“An access token is required to request this resource” while accessing an album / photo with Facebook php sdk

There are 3 things you need. You need to oAuth with the owner of those photos. (with the ‘user_photos’ extended permission) You need the access token (which you get returned in the URL box after the oAuth is done.) When those are complete you can then access the photos like so https://graph.facebook.com/me?access_token=ACCESS_TOKEN You can find … Read more

OAuth (Access Token) Vs API Key

You need OAuth only when you want to enable a user of your service to allow a third-party client application to access his/her data hosted in your service without revealing his/her credentials (ID & password) to the application. What a pair of API key & API secret can do is just authentication of a client … Read more

Difference between OAuth 2.0 Two legged and Three legged implementation

First, the legs refer to the roles involved. A typical OAuth flow involves three parties: the end-user (or resource owner), the client (the third-party application), and the server (or authorization server). So a 3-legged flow involves all three. The term 2-legged is used to describe an OAuth-authenticated request without the end-user involved. Basically, it is … Read more

Automating access token refreshing via interceptors in axios

I may have found a way much simpler to handle this : use axios.interceptors.response.eject() to disable the interceptor when I call the /api/refresh_token endpoint, and re-enable it after. The code : /** * Wrap the interceptor in a function, so that i can be re-instantiated */ function createAxiosResponseInterceptor() { const interceptor = axios.interceptors.response.use( (response) => … Read more

Why is OAuth designed to have request token and access token?

For usability and security reasons. From the Beginner’s Guide to OAuth: https://hueniverse.com/beginners-guide-to-oauth-part-iii-security-architecture-e9394f5263b5 … While mostly an artifact of how the OAuth specification evolved, the two-Token design offers some usability and security features which made it worthwhile to stay in the specification. OAuth operates on two channels: a front-channel which is used to engage the User … Read more

application that uses OAuth and javascript [closed]

There is a JS client implementation for OAuth here: https://developers.google.com/identity/protocols/OAuth2UserAgent It contains example code to get you running. Basically, what you do is this: var url = “…”; var accessor = { token: “…”, tokenSecret: “…”, consumerKey : “…”, consumerSecret: “…” }; var message = { action: url, method: “GET”, parameters: {…} }; OAuth.completeRequest(message, accessor); … Read more