I working right now on React native app with Rarible(NFT) integration. For getting all nft's by ETH wallet from Rarible i need to know ETH wallet. But, problem is, returning data is always empty. (data:[])
I already loose to much time on this, so if anyone knows how to fix this, i ll be very helpfull.
Lets me to show u what i do:
Im getting valid auth token after deeplink authorization with Coinbase.
(for example "Bearer 479ea5a72d1faa65982b491ba994a5186d10469820cea9edb249c6147006d850"
After that i use this token to get user account data and user's wallet id:
'https://api.coinbase.com/v2/accounts/'
We must take field id to next request
Than we make request for what we need, ETH address
https://api.coinbase.com/v2/accounts/00442fd3-f564-5be2-b3ea-badf6f36900c/addresses
And there what we got, empty
Related
so, long story short, I'm working on my portfolio and I want to retrieve my LinkedIn recommendations from my profile, I googled but all I could find was about retrieving info from logged-in users using OAuth, is there a way to get a personal API key to retrieve my profile's info for everyone to see on my portfolio?
I don't think this is important but I'm using React.
I hope I made myself clear, I'd appreciate your help!
Well, when you do the 2-legged OAuth flow, you receive a response that includes an access_token that you can use to make api requests. Here is the documentation.
So in your react site, whenever you fail the request (which means your access token expired), you can just resend the request and get the new access token. This access token acts like an api key, and the 2-legged OAuth flow can be entirely automated without user intervention. These tokens have a 30 minute lifespan, so maybe you can just set an interval to fire every 30 minutes to refresh the token.
I am trying to get the unTappd API token. I have never tried to get an API access token before. So please bear with the simplicity of the question. I have been given the CLIENT_ID and CLIENT_SECRET. How do I get the access token?
I have seen some information online using other languages aside from React. The function in my code works as it pulls random data fine and displays it. I just need the access token and I can get the unTappd information.
The documentation is here. DOCS
I'm using react in the front end and nodeJS in the backend.
I'm trying to have a google auth2 login flow from the front end.
Where can I get the token from a google auth2 login?
I see it in the response under Zi.access_token but it doesn't seem to me to be the right way to get it.
In order to access properties such as basic_profile, access_token, the Auth2 library provides a range of getter-functions that will allow you access the data in a predictable way.
For access_token, you should call the function getAuthResponse() on the GoogleUser object returned from a successful login, this GoogleUser object will contain a key clearly labeled access_token
For basic_profile, GoogleUser.getBasicProfile() is provided
I see it in the response under Zi.access_token but it doesn't seem to me to be the right way to get it.
You are right, and this is something perhaps the docs can mention.
How are you?
Me..? Well, I'm having some trouble, haha!
I'm using a microservices API architecture on a project where the APIs and GatewayAPI is developed with Python's Pyramid framework, and the main frontend is built with React.
Simple workflow ilustration: https://imgur.com/ifRLLOo
The problem is: where do I safely store the authenticated "session data", like username, user_id, first_name? After logging in, I don't want to make new requests to the user's API just to get these information that will be constantly used.
I know I can store this coded data in the JWT token and store the token in the cookies or the localStorage, but is this the right place? And is this the right process?
If this is the right place, do I need, everytime, to send the decoded data to the frontend as part of the GatewayAPI response?
Thank you for the reading and I hope you guys can save me!
You can store the JWT in a cookie or localStorage it does not matter. I personally do so in localStorage.
Regarding your question about decoding the data, this is handled by the backend. All you need to do is include the JWT in every API call and the API will know which user is calling without the need to send the data back and fort.
I would also recommend you create tokens with an expiration date for added security.
For examples you can take a look at pyramid_jwt
For example, suppose I want to determine if a user is still "logged in"... AKA their token is not yet expired.
I store my JWT access_token in localStorage when I am first issued the access_token. I know it isn't enough to simply check the localStorage to see if the access_token is there or not. I read about the introspection end point but that seems like it is for API's - not JS clients. Is the best approach to use a client side library for JWT validation? I don't like this because there is a chance I may need to switch to reference tokens. I would like to make a call to the server side for this.
What is the correct way to validate an access_token with a JavaScript client?
Update:
Upon further investigation and with advice from leastprivilege I will be using the OIDC JavaScript client so I don't need to worry about this.
Client applications are not supposed to "decode" an access token. The exact format is an implementation detail between issuer and API.
When requesting an access token, the token response contains an 'expires_in' parameter that tell the client for how many seconds the token is valid.
Most jwt tokens come with an expiry date field for expiration time(depending on the server though). You can use a library like this to decode a JWT token before saving it into your local storage and then save the expiration time inside with the token so that you can just check the local storage and the expiry time and if the current day is grater than the expiry time, you discard the previous token and get a new one.
This library might be useful to you: oidc-client-js. Some documentation is available here.