Is it possible to use a Facebook session in a Flash to authenticate on Google App Engine? I'm trying to create a Flash game and I want to use GAE as the back-end.
I'm not totally sure I understand the question but I think you mean that you have a Facebook session running in Flash but you also want to be able to connect to your back end on GAE and have it interface with the FB REST API.
If so, then yes. You simply create a URL for your GAE application that includes the FB authorization tokens (fb_sig*) and it should be able to re-use those to communicate with the Facebook API.
One caveat, though, is that the tokens may expire. If you run across that problem then you'll simply need to re-auth with Facebook in the Flash and re-send the tokens to your GAE request.
Related
I am looking for a Java API to query Instagram images based on a given coordinate or bounding box. I will appreciate if someone can tell me if there is any such JAVA API exists?
TIA
You could do this by first searching for Instagram locations by geo coordinates using their /locations/search endpoint, and then pull the medias for each searched location using endpoint /locations/{location-id}/media/recent.
All Instagram APIs require authentication which means you would have to go through the process of creating an Instagram App and authorizing the app to access your account to get an Auth token. More details are available at https://www.instagram.com/developer/
The Java API 'jInstagram' mentioned by #Thanos is decent one to start with but it is not actively maintained and you still need all the App creation and authentication processes anyway. If you are doing serious development, it worth to write your Java program to access the Instagram endpoints directly. You can use Scrible to negotiate the OAuth process.
Background
I believe the recommended way to access Google services from Android is to use the Google APIs Client Library for Java (for some services play services is recommeneded too).
If you want to access your user's account, you use oauth2 to authenticate the user, but things seem less clear if you want to access your own services (eg. I want to access Google Cloud Storage belonging to my app engine project).
The problem with service accounts
What I see a lot of here is using service accounts, and I've used them server-side and found them to be a comparatively simple solution, but this requires you to deploy your private key so I don't think this could be right for public Android apps.
The solution: Public API access
If you go to the 'credentials' page of the cloud console:
https://console.developers.google.com/project/[your_project]/apiui/credential
it seems pretty clear that they expect you to use a 'public API access key' for the situation I'm describing. It appears that this is not OAUTH based.
I assume that I will still use the type 'GoogleCredential' for this, but in the documentation for the credential builder I don't see how to do this. The set client functions appear to relate to the oauth2 access (which uses client ID/secret).
The Question
How do I use the 'public API access' key to access Google services from an Android app.
Or, if I'm wrong about service accounts - and they really are the recommended solution, then please show me some evidence of this because it certainly apppears to me that they are not the right solution for publicly distributed apps.
The good news is that it's very much easier. You can either use a Service Account (ie. a brand new account dedicated to your app) or a regular account.
For a service account you embed the key in your app, for a regular account you embed a refresh token in your app. In both cases, be aware of the security risk and use the minimal scope necessary.
You can get a refresh token without writing any code by following the steps in How do I authorise an app (web or installed) without user intervention? (canonical ?)
Is it possible to have Single Sign On feature for Facebook integration from other application?
As Facebook uses OAuth 2.0 it seems client and resource owners both needs to be authenticated as token have limited lifetime.
Reason I want to have this feature is for write operation resource owner (Facebook user) authentication seems good but to read or display summary of user/page stat it might be annoying for user to log on to social network.
I am using Java (Spring Social APIs).
the offline_access permission is probably you're best route. This creates a long lasting token for the user that you can use. Make sure you're not using it to do anything against the FB TOS or you'll probably get your app banned.
Hey all, i want to integrate my Blackberry App with Twitter, and found that the way to do it is with OAuth. The problem I have is that i would like to do the verification of this from my server as to put less strain on the device, but I have no idea how to get the OAuth PIN from the server to be displayed on the device so the user can enter it, any ideas as to how i can do this? or an alternative ?
You can't. OAuth was designed such that only the service provider can provide authentication (so that the developers don't have to store their client passwords on their database servers and if the client changes their passwords, then it would have to be managed also on the developers side too). There is only one source of authentication and that's from the service provider (Twitter, in this case). Sharing of passwords is therefore eliminated.
OAuth doesn't work on PINs but rather using Request/Access Token. Follow the Beginners' Guide to OAuth and Twitter Developer's Auth Page to see how you can incorporate OAuth to Twitter. Just to give you an heads up, you will have to register your application to Twitter.
Update For Mobile and Desktop applications, rather go through Twitter's xAuth. Here's a documentation on how to register and use your application to use xAuth.
Twitter OAuth FAQ.
Hi I am developing an Android App where I require a user to authenticate his session before using the app. One way is to store a user name and password by asking him to register on the app and then use that to authenticate him. But i was looking to do something else, maybe use an OpenId account to authenticate or Opensoial or something like Facebook Connect. Any Suggestions and comments? thanks for you help.
First, please do not whine about not getting answers after only an hour, particularly when it's Sunday in much of the world. If you want responses in less than an hour on a weekend, hire an expensive consultant.
Hi I am developing an Android App
where I require a user to authenticate
his session before using the app.
Why?
Any Suggestions and comments?
Most Android applications do not require authentication for local use. They may require authentication for access to online content (e.g., Web service), in which case the authentication is handled by the Web service and uses technology dictated by the Web service.
Bear in mind that any online authentication process (e.g., OAuth, Facebook Connect) means your application cannot be used in offline mode.
If your goal is to use authentication as some means of helping to combat piracy, you might consider using the new LVL system that Google released this week.