I'm developing a Mobile Apps. For now i put my access token on SharedPrefences. I want to ask is store access token on SharedPrefences secure? if no where is best practice to put access token.
Thank You
You should use EncryptedSharedPreferences instead of SharedPreferences as described in the official documentation https://developer.android.com/topic/security/data#edit-shared-preferences
Related
You get the problem reading the title. Is there anyway I can sign up customers using commercejs. The documentation is only showing login/logout methods but not sign up.Is there anyway I can do it through commercjs. Or should I use other authentication service like Firebase Auth??
There is no specific way to register a user as Commercejs does not store any kind of password.
The only way for registering a user is to use https://commercejs.com/docs/api/#create-customer as per API reference docs. however if you want to integrate some kind of custom auth you should definitely use this reference:
https://commercejs.com/docs/api/#issue-jwt-for-customer
This allows you to issue a JSON web token for a customer directly using your secret Chec API key. This may be a desirable option if you are integrating your own customer authentication, and simply need a token to authorize API requests as your customer with.
I have personally used this method along with Firebase auth.
I am working on Instagram api. I am getting problem with getting likes and comments of a public post in Instagram as it requires access token .
As we can see from the Documentation is:
https://api.instagram.com/v1/media/{media-id}/likes?access_token=ACCESS-TOKEN
I could use a third party app to generate Instagram access token and save it to my database but the problem is access token can expire any time or once we change the password so I needed a life long token like as Facebook and twitter provides APP access token or Bearer Token to post of get on behalf of app which could be generated using APP Secret and Client Token.
Or Please let me know if there's any ways to get Instagram public post likes and comments using Id.
Thanks in Advance.
There are no life long tokens by design. You'll have to implement logic to refresh a token when it expires. There is no way around this, you have to use an access token and you have to deal with the fact that tokens expire. It's on you, as the developer, to implement logic. From the documentation:
Access tokens may expire at any time in the future.
The solution you're looking for does not exist. It's so easy to implement a refresh, just look for an error or type OAuthAccessTokenException then rerun your auth flow.
I have a general quation about the access token for Facebook API Graph.
I'm doing some testing with the API Graph explorer. I want to display some public facebook events on my website. https://graph.facebook.com/search?q=party&type=event
For the testing I created a access token and it's working.
Now my question: Can I use this token for my website or has it to be renewed all x-days? So when only searching for public events this token is good?
Thanks for your help.
Ben
You should be able to use an App Access Token, it is valid forever. It´s just a combination of App ID and App Secret, including a pipe sign: App-ID|App-Secret
Careful though, don´t use that token on the client.
More information:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
Edit: I just tested it with an App Token, it seems that you do need a User Token after all. You can use an Extended User Token, it is valid for 60 days.
Is it possible to use Smartsheet's API to sign into Smartsheet on the Web. I am thinking of creating a form-based auth that uses the API to login. Has anyone done something like this? or is this even possible with the tokens that can be produced by the API. I am aiming for a web based single sign on without using SAML.
I'm not totally clear on what you are asking, so I'll address each question individually in hopes that it addresses your overall question:
Is it possible to use Smartsheet's API to sign into Smartsheet on the Web?
No, you cannot create a web session using the api. For 3rd party apps, that would defeat the purpose of using OAuth2 since the whole goal with OAuth is to grant limited access to protected resources. For user-generated access tokens, it could be feasible, since those tokens have unrestricted access, but the API does not currently support that.
I am thinking of creating a form-based auth that uses the API to login. Has anyone done something like this?
I assume you mean you will create a form to collect a user's Smartsheet credentials and use those to have an SSO experience into Smartsheet? This is technically possible, but I'd strongly discourage against it. To create an SSO experience, you'd need to retain the password in a way that allows you to POST it on behalf of the user. This means you'd store it in a 2-way encrypted state (at best), which is definitely not best practice. Again, I'd highly recommend NOT doing this.
I am aiming for a web based single sign on without using SAML.
If you want an SSO experience into Smartsheet, you can either use SAML or Google (not truly SSO, but pretty close). There isn't an API-based approach currently.
Side note, if you want to go the other way, meaning you have a website and you want to use Smartsheet (or any OAuth2-based API for that matter) as the identity provider, you could use the 3rd Party OAuth2 flow. See the docs here. You could then add a "Login with Smartsheet" button to initiate that flow, much like we see everywhere on the web with "Login with Google" or "Login with Facebook".
I tried to Get Token secret by using dotnetopenoauth.
I searched in it and find
SimpleConsumerTokenManager
class which has
GetTokenSecret()
which seems fine to me but could not making an object of it as it depend on "AuthenticationOnlyCookieOAuthTokenManager"
could you please guide me if you know how can I initialize this class , or even is this the right way of getting secret token to make my twitter signature string
thank you
DotNetOpenAuth does not store token secrets. The SimpleConsumerTokenManager that you found is meant only for temporary storage of a single token and secret during authentication. The IConsumerTokenManager interface is how DNOA interacts with your app so that your app can store and retrieve tokens and secrets.
So in other words, I don't know why you're looking for a way to use DNOA for retrieving token secrets.