quake_01 said: So, to use a get request to get an anime list would be similar to when you tested the API to request your profile information? Yes, the code is very similar. Take a look at the official documentation to find all the info you might need: Get user anime list. For example, here's a function which prints some data about the first 10 entries of the user's anime list: |
 ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
bakugo411 said: I am getting the unsupported grant type error and it seems that I am not generating a token at all. I was able to get it in my http simulator, but I keep getting invalid in my code. You misspelt "header" inside the "option" object, the right version is "headers". Also, I don't know the content of the "process_stream" function, so there might be a bug in there as well. Either way, I slightly altered your code to make it work. Here's the snippet: |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
HelpfulSchwarz said: Hello! Thank you very much for this wonderful guide. I am trying to implement the login functionality in my android app and everything went smoothly till the token exchange step. I get a weird error which says: AuthorizationException: {"type":2,"code":2002,"error":"invalid_grant","errorUri":""} I have checked that my code challenge in auth and token phases are the same, tried with both AppAuth and Retrofit, nothing helps. I am at the end of my wit here. I skimmed through the repository but it's hard to pinpoint the issue as the codebase is quite large and you're using a third-party OAuth client (OpenID's AppAuth) which is poorly documented. So far I've found one critical error: in this file at line 23 you called the setCodeVerifier(codeChallenge) method to set the Code Verifier. However, this function uses the S256 challenge method (i.e. Code Challenge = SHA-256(Code Verifier)), while MAL only supports the "plain" method (docs). You should be able to fix this by using the second overload of the same method: setCodeVerifier(String codeVerifier, String codeVerifierChallenge, String codeVerifierChallengeMethod). The three parameters you have to pass should be codeChallenge, codeChallenge, and AuthorizationRequest.CODE_CHALLENGE_METHOD_PLAIN. Try fixing this and retry. There might be other bugs in the code, maybe it would be easier to build the OAuth client from scratch. |
ZeroCrystalDec 2, 2020 10:14 AM
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
HelpfulSchwarz said: Thank you very much for taking time to look through my code! I have tried it and it finally worked :) That's great to hear! Good luck with your app. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
ahmetbugraozcan said: https://mal.auth0.com/.well-known/openid-configuration is it myanimelist's or not? It's not MyAnimeList, just a different company with the same acronym. I'm not sure about which OAuth libraries are available for Flutter, but it's probably easier to implement the authorisation workflow by hand. It's simpler than it might sound. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
Terlaws33 said: Blocked By Cross-Origin Policy Hello, I'm trying to get the user's access token. I'm actually using vueJS (a JavaScript framework) to make my application but I can't make post request to another domain it's blocked by CORS Policy so I always have this error on consol: … Do you have any solution to get the user's access token in VueJS? Unfortunately, the API is poorly suited for front-end scenarios like browser-powered applications or userscripts. I explained the problem (and a possible solution) in #36: ZeroCrystal said: As we've briefly discussed in the previous posts, at the moment it's not possible to interact with the API straight from the browser. Normally, you would write something like: Unfortunately, the API servers don't include the CORS headers required to execute the above code snippet. If you don't know what CORS is, you can read this short MDN article. This is an issue that should be solved by MAL's dev team. In the meantime, the easiest solution is probably to use a public reverse proxy to access the API. CORS Anywhere is an example. You can replace the original URL with: This snippet should work as expected, but you are relying on a third-party service. It should be ok for testing, but you shouldn't be using it for public applications. Hosting your own reverse proxy is a better solution (the code for CORS Anywhere is open-source). Still, a proper solution has to be deployed by MAL. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
Lege111 said: And of course after working on this for 2 days I figure it out 10 minutes after postin this. A classic. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
selective53 said: I'm having trouble receiving the access token in JS. I'm sending the following POST request with XMLHttpRequest encoded with encodeURI(): `https://myanimelist.net/v1/oauth2/token?client_id=${oAuth.client_id}&client_secret=${oAuth.client_secret}&grant_type=${oAuth.grant_type}&code=${oAuth.code}&code_verifier=${oAuth.code_challenge}` That's because you shouldn't pass those parameters as part of the query string. They must be form-URL encoded and placed inside the body of the POST request. Either way, if you're building a browser-side application, you will have some issues with the (missing) CORS headers. I explained the problem (and a possible solution) in #36: ZeroCrystal said: As we've briefly discussed in the previous posts, at the moment it's not possible to interact with the API straight from the browser. Normally, you would write something like: Unfortunately, the API servers don't include the CORS headers required to execute the above code snippet. If you don't know what CORS is, you can read this short MDN article. This is an issue that should be solved by MAL's dev team. In the meantime, the easiest solution is probably to use a public reverse proxy to access the API. CORS Anywhere is an example. You can replace the original URL with: This snippet should work as expected, but you are relying on a third-party service. It should be ok for testing, but you shouldn't be using it for public applications. Hosting your own reverse proxy is a better solution (the code for CORS Anywhere is open-source). Still, a proper solution has to be deployed by MAL. EDIT: @selective53, you deleted your post just a few seconds before I wrote this message. Do you still need some help? |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
selective53 said: I use Tampermonkey and modify the site so hopefully I won't run into CORS issues. In that case, you might need to use the GM_xmlhttpRequest(…) function to bypass any eventual cross-site origin error. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
R1dje said: Hello. I don't get it, should I use oAuth 2 to get token even if I want to access public data like top of anime or manga? Yes. Currently, there're no “anonymous” API endpoints that you can use without being authenticated (via OAuth). They will be added in the future. R1dje said: If so, how official android mal client works if I cancel authorization? If not, where to get Bearer YOUR_TOKEN without user ID? It seems like on step 4 I need Parameter code: the user's Authorization Code received during the previous step. (REQUIRED) (Step 3 - User redirection) MAL's official mobile app doesn't use the public API (or, at least, not completely). They run their own private endpoints to compensate for some of the issues and missing features of the public API. I don't know if they mix private and public API calls, but some of the things the app is capable of are impossible to reproduce on a third-party application without performing some minor “hacking”. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
Wheelz said: I'm trying to build a Discord bot that interfaces with MALs API, is it possible to search for anime by string rather than an integer value? I don't think it's reasonable to expect the average user to know the integer id of the anime they want information on. The https://api.myanimelist.net/v2/anime method ("get anime list") includes an optional "q" search string and can thus be used for exactly this purpose. Documentation : https://myanimelist.net/apiconfig/references/api/v2#operation/anime_get |
| anyone tried authenticating with next-auth.js? had any luck? for me it seems that it can't retrieve the correct url (after "Allow" screen), and it crashes on the callback |
 Set by Secret Santa Stardew <3 |
Chop_in said: anyone tried authenticating with next-auth.js? had any luck? for me it seems that it can't retrieve the correct url (after "Allow" screen), and it crashes on the callback I've never used that library, but, according to the docs (here), you cannot set the "code_challenge_method" to "plain" and thus it's incompatible with MAL. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
ZeroCrystal said: I've never used that library, but, according to the docs (here), you cannot set the "code_challenge_method" to "plain" and thus it's incompatible with MAL. Thanks, the error code wad different and I didn't even think about it. Anyway i spent probably around 8 hours total trying to debug this thing, and then wrote simple authirization myself in an hour. I hate js libraries even more now :) |
Set by Secret Santa Stardew <3 |
Chop_in said: I hate js libraries even more now :) Welcome to the club! ^^ The authorisation flow is not complicated, it's probably easier to write some code from zero than spending hours looking for the right library. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
| Hey @allanrivers, are you certain that you're passing the parameters form-url encoded instead of appearing them to the query string? Can you post your Postman configuration or your Laravel code? |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
allanrivers said: I actually just used your python script instead. Worked like an absolute charm, thank you! Good. Glad it helped! |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
fbaierl said: Nevermind, I figured it out. Javascript needs to be enabled for the Android WebView. :) Yep, reCAPTCHA won't let you complete the procedure without enabling JS. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
I think the issue might be with the %7E |
 |
I didn't have time to test any of this, but "%7E" translates to "~", which is a valid character according to the standard. Also, an invalid Code Challenge would give you an error during the previous phase of the authentication process and not during the token negotiation. Still, it may be worth trying a simpler string as Code Challenge (e.g. AAAAA...). @fbaierl, can you try negotiating the token using a different language or a tool like Insomnia or Postman? It should help to pinpoint the cause of the error. It's weird that MAL returns a 400 status code without any kind of error in the body. |
ZeroCrystalOct 23, 2021 3:13 PM
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
| I’m aware that %7E is ~, the sample from the stack overflow shows %7E instead of ~. My thinking is that passing that encoded verifier to the MAL Authenticator would cause an issue because that constructor also encodes the data. In other words, passing an encoded verifier to that constructor would encode it again causing the resulting verifier to be malformed. |
|
KatsuteDev said: I’m aware that %7E is ~, the sample from the stack overflow shows %7E instead of ~. My thinking is that passing that encoded verifier to the MAL Authenticator would cause an issue because that constructor also encodes the data. In other words, passing an encoded verifier to that constructor would encode it again causing the resulting verifier to be malformed. I don't know the internals of Mal4J so I'll trust you. Thanks for the note. Once again, @fbaierl, can you try using a simpler, static string for the Code Challenge? |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
| Good. I didn't notice the missing Redirect URL. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
| Looks like you found a bug in my code, I have marked this issue as Katsute/Mal4J#249 and should be fixed in the next patch. |
|
Nsiem said: I'm getting an error where my code received after i click allow, isn't working. i'm getting a 401 client not authorized for url: https://myanimelist.net/v1/oauth2/token, i'm also not being redirected correctly to the redirect i put in when registering my client, http://localhost/oauth, maybe this is the issue? Hi. I have a few questions. • To which page are you being redirected to if it's not the one you set in the API panel? • Can you confirm that after clicking on "Allow", you can find the Authorisation Code in the URL (parameter "code")? • Can you share the code you're using to negotiate the token? |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
Nsiem said: So i realized my error was that I wasn't using my Client Secret, since I thought I didn't select web application haha. it's all working fine, thank you btw for your SUPER helpful post on MAL's auth Thanks! Have a nice day. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
| Heya! Wondering if anyone can help me out here. Currently trying to use oauth2 to allow users to log into my application using their MAL accounts. Just need someone to confirm if this is what the actual oauth login page looks like or if i've somehow messed up? This seems a bit too... plain?  The URL I'm using: https://myanimelist.net/v1/oauth2/authorize?response_type=code&client_id=myclientidhere&state=randomcharacters&redirect_url=htmywebsiteurl&code_challenge=morerandomcharacters&code_challenge_method=plain |
ScrumpyGGNov 16, 2021 4:06 PM
| @ScrumpyGG, that's an error screen (I know, it doesn't look like it). You've probably mistyped at least one of the fields of the URL. For starters, can you double-check that the redirect URL is the right one? It must be exactly like the one you've set in the API panel, the system performs a character-by-character comparison. Watch out for pending slashes at the end of the URL. If it doesn't work for you, try removing the optional fields and retry. |
| ★ HTCPCP/1.0 ★ MetaMAL ★ Picture credits: Living & 1041uuu |
| Hello there, new here and new to programming. I am trying to simulate responses from the API endpoints with postman. I have managed to get data from the public endpoints and the user anime's list. However I cannot use the 'get user' endpoint since it requires OAuth 2.0. Can anyone or @ZeroCrystal show me an example of how to do a postman GET request of the endpoint (https://api.myanimelist.net/v2/users/{user_name})? The docs are quite overwhelming for beginners and I feel like they could be more explicit. Whenever I fill postman's authorization tab with the info I got I get a {"error":"invalid_client","message":"Client authentication failed"} message when trying to get a new access token. |
More topics from this board
» Unannounced API maintenance ? ( 1 2 )Jhiday - Jan 31 |
73 |
by AxtoMax
»»
Apr 26, 9:46 PM |
|
» Which endpoints support nsfw query param?crimson-megumin - Apr 21 |
2 |
by crimson-megumin
»»
Apr 23, 2:29 PM |
|
» Cant build the URLtamcio_ - Dec 4, 2022 |
4 |
by Jotzy
»»
Apr 22, 4:35 AM |
|
» I made a new anime recommendation system for MyAnimeListAsudox - Mar 21 |
4 |
by Asudox
»»
Apr 11, 2:58 PM |
|
» API Rate Limit?Asudox - Jan 23 |
7 |
by pepeefirat
»»
Mar 23, 3:57 AM |