I've just started working with Google OAUTH2 in order to add a "Sign in with Google" button to my web site.
According to the "Google+ Platform Developer Policies" section B.2.a.III, if a user deletes their Google account, I must delete all personal information I obtained from the Google API relating to them.
Does this apply to my web application as well? And if so, how do I detect that a user's Google account no longer exists? Surely, a successful login will only occur if the Google account exists; so how can I tell if a previously existing account is no longer there?
Maybe someone has a better approach, but a simple and practical solution would be have a link buried somewhere on your site that allows a user to request account deletion via email (assuming you still possess a valid email for him - if he deletes is Gmail and that's all you have then you have no way to contact him other than manually via phone or something).
The doc you link to says Give users a reasonably convenient way to delete any of their personal information you’ve obtained from the API.
So assuming you still have a valid email address, this would work:
Your FAQ says "What if I want to delete my account?". Links to account deletion page.
Account deletion page: What's your email? _____ (Continue)
Email is sent to user with (securely randomized) confirmation link.
Confirmation link is clicked by user which deletes all of his data from your site.
Success of that process is dependent only on your system and the email arriving.
(If you are concerned about complying to EU data protection law, you might want to implement this feature anyway - since one legally has the right to demand the deletion of one's own personal data.)
Related
I am using AWS Cognito to verif users' emails by sending verification links to users' email. After users click the links, a default confirm message "Your registration has been confirmed!" is shown. Is there a way to customize this message?
Thank you!
Currently (late June 2018) this still appears to be not supported. It is a pain because users should be redirected to the app in question after confirming their account, but currently they must navigate themselves.
There is a proposed workaround (essentially customizing the confirmation e-mail to send the user to your own API that performs the confirmation in a lambda), but I have not tried it. There does appear to be demand for this and AWS is aware of it as a feature request. I've seen them adding more customization abilities to the Cognito console recently, so keep checking there for updates.
If you're using the Cognito-hosted pages, you only get what you get which is going to vary depending upon when you're reading this message. Here in late 2019, the Cognito-hosted page redirects successful logins and confirmations (of phone/email) to whatever you specified as the redirect URL.
My issue is similar. After the user signs up, I want to customize the CSS of the confirmation page which doesn't appear possible. The confirmation page isn't great because it means that if the user closes the confirmation code entry tab before entering it, then their email is in the system but unconfirmed. And there's no way to confirm it. It's stuck. I'd like to have giant red letters that say "DO NOT CLOSE THIS CONFIRMATION TAB. CHECK YOUR EMAIL FIRST!" but there doesn't appear to be any way to do this at present.
The solution to any of these "how do I customize X of the Cognito-hosted flow" is either (a) look in the available UI customizations or (b) if they aren't available, change to an entirely hosted flow (still Cognito... just using your own pages and URLs).
Recently google has added multiple user support to the assistant so how would use the API to identify the person by voice?
It depends what you mean by "identify the person".
There is no way for an Action to get the raw audio, so there is no way for it to do voice printing or anything along those lines.
Although each voice has to be reported against a Google User ID, you do not have direct access to that user ID.
What developers do have access to is a UID that is sent along with each request to your fulfillment server. This UID is consistent across requests, although it can be reset by a user (for example, if they reset their Google Home). You can think of this the same way you think of an HTTP cookie - you can track the UID and, if you see it again, have reasonable assurance it is the same user that accessed it last time. This breaks down, however, for the "default" account on Google Home, since anybody who doesn't have an account will map to this user.
Beyond this, you can also use Account Linking to connect a Google Account consistently to an account in your own system. If you have sufficient authentication in place, or are using one from Google or Facebook for example, this can act as an identity.
There isn't an API for developers to identify users by voice.
I have an app in sandbox mode and I have a sandbox user that is pending. (It has also been at least a day since the user was added). The user can successfully use my app and has given authorization; however, the user's likes returns an empty response (I know they can only access liked media from other authorized sandbox users, but the user has liked media from my account that is set as the admin). The Instagram API documentation states that the user may go to their developer site and accept/decline sandbox invites from the Sandbox Invites tab except my user is shown the developer register page instead. Does anyone know what is going on/how to fix this?
Instagram made sweeping changes to it's API and the way it is accessed recently. As a result of the lockdown the Sandbox Invite process is glitchy at best. I myself just ran into this issue of invites not showing up.
It seems, for the moment, the only way to access the invite is to fill out the developer form(I just used a http://localhost:8000 URL and a random phone number that is not likely to exist, although try without one as it might not be necessary). That should automatically forward you to the invite page where the invited user can then accept or decline a Sandbox Invite.
It's a bit of a mess and the lack of documentation / indication to indicate that this step is mandatory doesn't help matters. Hope this helps save some time and headaches!
I have created a nice little login script for my website that lets users login with Facebook or Google at the moment.
What I am trying to do is set some checks to make sure that duplicates do not appear in the database.
Here are some scenarios I have covered :
Login with Google/Facebook account and I have already registered this account, This will log the user straight in as they have already linked this account.
User has already registered with Google account, yet clicks Facebook because they cannot remember which account they used. This will alert the user that the email address returned from Facebook has already been registered with a Google account. This will enable them to click on Facebook to Login ??? NOT SURE ON THIS LOGIC AT THE MOMENT ???
User clicks on Google/Facebook to login, yet the email address returned is a user that went through the manual registration. This will alert the user that the social account they are trying to login with will require a password.
What I am thinking of doing is allowing users to LINK ACCOUNT so that the alerting process does not happen because I can link my facebook account to my google account through my website, and vice versa etc etc.
What I am asking :
Are there any other checks I may be missing? Is this logic sound? Is there anything I am doing which makes you question the login process??
Basically asking logic advice on this one.
Well congratulations! You're almost on the right track. Let's breakdown your situation here.
Ideal Situation
1. Registered on your site
2. Log in with Google
3. Log in with Facebook
Now, let's take the common denominator here, I mean the primary key. I am guessing in your case it should be the email address.
Actual Process Flow
1. User registers. You save the email address
Or,
2. User registers with Google/Facebook and you save the email address.
Login Procedure
1. You receive the email address either from direct login/facebook/google.
2. You match it against your table
3. On positive match, you link this social login to an existing account
If,
4. It is not a positive match then you accept whatever data you receive and then forward
and then pass on to the registration page.
Hope this helps! Let me know if you want to know anything else.
Cheers!
I came across this problem with a company's intranet that we run (powered by Wordpress) - it's got us all stumped.
When attempting to authenticate a user using the Google Contacts API, an error is returned after granting permission to access the user's contact list and before full authentication is given, but no details are given as to what the error actually is.
It was working absolutely fine until one day in late April/early May it suddenly stopped working.
We we're using the following scope: http://www.google.com/m8/feeds/contacts/default/full.
An interim solution has been put into place, using the Google+ API instead. This is working well, except that the API is not providing the user's email address after authenticating, only their profile details.
We absolutely need the email address in order to limit access to the website to people with certain email addresses, as well as intergrate properly with WordPress' user management, generating new user accounts and linking them to authenticated email addresses.
We'd really appreciate any help!
You're not providing much in the way of details, but Google+ Sign-in should have what you want, and it comes with pre-cooked PHP code, see https://developers.google.com/+/quickstart/php
Also, you can go through the basic login flow and if you use a scope like "openid email" you’ll definitely get the email address; see https://developers.google.com/accounts/docs/OAuth2Login