When Facebook gives a user a newer updated token and we already have a userconnection record for that user, does a new userconnection record get created or does the userconnection record for that user just get updated with the new token?
Basically, what is happening here is that each device they use creates a new different Facebook token, than what is currently stored in Spring Social's userconnect db table. And it is therefore calling the ConnectionSignUp implementation we have written, which right now creates a new Our App User for our application, instead of seeing that it is the same Facebook user and use the same App internal User in our application.
AccountSecurity accountSecurity = accountService.newUserGenerator(newUserName, username, userProfile.getFirstName(),
userProfile.getLastName(), userProfile.getEmail())
Update 12-5-14 4:09 PM PST: It seems that yes, the two different "devices" will get different access tokens. Spring Social will just use the providerid and userproviderid and "see" that they are the same account and not create a new user by calling a ConnectionSignUp execute() method in that case.
However, it seems that Facebook is not sending back the same userproviderid when it should considering it is the exact same app (Flash versus iOS app, but defined as one app in Facebook) and the exact same user account (mine). Facebook should send the same userproviderid.
Related
I'm implementing authentification for a Xamarin application using Azure B2C.
To signup user we will need the user firstname, last name and his email.
later in the application the user will be asked to add his address and his user photo.
Should I add the user address and photo to be saved in the B2C or I should keep them saved in the application data base?
what is the user unique identifier that I should share between B2C and application data base? should I use the email or the userId?
In the auth token you receive back from Azure AD, you have an object ID that is unique to each user.
The B2C token is slightly different to the regular AD token, you don't get back all the values listed in the Token Reference (e.g. Groups, you have to query for these separately), but you will get the object ID that you can then use to lookup your DB.
Please visit here for further reference.
You can decode your JWT token here to see what you get back: https://jwt.io/
Hope it helps.
So I'm building a small Slack bot that I want multiple users to be able to use in different Slack teams. So far the workflow is like this:
User signs up on website.
User connects with an API provider and receives their OAuth credentials. The access token for each user is saved in the database.
User adds Slack bot to their team.
With hardcoded API values the bot retrieves the desired data, but what is the best way for the bot to be able to get the appropriate data for each Slack team?
I obviously don't want a user to need to keep signing into the website etc, so how do I associate the slack team with the Laravel user and then pull the relevant API data?
For some example code, imagine that I have a Strava access token stored in my DB for a user and I want to call the API:
$botman->hears('runstats', function ($bot) {
$payload = \Strava\Account::get(
\Auth::user()->strava_id,
array('api_key' => "here_is_a_secret_key")
);
$bot->reply($payload->monthly_kms);
This works fine when I query from my web interface as I'm signed into my website and it spits back 123km as an example.
Obviously when I'm signed into Slack then there's no Auth::user instance and so it cannot find the relevant Strava ID. That's what I want to be able to retrieve for the relevant Slack user. I envisage it being installed in multiple Slack workspaces.
You need to store the relation between a Slack user (with team ID, user ID) and his individual token for each API in your database.
So you have two options when adding new API tokens:
Ensure that the process of adding new tokens for API services is always started on Slack (e.g. with a slash command) and then forward the user to your webpage. Thus your app knows which user it is.
Let users log into your web-page with their Slack credentials (using Slack Sign-in).
Both options require that your Slack app has been previously installed to the relevant team of course.
I want to implement Apple's touchId/FaceId for my app.
Currently the app has Login screen, where the user enters the userId and password. I submit the userId and password to the back end server(located at let's say https://example.com/Login?username=abc&password=xyz#123(just an example)). The backend server returns me authentication cookies. This cookies I use to access the rest of the rest api services
I am reading a number of articles which tells about how you can use Apple's touch Id with https://developer.apple.com/documentation/localauthentication framework.
It displays the generic pop up asking the use the touch Id, and returns true if the touch Id authentication is successful.
My question comes up here. If I use the touch Id and the authentication is successful. How do I proceed? Basically, I would need the authentication cookies to access the rest apis.
One flow I am assuming is.
When the user enables the touchId/faceId in settings page of my app, I store the usercredentials in the keychain.
Once the user is logged out, and the user uses touch Id and authentication is successful, I access the keychain, retrieve the password for the user, call the api https://example.com/Login?username=abc&password=xyz#123 get the authentication cookies and use them for accessing the rest of the web apis.
Is my assumption correct? Or there is a better way of implementing it?
Any examples or references would be great.
Thanks.
We have developed an app that let user login with facebook. The app has been granted all required permissions to retrieve name, email, gender and age range etc. But our app developer stored only id,name and email while user login. Now we need to retrieve gender and age range of all those users who have logged in the app.
Is there a way to rerun user query to retrieve those data? I am looking to develop an program using Spring-social and RestFB but it needs user login action to retrieve required data which is problem in our case since we cannot recreate login action again.
As long as the user granted public_profile permission to your app, and you have their app-scoped user id, you can make the API call using your app access token.
And if you are looking to request this data for a lot of users, then you should optimize your requests in the following ways:
request the fields you need only: /user-id?fields=id,gender
request data for multiple users in one go: /?ids=user-id-1,user-id-2,user-id-3&fields=fields=id,gender – https://developers.facebook.com/docs/graph-api/using-graph-api/v2.5#multirequests
perhaps even use Batch Requests if necessary, https://developers.facebook.com/docs/graph-api/making-multiple-requests/
I have developed a Spring application which uses Spring Social Facebook, in order to get users activities in social network.
I need to know how i can get post's owner which is liked by authenticated user, and which permission is required to perform this operation.
For sake of clarity: User A (authenticated) likes a post belonging to user B. How i can get user B?
Any ideas?
Here you have url from facbook api explorator
me/posts?fields=from,message,picture,icon
This rest execution should return all posts - posted by current user and other users which was liked by him/her. Know you have to write it in Java, below code fetches data from the specified connection.
facebook.fetchConnections(null, "music", Page.class,
new PagingParameters(25, 0, null, null).toMap(), "from,message,picture,icon")
You can also try (but this I haven't tested)
facebook.fetchConnections(null, "posts", Post.class)