I have an application that connects to the twitter api using thujohn/twitter package. I want a schedule that makes sure that at a certain time of the day everyday every user in my application tweets to his timeline. Now the issue with the package is that only an authenticated user can make a api call to twitter. The method is Twitter::postTweet() which will post whatever tweet passed in to the static function to the timeline of the authenticated user. How can I go around it and make sure i can call the method on all my users even if they are not authenticated at the scheduled time.
Here is the Twitter package where all the logic lies
I would appreciate any help whatsoever.
Related
I have an html-based Task Module that interacts with my external service via a REST API. I need to secure these API calls, but because the user who triggers the Task Module may be an anonymous participant in the meeting, I can't use graph authentication.
The best I can do is ensure that the API calls come from the TaskModule that was just created and rely on the authentication of the Bot request to identify the user.
I could add a query parameter to the URL used to launch the html-based Task Module, but query parameters are sent in plain text and often logged on servers.
I could limit the life time of the query parameter, similar to the oAuth flow, but unlike oAuth, my flow requires human interaction between the creation of the "code" and the exchange for a "token" so the life time would need to be longer than I am comfortable with.
I compared the values I get in the Bot "invoke" request for the Task Module with the context object I get back from microsoftTeams.getContext() inside the Task Module itself. I don't see anything that would link the Task Module instance to the specific invoke request.
Ideally, I would like to be able to specify the "subEntityId" to be able to pass an opaque value for the specific instance of the TaskModule and authenticate the REST API calls with this secret. So far I haven't found anything that works.
I need to check the uploaded videos on a YouTube Channel and then upload missing videos via a CRON JOB.
I first thing I tried was the REST API and the server response with the endpoint was moved.
The problem I ran into with the PHP Google API Client is that it requires the user to authorize the token.
I now tried using the Python Code, but it also requires a authorize session. Also when creating the OAuth 2.0 client ID we are suppose to use OTHER. And there is no OTHER.
Python quickstart
Any Ideas? This has been really frustrating as there does not seem to be a lot of examples other than the ones Google provides. I also could not find a rest equivalent. I do not care if the solution is python or Rest or PHP client. I just need a user less CRON job doing the work.
What you need to consider is that there are two types of data public data and private data.
Public data is not owned by any user. Videos on YouTube for example for the most part are publicly available and do not require authorization to access. On the other had private data is data that is owned by a user.
In order to access public data you just need an api key to identify your application, however in order to access private user data you need the permission of the user who owns the account in question.
In order to upload to a users account (yes even your own) you need to be authenticated there for you will need to use Oauth2 yes even if you are using a cron job you still need to be authenticated there is no way around this. There for you will need to create Oauth2 credentials.
What i recommend you do is. Authorize your code once your your local machine store the refresh token and use the refresh token to request a new access token when ever your cron job needs access. I recomend you give that a try and if you have any issues create a new question include your code and a description of the problem you are having.
This is your only option with the YouTube API.
I'm using the Expo Facebook login on my React Native app. In my app they can create and join events, which is done via API calls to my Laravel backend. I need these API calls to be authenticated (so some random person can't submit requests on someone else's behalf), but I don't want them to have to login twice. How can I ensure the person making API calls is who they say they are?
When they auth with Facebook they get their unique Facebook user ID, but I'm not sure if that is a secret they would only know after authenticating with FB or if anyone could get it. For my alpha version it's just sending their FB user ID with the request to ensure it's coming from the right person, but that seems really insecure because if anyone gets that ID they can forge requests.
One idea I had was to pass the auth token the React Native app got from Facebook to my API, and then on my server use that auth token to ensure it's really them. That just seems sort of complicated and it's hard to find a package that helps facilitate this, though.
It seems like this has to be a common problem. Any resources on how other apps handle this? Tinder, for example, must have this same problem.
I an developing a chrome extension which doesn't has any sign up or sign in flow, instead depends on authentication of a separate web app. I started integrating mixpanel and tracking user events anonymously, Now i want to identify those anonymous users using "alias" and "identify" api. I have a user_id for identifying users from the web app exposed REST api. Now if i apply a boolean check and make sure i call mixpanel "alias(user_id)" once and call "identify(user_id)" every time user visits a page, I can see a user entry in explore tab of mixpanel but live events tab has a anonymous user with same user_id and its tracked data, I wish to link such anonymous users with appropriate user profiles.
Please help me with this if you have some understanding of mixpanel. I am new at this.
Since I didn't had a sign in or sign up flow, I cannot use
mixpanel.alias
Hence i am now calling
mixpanel.identify
As soon as user installs the plugin, Since "identify" api can be called any number of times for an user, We are able to track all future events as soon as plugin gets installed.
This way by not letting the user generate anonymous events we can handle such situation.
We are building a finance app and integration Yodlee in it and we have come to situation where we need user's loging.
Now we have two scenarion,
Ask user to login & use token for API call. But as userSessionToken expires after every 30 minutes, we need to open yodlee login screen.
We can register yodlee user when any user sign-up on our site and use his credential from back-end to get yodlee userSessionToken
Scenario 2 has data protecting issue. Is there any way where we can get new token with a single user login.
Please suggest me if there is any alternative way.
You should use second approach, as you don't want user to register twice.
Once user registers to your site you should internally call register3 API to register that user with Yodlee. There is no data protecting issue, unless you don't have required security standards in place.