All of the authentication features I see for the Instagram API make the user "allow access" to your app by redirecting them. I have seen several apps that let the user login directly, can someone please enlighten me on how they are doing this?
If the app uses Instagram's authentication, it first redirects to instagram login page and you have to enter username/password, and then it will show a page to allow access, after this it will redirect to the application.
But some apps directly ask for username/password from their UI, these apps store your password, and use it to authenticate using a automated devices running Instagram, so they can post pictures on your behalf, the reason they do this is cause there is no API for posting pic, the only way apps can post pics is by collecting username/password and then posting pics using automated devices. This is risky, never give your username/password. Doing this is against the terms and condition. Only login if the login screen looks like Instagram login page.
Related
I'm working currently on the implementation of social login using react-native and aws cognito. For now, it's working well (with or without amplify), but the issue is that I have to open a webview using the cognito hosted UI, which redirect directly to Google / Facebook / Apple. So basically, when the user click on the google signin button, there is a messagethis kind of message "myapp wants to open amazoncognito to connect...". As a user experience, it is quite mediocre, so I am wondering if it is possible to implement a different signin flow so not to redirect to an external url.
I have tried the implemntation with react-native-google-signin, but in that case, I have to use aws federated identities instead of my user pool (typically, the gogole signin retrieve an id token that can be pass to cognito federated identities). So I do not really like that solution...
I don't know exactly the process of signing up with a social login provider but if someone has ever met the issue and found a user friendly way to implement it, I am obviously interested in the solution ! (One option would be to figure out how to use the IdToken generated by Google to sign the user in my Cognito user pool, the other would be to directly use an iframe to open facebook, google, apple, so at least the message would not appear).
Thank you for you help !
I want to know if someone could already do something like this, because the new Instagram basic display API is kind of different. Thanks in advance
I've been working in a Ionic 3 app, which authenticated users with Instagram API. But now Instagram API is no longer working, and was migrated to Facebook.
With the new API, Facebook no longer allows users to authenticate into an app using the Instagram Basic Display API, and the Graph API for Businesses and Creators requires a Facebook token.
I suppose they now want you to only use the Facebook auth flow to authenticate your users for your app, and then have them log in again to Instagram for Basic Display after your primary authentication.
"Data returned by the API cannot be used to authenticate your app
users or log them into your app. If you need an authentication
solution we recommend using Facebook Login instead."
https://developers.facebook.com/docs/instagram-basic-display-api
&
"All endpoint requests must include a Facebook User access token."
https://developers.facebook.com/docs/instagram-api/overview
According to this link Facebook Login for the Web, I can let my users login with facebook accounts (after logging to my facebook app).
now, all the work is done here in javascript which is a client-based code, it means it is insecure and a hacker could easily trespass my login step.
I know i should be using PHP SDK (for example) to secure the login process, but my question is why would I use this method ????
My ASP.NET MVC has login with Google, Facebook and Microsoft. It works fine. But when the user tries to login with gmail, the next message is shown in the google login page:
IP_ADDRESS_SERVER is asking for some information from your Google Account. To see and approve the request, sign in. Learn more
Instead of showing the ip address, I would like to show the application name or the domain, something like:
MyWebApplication is asking for some information from your Google Account. To see and approve the request, sign in. Learn more
or
www.mywebsite.com is asking for some information from your Google Account. To see and approve the request, sign in. Learn more
How can I achieve that? Should I change some configuration in the application?
You need to register the application with Google.
I've been working with ServiceStack for quite some time now and i love it. But there is one thing i can't figure out.
How are app's (ios, android etc.) that are using my servicestack endpoints, suppose to use the facebook endpoint "/auth/facebook"?
When using this url "/auth/facebook" from the browser it works fine, but the response is html, and not an AuthResponse og something serializable.
Is this endpoint only to be used from websites with servicestack in the same solution?
The way that stuff works is by redirecting the user to Facebook with an API key that matches your app. The user then tells Facebook that your app is ok, and Facebook redirects them back. This can only be done via a browser. You really have two options to work around this:
Make the user authenticate with Facebook using a website and then authenticate your user with credentials from the app.
Use the built in iOS Facebook stuff and send the resulting auth tokens to an endpoint on your app, where you can save them for later use.
Edit, a bit more clarification:
Option 1
User Goes to your website
User Clicks on your Auth With Facebook button
User is sent your your Facebook endpoint set up in Service Stack
User is redirected by Service Stack to Facebook
User is redirected back to Service Stack from Facebook, with a token in the url
You save the token in your database and tell the user they can now user your app with Facebook.
Option 1.5
The same as Option 1 but instead of making the user go through their browser you create a UIWebView control and point it to your Facebook Auth endpoint. Then you listen for a response from your site that says the user is authenticated. I'm not a objective c, so I can't really get more detailed on how to do that.
Option 2
Use the iOS Facebook API and handle authentication as seen here.
POST the credentials to Service Stack via a Custom Endpoint
Save credentials in the db, and use them in the future to make calls on behalf of the user.
Facebook Login requires a browser of some sort, because Facebook's cookies must be passed along with a request to authorize your website. That is how Facebook knows which of it's users wants to authorize your site, and that they are the ones making the request.