Based on this https://developers.facebook.com/docs/reference/plugins/comments/ people can post using other third party services, but can users post anonymously on a web-site using FB comment system?
AFAIK, it is impossible to post anonymously using Facebook's comment system. Whatever the website, your comment will be associated to your facebook profile, if you are commenting using the facebook log in.
Related
I'm trying to get further user details from the Slack's API.
Currently I'm authenticating users via Slack's OAuth2 that returns a code. I'm currently asking for scope=identity.basic,identity.email,identity.avatar. When I try to ask for more, like users.profile:read, the link redirects me to a crash page.
My link for signing in to my app via Slack is like this, for now:
Thanks for any help
Sign in with Slack works as a kind of sidebar form of OAuth 2.0 authorization for Slack. It's meant to be used for identity, exclusively. So whenever going through the flow and asking for an identity.* scope, you'll be restricted from combining it with others.
You can still ask for users.profile:read, but you have to do so in a separate authorization attempt where it's not among the momentarily requested scopes. It'll then be added to the user token you already hold for that user.
I'm trying to write a CLI script (ruby) to manage my youtube videos. Technically I'm updating a script that I used in 2012 to do this. It appears that since 2012, youtube has discontinued the simple client authentication mechanism and moved to OAUTH2 (though I'm not totally sure).
I'm wouldn't be the first to say that OAUTH2 is hell (just google it). It's been 3 hours and I still haven't gotten my old script to even authenticate with google (using the youtube_it ruby gem).
I simply do not understand why I would need to use OAUTH to access my own account on Google? What am I missing? I thought OAUTH was so that separate users could give access to applications to temporarily access their data.
Is there another way? What am I missing. As one blogger commented OAUTH2 is enough to make one want to change careers. Even the lead dev quit the project.
The Youtube API docs is specific in stating that if you're going to use Youtube API (or other Google APIs), you must learn how to use OAuth:
If your application will use any API methods that require user
authorization, read the authentication guide to learn how to implement
OAuth 2.0 authorization.
Youtube has a Ruby Quickstart sample which includes the OAuth process.
I simply do not understand why I would need to use OAUTH to access my own account on Google?
I think OAuth answers exactly that question, "how will Google products know if you are who you claim to be?"
Read the OAuth Google guide for more info.
OAuth 2 is an authorization framework that enables applications to obtain limited access to user accounts on an HTTP service, such as Facebook, GitHub, and google. It works by delegating user authentication to the service that hosts the user account, and authorizing third-party applications to access the user account. OAuth 2 provides authorization flows for web and desktop applications, and mobile devices.
for more detail study :-
https://www.rfc-editor.org/rfc/rfc6749
I am new to the world of web development. I know how to use PHP and so I can do that just fine, but I am a little behind on "modern practices". Last night I went ahead and used the LightOpenID library with CodeIgniter to create a login section on my website. The user clicks log in which takes them to a login page with a Google "log in" button. That button uses the URL generated by LightOpenID to direct the user to the Google "Account selection" page which asks for permissions/etc. It then redirects the user to my website where I write their details to the database for future use - like a "silent registration feature". I store their first name, last name, email and OpenID. I then create a session for the user and the user can now browse my website. Super simple.
The reason I felt like I should explain that is because I wanted to point out how "little" I want to utilize the users account. I just need them to sign in with Google for authentication. Google's OpenID>oauth2 migration page and all of their migration examples (which are a little beyond me) explain Google+ authentication for the purpose of retrieving a users friend circles and other social junk. I don't need anything this complicated, all I need is authentication.
So I was wondering what method I should be using now instead (Google says use oauth 2, but not "early oauth 2".. I have no idea what the difference is. They also say that I should only use Google+ now) and I am wondering if you guys can help me find a simple library that handles authentication for me
Have a look at HybridAuth, it works with Google, Facebook, Twitter, etc...
I'm integrating Facebook into an app that uses a page's feed for some of its content.
I'd like to be able to allow users to comment on the post and see the previous comments left on that post.
If possible, I'd love to avoid having to build my own implementation of the commenting system (not to mention having to implement an oauth login for users to comment), and just use the comment widget provided by Facebook (see here: http://developers.facebook.com/docs/reference/plugins/comments/)
Is it possible to use the above comment plugin to not reference an arbitrary link, but an actual (public) post on a Facebook page?
No, it's not possible to have the Comments Plugin point to an on-facebook.com URL; it's only supported when it points to websites.
To achieve what you want (something on your site which can add comments to a Post on facebook.com, yes?) you'd need to get the users to authorise an app you write, which takes their input and posts it on their behalf back to Facebook via the API
The actual implementation of that would vary depending on your exact requirements, but basically you'll want to:
Have your users authorise the app when on your page; Client side in Javacript or Server-side via redirects
Note that you'll need to include the publish_actions or publish_stream publishing Permission
POST a comment to the Post object's 'comments' connection
Example in Javascript SDK
Once the user is logged in and has granted those permissions, this adds a comment to the post (visible here: http://www.facebook.com/155965101083460/posts/155965104416793 )
FB.api(
"/155965101083460_155965104416793/comments",
{message: 'This is great, thanks!'},
'POST'
);
Our company has a web application that is only used internally by our employees. We also have Google Apps Premier Edition. We would like to make it so our employees can log into our private web application using the Google Apps account that they already have.
Requirements: We want to display our own login form. We don't want to pass the email/password in plain text through the internet.
Which authentication mechanism should we use to achieve this?
Note: our application is written in PHP using Zend Framework (if that matters).
I would look into some combination of OpenID and your domain users (i.e. only let those at domain.com can log in).
Google API
They also have libraries for PHP and other languages that you can leverage to make this happen.
EDIT:
Some more info
When it comes to integrate Google Apps and an internally used private system, we simply have two options.
Use Google as the authentication center. Modify the private system to authenticate at Google's server. We could use OpenID or AuthSub. Check http://code.google.com/apis/accounts/docs/OpenID.html and http://code.google.com/apis/accounts/docs/AuthSub.html for more information.
Use the private system as the authentication center. In this case, we have to implement SAML protocol in the private server and configure Google Apps's SSO settings. Check http://code.google.com/googleapps/domain/sso/saml_reference_implementation.html for more information.
It is easier to accomplish SSO with the first method since there's already bunch of OpenID libraries out there. But, as you described in the requirements, you want to use your own login form. So I guess you have to go with the second method.
BTW, if your private system has to get or set information from Google, you may want to use OAuth for authorization. See http://code.google.com/apis/accounts/docs/OAuth.html for more information.
Use the ClientLogin API, it does exactly what you're after: allow you to verify username and password. (the link goes to provisioning API doco but that is not relevant here)
Pro's:
you get to use you own login form
Cons:
you don't get SSO with Google Apps, i.e. users already in Apps will be prompted to login again (you didn't mention that as a requirement, but it seems a reasonable thing to want)
Google won't like you (they're trying to discourage ProgrammaticLogin.
you will get occasional CAPTCHA tests you'll need to show your users.
OpenID specifically prevents you from displaying your own login page, so if that's a hard requirements, Programmatic Login is really your only choice.
Going the SSO route let's you do pretty much anything, but may be a bit of overkill to take on authentication for the whole domain to make one app authenticate in a nicer fashion? If you really want to go down this route, check out SimpleSAMLphp.