Get email from twitter OAuth2 - laravel

I am using Socialite in Laravel to login with Twitter.
I know that not all twitter users have an email attached to their account, but for my application the user does need an email address. I am fine to block logins from people who do not have an email attached, but at the moment every user does have the email field set to null.
I am using this function to redirect to twitter:
return Socialite::driver($provider)->redirect();
I have already tried using scopes like this:
return Socialite::driver($provider)->scopes(['email'])->redirect();
But twitter is the only provider that does not allow scopes.
The callback returns the email address for other providers like facebook and google, but there seems to be something that I am missing while using twitter.
For OAuth1 there was a setting somewhere to enable the option to return the email field aswell, but since twitter accepts OAuth2 I can not find this setting anymore in the Twitter developers panel.
Any help would my appreciated since most of the information about this topic is outdated.

The solution was found in the twitter developers dashboard.
First of all go to the settings of your app.
Then you have to fill in a link to your privacy policy & terms page.
After that also enable OAuth 1.0 en then an option pops up to also receive the email address from the user that is trying to log in.

Twitter's new Oauth 2.0 user authentication does not currently (at the time of writing this answer) provide access to the user's email address, and will require an additional scope to be added. This is on the Twitter API roadmap and is a known feature request.
You can still use OAuth 1.0A and set the option to request the user's email address.

Related

How to log in to arbitrary webpage that uses OKTA for auth?

I work for a large company (50K+). Some orgs within the company use OKTA for auth on their servers.
I have a valid user login (via OKTA) for the servers, and can log in through a browser without any issues, but want to access this site programatically.
How can I log into these websites using my OKTA credentials?
I've found this doc: https://developer.okta.com/docs/reference/api/oidc/#authorize
that details how to use an OKTA endpoint, but it requires some info that I do not have. Namely, nonce, state, and client_id. I have no clue how to get this info.
I've found another endpoint that allows a similar login method, but only requires username and password (I forget the doc that referenced this):
https://<company>.okta.com/api/v1/authn
I am able to successfully authenticate with OKTA using this endpoint, and receive a session_token. Can I take this session_token and apply it to my arbitrary webpage somehow? I can not find any documentation that says so.
At first glance it appears that many of the API endpoints for OKTA require intimate knowledge of the hosted application (and/or are not meant to be accessed programmatically).
Is it possible to log into an arbitrary webpage that uses OKTA for authentication, with only knowledge that an end user would have (username/password/optional MFA)?
Hi not sure you found the answer yet. from your descriptions i think yours is web app, which is supposed to use authentication code flow. else, you can ask your web developers what authentication flow they use and follow the auth process accordingly.
you need to retrieve id token & access token for authentication.

How to replace people.me from Google+ with Google People/Google Sign In api?

I had a "sign in with Google+" function in my web-app. Upon signing in I would show user's email and name on the page and save it to database. To fetch user's profile data after sign in I used Google+ API method people.me with access_token in GET params.
Google+ API is going to shut down on March 7. I have to migrate to Google People or some other api. How do I achieve the same goal with a different google API? I need to fetch email and name by known auth token.
We use this through Laravel's Socialite, and they're replacing it with:
https://www.googleapis.com/userinfo/v2/me
You may want the profile scope as part of the OAuth flow to make the profile data accessible through this methods. Otherwise it will return incomplete data.

Slack API - scope permissions

I'm trying to get further user details from the Slack's API.
Currently I'm authenticating users via Slack's OAuth2 that returns a code. I'm currently asking for scope=identity.basic,identity.email,identity.avatar. When I try to ask for more, like users.profile:read, the link redirects me to a crash page.
My link for signing in to my app via Slack is like this, for now:
Thanks for any help
Sign in with Slack works as a kind of sidebar form of OAuth 2.0 authorization for Slack. It's meant to be used for identity, exclusively. So whenever going through the flow and asking for an identity.* scope, you'll be restricted from combining it with others.
You can still ask for users.profile:read, but you have to do so in a separate authorization attempt where it's not among the momentarily requested scopes. It'll then be added to the user token you already hold for that user.

Access email from Gmail from server

I am trying to be able to set up a cron job to read contents from a certain email in my gmail inbox daily. I lookeed up gmail api documentation and noticed that the only way to authenticate my requests to access email data is via OAuth 2.0 which requires user authorization. Is there a way to authorize my app to access emails from a particular email id without the need for the user to manually take any actions.
I found this: https://developers.google.com/identity/sign-in/web/server-side-flow. I was wondering if there is any way to follow this workflow without having to build the UI?
Technically speaking you can use Oauth2 you just have to have the user authentication your application once. You will get a refresh token then you can use the refresh token to get a new access token from cron. Unless this is a Google domain account you cant use service accounts. There is no way to pre authorize a service account to access a normal user gmail.
Alternative: have you considered going directly though the mail server? Skip the rest api. https://developers.google.com/gmail/oauth_overview Note: That page also speaks of XOauth2 I haven't tried it yet you can still access SMTP and IMAP using username and password.

Get Twitter OAuth token and secret without making user sign in using Twitter

I've implemented Omniauth for Twitter in a rails app I'm working on. With the users who sign in using that I can get OAuth tokens and secrets for them. That's all working.
What I can't figure out is how to get OAuth tokens and secrets for users who don't sign in using Twitter?
I'm sure I've used sites where you can "Authenticate" them so that they can get OAuth tokens and secrets for you without signing in using Twitter. Twitter seems to suggest that you need to use 3-legged authorization but I can't seem to find anything much about that.
Is 3-legged authorization the way to go about it?
What I would do is modify your controller action that handles the Omniauth callback for Twitter. If when that action is accessed the user already has a session (i.e. they logged in through your alternate mechanism) then you just grab the Twitter token/secret and store it just like you do when creating a new user that signed in via Twitter. If there is no user in the session, then do what you already are doing.
Now, you can just add a button to your site that people who are logged in but do not have Twitter token/secret can see. The button links to the exact same /auth/twitter you use for your sign in with Twitter link.
After they authenticate with Twitter they will be sent to the callback URL where your app will see they are already signed in (the user is in the session) and will just add the Twitter token/secret.

Resources