I am running asp.net application on Facebook,which has multiple pages.
On landing page I obtain access token.
Question is how to persist that access token so that I can use it in other pages
to access current user data.
Current when I try following in other pages,
Facebook.FacebookAPI fbApi = new Facebook.FacebookAPI();
JSONObject currentUser = fbApi.Get("/me");
it breaks saying unauthorized.
You should just store the access token in your database along with a user ID reference. Alternatively you can just use a client side SDK like the Facebook Javascript SDK which will persist for you without having to go extra effort.
I don't think you're using the most recent version of the API. It looks like you're using the deprecated one from https://github.com/facebook/csharp-sdk#readme
If you're using the latest one, then you can persist the access token. Grab the latest from:
https://github.com/facebook-csharp-sdk/facebook-csharp-sdk/#readme
Related
Just looking into Blazor and my company decided to explore Server Side App (no WASM).
I got the basic project setup and because we want the app to work with out current user db, I modified our User Server (Microservice) to authenticate a user and return a JWT token. In the Login page once we have the token, we authenticate and the cookie is stored.
var auth = await HttpContext.AuthenticateAsync();
auth.Properties.RedirectUri = "/";
var accessToken = new AuthenticationToken()
{
Name = OpenIdConnectParameterNames.AccessToken,
Value = Token
};
AuthenticationToken[] tokens = { accessToken };
auth.Properties.StoreTokens(tokens);
auth.Properties.IsPersistent = true;
await HttpContext.SignInAsync("Cookies", auth.Principal, auth.Properties);
So I want to say at this point everything is working fine.
Now back to the question. I wish to increase security by using Refresh Tokens, and this is where I hit the problem. Every tutorial or guide I google/bing that talks about Refresh tokens goes by the basses that I am using WASM or an API that I call. There are a few articles that say to use Local Storage but then that can bring up a whole new conversation of Local Storage vs Cookies vs Session, and I was hoping to stick with most of the built in stuff.
I understand that Server-Side issues with the HTTP context, hence why the login page is done on a .cshtml page and the fact that the cookies are set as HTTPOnly so JavaScript cannot access them.
So, is there away to do it?
Just to clarify, this is a Server-Side app only, no client apps or API's or anything else and I wish to stick with most of the built in stuff using cookies.
I'm trying to use the Graph SDK to get a specific Sharepoint site by URL so I can read and write the list, create document libraries, and add documents to existing libraries.
This works to get the root:
var site = await graphClient.Sites[SPUrl].Request().GetAsync();
This doesn't work to get the site I want:
var site = await graphClient.Sites[SPUrl+"/segment1/segment2/site"].Request().GetAsync();
And this doesn't work to get the site by URL -- it tells me "the provided path does not exist or does not represent a site":
var siteByPath = await graphClient.Sites[SPUrl].SiteWithPath("/segment1/segement2/site").Request().GetAsync();
But using the Graph Explorer, this works:
https://graph.microsoft.com/v1.0/sites/my.site.com:/sites/segment1/segment2/site?$select=id
Using the Graph Explorer I determined that each segment of the URL is considered its own site, but didn't have any luck doing this -- the error is "provided identifier is malformed - id is not valid":
var site = await graphClient.Sites[SPUrl].Sites["segment1"].Request().GetAsync();
What am I missing?
With the Sharepoint CSOM you could just ask for a site by its URL. My application is in Azure now and being authenticated by through OAuth tokens, not by a username and password handled within the application, so I'm not sure I can pass that authentication through CSOM. As far as I can tell I need to use Graph now.
It would appear that the problem was that if you're going to query the sites under a site root, you need to add the ":" to your original root site string. So
"await graphClient.Sites[SPUrl].Sites["/segment1/segment2/site"].Request().GetAsync();" needs to be
"await graphClient.Sites[SPUrl+":"].Sites["/segment1/segment2/site"].Request().GetAsync();" which would make it match the syntax used in the Graph Explorer.
I had assumed that asking for a Site using the SDK would handle that, but I was wrong.
I have two websites. One website is responsible to create a user using identity framework like:
UserManager.CreateAsync(user, password);
And then I'm generating email confirmation token like:
var code = await UserManager.GenerateEmailConfirmationTokenAsync(user.Id);
This is how I'm creating Confirmation link:
$"{OtherWebsiteBaseUrlHere}/Account/ConfirmEmail?userId={user.Id}&code={code}";
When I open this link, my other website is unable to validate this token and says Invalid token.
My other website is also using identity framework and pointing to the same database where my first database is pointing. My question is that...Is it possible to generate validation token from one website and validate it from other website? As per my knowledge, it uses security stamp to validate tokens. If this is true, it should validate token from other website as well because the database is same. Any help is appreciated. Thanks
As database is same, while validation token is generated, along with the timestamp let it get stored in the table(May be from first website which may be hosted in webserver where database is present)
From second website (which may be hosted in different webserver or same webserver like first), while validating, let the token be validated against the table data. i.e. same database means same table, same set of data all are possible. Hence synchronous value can be validated.
Hope that helps!!!
I need to generate a Page Access Token for a webpage that I have, this token will be used by the webpage to post to its Facebook Page feed.
This is what I do :
Go to Graph API Explorer
Choose my app from the dropdown
Click Get Access Token
Choose correct permissions(manage_pages/user_events)
To get the Page Access Token I have to run me/accounts in the Graph API Explorer. This will show all the pages I got with a new Page Access Token (short lived(about 60 min)) to each one.
This Page Access Token will work just fine to use in my C# code to post to the feed.
Problem
When another user uses my webpage to post a post I need to generate a new Page Access Token(in code) and then use it to post the userpost to the site´s facebook feed. The problem is that I could clearly not be there to grant the post so how do I handle this?
I could obviously not run the me/accounts(in code) command to get the Page Access Token from here.
I have looked at extended Access Token but this will last 60 days and then it will be the same problem as above.
What you need is an Extended Page Token:
generate User Access Token with manage_pages and publish_actions
generate Extended User Token (valid for 60 days): https://graph.facebook.com/oauth/access_token?grant_type=fb_exchange_token&client_id=[app-id]&client_secret=[app-secret]&fb_exchange_token=[short-lived-token]
call /me/accounts with the Extended User Token to get Extended Page Tokens
Extended Page Tokens are valid forever, so you don´t need to generate a new one all the time.
Source (including information about all the Tokens): http://www.devils-heaven.com/facebook-access-tokens/
On https://developers.facebook.com/docs/pages/access-tokens
Getting Page Access Tokens
GET /{page-id}?fields=access_token&access_token={user_access_token}
The response will look like this:
{
"access_token": "{your-page-access-token}",
"id": "{page-id}"
}
I've got credentials of an account with access to Google Analytics,
I'm looking to utilise the Analytics Core Reporting API http://code.google.com/apis/analytics/docs/gdata/home.html
I've found examples which use username/password calling setUserCredentials, but have seen comments this is less secure/has a low request limit (And doesn't exist in the lastest client).
Plus I've seem examples which use oauth, but require user interaction and grant access to the users google account.
However I'm looking to run a service which doesn't require any user interaction, and connects to a predefined google account (un-related to the user viewing it).
I can then store the results in a database, and end users can query the results from the database.
I've seen information about using AccessType = Offline when you first login, which then returns an access token and a refreshtoken.
http://code.google.com/apis/accounts/docs/OAuth2WebServer.html#offline
In my example though, the end user will never login to the application.
Could I have a seperate admin application which gets a refresh token, and stores the refresh token in the config/lookup table?
Then the main application can use the refresh token pulling from the config/lookup table, and get an access token to be able to query the Google Analytics account.
I'm looking for a C# example which uses AccessType = Offline, and seperates out the fetching of the refresh token and using the refresh token to get an access token to query the google analytics account.
Create your app https://code.google.com/apis/console/
For you App, turn on access to Google Analytics, and create an OAuth 2.0 client ID for your website.
Browse to:
https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=YOUR_APP_ID.apps.googleusercontent.com&access_type=offline&scope=https://www.googleapis.com/auth/analytics.readonly&redirect_uri=HTTP://YOUR_CALL_BACK_URL
Having changed YOUR_APP_ID, YOUR_CALL_BACK_URL to the relevant values.
Important to include access_type=offline.
Press Grant Access, this will redirect to HTTP://YOUR_CALL_BACK_URL?code=THIS_IS_YOUR_CODE. Copy the code in the URL.
With the code, request the Refresh Token using CMD prompt.
curl -d "code=THIS_IS_YOUR_CODE&client_id=YOUR_APP_ID.apps.googleusercontent.com&client_secret=YOUR_APPS_SECRET_CODE&redirect_uri=HTTP://YOUR_CALL_BACK_URL&grant_type=authorization_code" https://accounts.google.com/o/oauth2/token
Having changed THIS_IS_YOUR_CODE, YOUR_APP_ID, YOUR_APPS_SECRET_CODE, YOUR_CALL_BACK_URL to the relevant values.
Record the refresh_token returned.
Download the latest version of the Core Reporting V3.0 .net libraries
http://code.google.com/p/google-api-dotnet-client/wiki/Downloads
There is a bug in the current version of Google.Apis.Analytics.v3.cs, to fix this copy the code in this file to your local solution (And don’t reference Google.Apis.Analytics.v3.bin)
http://code.google.com/p/google-api-dotnet-client/source/browse/Services/Google.Apis.Analytics.v3.cs?repo=samples&name=20111123-1.1.4344-beta
And change the property Dimensions from a List<system.string> to a string.
Or you'll get an error like me and this guy did http://www.evolutiadesign.co.uk/blog/using-the-google-analytics-api-with-c-shar/
You can then use your Refresh Token, to generate you an Access Token without user interaction, and use the Access Token to run a report against Google Analytics.
using System;
using DotNetOpenAuth.OAuth2;
using Google.Apis.Authentication.OAuth2;
using AnalyticsService = Google.Apis.Analytics.v3.AnalyticsService;
class Program
{
public static void Main()
{
var client = new WebServerClient(GoogleAuthenticationServer.Description, "YOUR_APP_ID.apps.googleusercontent.com", "YOUR_APPS_SECRET_CODE");
var auth = new OAuth2Authenticator<WebServerClient>(client, Authenticate);
var asv = new AnalyticsService(auth);
var request = asv.Report.Get("2012-02-20", "2012-01-01", "ga:visitors", "ga:YOUR_GOOGLE_ANALYTICS_ACCOUNT_ID");
request.Dimensions = "ga:pagePath";
request.Sort = "-ga:visitors";
request.MaxResults = 5;
var report = request.Fetch();
Console.ReadLine();
}
private static IAuthorizationState Authenticate(WebServerClient client)
{
IAuthorizationState state = new AuthorizationState(new string[]{}) { RefreshToken = "REFRESH_TOKEN" };
client.RefreshToken(state);
return state;
}
}
Great Answer Ian and it helped me to get going in the correct Direction more than any other answer I could find online. Something must have changed in the AnalyticsService object because the line:
var request = asv.Report.Get("2012-02-20", "2012-01-01", "ga:visitors", "ga:YOUR_GOOGLE_ANALYTICS_ACCOUNT_ID");
did not work for me and I had to use the following:
var request = asv.Data.Ga.Get("ga:YOUR_GOOGLE_ANALYTICS_ACCOUNT_ID", "2012-01-01", "2012-02-20", "ga:visitors");
Hopefully this will help others like your answer helped me. Thanks!
Ian's answer helped me a lot but I kept getting an error running the curl command. Did some research and found that the steps to get the access code and refresh token can be made easier by going to https://code.google.com/oauthplayground/ and checking your oAuth configuration settings. Top right of the page there is a settings button. selected "Use your own OAuth credentials". You can get your access code and request a refresh token all from here.
Hope this helps.
You can manually get a refresh token from the OAuth Playground.
If you are needing a refresh token for a Service Account as I was, make sure you
Click on the settings on the right.
Check Use your own OAuth credentials
Fill in your Client ID and Secret
Close the settings
Click the Refresh button on step 2
Then save the refresh token for use in your app