First of all, sorry for my poor english as it is not my native language.
So my coworkers set up a Salesforce authentication via openld on a Java Android app. The auth demand gets us back a valid access_token, which allows us to obtain informations on the Salesforce API.
The problem is that when the user disconnects from the application, the connexion is still active and doesn't ask again for user's password, which is an obvious security issue. Do you know how we could force a new authentication each time the user disconnects ?
We already tried token revocation but it also revokes every rights from the user, which doesn't satisfy us. We just need the app to ask for a login after a disconnection.
Thanks in advance !
Salesforce SDK saves the login details in preferences, thus it doesn't ask for authentication the next time user visits the app. You can logout of Saleforce to clear the saved data using this:
SalesforceSDKManager.getInstance().logout(this);
Related
I'm using angular, google app engine and JAVA on the backend server.
User can authenticate without problem with an opendId connect URL where code is passed back to my server to authenticate.
Now what I wan't to do is send mail to user (refresh password, confirm account mail) and to myself (server error message) with my account myaccount#gmail.com.
Also I have sheets I need user to write and read datas to/from. Magically I've made it worked as an installed offline app (only 1 api at a time, I never made the two worked together).
I've tried service account but from a last post somebody explained me that in order to make gmail work I needed a g suite account which I don't have and suggest me to go through oAuth2 authentification. Now the question is how can I implement that in java with a single authentification, I explain, I wan't to authorize app to have access to certain scopes but it should be only be authorized once because I don't want user to have a consent screen popup and even if they had they couldn't authenticate as it is on the behalf of my personnal account. I don't think I can use installed app for a google app engine app but maybe I'm wrong.
just to let you know I have tried lot's of different manners and spent about 3/4 days trying to find a solution without clearly understanding/finding what to do.
Any help is greatly appreciated please let me know if you need more explanations or code.
I think you are missing a few key concepts here.
DATA
There are two types of data private user data and public data. Private user data is owned by a user and there for you must have permission or concent to access it. Public data is data that is owned by anyone.
Oauth2
Oauth2 is the protocol we use to request connect from a user for our applications to access their data. A user can grant you access to their gmail account and their google drive account granting you access to the sheets on their account.
Service accounts
Service accounts are preapproved dummy users. As a developers we can create service accounts and grant them access directly to our drive account then the service account will then be able to access to the data without being requiring consent as it already has pre approved access. (not all google apis support service accounts. gmail (with the exception of gsuite) and YouTube are two that dont)
What you are trying to do
However i do not understand why you want to use the users gmail account to send them an email. If you want to send them an email i would think you would be using your own email system.
If what you are trying to do is use your gmail account to send users of your application emails from YOU. Then you should consider going directly though the SMTP server to your own account. Having an application that uses the gmail api is one of the scopes that will be flagged by google when you try to get your application approved. You are going to be going though a lot of red tape with them to show why you need access to a users gmail account.
I was just wondering is there any philosophical differences between GAE Java User API and Google+ social plugin sign-on?
Both seems to served the core purpose, which is to authenticate a user against his/her Google account.
Hope someone can enlighten me.
Referneces :
https://developers.google.com/+/web/
https://cloud.google.com/appengine/docs/java/users/
GAE Users service can be used pretty much only for login to a specific GAE application, while Google+ sign in can be used to interact with any Google API. For example, if you need to know even a basic detail such as the user's full name, the Users service can't help you there.
The Users service is more "transparently coupled" to the user's session in Google - once the user has signed in, assuming they checked "remember me", they will keep being signed in as long as they don't delete the cookie, and you as a developer don't need to do any special check. With Google+ sign in you need to check whether the user is signed in on each visit and handle expired tokens yourself (though client libraries help with it).
we need to implement a client Java application, which needs to retrieve ToDos list from Wunderlist using user name and password.
The main issue here for me is authentication against Wunderlist without any intervention from an end-user.
The developer documentation says that it is only possible to authenticate via web browser with user approval, etc.
The unofficial API from here http://www.madhur.co.in/blog/2014/05/02/decodewunderlistapi2.html doesn't work for me, i.e. doesn't recognize my Wunderlist user name and password and always returns 404 error.
Any examples or ideas would be greatly appreciated!
TIA.
the WL2 API was disabled some time ago :)
please send an email to api#wunderlist.com and we will see what we can do to help you.
Cheers
Hannes
(android dev # 6wunderkinder.com)
On developer.wunderlist.com you can register your application. You'll then receive a client id and token you can use to authenticate:
Developers must register their application before getting started.
Registration assigns a unique client ID and client secret
for your application’s use.
After you have registered your application, you can let Wunderlist
users authorize access to their account information from
your application by getting an access token.
More info here: https://developer.wunderlist.com/documentation/concepts/authorization
I'm creating an ecomerce app for a local store and they use Quickbooks Online. I can see the Quickbooks Online API requires a "Connect to Quickbooks" button where the user then logs in, but that's not what I'm looking for. What I'm looking for is something when they look at the products page, the app queries (or sends a REST/SOAP call) and gets back product data for my store. Our customers will have no idea that we're using quickbooks online, and definitely won't have a login. The flow would be like:
Customer clicks Products
ProductsAction will execute a service call to QuickBooks to get the products we sell (select * from products)
ProductsAction will return Success passing in the list of products to the page to be rendered.
mycompany/Products renders the items returned from QuickBooks Online.
Is there any possible way to do this? Everything I've read requires O'Auth authentication (meaning the user would have to login to QBO).
Feel free to ask any questions an thanks in advance!
I can see the Quickbooks Online API requires a "Connect to Quickbooks" button where the user then logs in, but that's not what I'm looking for.
Yes, it is.
You only have to log in ONCE. Exactly ONCE, and then you never, ever have to log in ever again. So, your QuickBooks admin logs in ONCE using the "Connect to QuickBooks" button, and then NEVER LOGS IN AGAIN.
Instead, you store the OAuth tokens, and use the stored tokens to do you queries from there on out.
What I'm looking for is something when they look at the products page, the app queries (or sends a REST/SOAP call) and gets back product data for my store.
This is all perfectly do-able. The reason you can't do it right now is because you're not storing the OAuth tokens like you should be.
Our customers will have no idea that we're using quickbooks online, and definitely won't have a login.
They don't need to have any idea about this. Store the OAuth tokens after you connect ONCE, and then everything can be unattended, no login, you just query away whenever you want to.
Is there any possible way to do this?
Yes!
Everything I've read requires O'Auth authentication (meaning the user would have to login to QBO).
The QuickBooks admin logs in ONCE and then never again. Store the OAuth tokens after that one and only login, and then use those to do all of your queries in the future.
This is how OAuth works for every single application that uses OAuth on the entire planet. Log in and authenticate once, store the tokens you get for future queries.
...
...
Did I mention you should be storing the OAuth tokens that you get back after that one single time your QuickBooks admin logs in? :-P
Yes, you can do this:
Create an account on https://developer.intuit.com using your accounts QBO login.
Make an app
Grab OAuth creds from the API Explorer.
See my tutorial for help on the first two steps: http://minimul.com/integrating-rails-and-quickbooks-online-via-the-version-3-api-part-1.html
You still need OAuth creds but since you only desire to interact with your company/personal QBO account you don't need to do anything formal, just get the OAuth credentials somehow. Once you have the credentials you can start building your integration code.
Hi I am developing an Android App where I require a user to authenticate his session before using the app. One way is to store a user name and password by asking him to register on the app and then use that to authenticate him. But i was looking to do something else, maybe use an OpenId account to authenticate or Opensoial or something like Facebook Connect. Any Suggestions and comments? thanks for you help.
First, please do not whine about not getting answers after only an hour, particularly when it's Sunday in much of the world. If you want responses in less than an hour on a weekend, hire an expensive consultant.
Hi I am developing an Android App
where I require a user to authenticate
his session before using the app.
Why?
Any Suggestions and comments?
Most Android applications do not require authentication for local use. They may require authentication for access to online content (e.g., Web service), in which case the authentication is handled by the Web service and uses technology dictated by the Web service.
Bear in mind that any online authentication process (e.g., OAuth, Facebook Connect) means your application cannot be used in offline mode.
If your goal is to use authentication as some means of helping to combat piracy, you might consider using the new LVL system that Google released this week.