Recently google has added multiple user support to the assistant so how would use the API to identify the person by voice?
It depends what you mean by "identify the person".
There is no way for an Action to get the raw audio, so there is no way for it to do voice printing or anything along those lines.
Although each voice has to be reported against a Google User ID, you do not have direct access to that user ID.
What developers do have access to is a UID that is sent along with each request to your fulfillment server. This UID is consistent across requests, although it can be reset by a user (for example, if they reset their Google Home). You can think of this the same way you think of an HTTP cookie - you can track the UID and, if you see it again, have reasonable assurance it is the same user that accessed it last time. This breaks down, however, for the "default" account on Google Home, since anybody who doesn't have an account will map to this user.
Beyond this, you can also use Account Linking to connect a Google Account consistently to an account in your own system. If you have sufficient authentication in place, or are using one from Google or Facebook for example, this can act as an identity.
There isn't an API for developers to identify users by voice.
Related
I am working on a web application which is based on Google App Engine (GAE). The requirement of the application is that one user can be associated with multiple company accounts.
My application has two main types of accounts. One is that main Admin/Company account. Other is the employee account (i.e. the persons who work under a company). Now, what I want to do is that to allow an employee to work under more than one companies, but he does not have to make a separate account for each company. His single account can be associated with multiple companies.
I have explored different platforms which are already supporting this feature. The major ones which I found are Slack and Asana. And my problem can be perfectly mapped to what Slack is doing right now i.e. I create a single account on Slack and I can join multiple workspaces on Slack using this single account.
I want to achieve the same in my application too. I am curious that how Slack is supporting this feature right now? Does it send some ID with every request to the server which indicates that the activity which just has been done is associated with the workspace under this ID? Or there is some unique sort of token associated with every workspace (on Slack API level)?
I do have such a model in my app. A unique auth_token is associated with every company account. So, I am thinking that when an employee wants to do an activity for a specific company he will send this unique token with the request to the server so that server knows for which company the activity was performed.
Does anybody know what is the best way of achieving this?
There are two different concepts at work here:
Relation between account and company / workspace
The data structure for the Slack account is designed such that it can be linked to multiple Slack workspaces, e.g. in SQL you would have a many-2-many relation between the accounts and the workspaces table.
Staying logged in
The way Slack and others Single-Sign-On provides like Google SSO keep you logged in is by settings a browser cookie. That cookie would usually be some kind of crypto hash and the SSO provider will use it to identify to which account the current user belongs to or to request a login via OAuth if the cookie is missing / invalid.
This can also be achieved partly with server sessions (which also uses cookies). Using server sessions is easier to implement than implementing your own (secure) cookie solution, however the user will only stay logged in as long as the browser stays open. But that should be sufficient for most solutions.
Note that tokens for the Slack API work very differently. e.g. they have to be generated per workspace, user and app.
The company I am working at offers a web based calculation tool which has to be paid monthly (a fixed price for a license).
Normally, users go to our website and authenticate themselves with their credentials and then can use the application. When they cancel their subscription they are not able to use the tool anymore, obviously.
Now another company called us because they want to provide our application for their own clients. We have already fixed that they have to pay a license fee for every of their clients. But there is also a restriction: their users should not have to log in on any of our websites (only on the website of our client). But the web application is hosted on our server and is loaded as an iframe.
Now there is that problem that we are not sure whether our client tells us the correct number of people who use our application wherefore we would like to verify that in some way.
One of my ideas is the following:
Our client has to call an API for every users who would like to use our application in order to submit some information like name or an unique ID of that user
When the user would like to access our application, an ID parameter is appended to the iFrame URL
I think that this is not a very good solution because our client could use the same ID for every access and pretend that only one users uses the application. By saving the ip address and id of the accesses it is possible to determine fraud in some cases because ip address will not change frequently.
We even do not have to know WHICH user accesses the application but only the NUMBER of users per month.
I am interested if there is a cryptographic solution where it is hard to cheat. Something like an authentication method which does not require any interaction of the user.
Well you can't. You should require the partner to issue a token for each user so you know they came from the partner.
You could have the partner call an api you expose to issue a one time token for a user and specify user id and IP. You could alternatively have the partner digitally sign such a login request.
If you bill the partner per user, and the partner decitfull he could claim less users.
You can fingerprint the users, you can give long term coockies, you can check IP and fonts installed etc. These will allow you to detect most types of fraud.
If you give a declared userId a cookie and then see him again without it, you assign him a new cookie and then later see the first cookie again while the partner is always declaring same id that is a very strong indicator of fraud.
If I was the decietfull partner I would pair up geographicly close users and merge their IDs. it would look no different from a user with two devices. But this still limits the extent of fraud possible. Two devices per user is plausible. 10 less so.
Find business partners you trust.
I want to pull likes and comments from any account that I specify. Can this be done with the Instagram API or do you have to have the accounts permissions to pull this info.
Essentially I want to be able to analyze this data without having log in credentials for the account.
Thanks!
Following the June 2016 changes to the API, you will need to invite the other users to be "Sandbox Users" of your API client. And even then, the access will be limited to their last 20 posts. Here's a quick explanation of the new Instagram API rules.
TL;DR
Sandbox users are other Instagram users that you “invite” to your
client. The main reason to do this is so that your app will then be
able to “see” their last twenty posts in addition to your own. In
other words, when they accept the invitation, they show up on the tiny
desert island where your app lives.
So you don't need their actual login credentials, but they do need to accept your invitation in order for it to work. The only other alternative is getting your app through the submission process to "go live" but there are very few use cases which they will accept anymore.
Here's what I'm trying to do:
When people log into our app, using Google Apps OAuth, they are automatically grouped within the app, by their organization.
We're already doing this with Slack, where a user logs in, says which team they want to log in from, and they are automatically grouped with other people from their Slack team.
With Google, it seems a bit more complicated. I do not need access to anything within the organization: no user list, no other e-mails, no files. All I need is the name of the organization, and some sort of unique identifier.
Is this even possible? I've been digging through this without much success: it seems like an admin from the apps account has to install or approve the app?
I'm getting the sinking feeling that this will have to be something setup via the Marketplace, but that's far from ideal from our perspective.
Can it be done?
What you want is the hd claim of the ID Token. This represents the "hosted domain" of the Google for Work user, i.e. their organization.
If you use the Google Sign-in library, you will be able to get the ID Token of the user, once you have that you can extract the hd claim. Try these docs: web, ios, android.
So I'm in the midst of creating a Facebook Connect enabled site. The site in question will leverage your social graph - as defined by your facebook account - to do social things (what is really not important here). Here's the big question I have:
Are people still rolling their own authentication heuristic when using something like Facebook Connect? That is, are newer (FBConnect) sites today providing only FBConnect as an authentication strategy, or are they pairing it with other auth strategies (such as Google Auth, Open ID, etc)? What do you think is the best way to go? With Facebook having over 300,000,000 users now, is having 1 authentication strategy (FBConnect) enough? Or is it proper netiquette to provide users other means?
Some of the references I have been looking at today:
http://www.kenburbary.com/2009/08/five-reasons-companies-should-be-integrating-social-media-with-facebook-connect/
Increased Registration - Data from Facebook states that sites that use Facebook Conect as an alternate to account registration have seen a 30-300% increase in registration on their sites.
• Citysearch.com – Daily site registrations have tripled in the 4 months since Facebook Connect testing began
• Huffingtonpost.com – Since integrating with Facebook Connect, more than 33% of their new commentor registrations come through Facebook
• Cbsinsider.com – Over 85% of all new user registrations are coming from Facebook Connect
http://www.simtechnologies.net/facebook-connect-integration.php
"according to the current statistics using facebook connect increases 30-40% user traffic as compared to non-facebook connect websites."
http://wiki.developers.facebook.com/index.php/Connect/Authentication_and_Authorization
Our research has shown that sites that implement Facebook Connect see user registration rates increase by 30 - 200%.
No Need to Create Separate Accounts
In general, it's not a good practice to force a new user to create a separate account when registering on your site with Facebook Connect. You'll have the user's Facebook account information, and can create a unique identifier on your system for that user.
Just make sure you understand what Facebook user data you can store, or simply cache for 24 hours. See Storable Information for details.
If the user ever deactivates his or her Facebook account, you have a chance to contact the user to request the user create a new account on your site. When a user deactivates his or her account, we ping your account reclamation URL to notify you of the deactivation. Then Facebook sends the user an email regarding the deactivation. If the user has connected accounts with any Facebook Connect sites, and if your site has specified an account reclamation URL, the email will contain a section with your application logo, name, and reclamation link, in addition to an explanation about the link's purpose. For more information, see Reclaiming Accounts.
http://www.chrisbrogan.com/how-facebook-connect-points-the-way-towards-velvet-rope-networks/
The Drawbacks
Though there are advantages to using Facebook Connect for integration, there are some drawbacks, mostly from the marketer’s point of view. If you build out a social network project using Facebook Connect, Facebook gets all the information and you get none. You don’t get a database of users. You don’t get a way to message people participating in your event, except for “in stream,” the way everyone else is using the app. You don’t have any sense of demographics, nor any control abilities to block trolls or other unwanted types.
Crystal Beasley "All of the FB Connect sites we have built so far have incorporated "standard" accounts as well, even with the added complexity of supporting dual login methods."
There are still people who use mySpace (myself not included), and I know a several people coming out of college that have completely deleted their FB accounts to get rid of information of them they don't want potential employers to find (I know, there are a lot easier ways of doing this). If there are people who for whatever reason do not want to have a FB account, at least give them the option of creating a private google account.
Using ONLY Facebook as the register/login-method seems pretty dangerous to me. If you had a regular user management system, with Facebook Connect to speed up the process from a user-perspective is a good idea.
The Problem is somewhere else
if you really want to leverage the social graph only facebook brings "pure" data
the graphs people build at e.g. myspace arent telling much about that person and its social env. - at google neither
if you are just heading for viral spreading prefer the plattforms that share the best (just facebook again)