Support code string as well apart from access token about ng-cordova-oauth HOT 11 CLOSED

The code block you highlighted is for requesting an access token, where code represents the request token obtained in the first step of ngCordovaOauth.

There is no need to return code with the access token, because it becomes invalidated when requesting the access token.

I recommend using only ngCordovaOauth or only Satellizer. Unless of course there is a Satellizer function that only accepts an access token.

from ng-cordova-oauth.

I agree with you, in front end, I will use ngCordovaOauth, but in backend I need something like Satellizer, just to make sure the authentication code are in sync.

from ng-cordova-oauth.

I'm still not understanding how this would work.

If ngCordova is generating a token as well as Satellizer, these tokens are not going to match even if you share a request token.

I think you may have to choose either or still.

If you really want the request token from ngCordova you'd have to make your own fork and just add it to the promise. Not difficult to do, but unfortunately I won't merge it into the master.

Let me know if you need help.

Regards,

from ng-cordova-oauth.

Let me try to explain again, looks like I wasn't clear at previous attempts:

Satellizer project provides both front-end as well back-end. For Web I'm using their front-end and back-end. For mobile, I have made custom call in the backend to use the access_token received from ngCordova. It works fine with Google+ login, but with FB it fails saying the access_token is invalid for the session. If I get the code parameter as well, then I don't need any fork of your project. I will be always getting latest changes from you. Right now, I don't have access to the system log, will go back home and update this issue. Thanks

from ng-cordova-oauth.

I understand what you're saying, but I just can't see the value. Maybe I don't see it because I don't use Satellizer.

The request token / code is invalidated after getting the access token. It would be of no use to Satellizer and has no relationship to the access token. Just pass Satellizer a random value and it should be the same.

Does this make sense?

from ng-cordova-oauth.

From my backend, need to serve data, if its also authenticated on the server.

This is the exception being thrown by FB server, if I use the access_token received from ng-cordova-oauth:

{u'error': {u'message': u'An active access token must be used to query information about the current user.', u'code': 2500, u'type': u'OAuthException'}}

Note: I have skipped step1 in that link, doing things from step2, for both FB and Google+. As mentioned earlier, it works perfectly fine with Google+ and the serve thinks the client has been authenticated, let us serve other REST data.

With Satellizer I can reuse the code string in server for authentication, which was received in the client side.

Let me clone your project and see what all values I get from FB server. I'm new to cordova, so not sure where all I need to make the changes and see the logging to work.

from ng-cordova-oauth.

I don't know if you've seen this example I made or not:

https://github.com/nraboy/ng-cordova-facebook-example

It uses ngCordovaOauth and works without issue. I don't know what is happening in your process flow because you shouldn't get access token errors unless the token expired or invalidated.

I don't know Satellizer, but maybe Satellizer is invalidating any previously generated access tokens when you try to validate via your backend?

https://github.com/nraboy/ng-cordova-oauth/blob/master/ng-cordova-oauth.js#L273-L307

You can see above there really isn't anything to the Facebook part. I'd recommend reading up on the Oauth 2.0 protocol with implicit grants (no secret key).

Further reading material for you:

https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow/v2.2
https://blog.nraboy.com/2014/07/using-oauth-2-0-service-ionicframework/

Since there is no error in the ngCordovaOauth library, and it appears to be isolated to a specific third party utility, I'm going to close this ticket.

Regards,

from ng-cordova-oauth.

My bad usage of API, fixed the problem at my end now. Thanks for your time.

from ng-cordova-oauth.

Mind sharing what you changed in case someone else has a similar issue?

from ng-cordova-oauth.

I was passing the token directly as a string, which was my bad part:

Fixed by adding, access_token (following dict) to params;
access_token = {'access_token': token, 'expires': expires_in}
# Step 2. Retrieve information about the current user.
r = requests.get(graph_api_url, params=access_token)

Thanks for your patience, taking time to explain me.

from ng-cordova-oauth.

I'm glad everything worked out in the end :-)

from ng-cordova-oauth.