I am project owner of a community application built on Ruby on Rails: My question is about social network verifications.
We ask the user to add his/her social media profiles to his public profile of the community.
At the moment the user can simply put e.g. his/her Facebook URL to his profile, same for pinterest profile, Twitter and so on, but there is no validation for the urls, at the end of the day the user can add anything he wants, also blablabla
Is there a way to verify if his/her entries are valid?
Token, API, validation test?
Any hint is welcome,
Thank you
Most Social Networks have APIs and you can ask the user to link his account on your application to his/her account on a specific network if he/she wants to show profiles on these Networks.
For Example, you can use the Ruby Koala gem to communicate with the Facebook API. You can create a Facebook Application and link it to your website, then ask the user to grant your Facebook App the minimal default permissions, these will be sufficient to get the Facebook profile URL of the account that was acutally linked, i.e verified.
Related
I am using Google OAuth2.0, the requirement is only let G suite for Education account login, so I want to know what type of account user is using during the authentication.
The login part is finished, I get access token and refresh token, I asked for two scopes https://www.googleapis.com/auth/userinfo.profile, https://www.googleapis.com/auth/userinfo.email
I checked the user profile, which can't help me to identify the type of account.
Can I differentiate these two type of account by only require above two scopes? if not, what other scopes I need to require and what API I need to use?
I found one example online, https://www.brainpop.com/ which supports what I mentioned.
The website only asks for Basic account info such as View your basic profile info and View your email address. When I log in using my personal Google account, then the login will be denied and tell me it's not G-suite education account.
Appreciate anyone's help.
check email
https://www.googleapis.com/auth/userinfo.email
IF EMAIL HAS CUSTOM DOMAIN LIKE ABC.COM then its gsuite
if it is just gmail.com its not gsuite
What I did do when I needed to know if the user was a G suite for education user was to also request the scope 'https://www.googleapis.com/auth/classroom.profile.photos'. If I remember correctly only users with a for education account would be asked for giving that permission. You can probably use any scope from the classroom API to (https://developers.google.com/classroom/reference/rest/).
I don't have this integration with Google anymore, so haven't tested it in about a year.
Twitter API allows to update "the authenticating user’s current status", as explained in the documentation page.
What I'd like to achieve instead is to update another user's current status. Consider a magazine's twitter account. I'd like different people to be able to update the magazine's status. Tweetdeck allows this, but it also allows a whole lot of other things like access to Direct Messages. I only want to provide certain authenticated users an interface (similar to Twitter's post-a-tweet interface) to post status and images to the shared account.
I could not find a simple explanation of how to use Twitter API to achieve the above functionality. Could someone please help?
If you have an app that implements the status update API and it is delivered to different people and they authorize the app with the magazine's twitter account, then the app will update that status. I can show an example also with code if this is what you're asking. However the main point is that, once a user has authorized the app, she/he doesn't need to be connected with the shared login any longer because the app will do that on the magazine's behalf.
BTW, similar question here: Twitter API: post on behalf of whom?
Edit
Just to summarize the comments:
The standard OAuth authentication requires the following main steps
1) to develop an app (registered with OAuth consumer key and secret) that implements the API update status 2) to install and authorize the app: during this step the onwer will be requested to enter the credentials of the passive account in a Twitter link opened with the browser, 3) then - after a fallback - the app will store the access token and any user of the app will be able to update the status without login
Once you have developed an app that can post tweets on behalf of a passive twitter account using the standard OAuth, you could make that functionality available to the authenticated users of a website.
I am implementing login through social networks in my Yii site. I am using gmail, linkedin, twitter and facebook. I need to get the email of the users who are logging in to my site using these networks. I am able to get the email of the facebook user. But not the other networks. How can I get it ?
This is not a Yii specific question (imo) but for the legacy of actually searching, people might end up on this post, looking for a Yii solution:
You should have a look at the yii-eoauth extention.
You will need to do the handshakes first to authenticate the users and afterwards you will be able to get the required details.
oAuth for Facebook
oAuth for twitter
oAuth for Google
oAuth for Linked In
We are currently introducing facebook and twitter login functionality for our users both on our website as well as mobile app.
The current issue I have is with facebook tokens, I have noticed that when a user tries logging through facebook the token returned on my website and mobile app are different.
What is the best way to manage these tokens to prevent duplicate registration of users. Each user when logs in creates a basic profile in our database which is linked to the access token. I also use offline_access permission.
Now when this user uses the mobile app a different token is returned and a duplicate profile may be created. How do I prevent this situation, I need the same profile to be detected on the website as well as mobile.
The way you do it is, don't identify users by their access tokens, but by their Facebook user ids.
Just GET https://graph.facebook.com/me?access_token=ACESS_TOKEN and you will be returned the basic information about the user, which includes their Facebook user id.
Just like what Julio said, refer this question for more information. You should use the generated token to verify fb user id
Devise Omniauth and Iphone/Android App
I'm building my website to pull out my own linkedin profile info. And it is working but when a visitor comes to the site, they will have to login to see my profile info displayed on my page. This should be a public website and I don't want visitors to log in to their linkedin account in order to see my public page.
Is there anyway to do this (so that visitors can see my info without having to be logged in) ? Thank you
NOTE: I'm using their REST API by the way.
Simple code
Per the documentation (section #1, bullet point 3), it is not possible to share your profile information via the API without the user both authenticating your LinkedIn application that is pulling the info, and also the authenticated user then being connected to you in some way. From that document, "Each user must grant your application access to their LinkedIn network and they can only see data from their own LinkedIn network. For example, you cannot gather information about a LinkedIn member in one user's LinkedIn network and show that information to other users"
In short, the REST API is probably not the way to go to expose un-authenticate user's to your profile. What you might want to do is use one of the plugins, such as the Member Profile plugin.