I am building a web based chat application using strophe and ejabberd. What I am trying to do now, is :
A user can anonymously log in into the chat application and after he log in there is automatically an admin assigned to him. So far, I had managed to enable anonymous log in ejabberd, but I have to manually add the JID of the admin. So my question is how do I assign a random admin to the user?
What you would need to do is always start a chat with some user (the same user for everyone) and demultiplex the messages on that user's side. You can do this using a BOT. What this will allow you to do is that at times of higher activity, an admin can serve more than 1 user.
Alternatively, you can also set up a web-service which returns the JID of the next available admin in the queue. Whenever an admin is done interacting with a user, [s]he will have to signal her/his availability on some web-interface (or you can use chatstate notifications for this - for example, window-closed).
Related
I have an app that connects with several platforms: Teams, Slack, Google etc.
I want to allow my users to add connections to their existing accounts: for example, if they are Slack only, allow them to connect teams into their same account on my platform.
For all other platforms, I can do this as follows:
Take the application URL (e.g. Slack)
Append a parameter state, with their ID on my platform e.g. SLACK_URL?state=${user.id}
When I then process the connection, the state parameter is supplied as part of the callback from the connected service, and I can identify the relevant user and connect to their account.
Is there a similar process for Teams? I've tried doing the same with the state parameter, and no dice, it doesn't seem to work
How the users connect:
Slack
We present a button that allows the user to authorise with Slack
In the URL of that button we set a parameter state with the users ID
When Slack is authorised, it calls back to our API, and passes that state value along
We then use that to identify the user account the new authorisation belongs to
Teams
We present a button that brings the user to the application install URL in the Teams app store
The user clicks that and goes through the installation process, adding the app to a channel of their choice
What we would like to do is the same as the Slack URL, set a state value with the users ID, and have that passed back to us on the initial installUpdate or membersAdded event from that channel.
Essentially what we'd like to do when connecting a users Teams account is set some metadata on the URL that they use to install the app, and have that sent back to us so we can identify the installing user.
This is common in OAuth flows, you set a state parameter with whatever you want, and that state is passed back on authorization.
I'm trying to create an app within the Azure app management portal that will serve as a template to be used with any tenant. Basically what we are trying to do, is create a connector that will be approved using admin consent, and receive application level permissions to read all the emails in the organization using Graph API.
What I have managed to do so far is create an app within our own tenant and get application level permissions for this tenant only. This enabled me to successfully read all emails in my organization only (which is not possible using delegated permissions).
What is the right way to receive application level permissions for any tenant, using admin consent? Is the only way to do it, for the specific tenant to manually add an application that will receive admin consent?
I am using django with the social_core module.
Something does not add up...
Thanks.
You can register a single application (with a single client ID and set of credentials that you control), configure the permissions you desire/require, and then customers from different tenants can each grant admin consent for your application, in their own tenant.
If your application/service does not have a sign-in experience (i.e. it is exclusively used as a background service and users never sign in to it), you can construct the admin consent URL, such as:
https://login.microsoftonline.com/organizations/v2.0/adminconsent
?client_id={client_id}&scope=.default&redirect_uri={your_redirect_url}
You can read more about the admin consent endpoint at: https://learn.microsoft.com/azure/active-directory/develop/v2-admin-consent
I want to create an application that can share my schedule with all users in the same room using google calender api.
When authenticating with web client (oauth), do each user have the authority to view only the information of the user authenticated by his own browser?
For example, suppose user A and user B authenticate with oauth in their respective browsers.
In this case, does User B's browser have permission to view User A's calendar?
Or can I only view my own calendar?
If I want to do the above, do I have to use a backend to hold a per-user access token?
its a little more complicated than that.
When user A run your application the user is displayed a consent screen. Asking them if they are willing to give your application access to their data. Assuming the user gives your application access. Then Your application has access to access that users data.
When user B runs the application then the application will request user B for permission to access their data.
The application has access to user B's data and user A's data. User A does not have access to user B's data.
What you could do is create a page where your application then displays data to both users from each others calendars. If you want this to be a permanent thing then the application could also add user A to user Bs calendar and visa versa. Granting them each access to each other's data.
You may end up with some issues here as FAR As GDPR goes you will need to be sure that the two users realise that they are going to be sharing data for their calendars. Does user A really want to show user B that they have an appointment for a hair transplant operation on monday for example. This is private user data and you are treading on some sensitive data here.
We are integrating Google Calendar with our room booking system. Users in GSuite domain should login on our reservation screen and book a room. So far I made use of an service account with domain wide delegation to impersonate the users (the setSubject() method, passing the e-mail address of the impersonated user). Everything works, although this way we cannot verify if the user we want to impersonate is logged in successfully or not, the event will be just created with him as the organizer, because setSubject() only requires the email to work properly.
In IBM Domino, when using an Java XPage I was able to compare passwords of the user, not in plain text but there was a function which compared plain text with user's hashed password and returned true if they were equal.
As I see Google doesn't have such a thing if I'm right. How could I check if the user can successfully log in programmatically?
If you want to perform actions in Google Calendar on behalf of a currently logged-in user from a web browser, you might want to use OAuth2 for Web Server Applications instead of using a service account with impersonation.
In messaging platforms like Slack and HipChat you can integrate apps that can post messages to groups without them being sent from a user e.g.
Defect Management System: A new defect was logged at 12pm
Instead of:
John Smith: A new defect was logged at 12pm
Is it possible to do the same thing in Yammer?
There are two options available for you:
1 - You can create a new user on Yammer, name it however you want (e.g., "Defect Management System" with a snazzy avatar), then take the user's OAUTH token and use it to impersonate that user programmatically. This is fine for quick development.
2 - You can create a new user on Yammer, name it however you want, then register a new app on Yammer to get a permanent token and client ID, then use those to impersonate that user programmatically. This is the right way to do it. You can read more about how to do this on https://developer.yammer.com/introduction/#gs-registerapp.
This is an example of a user that we impersonate. It is a bot on our network. It is a separate account in AD and is registered as an app in Yammer and interacts with Yammer automatically.
You are always impersonating a user in Yammer via the API, there isn't a way to impersonate a group, in the way that Slack does (i.e. being able to override the username displayed and replace it with a bot for example in your payload)
If this app is for internal use, you could consider creating a dummy user as a bot to post defects, and then using Custom Object Types & Actions in Open Graph to further customize the messages. Obviously there are some business & administration considerations in doing that, not just development ones.