I am trying to list the files and folders that are in the Dropbox by using JavaScript. Can anyone suggest me how to get access token programmatically.
I can generate access token manually but I need to get from code.
To programmatically get an access token for a user, your app needs to send them through the OAuth app authorization flow. When directly using JavaScript, ideally you'd use an SDK or library, e.g.,:
https://www.dropbox.com/developers/datastore/sdks/js
(Note that the Datastore API functionality is deprecated, but the rest isn't.)
The tutorial will guide you through linking an account:
https://www.dropbox.com/developers/datastore/tutorial/js
There's also more documentation and resources here:
https://www.dropbox.com/developers/datastore/docs/js
https://github.com/dropbox/dropbox-js
There's also an OAuth guide here that should serve as a good reference about the OAuth flow:
https://www.dropbox.com/developers/reference/oauthguide
Otherwise, if you want or need to implement this manually, the following blog posts may be helpful:
for OAuth 1: https://blogs.dropbox.com/developers/2012/07/using-oauth-1-0-with-the-plaintext-signature-method/
for OAuth 2: https://blogs.dropbox.com/developers/2013/07/using-oauth-2-0-with-the-core-api/
Related
I'm new to Django and JavaScript, so please forgive me if this is an obvious question.
What is the best way to authenticate users?
I can only find posts about using this which doesn't support django 2.
Thanks for your help.
django-rest-framework provides several solutions for authentication. I recommend to read carefully the docs : http://www.django-rest-framework.org/api-guide/authentication/
I've already used Token authentication on several projects and it works fine:
You need to install the rest_framework.authtoken app in your project. This app is provided with django-rest-framework
Then you need create a token for every user. There are several ways described in the docs.
On the client side, you need to implement a login form. Your backend will check user and password and gets back the user token.
Then you can pass this token in the header of every request:
Authorization: Token value-of-the-token
Make sure to use https if you use Token authentication.
I want to extend a project in a way that it can save files to Google Drive. To learn how this works I tried the Quick Start Example from the docs: https://developers.google.com/drive/v3/web/quickstart/js
Following the example I noticed that the example is creating an API key in the developer console. Following the same steps only returns a Client secret. I suspected this to be a naming problem and hoped that the two are the same.
Unfortunately, the example code does not work but loggs the following error:
{"error":{"errors":[{"domain":"usageLimits","reason":"keyInvalid","message":"Bad Request"}],"code":400,"message":"Bad Request"}}
In the request to:
https://content.googleapis.com/discovery/v1/apis/drive/v3/rest?pp=0&fields=kind%2Cname%2Cversion%2CrootUrl%2CservicePath%2Cresources%2Cparameters%2Cmethods%2CbatchPath%2Cid&key=[[my key]]
I checked that the right secret appears in the request url. Setting var API_KEY = '<YOUR_API_KEY>'; to an empty string is a workaround.
How can I debug this further? where do i get the right api key?
I run into this error recently. It is certain that Google Documentation is usually quite good, but in this case, the Google Drive API (https://developers.google.com/drive/api/v3/quickstart/js) it wasn't that clear. For this API in particular, you will require two credentials.
Under your project credentials section, you must create an OAuth 2.0 client for a web application and a API Key.
(Sorry for the Spanish in the screenshots)
Regarding the OAuth 2.0 client, not that I have restricted it to http://localhost
Concerning the API Key, note that I have restricted it to my Google Drive API
Then, in the index.html provided by the documentation, you can set your CLIENT_ID to the one obtained in the OAuth 2.0 client generation, and the API_KEY to the the one generated in the API Key process.
{"error":{"errors":[{"domain":"usageLimits","reason":"keyInvalid","message":"Bad Request"}],"code":400,"message":"Bad Request"}}
Means that the request you have made has not been properly authenticated.
API key is for accessing public data. Oauth2 client id and secret will be used to access private user data which file.list is. So i dont think this is a naming problem. Your code should be popping up requesting access of the user.
I'm making a chrome extension that uses Firebase database. For their custom authentication I need to create a JWT token to have the user sign in.
I saw on their documentation that their is a function to generate these tokens in node using the function call:
var customToken = firebase.auth().createCustomToken(uid);
My issue is that my chrome extension is not a node app, so I don't have access to this function. I have the firebase auth API from their CDN but when I try using that function I get firebase.auth(...).createCustomToken is not a function.
I guess that the create JWT token function is just for node.js firebase users. Is there a way I can still get access to this token generator without my extension being a node app?
I'm new to this JWT stuff so really I'm just looking for an easy way to generate one of these tokens somehow.
Creating a custom token requires access to the service account of your Firebase project. This is a server-side secret and should never be present in the clients that access your project. If you give your clients the secret needed to mint a custom token, you're giving them full access to your project. You might as well not use authentication in that case.
The typical approach is to run a server that mints a custom token based on your app's needs and then use that token in your client (e.g. a chrome extension) to sign in.
Alternatively you can use one of the built-in authentication methods, such as email+password, Facebook, Google or even anonymous sign-in.
I'm using dropbox chooser but the user needs to login first, and I want to avoid this using a Generated access token it is possible using only the chooser?. the documentation says:
By generating an access token, you will be able to make API calls for your own account without going through the authorization flow. To obtain access tokens for other users, use the standard OAuth flow.
but this is only able using the API? or how can I achieve this to avoid letting the user know the password? im only using one single account.
No, this isn't possible. The generated access token is for the Dropbox API, which is separate from the Dropbox Chooser. The Chooser is just a pre-built UI component that runs from the official Dropbox web site. The only way for the user to auth to it is by signing in to the Dropbox web site.
If you do just need access to your own account, and not the accounts of your end-users, you should use the API though, e.g., with a generated access token.
I'm working on a plugin to enable a mailclient to access a users Facebook Inbox. I know I need to request an access token with extended permissions. The thing is: I have no Idea how to do that.
The plugin needs to be written in javascript. I have managed to open a webbrowser to the required URL but I have no idea, how to extract the access token from the webbrowser, in order to use it in the rest of my script.
Is there any way this can be achieved, or do i need to use different technology?
To get an access token you need to first create a Facebook application. To do it, add the developer application to your Facebook profile.
http://developers.facebook.com/
Then the user will need to grant access to your application.
http://developers.facebook.com/docs/authentication/