I'm having trouble making a POST request to the GitHub API using the JavaScript fetch method:
fetch('https://api.github.com/repos/organization/repo/issues?client_id=CLIENT_ID&client_secret=CLIENT_SECRET', {
method: 'post',
body: {
title: 'Title',
body: {body: "body", title: "title"}
}
})
I am using a client ID and a client secret that I got from registering the application with the GitHub API:
Any help would be greatly appreciated! Thank you!
I guess you need access token to access Github API. If you want to try manually here's my suggestion steps.
I will try to explain from the first step.
Register your app.
On your github account, go to settings -> OAuth Applications
This is the image when you register your application
Get the Client ID and Client Secret.
This is the image after you receive Client ID and Client Secret
Ask for Github Code
Now you have Client ID. Go to this url.
https://github.com/login/oauth/authorize?client_id=b420627027b59e773f4f&scope=user:email,repo
Please define your own client_id and scope.
Get the Github Code
Remember the Authorization callback URL you input when register?
After you go to the link above, you should have redirected to your callback URL with the code as the parameter.
For example http://localhost:8080/github/callback?code=ada5003057740988d8b1
Ask and Get the Access Token
Now you need to do http request post with Client ID, Client Secret, and Code you have got as the parameter.
Request
POST https://github.com/login/oauth/access_token?client_id=a989cd9e8f0137ca6c29&client_secret=307d18600457b8d9eec1efeccee79e34c603c54b&code=ada5003057740988d8b1
Response
access_token=e72e16c7e42f292c6912e7710c838347ae178b4a&token_type=bearer
Post Issue to Github
Now you have access token you can use it to access Github API.
fetch('https://api.github.com/repos/organization/repo/issues?access_token=e72e16c7e42f292c6912e7710c838347ae178b4a', {
method: 'post',
body: {
title: 'Title',
body: {body: "body", title: "title"}
}
})
To achieve what you want you have to implement the web application flow described here.
This means you have to redirect the user to https://github.com/login/oauth/authorize?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI so that he can login to GitHub and authorize your application. After successful login GitHub redirects you to the redirect_uri, which usually points to an endpoint of your application. This endpoint extracts the authorization code from the URI to request an access token from GitHub with it (See here). As soon as you have the access token you can consume the GitHub API by sending the OAuth token in the Authorization header as follows.
Authorization: token OAUTH-TOKEN
Related
The Oauth2 documentation for google doesnt contain (that I have seen yet)
Information on what I am trying to do.
From my server I want to post request to my google cloud to get a response.
For this I need an access token, currently i'm taking it manually from the playground. I am going from my server to my cloud and the documentation states about a user accepting access and then being redirected etc but I don't involve any users.
I need to continuously, automatically get an access token for my requests, or similar. Without needing to click for access?
this is the request, for context:
var options = {
method: 'POST',
uri: 'https://dialogflow.googleapis.com/v2beta1/projects/someproject/agent/sessions/1:detectIntent',
headers: {
'Authorization': 'Bearer ya29.GlsGBscelmqeHgOVgx1p4EF_L45zetym6s3isC1HF4IYJqb20vHd8FolxvsmM_vU2fmIPWN3JElGIEuNN3i_-N9V-68YlwNvEduMIA5SuSltK-Sepsl0yNYM9REy',
'Content-Type': 'application/json'
},
body: {
"queryInput": {
"event": {
"name": "Matching",
"languageCode": "en"
}
}
},
json: true // Automatically stringifies the body to JSON
};
For more information, I am triggering an intent from dialogflow.
If the application does not involve user interaction, and if you would like to automate the authentication method, you should use service accounts, notably, you could use the JSON Web Token (JWT) or the Google ID Access token to authenticate between services.
For more information in this regard, you may follow this article in the GCP documentation.
You may also find useful information in this StackOverflow thread. It offers help on how to pass a token through DialogFlow.
I am using caspio rest api to authenticate my users in a mobile app. Upon authenticating, I was given an access token to which I included in my AJAX call under the parameter 'Authorization' : Bearer [access token].
I understand that I can renew the token with the refresh token given to me where I can use the POST call.
My question is: prior to using the POST call for a new token, must I store the access token?
Also, the Caspio website advised this format for the POST call:
Method: POST
URL: Token Endpoint
Body: grant_type=refresh_token&refresh_token= [token value]
Header parameters:
Authorization: Basic [string "Client_ID:Client_Secret" encoded in Base64]
Content-Type: application/x-www-form-urlencoded
Should I also include the client ID and client secret in the parameters? Upon using Firefox's rest client, I'm getting a bad request (400) error.
Thank you for the help!
I never using caspio rest api before. The answer base on my OAuth experiences.
My question is: prior to using the POST call for a new token, must I store the access token?
YES! The OAuth 2.0 using the access token to switch the refresh token at first time.
Should I also include the client ID and client secret in the parameters? Upon using Firefox's rest client, I'm getting a bad request (400) error.
According to the api document. You should include the client ID and client secret in your request, like most OAuth 2.0 do.
The bad request (400) error you may see the rfc6749 to find further information.
I've deployed a Let's Chat application for my own server.
However, instead of using currently built, original Let's Chat web application I would like to develop my own, using its API.
And according to Let's Chat wiki:
Revoke an API Token
In the top-left dropdown menu:
Select "Auth tokens"
Click "Revoke token"
Choose "Yes". This will delete any previously generated token.
Basic Authentication
Use the API token as the username when authenticating. The password
can be set to anything, but it must not be blank (simply because most
clients require it).
So far I've generated own token and tried to send GET request to retrieve all rooms that I have in the app, but I've got an error: 401 - Unauthorized - I've tried to send this request with { data: my_token, password: my_random_password } credentials but without success. So my main question is: how exactly I can authenticate with Let's Chat API using ajax request?
I couldn't find any API url / endpoint dedicated for such task - please help.
EDIT:
I've tried also setting headers but it still doesn't work:
$.ajax({
url: CHAT_URL + 'rooms',
beforeSend: function(xhr){
xhr.setRequestHeader('username', 'NTczYzZ1111111111111111111JiMWE3MGUwYThiNzZhYjhmYjFjOWJkOTQ5ZDQ2YjhjNWUyMzkwNmMzYjhjMQ==');
xhr.setRequestHeader('password', '123qwe');
}
}).done(function(resp){
console.log('1');
console.log(resp);
}).done(function(resp){
console.log('2');
console.log(resp);
});
From that wiki page:
Use the API token as the Bearer token.
This is done by setting the header Authentication to the value bearer YOUR_TOKEN_HERE
So,
xhr.setRequestHeader('Authentication', 'bearer NTczYzZ1111111111111111111JiMWE3MGUwYThiNzZhYjhmYjFjOWJkOTQ5ZDQ2YjhjNWUyMzkwNmMzYjhjMQ==');
If you want to use basic authentication, this answers that question
How to use Basic Auth with jQuery and AJAX?
I want to use the new vimeo api to fetch videos based on a query, but I getting a 401 Authorization Required with this message "error": "A valid user token must be passed."
I'm using this code :
var urlX = 'https://api.vimeo.com/videos?query=elvis&client_id='+VIMEO_API_KEY;
$.getJSON(urlX, function(data){
console.log(data);
});
So obviously I have an authentication problem.
As client_id I'm using my "Client Identifier" from my app created in Vimeo's dashboard.
The error I keep getting mention "user token", do I have to generate one via Vimeo's dashboard or via php ?
I'm a bit lost here.
client_id through the querystring is not a valid method of making API calls against the Vimeo API.
First you must request an access token either through the oauth2 redirect worfklow: https://developer.vimeo.com/api/authentication, or by generating it on your app page.
Second you must provide that access token with your api request either through the Authorization header:
Authorization: bearer <your_token>
or the querystring
https://api.vimeo.com/videos?query=elvis&access_token=<your token>.
The authorization header is more secure, and will continue to work indefinitely. Some changes will be made soon to the querystring form which could cause problems with your application.
Context
I'm trying to get an access token from the Instagram API using their server-side/explicit flow.
When a user successfully authenticates and authorizes my application, Instagram redirects the user to my redirect_uri with a code parameter.
Once I've got this code, I'm trying to call the Instagram API in order to get the access_token.
Problem
I successfully get this code but in order to make this exchange, I have to POST the code, along with some app identification parameters to their access_token endpoint:
$.ajax({
type: 'POST',
url: 'https://api.instagram.com/oauth/access_token',
// Disable credentials as they were enabled by default
xhrFields: {
withCredentials: false
},
crossDomain: true,
data: {
client_id: client_id,
client_secret: client_secret,
grant_type: 'authorization_code',
redirect_uri: callback_http,
code: token
},
}).always(function(res) {
console.log('Res from Instagram API', res);
});
The problem is that I get an Access-Control-Allow-Origin issue:
XMLHttpRequest cannot load https://api.instagram.com/oauth/access_token.
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin '[here is my callback_http]' is therefore not allowed access.
I've tried using dataType: 'jsonp' as a parameter of the Ajax call without any success (401 code).
Any ideas? Thank you very much in advance for your help!
You have to use server side code for oauth when using serverside explicit flow, it is blocked by browser because of cross-origin request. if you want to use only javascript then use the client side implicit flow
you can't unless its hosted in your domain or you own the url.
you can refer to this http://en.wikipedia.org/wiki/Same-origin_policy
if you are the owner of the server you can use htaccess to solve your problem.
a question about how to solve that is in stackoverflow also..
Happy coding! :D
use window.location.href to avoid cors issues
window.location.href = https://api.instagram.com/oauth/authorize/?app_id=${clientId}&redirect_uri=${redirectUri}&scope=${scope}&response_type=${responseType}