How do I request access to a user's calendar once, then query events without having to request access again? Is there an access key that can grant continuous access as long as it isn't revoked?
I am currently using the google-calendar module in a nodejs app running express + mongodb.
The example below shows partial code for making the OAuth request and redirecting back to the app. This works great. What I want though is once I have access, to be able to query the user's events any time I want. This will be used in a booking app which, once a user registers their public Google Calendar, allows others to see their availability.
I have looked at the Google Calendar API documentation, but I can't figure out what is needed for the ongoing access I need.
Configuration:
var GoogleCalendar = require('google-calendar');
var google_calendar = new GoogleCalendar.GoogleCalendar(config.google.clientId, config.google.clientSecret, 'http://localhost:3000/authentication');
Display route:
app.get('/display', function(req, res) {
// redirect user to Google Authentication
var access_token = req.session.access_token;
if(!access_token) {
req.session.authReturn = req.url;
return res.redirect('/authentication');
}
google_calendar.listCalendarList(access_token, function(err, calendarList) {
// do something with the calendar events...
}
...
Authenticate route:
app.all('/authentication', function(req, res){
// Redirect the user to Google's authentication form
if(!req.query.code){
google_calendar.getGoogleAuthorizeTokenURL(function(err, redirectUrl) {
if(err) return res.send(500,err);
return res.redirect(redirectUrl);
});
}
// Get access_token from the code
else {
google_calendar.getGoogleAccessToken(req.query, function(err, access_token, refresh_token) {
if(err) return res.send(500,err);
req.session.access_token = access_token;
req.session.refresh_token = refresh_token;
return res.redirect(req.session.authReturn);
});
}
});
Use the Oauth 2.0 offline access parameter. See details at:
https://developers.google.com/accounts/docs/OAuth2WebServer#offline
Related
I am using Firebase Cloud Functions with Express and Firebase Hosting to serve my multi-page site. I have successfully implemented server-side cookies as explained here and as implemented below:
function verifyLogin(request, response, next) {
const sessionCookie = request.cookies.__session || '';
firebase.auth().verifySessionCookie(sessionCookie, true /** checkRevoked */ )
.then((decodedClaims) => {
//serve content for user
return next();
}).catch(error => {
// Session cookie is unavailable or invalid. Force user to log in.
console.log(error);
response.redirect('/login');
return;
});
}
app.get('/', verifyLogin, (request, response) => {
var page_title = "Home";
response.render('index', {
page_title,
});
});
I am using the Firebase Web SDK (JavaScript) to access the Firebase Cloud Firestore. In order to do this, I need to get the idToken on the client side for the currently-logged-in user, like so:
firebase.auth().onAuthStateChanged(firebaseUser => {
if (firebaseUser) {
firebase.auth().currentUser.getIdTokenResult()
.then((idTokenResult) => {
// Access the Firebase Cloud Firestore here
});
}
});
This seems redundant to me, since I already know which user is signed in via my server cookie, but how else can I get the idToken without another call to Firebase Auth?
Is there a way to extrapolate it from my session cookie somehow and pass it to my client from my cloud function as a variable?
Or is there another way to look at this philosophically that I am overlooking?
In the same way you can listen to user sign-in state changes using onAuthStateChanged(), you can also listen to user ID token changes using onIdTokenChanged(). You will only need to use a new token when the observer you attach shows that a new one appears (for example, when it's refreshed every hour by the SDK).
Hi i am trying do a very simple backend where admin can modify other users account but its not working. I understand this is happening because parse has some default security settings that does not allow this. Below is the code snippet from the update route of the web app:
//UPDATE ROUTE
router.put("/:id", function(req, res){
var Users = Parse.Object.extend("User");
var query = new Parse.Query(Users);
// find and update the correct user
query.get(req.params.id).then(function(user) {
user.set("name", req.body.name);
user.save().then(function(doctor) {
console.log("user has been updated");
res.redirect("/doctors/"+ req.params.id);
}, function(error) {
console.log(error.message);
});
}, function(error) {
console.log("user could not be retrieved!");
});
});
The Error Message is : Cannot modify user HeFxUOj7q9. HeFxUOj7q9 is the Objectid for the user which i am trying to update from another account(admin account)
I have an admin account already created on the parse server User class but I can't figure out how to update other accounts using the admin account. I am using parse server on nodeJs. I would really appreciate any help offered. Thanks in advance.
When you're initializing parse, you should include the masterKey and call useMasterKey like so:
Parse.initialize("YOUR_APP_ID", "YOUR_JAVASCRIPT_KEY", "YOUR_MASTERKEY");
Parse.serverURL = 'http://YOUR_PARSE_SERVER:1337/parse';
Parse.Cloud.useMasterKey();
However, be wary of doing this for endpoints that are publicly accessible, and never include your master key on a client-side application.
I'm working on a web project (HTML, CSS, JavaScript, with back-end in PHP). I've successfully got a Google Sign-in working, using their simple API, but can't get the Microsoft equivalent to function. The official online solutions to this seem to rely on .NET or PHP Composer. I'll try composer if that's the only way but a pure JS/PHP method would be easiest.
I've tried to use the following:
https://github.com/microsoftgraph/msgraph-sdk-javascript
https://github.com/AzureAD/microsoft-authentication-library-for-js
The code below is the closest I've come to a working solution. I can get some kind of user ID (which appears to be unique and constant for each user). This might be enough to set up the login system I want, but it would be ideal if I could also fetch their name and profile picture.
<script class="pre">
var userAgentApplication = new Msal.UserAgentApplication("MY CLIENT ID", null, function (errorDes, token, error, tokenType) {
// this callback is called after loginRedirect OR acquireTokenRedirect (not used for loginPopup/aquireTokenPopup)
})
userAgentApplication.loginPopup(["user.read"]).then(function (token) {
var user = userAgentApplication.getUser(); //this is good
//user.userIdentifier seems to be a unique ID
//I will store this and use it for future verification
console.log(user);
//START
// get an access token
userAgentApplication.acquireTokenSilent(["user.read"]).then(function (token) {
console.log("ATS promise resolved");
}, function (error) {
console.log(error);
// interaction required
if (error.indexOf("interaction_required") != -1) {
userAgentApplication.acquireTokenPopup(["user.read"]).then(function (token) {
// success
console.log("s2");
}, function (error) {
console.log("e2");
// error
});
}
});
//END
// signin successful
}, function (error) {
console.log(error);
// handle error
});
</script>
(this code won't run as I've pasted it because it relies on the MSAL script from the second github link, and needs an application client ID)
After getting the access token with scope user.read , you could call microsoft graph api to get sign-in user's profile information such as displayName , businessPhones :
https://graph.microsoft.com/v1.0/me
Content-Type:application/json
Authorization:Bearer {token}
To get user's profile photo :
GET https://graph.microsoft.com/v1.0/me/photo/$value
In addition , if you are using Microsoft Graph JavaScript Client Library in first link , you could get user's displayName and profile photo by :
client
.api('/me')
.select("displayName")
.get((err, res) => {
if (err) {
console.log(err);
return;
}
console.log(res);
});
// Example of downloading the user's profile photo and displaying it in an img tag
client
.api('/me/photo/$value')
.responseType('blob')
.get((err, res, rawResponse) => {
if (err) throw err;
const url = window.URL;
const blobUrl = url.createObjectURL(rawResponse.xhr.response);
document.getElementById("profileImg").setAttribute("src", blobUrl);
});
Please refer to code sample here .
I'm trying to use LinkedIn's API to access Universities LinkedIn pages to periodically collect how many followers they have. This seems doable, but I cant seem to generate an access token without having some weird redirect URL that has to take you to a GUI login page!
I'm using node.js for this, specifically this package: https://www.npmjs.org/package/node-linkedin
I have a API key and secret, so all I need is a access token then I'll be set to actually start using their API routes.
var Linkedin = require('node-linkedin')('KEY', 'SECRET', 'callback');
var linkedin = Linkedin.init('my_access_token'); // need a token to initialise!
Any ideas?
Edit: Here's my code so far:
var Linkedin = require('node-linkedin')('KEY', 'SECRET', './oauth/linkedin/callback');
app.get('/oauth/linkedin', function(req, res) {
// This will ask for permisssions etc and redirect to callback url.
Linkedin.auth.authorize(res, ['r_basicprofile', 'r_fullprofile', 'r_emailaddress', 'r_network', 'r_contactinfo', 'rw_nus', 'rw_groups', 'w_messages']);
});
app.get('/oauth/linkedin/callback', function(req, res) {
Linkedin.auth.getAccessToken(res, req.query.code, function(err, results) {
if ( err )
return console.error(err);
/**
* Results have something like:
* {"expires_in":5184000,"access_token":". . . ."}
*/
console.log(results);
var linkedin = Linkedin.init(result);
return res.redirect('/');
});
});
What you are trying to do is an application-only authentication, it seems linkedIn has removed this option unlike facebook and twitter. As from now it is only possible to authenticate as a user.
If you really want to skip the redirect you could use something like PhantomJS which is a headerless browser. But i strongly recommend you not to do so as LinkedIn requires a user to authenticate in their license agreement. I don't know if it is legal but you could provide yourself an end-point which you use to generate the authentication_code and access_token and then save it to a database (60 days valid by default).
I am trying to get OAuth to work on node.js. I found this in the documentation of node-oauth:
var OAuth= require('oauth').OAuth;
var oa = new OAuth(requestUrl,accessUrl,consumerKey,consumerSecret,"1.0A",responseUrl,"HMAC-SHA1");
The next step in the official tutorial says:
"Then get hold of a valid access token + access token secret as per the normal channels"
What are these "normal channels"?
I know that the user has to authenticate somehow on the "vendor" site and that by some way a response url is called, but I can't find a description how to implement this. Can someone enlighten me?
I'm not sure what OAuth service you are trying to connect to so I'll just use twitter as an example. After you create your OAuth object you need to first request an oauth token. When you get that token, then you need to redirect to, for twitter, their authenticate page which either prompts them to login, then asks if it's ok for the app to login.
oa.getOAuthRequestToken(function(error, oauth_token, oauth_token_secret, results){
if (error) new Error(error.data)
else {
req.session.oauth.token = oauth_token
req.session.oauth.token_secret = oauth_token_secret
res.redirect('https://twitter.com/oauth/authenticate?oauth_token='+oauth_token)
}
});
When you first created the OAuth object, you set a responseURL, or the callback url. It can be anything, for my app its just /oauth/callback. In that callback you receive the oauth verifier token. You then use both the oauth request token and oauth verifier token to request the access tokens. When you receive the access tokens you will also receive anything else they pass, like their username.
app.get('/oauth/callback', function(req, res, next){
if (req.session.oauth) {
req.session.oauth.verifier = req.query.oauth_verifier
var oauth = req.session.oauth
oa.getOAuthAccessToken(oauth.token,oauth.token_secret,oauth.verifier,
function(error, oauth_access_token, oauth_access_token_secret, results){
if (error) new Error(error)
console.log(results.screen_name)
}
);
} else
next(new Error('No OAuth information stored in the session. How did you get here?'))
});
Hope this helps! I had the same problems when I started on this.
The access token is issued to your application after walking the user through the "OAuth dance" (as its affectionately known). This means obtaining a request token and redirecting the user to the provider (Twitter, in this case) for authorization. If the user grants authorization, Twitter redirects the user back to your application with a code that can be exchanged for an access token.
node-oauth can be used to manage this process, but a higher-level library will make it much easier. Passport (which I'm the author of), is one such library. In this case, check out the guide to Twitter authentication, which simplifies the OAuth dance down to a few lines of code.
After that, you can save the access token in your database, and use it to access protected resources in the usual manner using node-oauth.
An update to post tweet to user timeline:
#mattmcmanus, Extending #mattmcmanus nice answer, I would like to post a tweet to timeline. For this, I am using the same code as mattcmanus given above.
Step 1:
oa.getOAuthRequestToken(function(error, oauth_token, oauth_token_secret, results){
if (error) new Error(error.data)
else {
req.session.oauth.token = oauth_token
req.session.oauth.token_secret = oauth_token_secret
res.redirect('https://twitter.com/oauth/authenticate?oauth_token='+oauth_token)
}
});
Step 2:
app.get('/oauth/callback', function(req, res, next){
if (req.session.oauth) {
req.session.oauth.verifier = req.query.oauth_verifier
var oauth = req.session.oauth
oa.getOAuthAccessToken(oauth.token,oauth.token_secret,oauth.verifier,
function(error, oauth_access_token, oauth_access_token_secret, results){
if (error) new Error(error){
console.log(results.screen_name)
}else{
// NEW CODE TO POST TWEET TO TWITTER
oa.post(
"https://api.twitter.com/1.1/statuses/update.json",
oauth_access_token, oauth_access_token_secret,
{"status":"Need somebody to love me! I love OSIpage, http://www.osipage.com"},
function(error, data) {
if(error) console.log(error)
else console.log(data)
}
);
// POST TWEET CODE ENDS HERE
}
}
);
} else
next(new Error('No OAuth information stored in the session. How did you get here?'))
});
I have added oauth_access_token & oauth_access_token_secret in commented code. This will post a tweet update to user's timeline. Happy tweeting!!!