Imagine you've to implement following user story:
"User should be able to publish message on social media(facebook/twitter/etc) using simple web form and one-click button[without need to login in fb/twitter/etc]."
In general, authentication in social networks is based on OAuth 2.0. Facebook distinguish three types of access tokens:
User access token
App access token
Page access token
I've tried first option with facebook4j, and it's working - however, we are supposed to supply token each time, we want to use it. I've found long-lived tokens, but their validity is also limited - 60 days.
Generating app access tokens is very simple, but I haven't succeed in publishing any post. From facebook docs:
App access tokens can also be used to publish content to Facebook on
behalf of a person who has granted an open graph publishing permission
to your application.
Page access tokens - I haven't tried. Is it possible to publish message on fb/twitter simultaneously, without login, of course, to predefined destination(fb wall)? If so, please provide me with any working example :)
Thanks in advance
Related
I'm using angular, google app engine and JAVA on the backend server.
User can authenticate without problem with an opendId connect URL where code is passed back to my server to authenticate.
Now what I wan't to do is send mail to user (refresh password, confirm account mail) and to myself (server error message) with my account myaccount#gmail.com.
Also I have sheets I need user to write and read datas to/from. Magically I've made it worked as an installed offline app (only 1 api at a time, I never made the two worked together).
I've tried service account but from a last post somebody explained me that in order to make gmail work I needed a g suite account which I don't have and suggest me to go through oAuth2 authentification. Now the question is how can I implement that in java with a single authentification, I explain, I wan't to authorize app to have access to certain scopes but it should be only be authorized once because I don't want user to have a consent screen popup and even if they had they couldn't authenticate as it is on the behalf of my personnal account. I don't think I can use installed app for a google app engine app but maybe I'm wrong.
just to let you know I have tried lot's of different manners and spent about 3/4 days trying to find a solution without clearly understanding/finding what to do.
Any help is greatly appreciated please let me know if you need more explanations or code.
I think you are missing a few key concepts here.
DATA
There are two types of data private user data and public data. Private user data is owned by a user and there for you must have permission or concent to access it. Public data is data that is owned by anyone.
Oauth2
Oauth2 is the protocol we use to request connect from a user for our applications to access their data. A user can grant you access to their gmail account and their google drive account granting you access to the sheets on their account.
Service accounts
Service accounts are preapproved dummy users. As a developers we can create service accounts and grant them access directly to our drive account then the service account will then be able to access to the data without being requiring consent as it already has pre approved access. (not all google apis support service accounts. gmail (with the exception of gsuite) and YouTube are two that dont)
What you are trying to do
However i do not understand why you want to use the users gmail account to send them an email. If you want to send them an email i would think you would be using your own email system.
If what you are trying to do is use your gmail account to send users of your application emails from YOU. Then you should consider going directly though the SMTP server to your own account. Having an application that uses the gmail api is one of the scopes that will be flagged by google when you try to get your application approved. You are going to be going though a lot of red tape with them to show why you need access to a users gmail account.
I'm creating an ecomerce app for a local store and they use Quickbooks Online. I can see the Quickbooks Online API requires a "Connect to Quickbooks" button where the user then logs in, but that's not what I'm looking for. What I'm looking for is something when they look at the products page, the app queries (or sends a REST/SOAP call) and gets back product data for my store. Our customers will have no idea that we're using quickbooks online, and definitely won't have a login. The flow would be like:
Customer clicks Products
ProductsAction will execute a service call to QuickBooks to get the products we sell (select * from products)
ProductsAction will return Success passing in the list of products to the page to be rendered.
mycompany/Products renders the items returned from QuickBooks Online.
Is there any possible way to do this? Everything I've read requires O'Auth authentication (meaning the user would have to login to QBO).
Feel free to ask any questions an thanks in advance!
I can see the Quickbooks Online API requires a "Connect to Quickbooks" button where the user then logs in, but that's not what I'm looking for.
Yes, it is.
You only have to log in ONCE. Exactly ONCE, and then you never, ever have to log in ever again. So, your QuickBooks admin logs in ONCE using the "Connect to QuickBooks" button, and then NEVER LOGS IN AGAIN.
Instead, you store the OAuth tokens, and use the stored tokens to do you queries from there on out.
What I'm looking for is something when they look at the products page, the app queries (or sends a REST/SOAP call) and gets back product data for my store.
This is all perfectly do-able. The reason you can't do it right now is because you're not storing the OAuth tokens like you should be.
Our customers will have no idea that we're using quickbooks online, and definitely won't have a login.
They don't need to have any idea about this. Store the OAuth tokens after you connect ONCE, and then everything can be unattended, no login, you just query away whenever you want to.
Is there any possible way to do this?
Yes!
Everything I've read requires O'Auth authentication (meaning the user would have to login to QBO).
The QuickBooks admin logs in ONCE and then never again. Store the OAuth tokens after that one and only login, and then use those to do all of your queries in the future.
This is how OAuth works for every single application that uses OAuth on the entire planet. Log in and authenticate once, store the tokens you get for future queries.
...
...
Did I mention you should be storing the OAuth tokens that you get back after that one single time your QuickBooks admin logs in? :-P
Yes, you can do this:
Create an account on https://developer.intuit.com using your accounts QBO login.
Make an app
Grab OAuth creds from the API Explorer.
See my tutorial for help on the first two steps: http://minimul.com/integrating-rails-and-quickbooks-online-via-the-version-3-api-part-1.html
You still need OAuth creds but since you only desire to interact with your company/personal QBO account you don't need to do anything formal, just get the OAuth credentials somehow. Once you have the credentials you can start building your integration code.
I'm building an application that needs to query and fetch the Facebook public feed every hour or so. I only need read access to the public feed. I can make the query using the Access Token generated on the Graph Explorer page but that token expires after an hour or so. I know there is a way to get a 60 days token and use that, but that requires updating the token every 60 days.
Whats the correct way of doing this? All the material I have found so far assumes a front end application that needs a user's login authentication.
You can't get offline access token for facebook (unlike google).
You can get access token for 60 days, and when user asks for page that requires authentication, redirect him to login page.
In playframework you can do this with securesocial module (and i am sure there is social module for whatever server you choose to use).
Alternatively, you can extend the short-lived access token.
I am unsure of the technical details of how to do this, only that it is possible.
Maybe this link can help you:
Facebook full permission AccessToken alternative to Offline access token
I need to make a simple query SELECT url FROM url_like WHERE user_id={friendId} in my Facebook app that I build with help of Spring Social. To do this I use authentication code provided by this library. The authentication works fine. But the query mentioned above returns an empty array. I would like to emphasizes that all the needed permissions are given (user_likes and friend_likes). However similar access token given to me by facebook graph explorer works perfectly.
Access token debugger from Facebook says that both tokens are valid and have needed permissions. The only difference in the duration of token validity: my app gives token that expires in 2 months and Graph Api gives for an hour.
What is the reason of this strange behaviour? Why token given by my app with needed permissions is unable to make this query. How to fix this issue? Thank you in advance.
UPDATE
Ok, it seems that Facebook gives access token for application that is different from access token of a user. So now the question is how to get user's access token with Spring Social Facebook?
You need to submit a post request to spring social ConnectController for the specific provider e.g. http://wwww.yourdomain:8089/connect/facebook. Spring social then will redirect the user to facebook authorization page where the user will grant your app with the asked permissions and send back a code to your server. Spring social then will exchange that code for an access token. You need to establish a connection for that user to be able to perform requests against FB on his/her behalf. Here is a doc page that might help http://static.springsource.org/spring-social/docs/1.0.0.M2/reference/html/connecting.html
I'm currently developing an application that essentially perform background fetch of reports from a salesforce account and save them into a db, the flow goes more or less like this:
-A user logs-in in my app.
-Selects add salesforce connection.
-He is presented with a form to provide consumer key (client_id in some docs) and consumer_secret as shown in Develop-Remote Access (in a salesforce account).
-Then the app initiates web server flow as described here and the salesforce login form is presented so user can authorize my app, app get access token, then request refresh token.
-Once the app goes through all this process it obtaines the refresh token to update the access token once it expires so it can make subsequent call to API functions. Once the refresh token is get, the user doesn't have to go through all the flow, just log-in to my app and see his data updated.
This refresh token is obtained to perform updates of reports even when the user is not logged into the system.
However, before doing all that user has to go to the Develop - Remote Access section to get consumer and secret and provide it to the app. Average user don't get this easily, is there any way to simplify this? Any experience on how to simplify the process, am I looking at the wrong flow? Btw I'm working with java.
Thanks.
You can create one remote access setting in your own developer org and then re-use that, it's automatically shared, you don't need to have your customers create their own ones.