I am new to firebase. I have this url where download token is sent as query param. This is not secure as url can be logged and token will be exposed.
https://firebasestorage.googleapis.com/v0/b/sync-dev-30d7c.appspot.com/o/-MJ_drtw43bNU55JPyus%2Fslideshow%2F1607934794881?alt=media&token=d7ab741a-9353-4997-99c3-5fb800f6ea09
Is there a way to not send token in url and send it in body and header?
Related
How can I authenticate users and get an authentication token based on REST API on a wordpress website?
Then how can I use that token to update some content on my website?
I finally used JWT Authentication for WP REST API plugin to allow me to authenticate users and get an authentication token.
Using postman you can send a POST request containing json value={"username":"yourUserName","password":"yourPassword"} to the following endpoint to get the token:
http://yourdomain.com/wp-json/jwt-auth/v1/token
then you can update wordpress site content using that token. for example to update a post title you can send a POST request containing Bearer token as Authorization header and json value={"title":"new title"} as body to the following endpoint:
http://yourdomain.com/wp-json/wp/v2/posts/1
I have the endpoint POST /login where I send the params Form-Url encoded params email and password. The JSON Response contains the token.
Then I don't know how to tell my other Paw request, to get a valid token if needed. Because I'm not using GET as the Auth URL needs. I don't know if I need to create another endpoint and/or use ClientID and Client Secret. I'm missing the workflow of OAuth2 I think. Could you point to the right direction using a specific example?
I'm using ServiceStack Authentication to authenticate, and using http to do so. This might be duplicate to my previous post, but this is another question. When I'm sending a post-request auth/logout the request header doesn't have session-id which doesn't logout the user on the other website.
How can I send a post logout request that log the user out from all the web site that he/she is logged in?
How can I send a post logout request that log the user out from all the web site that he/she is logged in?
In order for a User to be logged in they need to be sending ServiceStack's ss-id/ss-pid Session Cookies. If the HTTP Request doesn't contain the Session Cookies it's treated as an anonymous request and sending a logout request wont have any effect. But in most cases you would just use the same HTTP Client used to authenticate the user, to log them out as they'd automatically also send their Authenticated Session Cookies with every request.
Other ways you can send ServiceStack Session Ids is to send Session Ids as HTTP Headers with the X- prefix, e.g:
X-ss-id: {sessionId}
X-ss-pid: {permSessionId}
X-ss-opts: ...
Or if you enable the AllowSessionIdsInHttpParams option in your AppHost, e.g:
SetConfig(new HostConfig {
AllowSessionIdsInHttpParams = true,
});
You can also send the Session Ids via QueryString, e.g:
/auth/logout?ss-id=...&ss-pid=...&ss-opts=...
I'm trying to use the Instagram Realtime API with a Meteor app. Basically you can subscribe to a tag get latest posts.
So I need to setup a callback URL and send a post request with my callbackurl, the object & fields that I want to subscribe and a verify string. A Instagram server is sending a get request with my verify string and a random string (challenge) and the Meteor server has to respond to this with the challenge string.
I'm getting the following error serverside:
error_message: 'Challenge verification failed. Sent "b58b60bb367d40148defa4e6240b2dc2", received "<!DOCTYPE> html..."..etc
In order to verify the subscription, your server must respond to the GET request with the hub.challenge parameter only.
How do I respond to instagram API with the hub.challenge parameter.
Resources:
http://instagram.com/developer/realtime/#
I am using oauth in my web application to access Twitter. My problem is i am not getting the token secret and moreover when i run my application it asks the user for authorization request. when the user click "allow', it does not go back to the called url. Infact it shows a blank untitled page with a url having oauth _token value and oauth_verifier value.
Can someone throw light on this.
Before you send users to twitter.com to authorized the app you need to save the request token secret. When the users clicks allow they will return to the callback url you specify. Once there you need to use the request token/secret to get an access token from twitter that will let you perform API requests as a user.
http://dev.twitter.com/doc/post/oauth/access_token