In the Preventing duplicate Items article, it mentions that you can use a specific combination of fields to determine if there are duplicate items or not. And specifically OAuth institutions, it says the combination of fields are: customer's user ID and institution_id. I'm confused what the customer's user ID is. I'm not familiar with this identifier. Can somebody explain?
The customer's user ID would be a value in your own application's business logic, not part of the Plaid API. In most Plaid use cases, alongside an Item, you would typically store some kind of user id that associates it with a specific user in your system. The logic here is saying that if the same end user in your system has multiple Items with the same institution, they are probably duplicate Items.
Related
I am working on a function that allows a user to check if their existing device contacts are using our platform, based on phone numbers.
For privacy and security, we are hashing the user's contact's phone numbers on device (salted with the user's id) before sending to our server.
Server side, we then need to hash our entire contacts table (using the user's id as a salt), which is currently being done in a for loop.
We then check this list against the request list, and return the details for any matches.
However, I'm sure there is a more efficient way of doing this, something like computing the hash in a calculated field then including the $request->hashes in a "whereIn" clause.
Could someone give me a pointer on the best approach to be taking here?
The question is, what privacy and security are you achieving by sending hashed value of contact number?
You are hasing the contact in client side(device), that means you are using a key and salt that is available in clinet side already. How can that be a security feature?
If you want to search hashed value in database then it's better to save hashed contract number in a column in the first place. So you can directly run where query in database table.
Ideally, if you really concern about user's contact number you should:
Encrypt the user's contacts in backend/databse not in frontend.
If you need to query for a field in database then you should make a hash valued column that can be matched easily. I mean searchable fields should be hashed so you can run direct query.
Nothing to worry about user's contact security in frontend if you are already passing it trhough Secure HTTP(HTTPS).
Even it a common practice in the industry, to pass a submitted plain password via HTTPS when a user submit it in frontend. It shouln't be a concern of privacy or security.
Using the Google Classroom API method userProfile, I can get various information about a user, including their name and email address, but not whether they are a student or teacher. How can I determine whether a user is a student or teacher?
Classroom does have the concept of teachers and students, however the distinction between teachers and students is only meaningful relative to a particular course (it’s possible for a user to be a “teacher” of one course and a “student” of another) and so you might not be able to use these categories to apply access controls in the way you were expecting.
For example, if alice#school.edu is a member of a particular course’s courses.teachers collection, and bob#school.edu is a member of courses.students, then you can use this information to decide that bob#school.edu should not see certain content created by alice#school.edu. (For example, you might not want to show Bob the answers to a quiz that Alice has created on your website, just the questions.)
However, because by default all users can create courses, you probably do not want to show alice#school.edu sensitive information created by teachers of other courses, information intended for teachers that you provide (for example, if you are a textbook publisher), or giving her domain-wide admin features.
If you need to distinguish between “real-world” teachers and students, we recommend that you do this via a mechanism entirely separate from Classroom, such as checking that the user’s email address appears in:
a separately-maintained list of teachers (e.g. CSV uploaded by admin)
the classroom_teachers group – domain administrators can choose to verify teachers to allow them to create new classes (use the Directory API to list a user’s groups)
Classroom api dosent provide global role for a teacher or a student its vary from course to course so you can just call student/teacher api
after that you will get json output and you find a special permission for teacher "Create Course" it will help you to recognized that the person is teacher.
"permissions": [
{
"permission": "CREATE_COURSE"
}
]
in case of student this array will be null.
Is there any way how to uniquely identify user who caused an event? I want to extract all events from Appsactivity service, which belongs to specific user.
The problem is, that service.activities().list() returns also activities of other users of shared file, even if this request has set userId which indicates the user to return activity for. It returns all visible activities to given user and therefore it contains activities of other users.
I tried to filter list, but it seems to be impossible - events contains simple User object which does not have userId or userEmail.
One way is to compare user's photo url which is avalaible in appactivity User object. Note, that this can be done only if url is not null, otherwise it won't uniquely identify user.
I have an application where users of the application can have many contacts ( other users of the application ) related to them. I would like to maintain a relation between a single user and its set of contacts. At any given point of time, I do NOT need to know anything more than the direct set of contacts for a particular user, i.e, contacts of contact of a particular user is not of relevance in this application.
Any suggestion on how to organise this data within the database? Please note that the number of users could go up really high.
Just to add some extra info, the database I am using right now is Mongodb and language being used is Ruby.
The only model right now before thinking of building all these relations is the Users model which stores details of each user registered onto the application. Now as I mentioned above, I need to built the specified relation between the user and its set of contacts. Any help would be highly appreciated.
I want to register users on the basis of their emaild ids on my website, assuming that there is one to one relationship between users and their emailid strings. But gmail doesn't recongnize .s in email ids. That means juzerali#gmail.com and juzer.ali#gmail.com are the same users (or emaild ids).
My concern is not just this one use case, it could be overcome by simply stripping the string of dots. Different email providers might be having different policies regarding email aliases and notations.
My question to community is is there any de facto rules/guidelines for creating unique users based on their email ids as their unique identifiers? Or has someone implemented this successfully before?
NOTES: I have checked a few websites that registers on the basis of email id. They seem consider two gmail ids with different combinations with .s as different email ids. That means same email account holder can possess two accounts on the same site, which I want to avoid.
IMPORTANT: Oauth/OpenID is not an option.
Try facebook login and get username from the facebook API. But if you dont want to access any secondary service for auth, then you might as well ask users to choose a username, and constrain uniqueness there. As far as i know there is nothing more you can do!
Hotmail for example allows you to have any string after a +
for eg. abc#hotmail.com is same as abc+123#hotmail.com