I am using yammer REST API to get group data in sharepoint from yammer, it is opening a new tab for authentication. Is there any way to prevent this new tab?
I tried to open yammer in a hidden iframe, which gives me error - "Refused to display in a frame because it set 'X-Frame-Options' to 'sameorigin'."
It sounds like you're using the JS SDK to make REST API calls. It needs a way to authenticate those calls so if it doesn't have an OAuth token to use from another source, it prompts you to login. Take a look at this blog post that describes how to preauthorize the JS SDK so you can start making API calls scoped to the user loading the page without requiring any interaction from the user.
https://blogs.technet.microsoft.com/askyammer/2016/11/04/preauthorizing-the-yammer-js-sdk/
Related
Hi is there a way to get users applications list in OKTA via jquery? Right now we are using Okta Iframe on our page, problem is that the okta content cannot be changed.
The operation that lists users assigned to an application is part of the Apps API, which requires an API token. For security reasons, you can't call it from jQuery code.
If you have a backend or API component to your application, you can use that to call this API securely and then pass the results to your frontend.
I have a single page application with some user-related calendars. The task is to write integration with the google calendar. A user should be able to click on 'integrate with google calendar', select his google account, give read+write access to the calendar, and then the application should be able to do a number of things within the user google calendar like creating a new calendar and sync all events inside it with the application data.
I started with this example, https://developers.google.com/calendar/quickstart/js
It works, but as I understand it's for online front end work only. Is it possible to retrieve authentication from this front end and send it to the back end? I want back end to operate server-to-server mode, while the user is offline.
I have checked the other, back end gapi integrations, but they do not look so cool, there're some redirects. I want to keep everything inside a single page with ajax and popups.
In order to access a users data when the user is off line you need something called offline access. When you authecate the user you will need to request offline access then the server will return to you a refresh token.
A refresh token is long lived you will be able to use your refresh token at anytime to request a new access token which will allow you to access the users data.
You cant use offline access with JavaScript you will need to use a server sided language like say node.js, php, phython .... you will not be able to use gapi
I am trying to login website with yammer credentials using REST api. I have registered in yammer API. Now i have got developer token and Client ID from Yammer website.
Could you guys please let me know what is next step to login with yammer credentials from our application using c# in visual studio. Because i am beginner in using API.
Thanks!
You have a couple of options:
The JS SDK approach -
https://blogs.technet.microsoft.com/israelo/2014/10/21/yammer-rest-api-for-dummies/
The ADAL approach -
https://blogs.technet.microsoft.com/israelo/2016/07/05/yammer-apis-and-adal-tokens/
The first open will request users to login via a browser pop up, and the second option can utilise IWA, but there are some pre-conditions and limitations as it is still in preview. Details are in the blog.
I'd like to show or hide a button that allows a user to log in via google based on whether or not they have created the account via google's authentication APIs.
I see that there was a "silent" (non-popup) way to check for authorization information with the gapi.auth.authorize by passing immediate: true when calling the function. I don't see anything similar in the gapi.auth2 library.
Is there a way to do this so that I can hide the log in via google button if they haven't authorized google to authenticate with my app using gapi.auth2 or should I use gapi.auth.authorize to do it?
I am building a WP7 Twitter client. The normal OAuth 1.0 flow involves obtaining a request token by navigating a web browser to https://api.twitter.com/1/oauth/authenticate with my app's consumer key; this page will show a login prompt and ask the user to authorize my app to perform actions on their behalf. Upon completion, this page will redirect to a callback URL supplied by my app, with the request token supplied as a parameter.
For web apps this makes sense. I don't understand how this is supposed to work for a standalone mobile/desktop app, though. The Twitter API documentation seems to imply that this should be a feasible option. They do offer an alternative xAuth mechanism that allows an app to gather username/password itself and then supply that directly to obtain an access token. The API documentation points out that this is an inferior option (as it requires the user to trust the app, not just Twitter, with their password), but I don't see how I have any reasonable alternative?
(there is also a PIN-based option, but that's a pretty burdensome solution for the user)
I just want to make sure I'm not missing anything obvious.
"For web apps this makes sense. I don't understand how this is
supposed to work for a standalone mobile/desktop app, though."
Just embed a web browser control in your app, and navigate to the twitter authentication page. Then detect the redirection to the callback url (using the Navigating event) and retrieve the parameter. Many twitter apps do that, it's basically the same as asking the user for the login and password, except that instead of your own controls you're displaying twitter's page.
Nope, you're correct. The option for a mobile/desktop application is either a pin-based option or to use xAuth. Once you have an xAuth application has an access token it is indistinguishable from OAuth (it only changes the authorisation workflow). One thing it does change, and this is very specific to Twitter, is that if you do use xAuth then your application will not be allowed to read or write Direct Messages. See Twitter's The Application Permission Model page for more information.