I know the rally api and using it i can get rally user object id but it requires username and password. i don't know the password for other users. So is there any way to get the rally user object id for other user when the password is not known.
Sure. The user endpoint you linked to is a little special in that it always just gives you back yourself. If you instead hit the users (plural) endpoint this will behave as you are expecting and return all the users. You can query and sort these results the same way you would with any WSAPI endpoint.
https://rally1.rallydev.com/slm/webservice/v2.0/users
Related
We're using OAuth2 to allow users of our system to connect to Xero. Once the authorization succeeds, Xero provides an access token with information about the user who made the connection, including a xero_userid.
However, using this ID to find the user via the Users API fails with a 404. The Users API shows a different ID for the same user.
Is there a reason these are different? And how can we use the xero_userid returned in the Oauth2 flow to find to the Xero user via the Users API?
In XERO, the xero_user_id you extracted from access_token is the internal userID that XERO uses to recognize the contact. So If you use the same the GET API will return 404 as it is not accepting the internal user ID, instead of that If you pass the CONTACT ID of the User it will return 200 with details.
At the same time, If you want to get the login user details(contact information), better call the /User API directly with the token, it will return the details and the response contain the contactID of the user in UserID field (I know a bit complicated)
Please refer to the screenshot for more details.
I am trying to create web-forum with user authentication, using Github and Google. I've already managed to get user information with access token, like login, email and etc. But I don't get the workflow for authenticating this user in my database.
In order for user to register, he need to provide email, login and password. All the examples and tutorials I saw, was stopping at the sessions and that's it.
My website has database with posts and comments, and to fetch, for example, user's created posts, I need to get the user id, then I will lookup in the database. I thought, maybe, I can use access token as a password, since it's unique, but it always changes and has an expiration date. Then I thought, to left the password input empty and register user without it, but I think, that's not very secure. How should I do it?
I need to get logged in user's ID on a web page where user is authenticated via OneLogin. We need to use OneLogin's REST API endpoint that can give me logged in user's details.
https://api.domainname.onelogin.com/api/1/users/:id
For above REST API I need user's ID.
Can you please help me figure this out?
Are you saying the user has a OneLogin session? Or that you are using the API to authenticate the user using the delegated authentication API?
If you are using this: https://developers.onelogin.com/api-docs/1/users/create-session-login-token
The user ID is in the response.
If the application you're writing supports SAML then part of the SAML assertion you got from OneLogin should be a unique user attribute (email or username)
Your best bet is then to get that user from OneLogin by using that attribute -
https://api.<us_or_eu>.onelogin.com/api/1/users?email=user#test.com
or
https://api.<us_or_eu>.onelogin.com/api/1/users?username=testuser
And since that value is unique, it will only return the one matching record (i.e. The current user)
I'm operting a website, which enables users to login via facebook or/and google+ to access their user profile. If a user logs in with facebook, I want to show if the user also granted permissions to log in via Google+.
I have an G+ access- and refresh token in a database. I've tried to use the G+ client's "setAccessToken()" function and afterwards "isAccessTokenExpired()" to do a check. The problem is that "setAccessToken()" expects the accessToken param as a JSON string (the same you receive as you log in with google+). So I think that's not the way to go...
Does anyone has an idea how to check if the user granted permissions to log in (without logging in)?
Best regards
ninsky
Maybe it's not the best solution, but I've used a refresh token to check if I can get a new access token. If that fails, the user revoked access.
You're not specifying the library you're using (if any), but most of the Google-provided libraries require that the access_token object that was returned (which contains both the access_token and the refresh_token, along with other values) be the one that is passed to the API for authentication. In general, best practice is to store the entire JSON object and not the individual values in it.
In my application I retrieve OAuth token as per standard procedure. I know that the proper way to 'resolve' token to user information (including ID) is via:
https://graph.facebook.com/me?access_token=<token>
However this method appears to return 'false' for the so-called gray/advertising Facebook accounts. It so happens that I also need to deal with such accounts.
How can I retrieve user ID or any other useful user information for such accounts if the only information I have is OAuth access token? Should I resort to parsing the token to extract user ID a la http://benbiddington.wordpress.com/2010/04/23/facebook-graph-api-getting-access-tokens/ ?
Well, I still have no idea how to do it via Graph API.
Via 'legacy REST API' you can at least invoke this: users.getLoggedInUser
This will give you user ID (uid).