I'm trying to use the spring social facebook plugin. To do so, I'm using the quickstart-v3 sample they provide. It works fine, except one point : with my facebook account, I can browse all my friendlists. I added the permission read_friendlists in the application management and the application requests the good rights when used for the first time. However, when I log in to another facebook account (as application admin as me), I get nothing. Do you guys know what the problem could be ?
I found the problem : I didn't used my app permissions but the graph api permissions. That's why it only worked with me.
You need to request read_friendlists permission for every account you're connecting to your app.
Related
I would like to have access to my OneDrive files using Microsoft Graph API in Java. I've tested this sample : https://learn.microsoft.com/en-us/graph/tutorials/java, and added a "getFiles" part to it which displays informations about my files. For the moment, this works perfectly.
But I would like to avoid user sign-in each time I run the sample. Indeed, in the authentication part of the code, a DeviceCode is used to acquire the token, and I'm redirected to a Microsoft web page where I sign-in and authorize the application to have access to my account.
I tried to replace the DeviceCode with IntegratedWindowsAuthenticationParameters (I got this from here : https://github.com/Azure-Samples/ms-identity-java-desktop/blob/master/Integrated-Windows-Auth-Flow/src/main/java/IntegratedWindowsAuthFlow.java (line 73)) using my scopes and email address as parameters, but I got the error below :
"com.microsoft.aad.msal4j.MsalServiceException: WsTrust endpoint not found in metadata document"
Edit : IntegratedWindowsAuthenticationParameters isn't suitable for personal accounts like mine (xxxxx#hotmail.com), is there another way to acquire token with this type of account ?
Is it the right solution to access personal accounts ? Or did I miss something in the App configuration in AAD ? Are there any other solutions ?
Thank you for your help :)
Using a global tenant administrator account, which is your .onmicrosoft.com account.
Please verify and make sure you have logged in with the proper account for the App you registered.
username = xxxx#xxxx.onmicrosoft.com
Update
Integrated Windows Authentication (IWA) supports federated users only - users created in Active Directory and backed by Azure AD. Users created directly in Azure AD without Active Directory backing (managed users) can't use this authentication flow.
Please refer to this doc.
I've got a Java Spring Security project that's linked to an Azure AD via a registered Application. This way I can redirect users to Microsoft to login with their Azure account before being able to view certain pages or use certain endpoints. This is all working great.
The problem is, I have another AD (and possibly more in the future) that I also want to be able to have users log into. However as far as I can see Spring Security only allows for 1 AD to be configured, so when a user wants to log in they always have to be a part of the currently linked AD.
I've tried looking into different solutions for this, for example syncing all the users from the external AD into the active AD. For this I was able to retrieve a list of users, but when I wanted to add them to the AD, the only API endpoints I could find were to create new accounts instead of link them from an external AD. Another idea was to configure Spring Security to simply authenticate against more than 1 AD. But as far as I've seen, that's not possible.
In the end I just want to have a situation where users from both AD's can log into my application, using their existing credentials without me having to manually invite each and every one. What is the best practice when dealing with a situation like this? I'd very much appreciate some help pointing me in the right direction. Thanks in advance!
I have an app that provides initial login (authentication) with facebook or twitter.
I would like to add WeChat authentication.
App isn't on the stores yet.
Does anyone have any experience on this kind of authentication?
What are the steps to achieve it?
I'm so confused by wechat documentation because seems have two versions:
one used to send messages;
another one, seems, that grants authenticated API (chinese documentation only?);
I think that a guide on SO is missing and can help a lot of people considering that documentation is not too clear.
Problem is that I cannot register my app:
if I use 'developers.wechat.com' I can't create app because of this bug.
if I use 'https://open.weixin.qq.com/' I can't create my account because a chinese phone number is required.
So?
I want to know if he given user is admin of google apps domain or not. getting a list of domain admins will also do.
userService.isUserAdmin() gives user admin of google app engine which I don't want.I want to check if user is admin of google Apps domain.
I found that we can use read only access to provisioning api for this,but I could not get any detailed tutorial or code.I also need the authentication for read only access using oAuth 2 only.
Read-only Provisioning API access is only available to Google Apps Marketplace applications using two-legged OAuth 1.0. If you're not developing a Marketplace App, you'll need to get the full read-write users scope.
A java example is available at:
https://developers.google.com/google-apps/provisioning/#retrieving_user_accounts
I have created an appengine app and the owner is x#foo.com. Foo.com is a google apps account. I've also registered bar.com as a domain alias for foo.com in the google apps admin console.
I'd like my appengine app to send emails from x#bar.com. However, appengine requires that emails be sent from an administrator of the app. But, since x#bar.com isn't a google account (it's just an alias for x#foo.com) I can't add it as an admin my appengine account.
How do I get appengine to send emails from x#bar.com?
Seen this before .. Its a known issue. Click here and there really does not seem to be anyway to work around it. Probably not the answer you were wanting to hear. There's a couple of links in that issue tracker with possible workarounds. Hope that helps