare the token, so if the token is valid you will deliver the contents otherwise you will show an error message.
As, raymond Camden said in his comment:
it is not secure. I can use Remote Debugging to sniff the access token
and then use it myself. At the end of the day, there is no way to do
what you want 100% securely.
Does anyone knows how to get google refresh and access token for google contacts api v3? I can authenticate, sync my contacts, but dunno what happens when my access token expires, and never get refresh token from google api.
Does anyone have this problem?
How you deal with refresh depends on which "flow" you are using. If it's a Javascript/client flow, just get a new access token the same way you got the first one (probably by calling gapi.authorize).
If you're using server flow, you can use the same approach, or you can request and store a refresh token. To get a refresh token, specify "offline" in your original authorization request.
A general tip when using oauth... deal with the oauth stuff separately from the specific API you're using (contacts in your case). This page https://developers.google.com/accounts/docs/OAuth2 (and the sub-links off it) contains all you need to know.