DeviantArt Oauth authentication with JavaScript - javascript

I am trying to get an Oauth access token through JavaScript. In partilar I want to authenticate to DeviantArt API keeping as simple as it can be. Here are my approaches, I only need one but anyone is working so just one solution for any of the will be enough.
Since it is a Cross-Origin I tried using ajax. This is the code:
var response_type = "code";
var client_id = "1234"; //Random clientId for stackoverflow
var redirect_uri = "http://localhost:8080/my-project/authDeviantArt.html";
var authorization1 = "https://www.deviantart.com/oauth2/authorize";
var authorization2 = "https://www.deviantart.com/oauth2/token";
var client_secret = "qwerty12345"; //Random secret for stackoverflow
var grant_type1 = "authorization_code";
var grant_type2 = "client_credentials";
var scopes = "basic";
//Using The Authorization Code Grant
var request1 = authorization1+'?response_type='+response_type+'client_id='+client_id+'&redirect_uri='+redirect_uri;
//Using The Client Credentials Grant
var request2 = authorization2+'?client_id='+client_id+'&client_secret='+client_secret+'&grant_type='+grant_type2;
$.ajax({
url: request1,
dataType: "jsonp",
success: function (res){
console.log("Response: "+res.access_token);
});
The problem is that I allways get the following error
Uncaught SyntaxError: Unexpected token :
but clicking on the error in the JavasCript console I can see the response JSON:
{"access_token":"662b..5d58","token_type":"Bearer","expires_in":3600,"status":"success"}
and the Concole.log prints Error: [object Object] (despite chrome console does not throw any error in that line).
I also tried with the library JSO but I don't achieve saving the token neither.
I also tried with the library Hello.js but it does not support DeviantArt and my approaches modifying it had neither any success.
I tried also trying to modify headers in XMLHttpRequest() or adding options to getJson but always CORS error, no matter what I try.
I have been trying tens of solutions posted on stackoverflow but no one works for me :(

I've had a similar problem while trying to obtain a simple client access token, and I've come to the conclusion that the Deviantart API does not support CORS at all. I'm not 100% certain, but no attempt of mine (either through ajax or XMLHttpRequest or even test-cors.org) gave any indication that the response contained the proper CORS header (Access-Control-Allow-Origin).
It would make sense, too. This way of using the API forces you to expose your client secret in your JS code (as you have in your example). I believe the API was meant to be used on the back-end or by programs (either desktop or mobile) that would hide their client secret in their code or some encrypted configuration file. This comment on another question led me to that conclusion.
I would recommend you handle the API communication server-side if possible. You may also want to take a look at their oEmbed implementation.

Related

Google Firebase httpsCallable raising net::ERR_NAME_NOT_RESOLVED

I am running into net::ERR_NAME_NOT_RESOLVED when calling the API of my firebase project. I have tried using multiple devices, two internet connections, a VPN, Linux, macOS, Windows 11 to rule out any errors caused by my devices. When navigating to the API link on my browser it does not timeout, and I am provided with a response. The issue seems to be when using the httpsCallable function provided by Firebase. No logs of the function being called are present on firebase outside of navigating to it in a browser.
Here is my code:
const functions = firebase.functions
console.log(functions)
const loginWithCode = httpsCallable(functions, 'loginWithCode')
loginWithCode(loginPayload)
.then((result) => {
console.log(result)
})
.catch((error) => {
console.log("ERROR CAUGHT HERE")
console.log(error)
});
The output from my browser console:
service.ts:206 POST https://us-central1-%22crowd-pleaser-75fd7%22%2C.cloudfunctions.net/loginWithCode net::ERR_NAME_NOT_RESOLVED
App.tsx:79 ERROR CAUGHT HERE
App.tsx:80 FirebaseError: internal
The result from directly inputting the link on the firebase web interface:
{"error":{"message":"Bad Request","status":"INVALID_ARGUMENT"}}
Is there something I am missing that is creating this issue? I have scoured the internet, and StackOverflow looking for an answer, and all solutions provided have not worked. The method implemented is exactly how it is done on the Firebase docs here
Edit: It seems like the link to which my post request is being sent is formatted oddly. Maybe this could be the issue? I can't figure out why it's formatted this way though.
I found a solution to the problem. My speculation in my edit was correct, the URL to which the post request was being sent by httpsCallable was formatted incorrectly. I am unsure as to why it was being formatted this way, however, the quick solution is to set the customDomain class attribute of the object returned by getFunctions to the correct domain. In my case this was done by doing:
functions.customDomain = functions.customDomain = 'https://us-central1-crowd-pleaser-75fd7.cloudfunctions.net'
The variable 'functions' in the code above is the class attribute returned from the method getFunctions provided by Firebase
The Thing
While I'm not an expert on Firebase the problem is that you're making a wrong HTTP request with loginWithCode(loginPayload), there is nothing wrong with your code that I can see at least.
By the way, you're using:
const loginWithCode = httpsCallable(functions, 'loginWithCode')
rather than a simple const loginWithCode = httpsCallable('addMessage')
as described here: Google FireBase Docs
And then, making a loginWithCode({ text: messageText })
Also, as you can see here: Google Firebase Docs:firebase.functions.HttpsCallable
You will be able to pass any type of data to the HttpsCallable function, so we end at the start point: you're making a wrong HTTP request.
As described in the HTTP answer the error is: net::ERR_NAME_NOT_RESOLVED this happens when a DNS request cannot be resolved, then a domain doesn't exists so this all leads to the thing that there is no way to send the HTTP request since there is not a route in the internet that was found to send it.
The Problem:
While decoding the url that you're making the HTTP request
service.ts:206 POST https://us-central1-%22crowd-pleaser-75fd7%22%2C.cloudfunctions.net/loginWithCode net::ERR_NAME_NOT_RESOLVED
App.tsx:79 ERROR CAUGHT HERE
App.tsx:80 FirebaseError: internal
You will find that you're sending the HTTP request to:
https://us-central1-"crowd-pleaser-75fd7",.cloudfunctions.net/loginWithCode
As you can see, you will find that when making the HTTP request it will be a problem: since you cannot put "crowd-pleaser-75fd7", in the URL to make the HTTP request. That is generating the error net::ERR_NAME_NOT_RESOLVED
I'm not sure what exactly are you trying to do, but I think that the correct URL to the HTTP request should be:
https://us-central1-crowd-pleaser-75fd7.cloudfunctions.net/loginWithCode
With this URL the HTTP request must pass, at least. And I suggest then check the loginPayload in order to fix this.

How to use GTMetrix Api using Javascript?

I am new to API usage. I have properly managed to utilize Google Page Insights V.5 API through javascript code, but I cannot for the life of me succeed in doing so for GTMetrix. It seems the only information relating to GTMetrix API & Javascript is a link to the RapidApi website. I simply wish to achieve the same simple retrieval of data from GTMetrix as I have from Google. Is this possible?
Am I simply structuring my request incorrectly when I set it as:
https://gtmetrix.com/api/0.1/?login-user=myemail#email.com&login-pass=MyRanDomApIKeY&location=2&url=https://sitetotest.com
Because when I set my Google Page Insights Request URL as the following it works.
https://www.googleapis.com/pagespeedonline/v5/runPagespeed?url=https://websitetotest.com&category=performance&strategy=desktop&key=MyRanDomApIKeY
The below code works for Google Page Insights and I am even able to retrieve JSON data in a browser window with a URL such as:
<div id="firstmetric"></div>
<br>
<div id="domSize"></div>
<button>Click Me</button>
<script>
$('button').click(function(){
var baseUrl = "https://www.googleapis.com/pagespeedonline/v5/runPagespeed?url=";
var fieldUrl = "https://websitetotest.com";
var trailing = "&category=performance&strategy=desktop&key=MyRanDomApIKeY";
$.getJSON(baseUrl + fieldUrl + trailing, function(data){
console.log(data);
var item = data.lighthouseResult.categories.performance.auditRefs[0].weight;
var domSize = data.lighthouseResult.audits['dom-size'].displayValue;
$("#firstmetric").html( item );
$("#domSize").html( domSize );
});
});
I truly need it spelled out for me because anything less is going to lead me to ask follow up questions and put us in a tail spin. :/
As a newbie, JSFiddle has been a life saving resource for testing and trying, breaking, and building in my learning process. If it wouldn't be too much to ask for, a fiddle would help me get my brain around things.
The parameters that you are using: login-user and login-pass refer to HTTP authentication on the page you are analyzing (as in, GTmetrix will pass these parameters on your analysis) not your GTmetrix API credentials.
The authentication used for the GTmetrix API is your e-mail for the username and your API key as the password, as pointed out by the API docs.
Another thing to keep in mind is that GTmetrix will not allow you to do API calls through your web application frontend, since they disallow CORS requests. If you do it through your Web application on a normal website, you would be exposing your GTmetrix API key, which is probably not a good idea.
So, you would then do it through your backend code. For example if done through Node JavaScript:
fetch("https://gtmetrix.com/api/0.1/locations", {
headers: new Headers({
"Authorization": 'Basic ' + btoa("[YOUR E-MAIL]" + ":" +"[YOUR API KEY]"),
}),
}).then(res => res.json())
.then(response => console.log(response));
would print me the array of locations.
Note that whichever backend code you choose, you need to add the basic authorization header request for you API call and encode it properly (that is what the btoa function call does).

facebook graph api node.js invalid appsecret_proof

this is my first post so please go easy on me!
I am a beginning developer working with javascript and node.js. I am trying to make a basic request from a node js file to facebook's graph API. I have signed up for their developer service using my facebook account, and I have installed the node package for FB found here (https://www.npmjs.com/package/fb). It looks official enough.
Everything seems to be working, except I am getting a response to my GET request with a message saying my appsecret_proof is invalid.
Here is the code I am using (be advised the sensitive info is just keyboard mashing).
let https = require("https");
var FB = require('fb');
FB.options({
version: 'v2.11',
appId: 484592542348233,
appSecret: '389fa3ha3fukzf83a3r8a3f3aa3a3'
});
FB.setAccessToken('f8af89a3f98a3f89a3f87af8afnafmdasfasedfaskjefzev8zv9z390fz39fznabacbkcbalanaa3fla398fa3lfa3flka3flina3fk3anflka3fnalifn3laifnka3fnaelfafi3eifafnaifla3nfia3nfa3ifla');
console.log(FB.options());
FB.api('/me',
'GET',
{
"fields": "id,name"
},
function (res) {
if(!res || res.error) {
console.log(!res ? 'error occurred' : res.error);
return;
}
console.log(res);
console.log(res.id);
console.log(res.name);
}
);
The error I am getting reads:
{ message: 'Invalid appsecret_proof provided in the API argument',
type: 'GraphMethodException',
code: 100,
fbtrace_id: 'H3pDC0OPZdK' }
I have reset my appSecret and accessToken on the developer page and tried them immediately after resetting them. I get the same error, so I don't think that stale credentials are the issue. My
console.log(FB.options())
returns an appropriate looking object that also contains a long hash for appSecretProof as expected. I have also tried this code with a number of version numbers in the options (v2.4, v2.5, v2.11, and without any version key). Facebook's documentation on this strikes me as somewhat unclear. I think I should be using v2.5 of the SDK (which the node package is meant to mimic) and making requests to v2.11 of the graph API, but ??? In any case, that wouldn't seem to explain the issue I'm having. I get a perfectly good response that says my appSecretProof is invalid when I don't specify any version number at all.
The node package for fb should be generating this appSecretProof for me, and it looks like it is doing that. My other info and syntax all seem correct according to the package documentation. What am I missing here? Thank you all so much in advance.
looks like you have required the appsecret_proof for 2 factor authorization in the advance setting in your app.
Access tokens are portable. It's possible to take an access token generated on a client by Facebook's SDK, send it to a server and then make calls from that server on behalf of the client. An access token can also be stolen by malicious software on a person's computer or a man in the middle attack. Then that access token can be used from an entirely different system that's not the client and not your server, generating spam or stealing data.
You can prevent this by adding the appsecret_proof parameter to every API call from a server and enabling the setting to require proof on all calls. This prevents bad guys from making API calls with your access tokens from their servers. If you're using the official PHP SDK, the appsecret_proof parameter is automatically added.
Please refer the below url to generate the valid appsecret_proof,and add it to each api call
https://developers.facebook.com/docs/graph-api/securing-requests
I had to deal with the same issue while working with passport-facebook-token,
I finally released that the problem had nothing to have with the logic of my codebase or the app configuration.
I had this error just because I was adding intentionally an authorization Header to the request. so if you are using postman or some other http client just make sure that the request does not contain any authorization Header.

Twitter OAuth Pin based authorization 'oob' in Google Apps Script

I am trying to use Twitter Pin-based authorization in my Google Apps Script to eventually send tweets on behalf of other uses.
I freely admit that I don't relay know what I'm doing but I have read a lot of info on the internet and feel I have tried everything.
My current Google Apps Script JavaScript code:
var method = 'post';
var url = 'https://api.twitter.com/oauth/request_token';
var consumerKey = '[my consumer key]';
var ticks = '1422745454';
var nonce = '6826266';
var options = {
'method': method,
'oauth_callback': 'oob',
'oauth_consumer_key': consumerKey,
'oauth_nonce': nonce,
'oauth_signature': 'cIFeptE5HjHp7xrp%2BZt9xFhHox4%3D',
'oauth_signature_method': 'HMAC-SHA1',
'oauth_timestamp': ticks,
'oauth_version': '1.0'
};
var response = UrlFetchApp.fetch(url, options);
For testing I set the ticks just before each test run to the value here
The nonce is a random number between 111111 and 9999999 which is regenerated before each test run.
The oauth signature I have been generating with some c# code lifted from the linq2twitter project
I suspect the problem is the signature. I have read the twitter documentation on creating a signature and I think the C# code is doing it correctly but I am not sure.
The problem is that whatever I try I always get this error:
"Request failed for https://api.twitter.com/oauth/request_token returned code 401. Truncated server response: Failed to validate oauth signature and token (use muteHttpExceptions option to examine full response)"
I have been trying to find an example of Twitter Pin-based authorization in a Google Apps Script but have so far not found anything.
My attempts to translate examples in C#, PHP, etc. have also failed.
Please help.
Apps Script provides an Oauth API that works with UrlFetchApp, they even use twitter in their examples. Work with those if at all possible, troubleshooting signature generation is a real hassle.
https://developers.google.com/apps-script/reference/url-fetch/o-auth-config
https://developers.google.com/apps-script/articles/twitter_tutorial
If you absolutely must do it from scratch, the best approach is to get requests working with an existing library (like the c# one you mention), then work on getting your apps script to generate the exact same request.
I get the sense that is what you are doing now, so it may just be a matter of base64 encoding your Signature in the outgoing request:
https://developers.google.com/apps-script/reference/utilities/utilities#base64Encode(String)
Ultimately, it's very difficult to do the whole Oauth process manually in Apps Script. When I tried something like this from scratch about a year ago I ultimately gave up and used a Python application deployed to Google App Engine instead. I submit requests from Apps Script to the App Engine application, and the App Engine application handles Oauth and relays my requests on to the external service, before returning requests to my Apps Script. This approach comes with complications of it's own.

HTTP POST in node-red js

I want to know how to do a http POST request with a JSON data into some server with API key. I searched in http://nodered.org/docs/ But they haven't written anything clearly. The documentation is very messy and not even good to understand.
However, I have tried to POST a JSON data which is stringified:
{"version":"1.0.1","sensors":[{"sensor":"accel","output":[{"name":"accelert","type":"dcmotion"}]}]}
I have written the API in function node as (API is arbitary here, not original)
var msg = {"version":"1.0.1","sensors":[{"sensor":"accel","output":[{"name":"accelert","type":"dcmotion"}]}]}
msg.headers: {
'x-api-key': 'ucasdfeacceacxfAIH2L4=',
'content-type': 'application/json"
}
I got this example from here : https://groups.google.com/forum/#!msg/node-red/nl9Be0dN55g/S_VYMTjOanEJ
And I added input node as HTTP POST then given the url and connected it with function added one debug node.
Now I deployed it. I am getting error : Unexpected token in API node
Now I'm not sure how to do that. I am not getting how to do this. Please help me out. No tutorial available in node red site.
Instead of var msg = {... you should use msg.payload = {... .
Because msg is a standard JSON object message passed between node-red nodes, so should not be declared using var, and its payload property contains the body of the message, so when the msg is provided for the HTTP request node the payload property is sent as the body of the request (see the info tab of the HTTP request node).
From your subsequent question on this topic, I see you've got past the issues you were having here.
To repeat the answer I gave there, the payload you want to post should be in a property called 'payload' on the object you return from the function. The documentation of the http request node describes all of that.
You will find there is not currently a lot of activity on node-red within stack overflow. Hopefully that will change over time, but for now you'll find the mailing list is much more responsive.
Also, if you have specific feedback, we'd welcome it on the mailing list.

Categories