Skip to main content

OAuth

OAuth

OAuth2 is a protocol that lets external applications request authorization to private details in a user’s Dribbble account without getting their password. This is preferred over Basic Authentication because tokens can be limited to specific types of data, and can be revoked by users at any time.
All developers need to register their application before getting started. A registered OAuth application is assigned a unique client ID and client secret. The client secret should not be shared.

Web Application Flow

1. Redirect users to request Dribbble access.

GET https://dribbble.com/oauth/authorize

Parameters

NameTypeDescription
client_idstringRequired. The client ID you received from Dribbble when youregistered.
redirect_uristringThe URL in your application where users will be sent after authorization. See details below about Redirect URLs.
scopestringA space separated list of scopes. If not provided, scope defaults to the public scope for users that don’t have a valid token for the application. For users who do already have a valid token for the application, the user won’t be shown the authorization page with the list of scopes. Instead, this step of the flow will automatically complete with the same scopes that were user last time the user completed the flow.
statestringAn unguessable random string. It is used to protect against cross-site request forgery attacks.

2. Dribbble redirects back to your site.

If the user accepts your request, Dribbble redirects back to your site with a temporary code in a code parameter as well as the state you provided in the previous step in a state parameter. If the states don’t match, the request has been created by a third party and the process should be aborted.
Exchange this for an access token:
POST https://dribbble.com/oauth/token

Parameters

NameTypeDescription
client_idstringRequired. The client ID you received from Dribbble when youregistered.
client_secretstringRequired. The client secret you received from Dribbble when you registered.
codestringRequired. The code you received as a response to Step 1.
redirect_uristringThe URL in your application where users will be sent after authorization. See details below about Redirect URLs.

Response

The response will be returned as JSON and takes the following form:
{
  "access_token" : "29ed478ab86c07f1c069b1af76088f7431396b7c4a2523d06911345da82224a0",
  "token_type" : "bearer",
  "scope" : "public write"
}

3. Use the access token to access the API.

The access token allows you to make requests to the API on a behalf of a user.
GET https://api.dribbble.com/v1/user?access_token=...
You can pass the token in the query parameters like shown above, but a cleaner approach is to include it in the Authorization header:
Authorization: Bearer ACCESS_TOKEN
For example, in curl you can set the Authorization header like this:
curl -H "Authorization: Bearer ACCESS_TOKEN" https://api.dribbble.com/v1/user

Client Flow

Applications are provided a read-only access token that can be used for a server implementation or public JavaScript client. Note that the access token is still subject to rate limiting.
You use the access token the same way as a web access token.

Non-Web Application Flow

We currently do not support any other authentication methods besides OAuth. If you only need read-only access try the client flow.

Redirect URLs

The redirect_uri parameter is optional. If left out, Dribbble will redirect users to the callback URL configured in the OAuth application settings. If provided, the redirect URL’s host and port must exactly match the callback URL. The redirect URL’s path must reference a subdirectory of the callback URL.
CALLBACK: http://example.com/path

GOOD: http://example.com/path
GOOD: http://example.com/path/subdir/other
GOOD: myapplication://phone-callback
BAD:  http://example.com/
BAD:  http://example.com/bar
BAD:  http://example.com:8080/path
BAD:  http://oauth.example.com:8080/path
BAD:  http://example.org
BAD:  ssh://example.com

Scopes

Scopes let you specify exactly what type of access you need. Scopes limit access for OAuth tokens. They do not grant any additional permission beyond that which the user already has.
For the web flow, requested scopes will be displayed to the user on the authorize form.
NameDescription
publicGrants read-only access to public information.This is the default scope if no scope is provided.
writeGrants write access to user resources, except comments and shots.
commentGrants full access to create, update, and delete comments.
uploadGrants full access to create, update, and delete shots and attachments.
Your application can request the scopes in the initial redirection. You can specify multiple scopes by separating them with a space:
https://dribbble.com/oauth/authorize?
  client_id=...&
  scope=public+write

Common errors for the authorization request

There are a few things that can go wrong in the process of obtaining an OAuth token for a user. In the initial authorization request phase, these are some errors you might see:

Application Suspended

If the OAuth application you set up has been suspended (due to reported abuse, spam, or a misuse of the API), Dribbble will redirect to the registered callback URL with the following parameters summarizing the error:
http://your-application.com/callback?error=application_suspended
  &error_description=Your+application+has+been+suspended.
  &state=xyz
Please contact support to solve issues with suspended applications.

Redirect URI Mismatch

If you provide a redirect_uri that doesn’t match what you’ve registered with your application, Dribbble will redirect to the registered callback URL with the following parameters summarizing the error:
http://your-application.com/callback?error=invalid_redirect_uri
  &error_description=The+redirect+uri+included+is+not+valid.
  &state=xyz
To correct this error, either provide a redirect_uri that matches what you registered or leave out this parameter to use the default one registered with your application.

Access Denied

If the user rejects access to your application, Dribbble will redirect to the registered callback URL with the following parameters summarizing the error:
http://your-application.com/callback?error=access_denied
  &error_description=The+resource+owner+or+authorization+server+denied+the+request.
  &state=xyz
There’s nothing you can do here as users are free to choose not to use your application. More often than not, users will just close the window or press back in their browser, so it is likely that you’ll never see this error.

Common errors for the access token request

In the second phase of exchanging a code for an access token, there are an additional set of errors that can occur.

Incorrect Client Credentials

If the client_id and or client_secret you pass are incorrect you will receive this error response.
{
  "error" : "invalid_client",
  "error_description" : "Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method."
}
To solve this error, go back and make sure you have the correct credentials for your OAuth application. Double check the client_id and client_secret to make sure they are correct and being passed correctly to Dribbble.

Redirect URI Mismatch

If you provide a redirect_uri that doesn’t match what you’ve registered with your application, you will receive this error message:
{
  "error" : "invalid_grant",
  "error_description" : "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}
To correct this error, either provide a redirect_uri that matches what you registered or leave out this parameter to use the default one registered with your application.

Bad Verification Code

If the verification code you pass is incorrect, expired, or doesn’t match what you received in the first request for authorization you will receive this error.
{
  "error" : "invalid_grant",
  "error_description" : "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}
To solve this error, start the OAuth process over from the beginning and get a new code.

Comments

Post a Comment

Popular posts from this blog

sxhkd volume andbrightness config for dwm on void

xbps-install  sxhkd ------------ mkdir .config/sxhkd cd .config/sxhkd nano/vim sxhkdrc -------------------------------- XF86AudioRaiseVolume         amixer -c 1 -- sset Master 2db+ XF86AudioLowerVolume         amixer -c 1 -- sset Master 2db- XF86AudioMute         amixer -c 1 -- sset Master toggle alt + shift + Escape         pkill -USR1 -x sxhkd XF86MonBrightnessUp          xbacklight -inc 20 XF86MonBrightnessDown          xbacklight -dec 20 ------------------------------------------------------------- amixer -c card_no -- sset Interface volume run alsamixer to find card no and interface names xbps-install -S git git clone https://git.suckless.org/dwm xbps-install -S base-devel libX11-devel libXft-devel libXinerama-devel  vim config.mk # FREETYPEINC = ${X11INC}/freetype2 #comment for non-bsd make clean install   cp config.def.h config.h vim config.h xbps-install -S font-symbola #for emoji on statusbar support     void audio config xbps-i
1 comment
Read more

Hidden Wiki

Welcome to The Hidden Wiki New hidden wiki url 2015 http://zqktlwi4fecvo6ri.onion Add it to bookmarks and spread it!!! Editor's picks Bored? Pick a random page from the article index and replace one of these slots with it. The Matrix - Very nice to read. How to Exit the Matrix - Learn how to Protect yourself and your rights, online and off. Verifying PGP signatures - A short and simple how-to guide. In Praise Of Hawala - Anonymous informal value transfer system. Volunteer Here are five different things that you can help us out with. Plunder other hidden service lists for links and place them here! File the SnapBBSIndex links wherever they go. Set external links to HTTPS where available, good certificate, and same content. Care to start recording onionland's history? Check out Onionland's Museum Perform Dead Services Duties. Introduction Points Ahmia.fi - Clearnet search engine for Tor Hidden Services (allows you
5 comments
Read more

download office 2021 and activate

get office from here  https://tb.rg-adguard.net/public.php open powershell as admin (win+x and a ) type cmd  goto insall dir 1.         cd /d %ProgramFiles(x86)%\Microsoft Office\Office16 2.           cd /d %ProgramFiles%\Microsoft Office\Office16 try 1 or 2 depending on installation  install volume license  for /f %x in ('dir /b ..\root\Licenses16\ProPlus2021VL_KMS*.xrm-ms') do cscript ospp.vbs /inslic:"..\root\Licenses16\%x" activate using kms cscript ospp.vbs /setprt:1688 cscript ospp.vbs /unpkey:6F7TH >nul cscript ospp.vbs /inpkey:FXYTK-NJJ8C-GB6DW-3DYQT-6F7TH cscript ospp.vbs /sethst:s8.uk.to cscript ospp.vbs /act Automatic script (windefender may block it) ------------------------------------------------------------------------------------------------------------------- @echo off title Activate Microsoft Office 2021 (ALL versions) for FREE - MSGuides.com&cls&echo =====================================================================================&
Post a Comment
Read more