I have developed a web application with Google+ Signin. Once user click the sign in with Google+ it authorize the app and register that user. after that process, I want to automatically share some information in google plus wall from my application. For that I go through the Google plus API, "https://developers.google.com/+/" and enables api's related to login, get user information and write access. I'm trying to use Google's API to post on the currently logged in user's stream / wall / whatever. My website uses Facebook and twitter APIs to post notifications automatically on the currently logged in user's wall, but not able to post with Google's wall. I want something like Facebook and Twitter API, with Automatic Posting function and API.
Please help me to troubleshoot this problem.
For your review I am sending my sample code snippet here:
/*
<script type="text/javascript">
function googleAPIOnLoad() {
console.log("Google plus js loaded... calling client.load...");
gapi.client.load('plus','v1', function(e){
console.log("client loaded...");
console.log(e);
});
}
function signIn() {
console.log("signing in...");
gapi.auth.authorize({
client_id: "XXXXXXXXXXX",
immediate: false,
response_type: "token",
scope: ["https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.stream.write"],
requestvisibleactions: "https://schemas.google.com/AddActivity"
}, function(e) {
// callback
console.log("done!", e);
gapi.client.request({
path: "plus/v1/people/me/moments/vault",
method: "POST",
body: JSON.stringify({
type: "http://schemas.google.com/AddActivity",
target: {
type: "http://schema.org/Thing",
name: "Test Name",
description: "Test Description",
image: "http://test.test.com/Deal/Dealphoto/Thumbnail/0160475582922191382013.png"
}
})
}).execute(function(e) {
console.log("did it.", e);
});
});
}
</script>
*/
I will be very thankful to you for this.
Thanks,
Lalit
Basically you can't automatically post to a users Google+ stream. You can either use the share API with your users intentionally posting, or you can use app activities to automatically create posts that won't be visible on the users stream.
There is an open feature request you can star for a full write API method.
There is a write API in the Domains API but that only works for Google Apps users and can only post private content in that company.
Related
i was trying to migrate from old google login library to new gis library, during the process i was not able to implement refresh token logic. my app gets logout every hour the token gets expire and user have to login again. which is not good for my customer experience. please help
i tried using Javascript api code from the official website [https://developers.google.com/identity/gsi/web/reference/js-reference]
<script>
window.onload = function () {
google.accounts.id.initialize({
client_id: 'YOUR_GOOGLE_CLIENT_ID',
callback: handleCredentialResponse
});
google.accounts.id.prompt();
};
</script>
I've been trying very hard to solve this issue for the last days, but I really can't get through. I've found this question many times on this forum, but none of the solutions presented here solved my problem because they have been posted some years ago and Facebook is updating the way to solve a given issue very often. My facebook javascript SDK to check if a user likes my page is as follows:
$(document).ready( function () {
try {
FB.init({
appId : '{my_app_id',
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
version: 'v5.0'
});
} catch (e) {
alert(e.message);
}
try {
FB.getLoginStatus(function(response) {
if (response['status'] == 'connected') {
try {
FB.api(
"/{my_page_id}/likes", {access_token: 'my_app_token'},
function (response) {
alert(response.error.message);
if (response && !response.error) {
//code to check likes
}
}
);
} catch (e) {alert(e.message);}
}
});
} catch (e) {
alert(e.message);
}
});
The FB.init works and also the FB.getLoginStatus, where response['status'] is really 'connected'. But my FB.api does not work. The alert(response.error.message); line returns the following error: "(#10) This endpoint requires the 'manage_pages' permission or the 'Page Public Content Access' feature. Refer to https://developers.facebook.com/docs/apps/review/login-permissions#manage-pages and https://developers.facebook.com/docs/apps/review/feature#reference-PAGES_ACCESS for details.". I've been checking the manuals from Facebook for developers, but they are very incomplete, at least the ones in Portuguese (I am Brasilian). I'm really sick of trying to get this working by myself, so I'm looking for a help from the users of this forum.
Thanks in advance.
The /page-id/likes endpoint returns likes of a Page (for example, other Pages liked by the Page), NOT users who like your Page. And for getting that data, you need to own the Page, and you need to authorize with the manage_pages permission.
There is no way to get a list of Users who like your Page, the only reliable way to check if a specific User likes a Page is by authorizing that User with the user_likes permission. After that, you can use the /me/likes endpoint to get liked Pages. Although, you would need to get the permission reviewed by Facebook, and you would need a very good reason to use the permission.
Additional Info: How to check if someone is liked my fanpage from my website?
I've inherited a Node.js web app that uses relies on OAuth. Whenever you visit a page the app ensures you've authenticated. Please note, there no Angular, React, Vue, etc here. Each page is straight up HTML.
I want to test this site using Cypress. My problem is, I'm stuck on the initial redirect from the auth provider. Cypress acknowledge OAuth is a challenge.
commands.js
Cypress.Commands.add('login', (credentials) => {
var settings = {
'clientId':'<id>',
'scope':'<scope-list>',
...
};
var body = `client_id=${settings.clientId}&scope=${settings.scope}...`;
var requestOptions = {
method: 'POST',
url: 'https://login.microsoftonline.com/...',
headers: {
'Content-Type': 'application/x-www-form-urlencoded'
},
body: body
}
cy.request(requestOptions);
});
Then, in my test, I have:
context('Home', () => {
it('Visits Successfully', () => {
cy.login();
cy.title().should('include', 'welcome');
});
});
In the test runner, I see the login POST request is occurring. I confirmed that an access token is being received using a console.log, however, my title is empty. It's like the redirect after OAuth isn't happening in Cypress. However, when I visit the site in the browser, the redirect is happening as expected.
What am I missing?
What you might be missing is confusing between the actual UI flow and the programmatic flow of doing OAuth with a 3rd party website.
What you would want to do is to complete the programmatic login and then send the required parameters to your OAuth callback URL for your app manually in the test code.
an example is given here (though it uses a different grant type it gives you an idea) https://auth0.com/blog/end-to-end-testing-with-cypress-and-auth0/#Writing-tests-using-Cypress-Login-Command
another issue on the cypress github that deals with a similar problem
https://github.com/cypress-io/cypress/issues/2085
this also might help:
https://github.com/cypress-io/cypress-example-recipes/blob/master/examples/logging-in__single-sign-on/cypress/integration/logging-in-single-sign-on-spec.js
We allow authentication using oauth and google. For the vast majority of our clients the code shown works fine. For a few however it fails. The problem is not network related as I can use the user's school supplied google email account to cause the problem then switch to a personal account and not have the issue occur. if the issue does occur it occurs for that whole school which leads me to believe it is setup related in their google account, but no one seems to know the issue. HELP!!!
The problem is in the makeAPICall function, for most users we can access an email after this, but in the problem schools the email is undefined. There is no error being returned however.
<script type="text/javascript" src="https://apis.google.com/js/api.js" "></script>
<script type="text/javascript">
var apiKey = 'MY API KEY';
var discoveryDocs = ["https://people.googleapis.com/$discovery/rest?version=v1"];
var clientId = 'MY CLIENT ID';
var scopes = 'profile';
function handleClientLoad() {
// Load the API client and auth2 library
gapi.load('client:auth2', initClient);
}
function initClient() {
gapi.client.init({
apiKey: apiKey,
discoveryDocs: discoveryDocs,
clientId: clientId,
scope: scopes,
'immediate': false
}).then(function () {
// Listen for sign-in state changes.
gapi.auth2.getAuthInstance().isSignedIn.listen(updateSigninStatus);
});
}
function updateSigninStatus(isSignedIn) {
if (isSignedIn) {
makeApiCall();
}
}
function handleAuthClick() {
var isSignedIn = gapi.auth2.getAuthInstance().isSignedIn.get();
if (isSignedIn) {
makeApiCall();
}
else {
gapi.auth2.getAuthInstance().signIn();
}
}
function makeApiCall() {
// Load the API and make an API call. Display the results on the screen.
// for most users this loads the api and allows me to access the email address.
// for certain schools the email addresss is not returned causing lots of problems
gapi.client.people.people.get({
'resourceName': 'people/me',
'requestMask.includeField': 'person.emailAddresses'
}).then(function (resp) {
//in the case of the email not being returned, the next line errors
var email = resp.result.emailAddresses[0].value;
$.ajax({
//do some application specific stuff using the email address
}
});
});
}
</script>
<script type="text/javascript" async defer src="https://apis.google.com/js/api.js"
onload="this.onload=function(){};handleClientLoad()"
onreadystatechange="if (this.readyState === 'complete') this.onload()">
</script>
After working with one of our clients we discovered that in Google Apps for Education Directory information is protected by default. The district can either open this up to all clients or put in specific rights by client. Once this was adjusted the code shown above works perfectly.
Thanks
According to the API docs, you should request the email scope too, in addition to profile. In addition to that, you might want to use the OAuth2 API UserInfo method (you'd also need to add the email scope, but it's a simpler API).
I am trying to write an FirefoxOS app for my portal which uses Mozilla Persona for authentication. How I should proceed if I want to achieve:
Allow users of my app to signup to my portal using Persona
Allow users of my app to login to my portal within the FirefoxOS app and perform some actions with the API
Depends if users is logged or not - giving access to different actions.
I have found this post with info that its integrated already: http://identity.mozilla.com/post/47114516102/persona-on-firefox-os-phones but I can't find any real examples.
What type of application I need to create? webapp or privileged?
I am trying to implement it using regular tutorial: https://developer.mozilla.org/en/Persona/Quick_Setup
But with this code:
signinLink.onclick = function() { navigator.id.request(); };
I am getting only following error:
[17:25:18.089] Error: Permission denied to access object
One thing is to make sure you're calling watch() to setup callbacks before you call request().
For example, something like this in your page:
<script src="https://login.persona.org/include.js"></script>
<script>
window.addEventListener("DOMContentLoaded", function() {
navigator.id.watch({
// Provide a hint to Persona: who do you think is logged in?
loggedInUser: null,
// Called when persona provides you an identity assertion
// after a successful request(). You *must* post the assertion
// to your server for verification. Never verify assertions
// in client code. See Step 3 in this document:
// https://developer.mozilla.org/en/Persona/Quick_Setup
onlogin: function(assertion) {
// do something with assertion ...
// Note that Persona will also call this function automatically
// if a previously-signed-in user visits your page again.
},
onlogout: function() {
// handle logout ...
},
onready: function() {
// Your signal that Persona's state- and callback-management
// business is complete. Enable signin buttons etc.
}
});
// Set up click handlers for your buttons
document.getElementById("signin").addEventListener(
'click', function() {
navigator.id.request({
// optional callback to request so you can respond to
// a user canceling the sign-in flow
oncancel: function() { /* do something */ }
});
}
});
});
</script>
Here's an example that shows this in action:
https://people.mozilla.org/~jparsons/persona_example.html
However, on FirefoxOS, you should be aware that installed apps (not packaged or certified, but generic installed apps) are given a unique origin of the form app://{uuid}, with a different uuid for each device. This is unfortunately useless for sign-in purposes because there's no way for your server to know whether an app requesting sign-in is friend or foe. The way around this problem is to run your persona code in an invisible iframe hosted on your server. Thus the iframe will have the correct origin and your server will know it's your app. The iframe and the app can communicate via postMessage.
In the case of a packaged app (sometimes called a privileged app), your origin will be the origin declared in your webapp manifest. E.g., app://yourapp.yoursite.org. This gives you better assurance that the app is really yours, but the truly paranoid may still wish to deploy the iframe trick.
Hope this helps!
j