|
That is the idea, so that if your Client Credentials for one app are compromised, you can invalidate them without affecting your other applications. The alternate is to have one and invalidate all your apps.
Furthermore, the OAuth Authorization Flow and Implicit Grant flows require a redirection URL which is unique to each app for security reasons.
The Resource Owner Password Flow is less secure than the other two, and is not recommended for most applications. In the future, we may restrict its use to those clients and applications we can verify as being secure, and a web app is not a secure app.
I would recommend using the Implicit Grant flow for any Web or JavaScript applications.
|
|
|
|
|
Ok, thanks for the explanation!
The quick red ProgramFOX jumps right over the Lazy<Dog> .
|
|
|
|
|
I've just gone to the API site and it's showing the standard ASPX exception.
|
|
|
|
|
There was a change made to common code that broke the site. Should be good now.
|
|
|
|
|
Is there any way to have hierarchical relationship between the forum messages? I can see all messages for a thread or a forum, but not sure how I can relate them like "this message is a reply to that one". Perhaps some field like ParentMessageID would be helpful.
Am I missing something?
[EDIT]
Also, not sure that the rating and votes for messages are getting populated properly in the response.
Also, the URL against the WebsiteLink field starts with "//", but that's ok, I guess.
[/EDIT]
Whether I think I can, or think I can't, I am always bloody right!
modified 30-Sep-14 1:14am.
|
|
|
|
|
Yes, that needs correction. That's what I get for trying to re-use a non-hierarchical class to display hierarchical data.
Need to add ParentId, and ThreadId at a minimum. I could add indent level as well.
The messages are displayed in the order to display them in discussion order, but without the above properties it is difficult to do so.
I'll fix this today or tomorrow.
Also, the WebsiteLink should be starting with http://www.codeproject.com. I'll fix this as well.
|
|
|
|
|
I've made the change and deployed. See the API Documentation and Change Log for details.
Basically, ParentId has the Id of the Parent Message, ThreadId has the Id of the original message for the discussion thread and IndentLevel indicates the hierarchical level of the message in the discussion thread,
Messages are displayed in discussion order, so just indenting the messages using the IndentLevel value will result in a display similar to that in the CodeProject Forums.
|
|
|
|
|
Thanks for the update.
Agent__007 wrote: Also, not sure that the rating and votes for messages are getting populated properly in the response. But I can't see the rating and votes getting populated correctly for the forum messages.
Whether I think I can, or think I can't, I am always bloody right!
|
|
|
|
|
Indeed, my previous message which you voted on does not have any votes showing.
I'm looking into it.
|
|
|
|
|
Fixed and Deployed
|
|
|
|
|
Thank you, Sir.
Whether I think I can, or think I can't, I am always bloody right!
|
|
|
|
|
[Edit] Property name changed on Sept. 29, 2013.
In response to the message below Small concern about a reserved word 'abstract' as a JSON Property [^]
I am going to change the property abstract to summary . This will happen later today or tomorrow, so you will need to adjust any programs you have written.
The change will be noted in the Change Log .
If you have any recommendation for other changes or additions, this is the Forum to post your wishes.
modified 29-Sep-14 14:06pm.
|
|
|
|
|
Hi,
Here's my question with regards to a variable naming in Java.
I was trying to create entities or classes for the corresponding JSON responses say for Articles. There could be a list of "items" and hence I have came up with a class named "Item", notice below there is a JSON property named "abstract" which I can't really define this name as a variable name in my java class because it is a reserved word. I know this can be done easily in C# by using an'@' sign at the beginning of the variable but I'm stuck with Java.
"abstract": "WCF provides a flexible and extensible architecture for the developer. The most common situation is to customize the extension of behavior. It is not complex, but some issues should be noticed. This article discusses how to extend the behavior in WCF.",
Variable naming convention for reference - http://docs.oracle.com/javase/tutorial/java/nutsandbolts/variables.html[^]
|
|
|
|
|
Not sure about Java, but there are libraries available (for .NET atleast, Newtonsoft.JSON, for instance) which allow you to map the JSON properties to the properties of your entities. So you can always define a mapping for "abstract" property to some property of your class like "Synopsis".
While I do know that an abstract is not a synopsis, it's just a poorly chosen example
Whether I think I can, or think I can't, I am always bloody right!
|
|
|
|
|
|
... do I find information on the CodeProject API?
What is it? What APIs are available? How to use it?
Within you lies the power for good - Use it!
|
|
|
|
|
Everything's here[^].
Whether I think I can, or think I can't, I am always bloody right!
|
|
|
|
|
Thanks!
Within you lies the power for good - Use it!
|
|
|
|
|
I've been frustrated with the forum mechanisms here at CP for years. Today I took another look around for an API to see if I could code a solution around the issues, and I found the new API. The methods available for forum access are primitive but it's a start. My first goal will be to write a C# app that helps users to keep track of any updates to discussions on articles of interest. That may get extended later to help with watching specific threads. I'll see if I can write something up to publish as a Sample.
Sincere thanks to everyone who works on this.
|
|
|
|
|
Wow! I am first to post a message here!
So, my question is, is there any "persistent" access token which I could use to query both My and Other APIs and which doesn't expire at all (so that I could hard-code it)? I am thinking to write a small WPF application (purely for personal use) and not able to figure out how to query the "My" API. I am able to get the access token as given in the sample Console application, but not able to query the "My" API using it.
While the documentation does say -
The My API gets information about the logged in User. As such, the My API requires the user to grant the client application access to their information using the Authorization Code Grant or Implicit Grant flow from the OAuth2 specification to get the Access Token. , and I tried referring this [^] article on Authorization Code Grant and Implicit Grant, I am not able to figure out how to implement it and where and how exactly should I use the Redirection URL and Grant Permission stereotype in a WPF application.
Any help would be greatly appreciated.
Whether I think I can, or think I can't, I am always bloody right!
|
|
|
|
|
Yeah - we can do that. It might take a little time but we'll let you know when it's in place.
cheers
Chris Maunder
|
|
|
|
|
Thanks! Please see my reply to Mr. Dennis below.
Whether I think I can, or think I can't, I am always bloody right!
|
|
|
|
|
|
OK, just gave a quick try to this using Postman and used a POST to https://api.codeproject.com/Token with my CP username, password and password as grant_type in x-www-form-urlencoded as you (and in the OAuth documentation) suggested, but it's returning a 400 Bad Request - "invalid_client" response. However, same POST to https://api.codeproject.com/ seemed to be working as it returned some "valid" HTML.
I will give it a try again. However, I would like to share an observation -
If I login into the API manually through a browser and capture the access token by running a sample under the My API, not only I can use it for both the APIs, it seems to be lasting quite some long time. As far as I can see, I can still make requests to the API using the access token I captured yesterday (almost 12-14 hours).
Can you please enlighten this behavior? I mean the lifetime of such access tokens? Even if they are lasting for a couple of days, I can make the access token configurable in my application (as it will be only for personal use) and replace it manually bypassing these OAuth steps through the application.
Please let me know, thanks again for the API.
Whether I think I can, or think I can't, I am always bloody right!
|
|
|
|
|
I needed to turn on the Resource Owner flow. I've done that and added a sample that should get you going.
The Access Token has a limited lifetime, currently 14 days. This will change once I implement Refresh tokens and a way to quickly invalidate Access Tokens. Because of this, check for 401 responses, and get a new Access Token if you get one.
There are some security issues with creating a permanent Access Token. That being said, if we can invalidate it on the server, there is a valid Use Case for them. We will toss this into the hat.
|
|
|
|