WHen you make calls to the new facebook API v2.0 you can no longer get the username, but you can get the app_scoped_id http://facebook.com/app_scoped_id/XXXXXXXXXXXXX. When pasted into a browser this turns into http://facebook.com/username, is there a way with ruby to turn id into a username?
Related
Is there a way to automatically authenticate the google javascript api client, without user interaction?
Something like this:
User loads webpage -> webpage automatically signs in into a predefined user account -> api calls get executed
Basically i want to prevent the popup where you have to select an account and sign in to it. As the account which will be signed in is always the same.
EDIT:
pinoyyid answer looks promising and is what im looking for. But this only works if the user has signed in with an account at least once, if im not mistaken.
Now i dont want to use an account supplied by the user, but a predefined account which i am the owner of and sign this account in.
Im not entirely sure if this is even possible, as i have to provide the password/some authentication code to google and somehow do this in a secure way.
Use Case: The website will create a Youtube Broadcast via the Youtube Data/Livestream API for the specified account.
Yes you can do that. Referring to https://developers.google.com/identity/protocols/oauth2/javascript-implicit-flow
there are three pieces of information that will get you where you want to be:-
The OAuth URL can include a login_hint which is the email of your intended user
The OAuth URL can also include prompt=none which will do its work silently
This all needs to run in an iframe because this is based on origins and redirects.
==EDIT==
If the requirement is for a browser client to connect to a Google Account other than that of the browser user, then this is not possible. It's kinda obvious really that to do so would require a credential in the browser which by definition is not a secure environment.
The approach I would take would be to use a service such as Lambda or Google Cloud Functions (or whatever marketing name they have this week) to create a proxy for the corresponding Google API using a credential stored server-side.
I need your help.
I made an API with Laravel and an APP with FLutter.
Now I want to make google login.
In a browser or with a rest client like Insomnia, Postman or similar works fine. It is because the system shows me a google's page that I must write the email or google user that I want to logging in and, after, shows another page to write the password. Finally, all returns to APIS callback endpoint, showing the data (token and more).
But when I do it from my flutter app, the first google page where I need to indicate the user account, is send like string response (this string response is an HTML. I think is the HTML from google's page on we select or account).
How can I show this page and get the responses??
NOTE: flutter plugins like flutter_inappbrowser are not useful for me, because this plugins needs an URL and show it. I get the HTML on string when I use flutter's http.get.
I want to implement Apple's touchId/FaceId for my app.
Currently the app has Login screen, where the user enters the userId and password. I submit the userId and password to the back end server(located at let's say https://example.com/Login?username=abc&password=xyz#123(just an example)). The backend server returns me authentication cookies. This cookies I use to access the rest of the rest api services
I am reading a number of articles which tells about how you can use Apple's touch Id with https://developer.apple.com/documentation/localauthentication framework.
It displays the generic pop up asking the use the touch Id, and returns true if the touch Id authentication is successful.
My question comes up here. If I use the touch Id and the authentication is successful. How do I proceed? Basically, I would need the authentication cookies to access the rest apis.
One flow I am assuming is.
When the user enables the touchId/faceId in settings page of my app, I store the usercredentials in the keychain.
Once the user is logged out, and the user uses touch Id and authentication is successful, I access the keychain, retrieve the password for the user, call the api https://example.com/Login?username=abc&password=xyz#123 get the authentication cookies and use them for accessing the rest of the web apis.
Is my assumption correct? Or there is a better way of implementing it?
Any examples or references would be great.
Thanks.
I've implemented Omniauth for Twitter in a rails app I'm working on. With the users who sign in using that I can get OAuth tokens and secrets for them. That's all working.
What I can't figure out is how to get OAuth tokens and secrets for users who don't sign in using Twitter?
I'm sure I've used sites where you can "Authenticate" them so that they can get OAuth tokens and secrets for you without signing in using Twitter. Twitter seems to suggest that you need to use 3-legged authorization but I can't seem to find anything much about that.
Is 3-legged authorization the way to go about it?
What I would do is modify your controller action that handles the Omniauth callback for Twitter. If when that action is accessed the user already has a session (i.e. they logged in through your alternate mechanism) then you just grab the Twitter token/secret and store it just like you do when creating a new user that signed in via Twitter. If there is no user in the session, then do what you already are doing.
Now, you can just add a button to your site that people who are logged in but do not have Twitter token/secret can see. The button links to the exact same /auth/twitter you use for your sign in with Twitter link.
After they authenticate with Twitter they will be sent to the callback URL where your app will see they are already signed in (the user is in the session) and will just add the Twitter token/secret.
I'm trying to build a simple ruby command line facebook client that will display all of the user's friends to the screen (fb_friends.rb) and I am using the fb_graph ruby gem: https://github.com/nov/fb_graph
The problem is, the method user.friends needs to have the user authenticate the application first.
I've read a similar question here: Ruby Command line application to update Facebook Status
And from what I understand, you cannot authenticate a user in the command line.
My question is: Is there any other way to authenticate the user?
What I'm thinking: On authentication, the default web browser of the user's system will pop out, then the user will grant access and authenticate, now the browser window will close and the user will return to the command line app and there he can see the list of his friends.
Is that possible?
Thanks
This isn't currently possible with Open Graph applications without sharing a server-side authentication token. Facebook requires you maintain control (and not share) your Applications authentication token. If a user were to abuse the command line application, and make a large number of requests to the server, using your app ID and token, you would be the one on the hook.
The best way to accomplish your goal is with a server under your control in between your command line application and the Facebook graph api. The command-line api could direct the user to your website where they would hit the "Facebook Connect" button. The user would authenticate the application with your server, and you could provide them with a token they could pair with their user ID to post status updates or retrieve friends through your server.
The command-line api would interact with your server, and your server with the Facebook Graph API.
A strong side benefit of this approach is that if Facebook's API changes, your clients would not break (no need to change your own server's API).