I am actually trying to integrate Plaid api for ACH payments and following "https://plaid.com/docs/link/" tutorial in Ruby. In this I have written the js code and it shows me pop up to select bank accounts.
I am using it in sandbox mode in which I am using test credentials to verify the account and it successfully verifies the account. For server side scripting I have installed plaid gem and configured it using following code into my_app/config/initializers/plaid.rb
Plaid.config do |p|
p.customer_id = 'test_id'
p.secret = 'test_secret'
p.environment_location = 'https://tartan.plaid.com'
end
where I have replaced the customer_id and secret key with my own. I am using a user controller in which under create method I am trying to create a user like this:
user = Plaid.add_user('auth', 'plaid_test', 'plaid_good', 'usaa', '1234')
Now I am confused how would it work.
I am trying to create a server side handler using ruby but I dont understand where I am lacking (as I am new to Ruby). I actually want that after successfully validating credentials there should be an option to select account like in the given demo
https://demo.plaid.com/stripe
I really need help as I am badly stuck in this from last three days. Any help would be appreciated. Thanks
Plaid Link returns a 'public_token' - you'll need to use the /exchange_token API endpoint to exchange the public token for an API access token.
The plaid-ruby library has a detailed example of the exchange token flow!
Related
EDIT : tried the authorized domain and it seems to be what i need, i'll try to go deeper with André's answer :)
Thank you !
Hi,
I'm new to firebase and i just finished a project but i had a question:
Since the doc says i have to put my api keys and else in the javascript, they are visible to anyone even if put into process.env
i've read here : Is it safe to expose Firebase apiKey to the public?
that making the api key public is normal and not a big deal.
I'm using the email/password auth and i'm scared
If someone takes my :
API_KEY_FIREBASE
AUTH_DOMAIN
DB_URL
PROJECT_ID
that are in the source code and use the createAccount function, is he gonna be able to create an account ?
Is yes, is there a way to disable this ?
I want to be able to create account only through the firebase console
I'm not using firebase database for my data, i only use it for auth so i don't have to create a user table in my database, but i use the IDTokens they provide to secure some routes on express.
thank you ! :)
Someone can only create an account when you have that option enabled in your firebase console. So If you have it disabled there is no problem.
You can look here in the "before you begin" section for how to enable/disable Email/password sign-in method.
I have been trying to get refresh token from google api using javascript google client " code " that google return from client side. It returns me the code which i send to the server side. Now from server side i am sending the code to get the refresh token and access token using using google-api-php-client with this call :
https://www.googleapis.com/oauth2/v4/token
While i use the same code from google playground i get the response with refresh token as well but i do not get it from my own server..
This is the code
public function getRefreshToken($code)
{
$client = new Google_Client();
$client->setClientId(config('services.google.client_id'));
$client->setClientSecret(config('services.google.client_secret'));
$client->setRedirectUri('postmessage');
$client->setScopes(config('services.google.scopes'));
$client->setAccessType("offline");
$client->setApprovalPrompt("force");
dd($client->authenticate($code));
dd($client->getRefreshToken());
return ;
}
I have set access type to offline as mentioned in some answers but still i get the response with our refresh token.. this is the response
access_token :"xxxxxxxxxxxxxxxxxxxxxx"
created:1510242052
expires_in:3598
id_token:"xxxxxxxx"
token_type:"Bearer"
Your php code looks fine to me. I suspect your front end javascript, specifically the link to google that it builds, may be to blame. Whether the authorization_code produces a refresh token when redeemed is partially dependent on what parameters are included in the initial link to Google.
As detailed in this answer, the javascript client library uses "client side flow". Normally in a front end app you'd specify response_type=token, but if you specify response_type=code, instead, you'll get a code back. But when redeemed, that code will not produce a refresh token.
For example, a link built by a front end javascript library might look like this:
https://accounts.google.com/o/oauth2/v2/auth?client_id=7xxxxxxxxxxx-xxxxxxxxxxx.apps.googleusercontent.com&redirect_uri=http://localhost:8080/oauth2callback.php&response_type=code&scope=profile
Your back end can redeem the code that comes back, but the response will not include a refresh token. This is by design.
One way to get a code that is eligible for refresh tokens, would be to use the back end PHP client library to build the link, rather than the javascript client library. $client->createAuthUrl() will build a link like this:
https://accounts.google.com/o/oauth2/auth?response_type=code&access_type=offline&client_id=7xxxxxxxxxx-hxxxxxxxxxxxxxxxx.apps.googleusercontent.com&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Foauth2callback.php&state&scope=profile&approval_prompt=force
This toy example builds the link this way and does receive refresh tokens.
Note the addition of access_type=offine and approval_prompt=force. After successful authentication, the redirect in this case includes a code that does provide a refresh token when redeemed.
The OAuth 2.0 playground builds an initial link that contains access_type=offline and prompt=consent, which also creates a code that is redeemable for a refresh token.
If this isn't helpful, perhaps you could update the question with the link to google that your front end is building? (With client id redacted, of course)
I have read almost everything there is on the Internet (almost no examples) and studied the (very limited and confusing) documentation.
I have a client were I am integrating payone, and I am not getting any further.
So I used the API client documentation and integrated the iframe client api example with creditcardcheck on page 35 (chapter 3.1.5.5). This works fine I receive the answer and a pseudocardpan.
As explained in the quick start guide, I then start the "preauthorization", using the server api with the pseudocardpan. I send all the necessary parameters again, and I end up on the server payone with status = approved .
I assume this is then successfull. However, what or how should I proceed? What is the transactionUrl for? Maybe someone has experience with payone.
sorry to hear you're having a tough time implementing a Payone interface. We are currently working on providing more insightful examples. Please bear with us for a little longer.
Meanwhile, I'll gladly help you with continuing your integration. After the successful preauthorization, you'll need to store the txid for further reference to this transaction. To collect the money from the creditcard, you'll need to send a capture request with the amount you wish to collect and the txid as a reference (see the docs for a full list of required parameters).
If you don't want to send a capture request afterwards (for instance if you want to collect the entire amount immediately after the customer completed their order) you can send an authorization request instead of the preauthorization and leave out the capture part.
The transaction status URL is used to asynchronously inform your application about status changes in Payone transactions. For instance in a prepayment setting we'll send a PAID notification as soon as the customer paid the amount to your bank account.
Best,
Florian (Technical Partner Manager # Payone)
I understand that once the response comes back that it has been approved, then it is approved - all the details were correct and authorisation was successful.
If you are doing a preauthorization then you will need to follow that with a capture to actually take the payment. In some legislative environments, for example many US states, you cannot capture the payment until you finally ship the goods from an online shop.
If that is not a problem (e.g. paying invoices, running an online shop in the UK), then use authorization, which does a preauthorization and capture all in one step. Apart from the name of the request, the details of the message you send is identical.
So, I'm trying to integrate the Login and Pay with Amazon widget, and I'm encountering some problems.
So, I have my seller account all set up on
https://sellercentral.amazon.de/gp/
I have access to my API credentials, and I need to get a LWA client.
So, I have registered on
https://sellercentral.amazon.com/gp/homepage.htm
in order to create an application. I have set up the application, on web settings I have completed the required URL's, and got my client ID.
In the js for the Login and Pay with Amazon widget, I have replaced all the info needed: Client Id, merchant Id etc.
But when I try to make a test login, I receive the following error :
400 Bad Request Unknown client_id
The Pay With Amazon documentation is not very clear, and I can't seem to find anywhere a list with the error codes.
If anybody has an idea, let me know.
Thanks!
you should create your Login with Amazon application using https://sellercentral.amazon.de instead of the .com site. They are separate accounts.
It sounds like you're missing this piece of code:
window.onAmazonLoginReady = function() { amazon.Login.setClientId('CLIENT_ID'); }
I am trying to create a facebook web app, but am unable to get any of the friends through facebook javascript API. What I basically want my app to do is that it will ask a user to login and then after authorization, his/her all the friends{weather using the app or not} should be displayed.
Is it possible to get friends who don't use the app at all?
If so, please tell me how! :)
img : http://postimg.org/image/9r959i38n/
code in my app:
FB.api('/me/friends',function(res){
console.log(res.data[0].name); //just sample output
});
Thanks
/me/friends now only returns friends who are also using your app - https://developers.intern.facebook.com/docs/apps/changelog#v2_0_graph_api
See the full document for new APIs that might solve your problem instead.
Here's two new APIs for:
Inviting friends - https://developers.facebook.com/docs/graph-api/reference/v2.0/user/invitable_friends
Tagging friends -https://developers.facebook.com/docs/graph-api/reference/v2.0/user/taggable_friends
With the release of version 2.0 of the API,
In Graph API v2.0, access to /me/friends is no longer part of the default (public_profile)
permissions. We now require you to ask for the new permission user_friends. With this
permission, /me/friends now returns the person's friends who are also using the app.
https://developers.facebook.com/docs/apps/changelog#v2_0_permissions
Solution (temporary)
You can use version 1.0 till April 30th 2016.
http://graph.facebook.com/v1.0/
Opinion: This change will put an end for spam apps