We have created an app on Yammer which is currently private.
We want to make it available and accessible to networks outside us. Please suggest if there is a way to get it authenticated by outside network or do we have to go by the process of submitting the app to Yammer support for global access.
If that is the case, please help us know how much time does it require to get reviewed and approved as it is almost a week and we have not heard back from Yammer support.
You need to submit the app to Yammer's App Directory for approval. Depending on your app you may also be able to allow users to configure their own Client ID, but this is really only a usable approach for developers or system admins. End users wouldn't understand how to do that.
Related
My objective is to verify a 3rd party app (that uses google for auth/sign-up/sign-in) is connected to a google account, by calling a google API from my google app. Is this possible with the current google APIs? I haven't been able to find any documentation on this which leads me to believe it is not possible, likely for privacy/security reasons.
The best I've come across is a call to: https://www.googleapis.com/oauth2/v1/userinfo?alt=json which doesn't seem to return anything about connected accounts. And https://developers.google.com/admin-sdk/directory/reference/rest/v1/users which is for users in an enterprise domain which doesn't help me as my app is for consumer users.
There is no way for you to know what apps a user is using on their account. Even if its your own app there is no way of knowing. Unless the user has authorized you and you have an access token then you will know they have verified your own app.
Having an api which would tell us what apps a user has authorized IMO would be a bad idea.
I am a developer and to use the marketing API I must have an app. I have this app and it is currently in development mode. Is it necessary to make this app public?
My initial thinking was 'no' and I have been successfully using the API via this app for a while now and have not experienced any limitations until recently. When trying to change the status of an Ad to active I got an error message that suggests the problem could be due to the app being in development mode.
FWIW I am able to successfully change Ad status to paused most of the time, however, more often when I try to activate an Ad, it fails, although it does succeed sometimes. As such, I believe I am using the API correctly. It seems to be more of an Ad state issue, or, perhaps an app state issue. Most of the time the error messages I receive from the API are not helpful. I did get one today that suggests the possibility that my app needs to be public.
Here is the error just in case it helps:
[{"code":400,"body":"{\"error\":{\"message\":\"Invalid parameter\",\"type\":\"OAuthException\",\"code\":100,\"error_data\":{\"blame_field\":\"targeting invalid fbid 141898914497\"},\"error_subcode\":1487133,\"is_transient\":false,\"error_user_title\":\"Can't Set Exclusion Targeting\",\"error_user_msg\":\"You may not be able to select a connection to exclude in your targeting because you're not an admin of this Page or app, or because the app is in developer mode, or the event is in the past. If you want to run your ad with exclusion targeting, please request admin access from the owner of the Page or app or move your app out of developer mode to link it to the ad. If you want to select an event for exclusion targeting, please make sure the event end time is in the future.\",\"fbtrace_id\":\"Dqzily7dOQa\"}}"}]
Thank you for any help or insight into this issue.
Just to resolve this, the answer is no, the app does not have to be public in order to use the API. The problem turned out to be an access permission issue on the account in question.
I recently noticed the addition of a "Session" object in Parse dashboard. Now, from what I understand, a session uniquely identifies a user to the server. So why would we need such a Session? For the session token? We already have a currentInstallation... so I don't really see the point. Can someone explain and provide a scenario where I would use the "Session" object. Right now they just annoy me by their presence because they take up potential space on the Parse server and I would like to go delete them all but want to make sure that isn't stupid.
The sessions are used by parse to deal with the users (is the user logged?, on which devices?, etc.), and are available as a class as you may want to manipulate them. By deleting the sessions you would automatically logout all your users, so it's a pretty bad idea.
You don't have to use or touch anything about this class, but here are few examples of why it can be useful:
[...] If a user contacts you about his or her account being compromised in your app, you can use the Data Browser, REST API, or Cloud Code to forcefully revoke user sessions using the Master Key. These new APIs also allow you build a “session manager” UI screen where your app’s users can see a list of all devices they’ve logged in with, and optionally log out of other devices. [...]
You can read more about the Sessions on their blog post.
Currently using the OAuth server side one-time-code flow, discussed here:
https://developers.google.com/+/web/signin/server-side-flow
Works perfectly for google login.
I want the ability, though, to limit this login to only work for users that belong to a specific apps domain.
Is there any way to enforce this through the api?
OR am I limited to only doing this on my end after google authentication by regexing the email domain? (I would like to avoid this).
Thanks!
There is no support for doing this through Google login. We could allow a developer to set some restrictions on the client id if there are good use cases and a lot of developers would benefit with it. The primary issue I see with is the error message that we have to display to the user. It is better to display that error (and explain) on your site.
In general, as a good practice, you would always want to do the checks on your system/services regarding the authorized user (e.g. check domain)
The only way I can see to do this on the API is to use the fully server side flow (OpenID Connect).
The docs are here:
https://developers.google.com/accounts/docs/OpenIDConnect
With the parameter of interest here:
https://developers.google.com/accounts/docs/OpenIDConnect#hd-param
It doesn't appear to be possible with the server side one time code flow
We've migrated our app from the old marketplace to the new one. After a few days we've received an email that we don't comply with an SSO policy - the user is not recognized after he installs the application.
In the old app we had a specific setup link, that was opened for the user after he installed the app - thus making him recognizable. Is there such a function in the market? Is there some sort of a callback for the installation event in the new marketplace?
P.S. the guy from Google told me to post technical questions on Stackoverflow and that "Our developer relations team monitors that forum and will be able to assist you."
EDIT:
There's the Additional app setup link in this after-installation popup (which clearly no user will click):
Is there a way to call the URL that of the Additional app setup in the background, without needing the user to click an obscure link?
That was an intentional design change which is different than how it used to work in v1 of the marketplace.
If you need interactive setup, best thing to do is put in a check on login to see if the domain has been configured. You can use the licensing API to check for a marketplace install record or directory API to check user permissions if those matter for your use case.
If you just need to run a background task, you can periodically poll the licensing API to detect new installations of the app. This shouldn't be done too often, so if you need to do things before a user logs you're still better off going with a check on login to route them to the setup flow as needed.