Automating access token refreshing via interceptors in axios

I may have found a way much simpler to handle this : use axios.interceptors.response.eject() to disable the interceptor when I call the /api/refresh_token endpoint, and re-enable it after. The code : /** * Wrap the interceptor in a function, so that i can be re-instantiated */ function createAxiosResponseInterceptor() { const interceptor = axios.interceptors.response.use( (response) => … Read more

“This app would like to: Have offline access” when access_type=online

I think G does this when your app requests a token and there is still a valid access or refresh token for the user for the scopes in question. The solution is to revoke tokens when you’re done with them (either on user logout or immediately after authenticating the user) by issuing this request: https://accounts.google.com/o/oauth2/revoke?token={token} … Read more

Javamail api in android using XOauth

I researched this for some days and I found a solution that is working for me at the moment. I get the oauth2 token from the android AccountManager and then send the email via SMTP using JavaMail. The idea is based on the Java example here http://code.google.com/p/google-mail-oauth2-tools/wiki/JavaSampleCode and on this java Xoauth example here http://google-mail-xoauth-tools.googlecode.com/svn/trunk/java/com/google/code/samples/xoauth/XoauthAuthenticator.java … Read more

Adding http headers to window.location.href in Angular app

When you use $window.location.href the browser is making the HTTP request and not your JavaScript code. Therefore, you cannot add a custom header like Authorization with your token value. You could add a cookie via JavaScript and put your auth token there. The cookies will automatically be sent from the browser. However, you will want … Read more

Can you get a public Facebook page’s feed using Graph API without asking a user to allow?

If you’re anything like me your clients won’t want a standard Facebook likebox plugin, they’ll want it all styled and customised their own way. You don’t need to spend all day going round the official documentation wondering if any of it applies to you for something simple like this, it’s quite easy. The confusion arises … Read more

Error: invalid_request device_id and device_name are required for private IP

An alternative to editing a hosts file is to use the “Magic DNS” service https://nip.io/ nip.io is a magic domain name that provides wildcard DNS for any IP address. Say your LAN IP address is 10.0.0.1: 10.0.0.1.nip.io resolves to 10.0.0.1 (dot syntax) 192-168-1-250.nip.io resolves to 192.168.1.250 (dash syntax) 0a000803.nip.io resolves to 10.0.8.3 (hex syntax) foo.bar.10.0.0.1.nip.io … Read more

Access to Google API – GoogleAccountCredential.usingOAuth2 vs GoogleAuthUtil.getToken()

The Google APIs Client Library for Java is as the name suggests a library for accessing Google APIs and it is available for several platforms such as Java (in general) and Android while the Google Play Services and GoogleAuthUtil is only available on Android. By looking at the wiki page of the project it is … Read more

Is it possible to use OAuth 2.0 without a redirect server?

Yes, it is possible to use OAuth2 without a callback URL. The RFC6749 introduces several flows. The Implicit (now deprecated[1]) and Authorization Code grant types require a redirect URI. However the Resource Owner Password Credentials (deprecated as well[1]) grant type does not. Since RFC6749, other specifications have been issued that do not require any redirect … Read more