I update the header like this:
window.setAuthToken = (token) => {
window.Echo.options.auth.headers.Authorization = 'Bearer ' + token;
}
The token is set in the Laravel Echo Headers, as seen here:
But it is not used, as seen here:
Why is Laravel Echo not using Auth Headers?
Edit:
I also tried dynamically update the endpoint like window.Echo.connector.options.authEndpoint = '';, and it is set in the options but not used by the request.
This is how I connect to the channel.
Echo.private('app.User.' + data.user_id)
.notification((notification) => {
dispatch('handle', notification);
});
It seems like the way to do it was pretty close to what I was trying. Solution was found here.
Echo.connector.pusher.config.auth.headers['Authorization'] = 'Bearer token';
Related
I'm pretty new to APIs, and I'm starting my first API project. I'm using the Petfinder API v2 to create a website that searches for adoptable animals. But their API uses OAuth, and they give you a key and secret. Then you use those to get a token using something like CURL. But this token expires in 60 minutes. After that, you need to request a new token.
Does anyone know how to increase the token's expiration? Or is there a way to have an unlimited amount of time? Or is there a code that will automatically get new tokens? I'm using vanilla JavaScript to program this.
This is their documentation: https://www.petfinder.com/developers/v2/docs/
There's nothing you can do to extend your access tokens expiration time. It's a security measure for Petfinders benefit so they don't have a bunch of old tokens lying around.
What you can do is update your code to fetch a new token if your token has expired. Original inspiration in vanilla javascript is here.
// Get OAuth token
const getOAuth = function() {
return fetch('https://api.petfinder.com/v2/oauth2/token', {
method: 'POST',
body: 'grant_type=client_credentials&client_id=' + key + '&client_secret=' + secret,
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
}
}).then(function(resp) {
return resp.json();
}).then(function(data) {
// Store token data
token = data.access_token;
tokenType = data.token_type;
expires = new Date().getTime() + (data.expires_in * 1000);
});
};
// Make call if token expired
const makeCall = () => {
// If current token is invalid, get a new one
if (!expires || expires - new Date().getTime() < 1) {
getOAuth().then(function() {
// use access token
});
}
};
I'm having issues creating a redirect to an URL from an API that I'm using within my application. I request a session token which is used in the redirect URL, but I experience issues when the token contains a + in it. My guess is that the browser is picking this up as a space instead of an actual token character which is causing the redirect to fail ever so often.
Here is an example token that can come back from a request to the API: 1w5OX65MRj+3J9R5AXjMWQLAAXIo5TXa
Looking at the network tab I see that it tries to request the redirect with this token instead:
1w5OX65MRj 3J9R5AXjMWQLAAXIo5TXa, which would be why it's causing issues.
I tried replacing the + with %2B but it seems like my application isn't replacing it at all which is a little odd to me.
Here is my code:
let token = "";
$.get('/_token_req', {contentType: "application/x-www-form-urlencoded"}, (response) => {
//console.log(response);
token = response;
token = token.replace(/\+/g, "%2B"); // this doesn't replace the + character for some reason
$.get('/_redirect', {token: response}, (response) => {
//console.log(response);
if(response == "OK"){
window.location.href = "https://someapi/payments/?auth_token=" + token;
}
})
})
I don't know much about URL encoding, but if someone could point me in the right direction, that would be super helpful. Thanks!
You have 2 issues with your code:
One that you need to use encodeURIComponent to encode any symbols in your token so that it can be sent in appropriate manner.
Two, while calling the second request $.get('/_redirect', you didn't use the replaced token but the simple response that you received from earlier request.
Change your code to this to eliminate both errors:
let token = "";
$.get('/_token_req', {contentType: "application/x-www-form-urlencoded"}, (response) => {
token = encodeURIComponent(response);
$.get('/_redirect', {token: token}, (response) => {
if(response == "OK"){
window.location.href = "https://someapi/payments/?auth_token=" + token;
}
})
})
I'm developing an application with phonegap and Ionic and having difficulties with HTTPS (SSL). I'm puzzled over why this refuses to work.
It works like a charm on Firefox but when I'm running it on my phone it doesn't work.
If I use normal HTTP it works fine but HTTPS doesn't, I assume it got something to do with the port 443 used for SSL but no idea how to check it on my smartphone (android).
Question:
Why does HTTPS not work on my smartphone and how do I get it to work?
Login code:
$scope.login = function(name, password) {
$scope.type = 'login';
// Data to be sent to the database
var data = JSON.stringify({
type: $scope.type,
name: name.toLowerCase(),
password: password
});
var useSSL = false;
// Call httpPost from app.js with this scope and the data to be inserted
$scope.httpPost($scope, data, $scope.type, useSSL);
};
Function: httpPost
$rootScope.httpPost = function(scope, question, type, SSL) {
var urlBase = "http";
if (SSL) urlBase = "https";
var request = $http({
method: "post",
url: urlBase+"://mydomain.xyz/myproject/api.php",
crossDomain : true,
data: question,
headers: { 'Content-Type': 'application/json' }
});
/* Successful HTTP post request or not */
request.success(function(data) {
if (type == "login"){
// Confirm it's a valid token
if(data.length == 10){
showAlert('confirmation', 'you are now online');
}
else{
showAlert('Try again', 'wrong credentials');
}
}
})
.catch(function(data, status, headers, config) {
// No response from server
// This is what triggers and the data returned is useless
showAlert('Ooops', JSON.stringify(data));
});
}
Serverside
<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Allow-Headers: X-PINGOTHER');
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Retrieve the incoming data
$postdata = file_get_contents("php://input");
// Check if the data is defined
if (isset($postdata)) {
// Parse the incoming data
$request = json_decode($postdata);
// Connect to database
include 'connect.php';
$db = Database::getInstance();
$db->connect();
// Login attempt and non-empty parameters
if ($request->type == "login" && $request->name != "" && $request->password != "") {
// Verify if the password matches
// Set token
// Execute the SQL
// Return the token
}
echo "Missing parameters!";
}
}
?>
If you despite all, want to see what is returned.. I have an example here (different operation, this is a delete operation instead of login but still the same result)
Edit:
Just censored some links.. apparently someone from France tried to access a non-existing folder on my server -.-
Looks like you are using a self-signed cert:
https://www.ssllabs.com/ssltest/analyze.html?d=ekstroms.xyz&latest
I presume you accepted this in Firefox and/or imported it into the Firefox trust store but you have not done this on your phone.
You have to configure your server to send the intermediate certificate.
Most probably you haven't specified 'SSLCertificateChainFile` and your phone can not recognize/validate your certificate.
Note: If You use self signed certificate then it will not be accepted automatically, You have to install it manually if possible!
If You need SSL certificate for private/non-commercial use, then You can get it from here
I am trying to make an API request to fitbit, using the oauth debugger from fitbit (https://dev.fitbit.com/apps/oauthtutorialpage) i am trying to figure out what i am doing wrong. I have added comments to my code below to help you understand what i am trying to achieve. What i am quite sure of is that i am either signing my request wrong, or using the wrong data to sign it. This is echoed by the API response.
I know there are more fitbit api questions here on stackoverflow, however did not find my answer there.
Is there anyone with more experience in Oauth signatures that knows what i could be doing wrong? Or could help me find a different approach to this?
var request = require('request');
var crypto = require('crypto');
var params = {
'oauth_consumer_key' : 'key12345',
'oauth_nonce' : Math.random().toString(36).substring(3), //random string
'oauth_signature_method' : 'HMAC-SHA1',
'oauth_timestamp' : Date.now().toString().substring(0,10), //timestamp with the same length as in the tutorial
'oauth_version' : '1.0'
}
var oauth_consumer_secret = 'secret123';
var post_string = 'POST&https://api.fitbit.com/oauth/request_token';
for(var key in params){
post_string += '&' + key + '=' + params[key];
}
/*At this point we have made a post string that we have to hash with hmac-sha1
the post string looks like this:
POST&https://api.fitbit.com/oauth/request_token&oauth_consumer_key=key12345&oauth_nonce=az6r8cqlzyqfr&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1439147378&oauth_version=1.0
The post_string from the tutorial looks like this:
POST&%2Foauth%2Frequest_token&oauth_consumer_key%3D%26oauth_nonce%3D%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1439145944%26oauth_version%3D1.0
*/
var hmac = crypto.createHmac('sha1', oauth_consumer_secret + "&");
// The tutorial page shows me the signature was 'signed with secret&'. I have tried with and without the & at the end, but without luck.
hmac.setEncoding('base64'); //i'm not sure if this is correct
hmac.write(post_string);
hmac.end();
var hash = hmac.read();
//and finally adding the hash to the parameters.
params.oauth_signature = hash;
//now, making the request with an authorization header.
var header='';
for (var key in params){
if(header.length === 0){
header = ' OAuth ' + key + '="' + params[key] + '"';
}
else{
header += ', ' + key + '="' + params[key] + '"';
}
}
/*
At this point the header parameter looks like this
OAuth oauth_consumer_key="key12345", oauth_nonce="jnr97ppvjs2lnmi", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1439148049", oauth_version="1.0", oauth_signature="random_signature"
The tutorial tells me to use the headers:
OAuth oauth_consumer_key="key12345", oauth_nonce="jnr97ppvjs2lnmi", oauth_signature="different_signature", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1439145944", oauth_version="1.0"
*/
var headers ={
'Authorization' : header
}
var url="https://api.fitbit.com/oauth/request_token";
var requestTimeout = 5000;
var opts = {
url: url,
timeout: requestTimeout,
headers : headers
}
request(opts, function (err, res, body) {
if (err) {
console.dir(err);
return;
}
var statusCode = res.statusCode;
if(res.statusCode === 200){
console.log(body);
}
else{
console.log("http-error-code: " + res.statusCode);
console.log(body);
}
})
/*
The response:
http-error-code: 401
{"errors":[{"errorType":"oauth","fieldName":"oauth_signature","message":"Invalid signature: 9fXI85C7GvZqMyW1AK1EkOSWZCY="}],"success":false}
*/
To get access token and secret use Grant (you can test FitBit in the playground).
Once you have access token and secret use Purest to make subsequent request to the FitBit API.
Here is an example on how to get the user's profile:
var Purest = require('purest')
var fitbit = new Purest({provider:'fitbit',
key:'[CONSUMER_KEY]', secret:'[CONSUMER_SECRET]'})
fitbit.get('user/-/profile', {
oauth:{token:'[ACCESS_TOKEN]', secret:'[ACCESS_SECRET]'}
}, function (err, res, body) {})
Alternatively you can use request for that:
var request = require('request')
request.get('https://api.fitbit.com/1/user/-/profile.json', {
oauth:{
consumer_key:'..',
consumer_secret:'..',
token:'..',
token_secret:'..'
}
}, function (err, res, body) {})
In short - don't try to implement the web server OAuth flow by yourself - use Grant, then use either Purest or request, just keep in mind that you don't have to pass all of the OAuth parameters by yourself, just pass the credentials.
I am trying to write some code that submits a ticket automatically with information from a page I created in Apps Script. I have tried numerous examples, but I can't seem to get my code to work.
var headers = {
'Content-type': 'application/json',
'Authorization': 'Basic ' + Utilities.base64Encode(API_KEY + ':X')
};
//Puts together the ticket according to the freshdesk api.
//var payload = '{"helpdesk_ticket":{"description":"' + message + '","subject":"' + subject + '","email":"' + arr[0][0] + '","priority":"' + ticketPriority + '","status":2}}';
//var payload = '{"helpdesk_ticket":{"description": message ,"subject": subject,"email": arr[0][0],"priority": ticketPriority,"status":2}}';
var payload = '{"helpdesk_ticket":{"description":"TEST","subject":"TEST","email":"test#test.com","priority":1,"status":2}}';
//Adds the extensions that are needed to post a new ticket to the end of the url
var url = ENDPOINT + '/helpdesk/tickets.json';
var options = {
'method': 'post',
'headers': headers,
'payload': payload,
muteHttpExceptions: true
};
var response = UrlFetchApp.fetch(url, options);
This is what I currently have. I have gotten it to work once, but only when I do not have any variables being assigned to the 'description' or 'subject' header (the line with the payload variables that is uncommented. When I use that line, a ticket is successfully created). I am not sure why my first or second lines with the payload variables would not work. The variable 'message' is just a String with some new line characters '\n' in it. Does anyone know why this might be happening?
Solved by building the message variable with HTML code and using the 'description_html' property instead of 'description'.