I am currently building a community around a GitHub app. People sign in with OAuth, and then they can "follow" other people.
However, in my database, I am only storing the numeric GitHub ID of the user, and not the GitHub username.
And if I want to display the GitHub username in the UI of people followed, I'd need to contact the GitHub API with the given GitHub user IDs.
If the list of users to fetch names for is long, that'd quickly exhaust my rate limits.
My question is: If I need to display the usernames of my users in a list, is it good practise to store the GitHub username in the database as well? And if that is the case, what happens if the GitHub user changes his/her username? How do I "listen" to that change and update the entry in my database as well?
Related
Here's what I'm trying to do:
When people log into our app, using Google Apps OAuth, they are automatically grouped within the app, by their organization.
We're already doing this with Slack, where a user logs in, says which team they want to log in from, and they are automatically grouped with other people from their Slack team.
With Google, it seems a bit more complicated. I do not need access to anything within the organization: no user list, no other e-mails, no files. All I need is the name of the organization, and some sort of unique identifier.
Is this even possible? I've been digging through this without much success: it seems like an admin from the apps account has to install or approve the app?
I'm getting the sinking feeling that this will have to be something setup via the Marketplace, but that's far from ideal from our perspective.
Can it be done?
What you want is the hd claim of the ID Token. This represents the "hosted domain" of the Google for Work user, i.e. their organization.
If you use the Google Sign-in library, you will be able to get the ID Token of the user, once you have that you can extract the hd claim. Try these docs: web, ios, android.
We would like to develop a survey in which consenting participants would have to give us access to their list of checkins on Foursquare. Currently, we do so via a Foursquare app, but I do not seem to find a way to specify which permissions our application needs.
Whenever a user is asked to grant access to our app, he is informed that we will be able to post checkins on his behalf and do a bunch of other things. This will raise concerns and will likely lower the number of willing participants.
The question would be whether there is a way to restrict the permissions of our app to what we actually need, i.e. the full list of checkins.
As an alternative, we are considering befriending the user from a special account instead. However, does friendship guarantee that we can see all of his checkins?
The Foursquare API currently doesn't support scoped permissions (e.g., seeing check-ins only). You will have to make it clear to your users that you won't post to their accounts.
The only way to see a person's entire history of check-ins is if you have an access token for them, so unfortunately the befriending method won't work.
I've just started working with Google OAUTH2 in order to add a "Sign in with Google" button to my web site.
According to the "Google+ Platform Developer Policies" section B.2.a.III, if a user deletes their Google account, I must delete all personal information I obtained from the Google API relating to them.
Does this apply to my web application as well? And if so, how do I detect that a user's Google account no longer exists? Surely, a successful login will only occur if the Google account exists; so how can I tell if a previously existing account is no longer there?
Maybe someone has a better approach, but a simple and practical solution would be have a link buried somewhere on your site that allows a user to request account deletion via email (assuming you still possess a valid email for him - if he deletes is Gmail and that's all you have then you have no way to contact him other than manually via phone or something).
The doc you link to says Give users a reasonably convenient way to delete any of their personal information you’ve obtained from the API.
So assuming you still have a valid email address, this would work:
Your FAQ says "What if I want to delete my account?". Links to account deletion page.
Account deletion page: What's your email? _____ (Continue)
Email is sent to user with (securely randomized) confirmation link.
Confirmation link is clicked by user which deletes all of his data from your site.
Success of that process is dependent only on your system and the email arriving.
(If you are concerned about complying to EU data protection law, you might want to implement this feature anyway - since one legally has the right to demand the deletion of one's own personal data.)
I am working on iphone application.I wanted to get the social networking (facebook,twitter, etc) profile details by giving email id as query. Is there any method to get the profile ?
For Facebook you can try this answer: https://stackoverflow.com/a/5247066/580173
For twitter this this not possible. You can use oAuth to authenticate the user and get the profile.
For LinkedIn I believe it's also not possible. LinkedIn doesn't communicate the emailaddress anywhere in their API.
See this forum post: https://developer.linkedin.com/thread/1131
I'm assuming that you're wanting to just add the social profile links to a user's profile inside your app...correct? (If you want to actually allow your users to post to their various social media accounts, your best bet is to go ahead and let users sign into each individual account via OAuth.)
If you're looking to get public social info via email address, your free options for a simple solution are pretty limited. Each different social network has its own method, so you'd need to build out a different process to query each social network you want to support. Without more info on which networks you want to support, there are any number of different answers to this question - so I'll just say your best bet is to check out the developer docs of whichever social networks you want to use.
If you're looking for a paid solution, you might try FullContact (full disclosure - I work for them). The Person API pretty much does exactly what you're looking for - pulling all public social media profiles associated with a particular email ID. API docs are here.
However, it is a paid solution, which may not be what you're after.
So I'm in the midst of creating a Facebook Connect enabled site. The site in question will leverage your social graph - as defined by your facebook account - to do social things (what is really not important here). Here's the big question I have:
Are people still rolling their own authentication heuristic when using something like Facebook Connect? That is, are newer (FBConnect) sites today providing only FBConnect as an authentication strategy, or are they pairing it with other auth strategies (such as Google Auth, Open ID, etc)? What do you think is the best way to go? With Facebook having over 300,000,000 users now, is having 1 authentication strategy (FBConnect) enough? Or is it proper netiquette to provide users other means?
Some of the references I have been looking at today:
http://www.kenburbary.com/2009/08/five-reasons-companies-should-be-integrating-social-media-with-facebook-connect/
Increased Registration - Data from Facebook states that sites that use Facebook Conect as an alternate to account registration have seen a 30-300% increase in registration on their sites.
• Citysearch.com – Daily site registrations have tripled in the 4 months since Facebook Connect testing began
• Huffingtonpost.com – Since integrating with Facebook Connect, more than 33% of their new commentor registrations come through Facebook
• Cbsinsider.com – Over 85% of all new user registrations are coming from Facebook Connect
http://www.simtechnologies.net/facebook-connect-integration.php
"according to the current statistics using facebook connect increases 30-40% user traffic as compared to non-facebook connect websites."
http://wiki.developers.facebook.com/index.php/Connect/Authentication_and_Authorization
Our research has shown that sites that implement Facebook Connect see user registration rates increase by 30 - 200%.
No Need to Create Separate Accounts
In general, it's not a good practice to force a new user to create a separate account when registering on your site with Facebook Connect. You'll have the user's Facebook account information, and can create a unique identifier on your system for that user.
Just make sure you understand what Facebook user data you can store, or simply cache for 24 hours. See Storable Information for details.
If the user ever deactivates his or her Facebook account, you have a chance to contact the user to request the user create a new account on your site. When a user deactivates his or her account, we ping your account reclamation URL to notify you of the deactivation. Then Facebook sends the user an email regarding the deactivation. If the user has connected accounts with any Facebook Connect sites, and if your site has specified an account reclamation URL, the email will contain a section with your application logo, name, and reclamation link, in addition to an explanation about the link's purpose. For more information, see Reclaiming Accounts.
http://www.chrisbrogan.com/how-facebook-connect-points-the-way-towards-velvet-rope-networks/
The Drawbacks
Though there are advantages to using Facebook Connect for integration, there are some drawbacks, mostly from the marketer’s point of view. If you build out a social network project using Facebook Connect, Facebook gets all the information and you get none. You don’t get a database of users. You don’t get a way to message people participating in your event, except for “in stream,” the way everyone else is using the app. You don’t have any sense of demographics, nor any control abilities to block trolls or other unwanted types.
Crystal Beasley "All of the FB Connect sites we have built so far have incorporated "standard" accounts as well, even with the added complexity of supporting dual login methods."
There are still people who use mySpace (myself not included), and I know a several people coming out of college that have completely deleted their FB accounts to get rid of information of them they don't want potential employers to find (I know, there are a lot easier ways of doing this). If there are people who for whatever reason do not want to have a FB account, at least give them the option of creating a private google account.
Using ONLY Facebook as the register/login-method seems pretty dangerous to me. If you had a regular user management system, with Facebook Connect to speed up the process from a user-perspective is a good idea.
The Problem is somewhere else
if you really want to leverage the social graph only facebook brings "pure" data
the graphs people build at e.g. myspace arent telling much about that person and its social env. - at google neither
if you are just heading for viral spreading prefer the plattforms that share the best (just facebook again)