Search Results

Search found 799 results on 32 pages for 'authlogic oauth'.

Page 13/32 | < Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >

  • Ruby-on-rails: routing problem: controller action looks for show when it should look for finalize

    - by cbrulak
    background: trying to use the twitter gem for ruby-on-rails. in routes: map.resources :twitter_sessions map.finalize_twitter_sessions 'twitter_sessions/finalize', :controller => 'twitter_sessions', :action => 'finalize' (twitter_sessions is the controller for the twitter sessions in my app). The view has one file new.html.erb and is very simple: <% form_tag(twitter_sessions_path) do |f| %> <p><%= submit_tag "twitter!" %></p> <% end %> and the twitter_sessions_controller.rb: def new end def create oauth.set_callback_url(finalize_twitter_sessions_url) session['rtoken'] = oauth.request_token.token session['rsecret'] = oauth.request_token.secret redirect_to oauth.request_token.authorize_url end def destroy reset_session redirect_to new_session_path end def finalize oauth.authorize_from_request(session['rtoken'], session['rsecret'], params[:oauth_verifier]) profile = Twitter::Base.new(oauth).verify_credentials session['rtoken'] = session['rsecret'] = nil session[:atoken] = oauth.access_token.token session[:asecret] = oauth.access_token.secret sign_in(profile) redirect_back_or root_path end However, after I click the "twitter" button, I get this error: 401 Unauthorized .../gems/oauth-0.3.6/lib/oauth/consumer.rb:200:in `token_request' .../gems/oauth-0.3.6/lib/oauth/consumer.rb:128:in `get_request_token' .../gems/twitter-0.9.2/lib/twitter/oauth.rb:32:in `request_token' .../gems/twitter-0.9.2/lib/twitter/oauth.rb:25:in `set_callback_url' app/controllers/twitter_sessions_controller.rb:7:in `create' If I go to the finalize url, http://localhost:3000/twitter_sessions/finalize, directly, I get this error: Unknown action No action responded to show. Actions: create, destroy, finalize, isLoggedInToBeta, login_required, and new Any ideas? Thanks

    Read the article

  • Sequence for authentication on a decoupled client?

    - by A T
    Using a sequence diagram and example code could you explain to me how authentication works when the client is completely separated from the server? I.e.: you haven't generated any of the client using a server-side template engine, rather you are communicating using REST (SOAP xor HTTP) xor RPC (XML xor JSON) with javascript on the client-side. Specifically I would like to know the sequence of: Authenticating using basic auth (user+pass) with "my" server Authenticating using OAuth2, e.g.: with Facebook, with facebook's server then whatever extra steps are needed for "my" server And how it could be implemented. (feel free to use psuedo-code [like below] or [preferably] prototyped simply using BackboneJS, AngularJS, EmberJS, BatmanJS, AgilityJS, SammyJS xor ActiveJS. if cookie.status in [Expired, Tampered, Wrong IP, Invalid, Not Found]: try auth(user,pass): if user is in my db: try authenticate(user,pass) if successful: login user # give session-cookie here? else: present user with "auth failed" msg else if user not in db: redirect to "edit-profile" page PS: I have written an example (editable) auth sequence diagram; based on facebooks' documentation.

    Read the article

  • Implicit OAuth2 endpoint vs. cookies

    - by Jamie
    I currently have an app which basically runs two halves of an API - a restful API for the web app, and a synchronisation API for the native clients (all over SSL). The web app is completely javascript based and is quite similar to the native clients anyway - except it currently does not work offline. What I'm hoping to do is merge the fragmented APIs into a single restful API. The web app currently authenticates by issuing a cookie to the client whereas the native clients work using a custom HMAC access token implementation. Obviously a public/private key scenario for a javascript app is a little pointless. I think the best solution would be to create an OAuth2 endpoint on the API (like Instagram, for example http://instagram.com/developer/authentication/) which is used by both the native apps and the web app. My question is, in terms of security how does an implicit OAuth2 flow compare (storing the access token in local storage) to "secure" cookies? Presumably although SSL solves man in the middle attacks, the user could theoretically grab the access token from local storage and copy it to another machine?

    Read the article

  • Uploading to TwitVid using x_verify_credentials_authorization

    - by deepa
    Hi, I am developing an iPhone application that uploads videos to TwitVid using the library TwitVid-iPhone-OAuth3. I have selected this library since Twitter is shifting to OAuth mechanism of authentication. 1) Does this new library allows to upload without user-name and password parameters? 2) I am using the following steps for uploading videos (assumed that new library allows to upload without user-name and password parameters). But, I am getting the error 'Incorrect Signature'. I am not able to identify the mistake that I am doing here. Could you please help me out to solve this problem. Authenticate the app using OAuth (MGTwitterEngine etc) which redirects the user to the web-page asking for log-in and app authentication. If the user authenticates the app, access token will obtained as final step. Upload the video to TwitVid using the following code snippet: OAuth *authorizer = [[OAuth alloc] initWithConsumerKey: @"my_consumer_key" andConsumerSecret: @"my_consumer_secret"]; authorizer.oauth_token = //The key-part of the access token obtained in step 2 authorizer.oauth_token_secret = //The secret-part of the access token obtained in step 2 authorizer.oauth_token_authorized = YES; //Since authenticated in steps 1 and 2 NSString *authHeader = [authorizer oAuthHeaderForMethod: @"POST" andUrl: @"https://api.twitter.com/1/account/verify_credentials.xml" andParams: nil]; twitVid = [[TwitVid alloc] init]; [mTwitVid setDelegate: self]; [mTwitVid authenticateWithXVerifyCredentialsAuthorization: authHeader xAuthServiceProvider: nil]; Thanks and Regards, Deepa

    Read the article

  • I've registered my oath about 5 times now, but... (twitteR package R)

    - by user2985989
    I'm attempting to mine twitter data in R, and am having trouble getting started. I created a twitter account, an app in twitter developers, changed the settings to read, write, and access, created my access token, and followed instructions to the letter in registering it: My code: > library(twitteR) > download.file(url="http://curl.haxx.se/ca/cacert.pem", + destfile="cacert.pem") > requestURL <- "https://api.twitter.com/oauth/request_token" > accessURL <- "https://api.twitter.com/oauth/access_token" > authURL <- "https://api.twitter.com/oauth/authorize" > consumerKey <-"my key" #took this part out for privacy's sake > consumerSecret <- "my secret" #this too > twitCred <- OAuthFactory$new(consumerKey=consumerKey, consumerSecret = consumerSecret, requestURL = requestURL, accessURL = accessURL, authURL = authURL) > twitCred$handshake(cainfo="cacert.pem") To enable the connection, please direct your web browser to: https://api.twitter.com/oauth/authorize?oauth_token=zxgHXJkYAB3wQ2IVAeyJjeyid7WK6EGPfouGmlx1c When complete, record the PIN given to you and provide it here: 0010819 > registerTwitterOAuth(twitCred) [1] TRUE > save(list="twitCred", file="twitteR_credentials") And yet, this: > s <- searchTwitter('#United', cainfo="cacert.pem") [1] "Unauthorized" Error in twInterfaceObj$doAPICall(cmd, params, "GET", ...) : Error: Unauthorized I'm about to have a temper tantrum. I'd be extremely grateful if someone could explain to me what is going wrong, or, better yet, how to fix it. Thank you.

    Read the article

  • Facebook graph API - OAuth Token

    - by Simon R
    I'm trying to retrieve data using the new graph API, however the token I'm retriving from OAuth doesn't appear to be working. The call I'm making is as follows; $token = file_get_contents('https://graph.facebook.com/oauth/access_token?type=client_cred&client_id=<app_id>&client_secret=<app secret>'); This returns a token with a string length of 41. To give you an example of what is returned I have provided below a sample (converted all numbers to 0, all capital letters to 'A' and small case letters to 'a' access_token=000000000000|AaaAaaAaaAAaAaaaaAaaAa0aaAA. I take this access token and attach it to the call request for data, it doesn't appear to be the correct token as it returns nothing. I make the data call as follows; file_get_contents('https://graph.facebook.com/<my_page's_id>/statuses?access_token=000000000000|AaaAaaAaaAAaAaaaaAaaAa0aaAA.') When I manually retrieve this page directly through the browser I get an 500/Internal Server Error Message. Any assistance would be grately appreciated.

    Read the article

  • Why do users have to enter a 7-digit twitter PIN to grant my application access?

    - by Tony
    I am implementing some ruby on rails code tweet stuff for my users. I am creating the proper oauth link...something like http://twitter.com/oauth/authorize?oauth_token=y2RkuftYAEkbEuIF7zKMuzWN30O2XxM8U9j0egtzKv But after my test account grants access to twitter, it pulls up a page saying "You've successfully granted access to . Simply return to and enter the following PIN to complete the process. 1234567" I have no idea where the user should enter this PIN and why they have to do that. I don't think this should be a necessary step. Twitter should be redirecting the user to the callback URL I provided in the application settings. Does anyone know why this is happening? UPDATE I found this article that states I need to send my users to this URL (note "authenticate" instead of "authorize"): http://twitter.com/oauth/authenticate?oauth_token=y2RkuftYAEkbEuIF7zKMuzWN30O2XxM8U9j0egtzKv I made the change but Twitter redirects the user to the authorize path after he clicks "Allow" which then gives him the 7 digit PIN again!

    Read the article

  • Trouble with authlogic_rpx

    - by Andrei
    Hi, I'm trying to run http://github.com/tardate/rails-authlogic-rpx-sample (only rails version was changed) but get error message http://gist.github.com/385696, when RPX returns information after successful authentication via Google Account. What is wrong here? And how I can fix it? The code was successfully tested with rails 2.3.3 by its author: http://rails-authlogic-rpx-sample.heroku.com/ I run on Windows with cygwin and rails (2.3.5), rpx_now (0.6.20), authlogic_rpx (1.1.1). Update In several hours RPX rejected my app http://img96.imageshack.us/img96/2508/14128362.png

    Read the article

  • What is the best tool to achieve this API design?

    - by Jose Fernandez
    Our web app offers a service that allows a "Publisher" to create a website (we give them a CMS system) that is ready to provide this service to "Members" (think Shopify). We have some possible clients that wish to become "Publishers" but they already have existing websites (vbulletin, word press blog, etc) with their own user base. We wish to develop an API that would allow these "Publishers" to keep using their own websites, and embed our services into them. Our main business requirement is that once "Members" are logged into the "Publishers" existing system, they should be able to also access our website without having to log-in again OR have to create another account there. The process should be seamless to the "Member" and "Publishers" should not have to sync their user base with our system. We also want to use an existing API authentication/authorization system instead of creating our own (OAuth, OpenID, etc) What would be the best way to use OAuth to achieve this sigle-sign on design? If OAuth is not the best tool, is there any other one out there that fits our requirements?

    Read the article

  • Any Google API in perl working with OAuth

    - by Julien
    Hello, I've looked at Net::Google, and 90% of the modules use AuthSub with a mandatory login/password. The right way for a web application to interact with Google applications on behalf of a customer is to use OAuth. That way, the authentication is done by Google, and the application does not know the user's password. This is supported by Net::Google::DocumentsList for example. Are you aware of modules that can work well with Picasa and Blogger, for example, using OAuth. The current Net::Google::PicasaWeb handles read-only queries, no add/remove/update actions.

    Read the article

  • Rails: translate ActiveRecord error template headers for a single model

    - by Chris
    Hi, I'm trying to rename the authlogic error messages in a Rails 3 app. The general format I found out working in Rails 3: de: errors: template: header: one: "Konnte {{model}} nicht speichern: ein Fehler." other: "Konnte {{model}} nicht speichern: {{count}} Fehler." body: "Bitte überprüfen Sie die folgenden Felder: But I want to change this for the authlogic user session model (and only for this one) because when the Login fails, the message "Could not save user session" does not make very much sense. How can I do that?

    Read the article

  • Ruby on Rails: How can I authenticate different user types from one place?

    - by sscirrus
    Hi everyone! This is my first post on Stack Overflow. I am trying to build a system that authenticates three types of user with completely different site experiences: Customers, Employers, and Vendors. I'm thinking of using a polymorphic 'User' table (using AuthLogic) with username, password, and user_type (+ AuthLogic's other required fields). If this is a good way to go, how do I set this up so after authenticating an user_id with a user_type the standard way, I can direct the user to the page that's right for them? Thanks.

    Read the article

  • Login with Google OAuth api and return url with variable

    - by user2833721
    I am using the Google API for login in my site and I appending my variable with URL and I want that variable in the return URL of OAuth API because of update purpose can I return back that variable For example: <a href="<?php echo($authUrl); ?>&kicker"> I append the kicker in $authUrl and when I return back from Oauth api print $me['displayName']; print $user['email']; print $me['gender']; print $me['id']; with this output I also want my variable "kicker" how can I get it

    Read the article

  • Wrong sessionID being used in callback, but only on one particular computer

    - by user210119
    I am writing a Python/Django web application that uses OAuth (for the TwitterAPI, not that it should matter). I am storing a session ID in my login function, and then after using OAuth to get the user's token, I try to retrieve the sessionID in my callback function. The callback function then always fails(throws an exception) because it can't find the OAuth token in the session. Through the debugger, I am able to determine that the session ID that the server is using is incorrect - it does not match the session ID that was stored in the login function. It's therefore unsurprising that the Oauth tokens were not there. The session that appears in the callback was the same one each time (until I tried deleting it - see "things I've tried below"), and it started out as an old session, with some data in it that is from a different django app running on the same server that I hadn't touched in a couple weeks. Here's the kicker: everything I described is an issue only on our production server, and only when connecting to it from my computer. Let me clarify: this only happens with my particular laptop. I can connect to the app just fine from someone else's computer. Other people cannot connect with their accounts on my computer. Furthmore, I can connect just fine to the app when it is running on my localhost using the built-in django webserver, just not to the production server. My setup: my server and local box are running= Django 1.2.0 and Python 2.6.5. My local box is running Snow Leopard and the Django webserver, the server is running Ubuntu, Apache2, and mod-wsgi. For sessions, I am using Django's default session backend (DB). Things I have tried, all to no avail: logging in with a different account, including new accounts that have never OAuthed to this app before Clearing cookies, using incognito mode, using a different web browser on my same computer. Each time, upon inspecting my cookies, the sessionID matched the sessionID in the login function and was different from the sessionID in the callback. deleting the session in the database that appears in the callback function, (the one that appeared to be old data). The callback function still fails, and the sessionID it appears to be using is now a new one using a different session backend (DB-cache, flat file, etc...) restarting the server, my computer, etc. My first question on StackOverflow, so bear with me if I didn't quite follow local conventions. I am just at a loss as to what to even look for - what are the things that could possibly be causing sessions to not work on my particular computer, and (so far!) only my particular computer?

    Read the article

  • How does one retrieve the email address of a user with GData?

    - by sblom
    I'm trying to use GData to retrieve the email address, real name, and profile URL of the user that just authorized my site using Google OAuth. We know how to request it using Google's OpenID flow, but the OpenID flow has the severe limitation that we have to ask for a Google Apps user's domain before we know where to send them to log in. At least using OAuth (or even AuthSub), the user gets prompted for which of their Google accounts to log in.

    Read the article

  • Not getting the token secret value

    - by Lincy
    I am using my application for twitter oauth with .Net. My problem is that though i am getting oauth token, iam unable to receive the token secret. Also I need the token pairs to be stored in my applications database for exchanging request token for access token. Can some one help?

    Read the article

  • Rails + facebox + authlogic - how?

    - by Vitaly
    Hello, on my web site I want to have login/registration form in modal window done using facebox (jQuery plugin). What is better: Create view with one method and template that has form and refer facebox to this view. Create static HTML file in public directory and refer facebox to this static page. What I want to achieve is: Easy verification (like "user name already taken", "password confirmation doesn't match password" and stuff like that). Easy submit and redirect I'm new to Rails, I just know about forms verification in Django, so for Django I would probably choose option 1, but it might be another thing in Ruby.

    Read the article

  • Omniauth/Devise/Facebook: Auth route is not recognized

    - by M. Cypher
    I've been working on this problem for 7 hours now, and I still have no idea. Maybe one of you can help me. I'm simply trying to integrate the OAuth feature of Devise 1.2rc, which uses Omniauth, into my Rails application. I've been using this tutorial by Devise: https://github.com/plataformatec/devise/wiki/OmniAuth%3A-Overview I have done everything they tell you to... Yes, I have added the following line to my devise.rb: config.omniauth :facebook, "APP ID", "APP SECRET" I have added :omniauthable to my user model, as well as the class function as described in the tutorial I have implemented the omniauth_callbacks controller, as well as the callback function, and I have specified the omniauth_callbacks controller in my routes.rb When I run "rake middleware" it does list the Omniauth middleware: use OmniAuth::Strategies::Facebook I have installed Devise directly from the Git repo, master branch, so it's up-to-date I have installed Omniauth 1.2.0.beta5, which is the latest version. In my Gemfile it says: gem 'oa-oauth', '0.2.0.beta5', :require = 'omniauth/oauth' I have restarted the server, obviously However, when I try to request this URL: http://localhost:3000/auth/facebook it simply says ActionController::RoutingError (No route matches "/auth/facebook"): /user/auth/facebook doesn't work either. Since I unfortunately don't have the time to take apart the entire Omniauth and Devise gems and understand every line of code in them, maybe one of you could tell me what the problem might be.

    Read the article

  • Twitter API Rate Limit - Overcoming on an unauthenticated JSON Get with Objective C?

    - by Cian
    I see the rate limit is 150/hr per IP. This'd be fine, but my application is on a mobile phone network (with shared IP addresses). I'd like to query twitter trends, e.g. GET /trends/1/json. This doesn't require authorization, however what if the user first authorized with my application using OAuth, then hit the JSON API? The request is built as follows: - (void) queryTrends:(NSString *) WOEID { NSString *urlString = [NSString stringWithFormat:@"http://api.twitter.com/1/trends/%@.json", WOEID]; NSURL *url = [NSURL URLWithString:urlString]; NSURLRequest *theRequest=[NSURLRequest requestWithURL:url cachePolicy:NSURLRequestUseProtocolCachePolicy timeoutInterval:10.0]; NSURLConnection *theConnection=[[NSURLConnection alloc] initWithRequest:theRequest delegate:self startImmediately:YES]; if (theConnection) { // Create the NSMutableData to hold the received data. theData = [[NSMutableData data] retain]; } else { NSLog(@"Connection failed in Query Trends"); } //NSData *data = [NSData dataWithContentsOfURL:[NSURL URLWithString:urlString]]; } I have no idea how I'd build this request as an authenticated one however, and haven't seen any examples to this effect online. I've read through the twitter OAuth documentation, but I'm still puzzled as to how it should work. I've experimented with OAuth using Ben Gottlieb's prebuild library, and calling this in my first viewDidLoad: OAuthViewController *oAuthVC = [[OAuthViewController alloc] initWithNibName:@"OAuthTwitterDemoViewController" bundle:[NSBundle mainBundle]]; // [self setViewController:aViewController]; [[self navigationController] pushViewController:oAuthVC animated:YES]; This should store all the keys required in the app's preferences, I just need to know how to build the GET request after authorizing! Maybe this just isn't possible? Maybe I'll have to proxy the requests through a server side application? Any insight would be appreciated!

    Read the article

  • Facebook Connect OR Facebook Authorization using OAuth 2.0

    - by AJS
    I want to allow users to sign in using facebook as well to my website, since the recent release of new Facebook stuff, I am unsure which one to use. Previously, Facebook Connect was used. Now we have Facebook authorization feature, using the OAuth 2.0. Please tell me which one to use? and Is Facebook Connect going to be obsolete? I am new to Facebook Development.

    Read the article

  • twitter oauth in xcode 3.2

    - by Oscar Navidad
    hello i make a app for the ipad in objective-c about twitter with ouath autenthication , you can help me , how find a tutorail and documentacion about this ? . i try with oauth/code but the guide the this page no is clear thans in advance

    Read the article

  • is OAuth required in Facebook Graph API ?

    - by From.ME.to.YOU
    Hello i have a problem .. i want to get all the feeds from a facebook page using fb graph API without OAuth but i have a problem https://graph.facebook.com/[page ID]/feed i get the following response { "error": { "type": "OAuthAccessTokenException", "message": "An access token is required to request this resource." } } while i check another page it gets right response https://graph.facebook.com/[another page ID]/feed { "data": [ { ... why it's asking for an access token for a page ... and it doesn't do that for another page ?

    Read the article

  • Twitter Client using JavaScript and Oauth

    - by MP
    Is there any good tutorial or example to build a Twitter client using popup and oauth for login (Ex: http://twitgoo.com/) Also once the user logs in, the new tweets showed without any page refresh and also the ability to post a tweet without page refresh. If there is no good example, please suggest the API or libraries i need or any general suggestion.

    Read the article

< Previous Page | 9 10 11 12 13 14 15 16 17 18 19 20  | Next Page >