I'm trying to resolve an issue regarding Google+ and authorizing users for an app using Google OAuth-2. More specifically, I find the authorization is successful when the user presses Accept on the consent screen; using the oauth playground and the auth/games scope, that looks like: http://retrofist.com/temp/Auth_01.png
However, if I then check my app privileges at plus.google.com/apps, I see the playground listed as visible to 'Only You': http://retrofist.com/temp/Auth_02.png - even though 'Anyone on the web' was selected on the consent screen. As I'm using Google Play Games for leaderboards, the result is that no one can see any leaderboard entries until they have manually corrected this to 'Public' visibility.
Can anyone explain a reason or workaround for this? Many thanks.
I observed similar issues, my scores was not published publicly to the leaderboard of the game. I then realized that, this is only for users whose email is defined as tester email. I could see the scores as publicly posted after deleting those emails from tester list.
Related
I have written an app which notifies users when someone make them unfollow (As like as any other apps in this area). Then, I got my app approved by Instagram. After six/seven attempts, they don't approve the app till now. I followed their instructions as feedback and fixed any probable privacy problem which my app might have. But I didn't get any bright answer from them as far.
I throw my app on the following use case:
My product helps brands and advertisers understand, manage their
audience and media rights.
And I wrote my API use cases as follows:
Thank you for considering our request to approve our application. The
required information for enabling live mode for our application is
explained in the following lines:
Q1: How your app does use the Instagram API?
First of all, our user (i.e. brands or advertisers) selects the “Unfollow Finder Service” on our application.
We redirect the user to Instagram login page, as indicated in API documentation, to authorize his account to accessing required scopes.
i. Note that we already told the user everything that we are going to
use.
We tend to call follow APIs whenever the authorized user clicks a button in our application.
Ultimately, we inform the authorized user with the information obtained from step 3.
Q2: How does it fall into one of the approved use cases?
The list of users who recently unfollowed/followed an
Instagram account are definitely crucial and beneficial for the brands
and advertisers on Instagram. In this way, they can get feedback
implicitly from their customers. Our service help them to manage their
audiences and provide better content for them. So, according to Q1,
our use case falls into “My product helps brands and advertisers
understand, manage their audience and media rights.” We never violate
the approved scopes and Instagram's privacy.
Q3: Who will be using your app?
In our region, lots of brands and businesses utilize
Instagram to publish their content. They are the users of our service
and can use it to improve their relation with their audiences. Kind
regards,
As you see, I'm trying to tell them everything in detail. But in my last submission, they declined me with the following feedback:
General issues:
Policy Violation ("Like", "Follow", "Comment" Exchange Program): Your
app shouldn't participate, enable or promote any “like”, “share”,
“comment” or “follower” exchange programs. In working to build a high
quality platform experience, we ask that you comply with our Platform
Policy (http://wwww.instagram.com/about/legal/terms/api/).
I just want permission on follower_list scope from them. The surprising part is that they noted me with almost irrelevant feedback. It seems that they do not want to approve my app at all.
Do I violate their privacy?
Does anyone face this problem? How can I fix it and had my app approved?
Sorry for asking this question here since I almost googled entire web (+Stackoverflow) and find no helpful answer. All of my previous attempts were gone away.
Thanks in advance.
I have an app in sandbox mode and I have a sandbox user that is pending. (It has also been at least a day since the user was added). The user can successfully use my app and has given authorization; however, the user's likes returns an empty response (I know they can only access liked media from other authorized sandbox users, but the user has liked media from my account that is set as the admin). The Instagram API documentation states that the user may go to their developer site and accept/decline sandbox invites from the Sandbox Invites tab except my user is shown the developer register page instead. Does anyone know what is going on/how to fix this?
Instagram made sweeping changes to it's API and the way it is accessed recently. As a result of the lockdown the Sandbox Invite process is glitchy at best. I myself just ran into this issue of invites not showing up.
It seems, for the moment, the only way to access the invite is to fill out the developer form(I just used a http://localhost:8000 URL and a random phone number that is not likely to exist, although try without one as it might not be necessary). That should automatically forward you to the invite page where the invited user can then accept or decline a Sandbox Invite.
It's a bit of a mess and the lack of documentation / indication to indicate that this step is mandatory doesn't help matters. Hope this helps save some time and headaches!
We have an app and have built in IG integration but keep getting denied on our submission. We want to allow our users who have IG accounts to sign in on our app and then link their IG account. We show the IG icon and their IG name with a follow button so a user can gain followers on IG through our app. We need the follower list permission so that we can know if they are already following them or not and the relationship permission so that we can follow from our app. We have detailed the use case demo'd on a video but this is the only reply we continue to get. Any assistance would be great.
follower_list:
This permission (follower_list) does not support the use case you described in your submission notes, screencast and website. Please review Login Permissions (http://instagram.com/developer/authorization/) for a comprehensive list of permissions and valid use cases.
relationships:
This permission (relationships) does not support the use case you described in your submission notes, screencast and website. Please review Login Permissions (http://instagram.com/developer/authorization/) for a comprehensive list of permissions and valid use cases.
I'm running into the same issue with them declining my application for a valid use case.
I think it's because there wasn't enough information for them to validate the app, or the website isn't following their Platform Policy. I would read through it and make sure you're doing everything they want you to do. I would triple check what use case you picked and how you justified that your app falls into it.
It's also good to cover these, taken from Instagram.com:
Your submission should explain what does your app or company do, which
of the approved use cases your integration falls into, who will be
using your app, how do your user authenticate with your app, how you
use the API to power your integration, how does your product use the
data acquired from Instagram, etc.
Is it possible to use the Google+ API to check if a user is a member of another users particular circle?
Example use case:
User Joe adds User Bill to "Joes Friends" Google+ Circle
User Joe is also a user on my website "videos-from-my-weekend.com"
Joe Picks a particular video from my site, then grants access to that video to anyone in his "Joes Friends" Google+ Circle.
User Bill logs in to my website, and is able to watch Joe's videos.
Nefarious Steve tries to watch Bill's videos, but fails the Google+ api check since he's not a member of the "Joes Friends" Google+ Circle.
I hope I explained that clearly enough.
This is really a code independant question.
If you're trying to check a particular circle, then no you can't do that.
If you're trying to check that the viewing user exists in any circle, then the following conditions must be met:
Users must have authorized your app to request their friends list by requesting the auth scope https://www.googleapis.com/auth/plus.login, which is included by using Google+ Sign-In or you can just do a straight OAuth 2.0 flow with it.
When the user authorizes your app, they have a choice of whether to allow your app to know about all, some, or none of their circles. The a flat list of people from any circles they allow your app to see would be available with people.list.
After they authorize your app, you make requests and get both of their friend's lists and store those in your DB for checking nefarious Steve against later.
So I'm in the midst of creating a Facebook Connect enabled site. The site in question will leverage your social graph - as defined by your facebook account - to do social things (what is really not important here). Here's the big question I have:
Are people still rolling their own authentication heuristic when using something like Facebook Connect? That is, are newer (FBConnect) sites today providing only FBConnect as an authentication strategy, or are they pairing it with other auth strategies (such as Google Auth, Open ID, etc)? What do you think is the best way to go? With Facebook having over 300,000,000 users now, is having 1 authentication strategy (FBConnect) enough? Or is it proper netiquette to provide users other means?
Some of the references I have been looking at today:
http://www.kenburbary.com/2009/08/five-reasons-companies-should-be-integrating-social-media-with-facebook-connect/
Increased Registration - Data from Facebook states that sites that use Facebook Conect as an alternate to account registration have seen a 30-300% increase in registration on their sites.
• Citysearch.com – Daily site registrations have tripled in the 4 months since Facebook Connect testing began
• Huffingtonpost.com – Since integrating with Facebook Connect, more than 33% of their new commentor registrations come through Facebook
• Cbsinsider.com – Over 85% of all new user registrations are coming from Facebook Connect
http://www.simtechnologies.net/facebook-connect-integration.php
"according to the current statistics using facebook connect increases 30-40% user traffic as compared to non-facebook connect websites."
http://wiki.developers.facebook.com/index.php/Connect/Authentication_and_Authorization
Our research has shown that sites that implement Facebook Connect see user registration rates increase by 30 - 200%.
No Need to Create Separate Accounts
In general, it's not a good practice to force a new user to create a separate account when registering on your site with Facebook Connect. You'll have the user's Facebook account information, and can create a unique identifier on your system for that user.
Just make sure you understand what Facebook user data you can store, or simply cache for 24 hours. See Storable Information for details.
If the user ever deactivates his or her Facebook account, you have a chance to contact the user to request the user create a new account on your site. When a user deactivates his or her account, we ping your account reclamation URL to notify you of the deactivation. Then Facebook sends the user an email regarding the deactivation. If the user has connected accounts with any Facebook Connect sites, and if your site has specified an account reclamation URL, the email will contain a section with your application logo, name, and reclamation link, in addition to an explanation about the link's purpose. For more information, see Reclaiming Accounts.
http://www.chrisbrogan.com/how-facebook-connect-points-the-way-towards-velvet-rope-networks/
The Drawbacks
Though there are advantages to using Facebook Connect for integration, there are some drawbacks, mostly from the marketer’s point of view. If you build out a social network project using Facebook Connect, Facebook gets all the information and you get none. You don’t get a database of users. You don’t get a way to message people participating in your event, except for “in stream,” the way everyone else is using the app. You don’t have any sense of demographics, nor any control abilities to block trolls or other unwanted types.
Crystal Beasley "All of the FB Connect sites we have built so far have incorporated "standard" accounts as well, even with the added complexity of supporting dual login methods."
There are still people who use mySpace (myself not included), and I know a several people coming out of college that have completely deleted their FB accounts to get rid of information of them they don't want potential employers to find (I know, there are a lot easier ways of doing this). If there are people who for whatever reason do not want to have a FB account, at least give them the option of creating a private google account.
Using ONLY Facebook as the register/login-method seems pretty dangerous to me. If you had a regular user management system, with Facebook Connect to speed up the process from a user-perspective is a good idea.
The Problem is somewhere else
if you really want to leverage the social graph only facebook brings "pure" data
the graphs people build at e.g. myspace arent telling much about that person and its social env. - at google neither
if you are just heading for viral spreading prefer the plattforms that share the best (just facebook again)