I am able to load my app in facebook iframe, but can anyone help me with the user authentication in java. Any help will be really appreciated. Thanks
All java API clients provide extensive documentation on authentication. Here are two:
restfb
spring-social-facebook
Authentication follows the OAuth dance, which includes exchanging tokens. A tricky bit is that you should store the initial request token in your session, in order to be able to get it when facebook redirects the user back afterwards.
You can use a sdk like this one or you can find your way trough the facebook api, the requests are simple.
Related
I am making a desktop application for Reddit in Java. I want to let users log in to their Reddit account via my application so that they can do things on Reddit. I know that I need to get access tokens and whatnot but I don't know how to go through the process of doing that. Whenever I have accessed the API previously, it has been in Python using PRAW, so I would manually enter in the client id and client secret - obviously I can't be doing this for a professional application. I'd appreciate it if anyone would guide me through the process of authenticating the user and how to receive and use the access token.
You have to use oauth apis. There is a sample integration for reddit. https://www.e4developer.com/2018/11/04/reddit-api-authentication-with-java-spring/
also there are developer guide for oauth in reddit page
https://reddit.com/dev/api/oauth
Reddit github page have good documentation
https://github.com/reddit-archive/reddit/wiki/OAuth2
I am building a REST API to login to my system using PayPal credentials.
I'd like to use the PayPal-Java-SDK and I've succeeded to get all the info I need for a given PayPal account (starting from the Auth Token).
I had a look at Paypal Spring Social and I found another token I wasn't considering in my implementation. It's called IdToken. For example here
I tried to search online, but I couldn't find much info about it.
Why is that token needed?
Is there a way to retrieve it using the REST API?
Thanks
I think I misunderstand the SDK. It doesn't seem to be currently supporting OpenId. That's why I couldn't retrieve the IdToken with it.
I spent a lot of time looking for any clarifications about using oAuth with FB and Twitter.
I have to do application which will be using access_token. This token will be used also on diffrent devices to access user account via API.
When I'm looking for "how to use access_token" I only finding "how to get token".
If I something miss reading documentation please let me know, especially where is example - how to use this token on other devices to access API to send eg. post.
I have found Twiiter4j and Facebook4j these libs helped me... I've got this access_token and now what next, how connect to API... I know that it's no possible to get access to Twiiter API - ok, but what about FB and "client side"
please help.
Oauth can be complicated so let me try to explain it simply.
User visits your website
Your website checks if it has seen this visitor before (usually with a cookie)
If not, send them to FB/Twitter/Whatever's oauth url. In that redirect, we tell FB/Twitter/Whatever that we're going to need x,y,z permissions (access a users timeline, see a users friends, etc). We also tell FB/Twitter/Whatever that when the user says ok, send them back to www.myurl... Finally, we take everything in this request and "encrypt" it, to prove it's really our site asking. The key to this is only saved on our backend, so the frontend (javascript/html) never sees it.
FB/Twitter/Whatever sees the request. They also see the "encryped" form of the requests. Fb/Twitter/Whatever knows this key too (they gave it to us, it's usually called the "secret" when you're configuring your oauth) They can verify it's really your backend asking for permission.
If the user agrees, we get a token. We store that token (on our backend, php, java, ruby, etc) and remember it belongs to that user.
The main thing to stress here is that in order to do the oauth handshake, you need a secret key that you never output to the browser. That means you'll need to implement part of this on your backend. You've tagged this with java so maybe that means you're using java as your backend, maybe with Google app engine or something. You'll need to find the oauth library for that, and work it out from there.
You can't create the oauth handshake only with frontend code.
How to know if user has granted extended permission requested by application. I use java at back end, and login and facebook registration is handled by socialauth api. I want to publish feed to user's timeline.
Javascript is unable to hit the url because it doesn't have access token for facebook communication.
Can this thing be done without using any client facebook java api?
Get /me/permissions from the Graph API, in which ever way you like.
In your implementation of a SignInAdapter, use the Connection object injected into the signIn(...) method to generate a facebook object and then use can use the userOperations object to get related permissions. The following code sample can help:
Facebook facebook = (Facebook) connection.getApi();
facebook.userOperations().getUserPermissions().stream().forEach(x -> log.info("Permission {}: {}", x.getName(), x.getStatus()));
I know this question is old but this answer might help anyone starting out. This is done based on the assumption that you are using spring-social-facebook.
I am trying to login my Android users with their Google accounts. I managed to get auth token from AccountManager. I also found some info that I need to use Google App Engine (so I did). I wrote some code (it is not the issue) and I have two questions. Maybe someone can help me.
I was following this tutorial. I understand most of it. But should I write any server-side scripts? This tutorial doesn't mention any. Also according to this tutorial I should get code 302 response, which I get. Does it mean that authentication was positive? Or maybe now I have to do something?
I am getting auth cookie (I think it is auth cookie) which contains very long value (I think over 500 symbols), expiration date and name. How should I use this cookie? Or maybe I don't have to use it? How can I use it to get user google account username? (I think there is that kind of value, different from email address)
Anyone can help?
Thanks in advance.
You don't need to write any server side scripts, all the server side stuff is already on every Google App Engine App.
You need to pass the cookie when doing a request into App Engine.