I'm trying to make a check for a specific user logging into Instagram and approving an app I've created. Is this possible?
Example flow :
User comes to my app
User clicks login/authenticate via Instagram
User logs in (or check is made if user is logged in via Instagram)
User is redirected to my app's callback URI.
When the user gets back to my app I would like to be able to check which user has authenticated - is this possible? At present I'm only able to get an access token.
Thanks for any help.
I've actually solved this by using the server-side flow mentioned in the API documentation (http://instagram.com/developer/authentication/) which gives me back a response including the details of the user logged in if following the extra step (code->access_code application, etc).
I also figured out what you mention above too, so both ways are good.
Thanks for you help.
The information is not directly returned to you in the OAuth process, but once you have the access token you can load user information using the https://api.instagram.com/v1/users/self/?access_token=XXXX endpoint. That will give you data about the currently logged in user (including ID and username)
Related
I am using auth0 to register users on my application, and hope to also use their api auth.
However, I have some endpoints like POST /api/v1/events which requires a authenticated user.
In the application side, each event has a createdByUserID which is the user id of the requestor. I would like to get the userID from each request that comes in.
How can I accomplish this? I'm trying to follow their docs but I am having a pretty hard time.
You can use a rule in Auth0 to call your application when a user is registered. See this forum post. You can access details about the newly registered user in your rule, to extract data to pass to your application - see the Auth0 doc.
I am making an app where I need to have the user log in into their spotify account.
I would like to know how can I know if the user is already logged in or not into Spotify?
What I am trying to do in my application is ask to log in only if I have never logged in before and take the user through the authentication process.
If I have logged in before I want to skip the part where I ask the user to log in. This would have to work also if the user has logged in, left the app for some time and came back to it, I don't want to have to require a re-login by the user. How can I get that status from Spotify ?
I appreciate any guidance with this, thank you.
Since it's very likely that the access token has expired by the time you want to use it again, you would need to use the Authorization Code flow, storing the access token and refresh token of the user.
You can try making a request to an endpoint like Get Current User's Profile passing your current access token.
Should it fails, try refreshing it. If you get an access token back, then you know the user is logged in and you have a valid token you can use. Otherwise, consider the user is not logged in.
Where to store the refresh_token and access_token is up to you. You could do it in localStorage, or even better, in a database.
So I am updating an older desktop app (written in VB, .net 4.0) with facebook integration and followed the guide found here, and have been able to successfully get a token (by parsing the uri of the embedded webview if it contains "token="). Now my problem is if I try to login with a facebook account that has already approved the app in a prior session, the webview just gets redirected to https://www.facebook.com/connect/login_success.html without any token information.
Do I HAVE to log all of the tokens I generate manually (ie on successful token generation, I can call their profile info, use their FB ID as key and save the token)? Even if I do, since the email and password is input directly into the facebook login window, how do I check if the user already has a token?
Thanks in advance
The access token can change any time, you need to get it everytime. After getting the token, I immediately get the user information https://graph.facebook.com/me?access_token=??? and use that ID to find their database information.
I couldn't quickly find facebook information but on google's oauth information it says "The access token is also associated with a limited scope that define the kind of data the your client application has access to (for example "Manage your tasks"). An important goal for OAuth 2.0 is to provide secure and convenient access to the protected data, while minimizing the potential impact if an access token is stolen."
https://code.google.com/p/google-api-php-client/wiki/OAuth2
Ok so I finally figured it out myself. My mistake was apparently requesting the access_token directly (ie https://www.facebook.com/dialog/oauth?response_type=token...) to try and save time.
I fixed it by making a request for a 'code' instead (ie https://www.facebook.com/dialog/oauth?response_type=code), which I then use to make a second request to retrieve an access token as documented here: https://developers.facebook.com/docs/facebook-login/login-flow-for-web-no-jssdk/, "Exchanging code for an access token" section a bit lower on the page.
Hope this helps someone in the future, this was very frustrating on my part.
Regards,
Prince
I'm operting a website, which enables users to login via facebook or/and google+ to access their user profile. If a user logs in with facebook, I want to show if the user also granted permissions to log in via Google+.
I have an G+ access- and refresh token in a database. I've tried to use the G+ client's "setAccessToken()" function and afterwards "isAccessTokenExpired()" to do a check. The problem is that "setAccessToken()" expects the accessToken param as a JSON string (the same you receive as you log in with google+). So I think that's not the way to go...
Does anyone has an idea how to check if the user granted permissions to log in (without logging in)?
Best regards
ninsky
Maybe it's not the best solution, but I've used a refresh token to check if I can get a new access token. If that fails, the user revoked access.
You're not specifying the library you're using (if any), but most of the Google-provided libraries require that the access_token object that was returned (which contains both the access_token and the refresh_token, along with other values) be the one that is passed to the API for authentication. In general, best practice is to store the entire JSON object and not the individual values in it.
I am currently developing an app using the Google places API..
https://developers.google.com/places/documentation/
I want to use the Events methods, so that a Place/Business owner can add events..
https://developers.google.com/places/documentation/actions#event_intro
However I obviously need to restrict it, so that only the Business owner can create events for their Business. Is there anyway of authenticating a user via a Google api, to confirm that they are the Place owner? I looked at Google+ however there is no reference to any 'Places' setup by that user in the people request.
Looks like this is possible now. The workflow would be the following:
Your user triggers a places search and selects a specific place in the result
Your user selects an option in your app to claim they are the owner of your place
Your user is redirected into an OAuth flow to Google Places where they login with their Google credentials
Once authenticated, your app is provided with an OAuth token for the user
Your app submits that token along with a Place reference to a Places API owner verification service
The Places API returns a yes/no as to whether the user concerned is the verified owner of the Place
Source - https://code.google.com/p/gmaps-api-issues/issues/detail?id=3894 - comment #3
Enjoy!