User identification - authentication

I'm very new to Rally (and StackOverflow, for that matter), and I'm trying to build a reporting web app, but only using the Web Services/REST API.
My question is, how does an app know which user you are? Given a username and password, how can I use these to find a certain user? I can't find any object that has a password field.
Here is the link to the REST API: Rally REST API
Thanks to anybody who can help!

Related

Which google oauth playground API should I use to obtain a token with the name, user photo and email?

I found this tool from google recently https://developers.google.com/oauthplayground/
and well I am currently doing an authentication practice for an api with node and passpor.js, I would like to know which of these apis is the one that I should choose to obtain a token with the user, the email and the profile photo, in the tutorial I saw that use https://www.googleapis.com/auth/userinfo.profile, so I don't know if it is depreciated or has been replaced by a new one, or if it is something that can be used in production.
And well also if you could explain a little more about what this tool is, I would appreciate it a lot.
On OAuth Playground you can "input your own scope".
Copy and paste https://www.googleapis.com/auth/userinfo.profile and click Authorize APIs.
Then exchange for an access token.
After that you can call https://www.googleapis.com/oauth2/v2/userinfo and it should return the data you are looking for.

IdentityServer4 retrieve both cookie and token during login

I have got an IdentityServer4 project where i protect an API. Inside the Identity Server project i am developing a mini dashboard where i have added some basic administration features like adding clients, scopes, webhooks etc. Also, inside this dashboard, i want to display some information that comes from the API. The problem is that i need not only a cookie (to login to the Identity Server) but also a user token to communicate with the API and fetch the required data. Is this a valid scenario?
I could of course make a separate call, during the initial login, and get a token by using the user's credentials but this does not sound like the best practise, so i want to avoid it at first place.
Also this dashboard could be a completely separate project and use the Hybrid Flow to achieve the desired functionality but i did not want to create a third project for this. Do you believe this is the optimal solution though?
Thank you in advance for your opinions and answers.

LinkedIn API Without Authentication

I'm making this web application for my company, which extracts basic data from LinkedIn and shows it to the user/employee. I want it to be a very user-friendly experience, hence don't want many login prompts, not even of linkedIn.
There is an itegrated authentication utility that can get the name credentials of the user without him having to fill it.
So is there any way the application uses the firstName, lastName and companyName to search the employee on LinkedIn and display his/her basic data, without him/her having to authenticate using LinkedIn?
I read a bit about tokens, on the developer website, but I didn't understand how to use it?
Any answers/links/examples/hints would really help.
By the way, I'm using Javascript. Not XML, REST or PHP. Even though I wouldn't mind getting an answer in PHP either.
Thanks in advance!

Authentication for Google Calendar API in Objective C using GTM OAuth 2

I am developing an app for iPhone and it basically needs to connect to a Google Calendar API and download some events in the Calendar. (I am the owner of the Calendar)
All the authentication examples that I have seen from 'GTM OAuth 2' require a window for the user to enter his/her user & pass to authenticate the access to his/her Google Calendar. However, my target is a specific Calendar, which I know its username and password. I wonder if there is a way to hardcode the username and password in my Objective-C code and not asking it from the user?
I used to directly write the username and password using the previous GData Calendar API, but it seems that it does not work anymore and I get error 403 for authentication.
I appreciate it if you let me know of your suggestions.
You can save the OAuth 2 refresh token (or more simply the GTMOAuth2Authorization object's persistenceResponseString) and use that in the client app to authorize the requests. You might want a way to provide updated strings for that to the app.

How can I customize a twitter client in objective c

I am designing a twitter iPhone app for my school. I wanted to moderate the users who can access the school account. In simple terms i do not want to use the original twitter server but make it local to only few users. Simply lets say a twitter for class. This will be running on our server and only few people can access it. I am very cofused about this any open sugeestions would help me.
Please help
Simplest way - twitter allows "protected profiles", where only users you are following can see your updates.. This is basically a whitelist of people who can see your statuses..
If you wish to allow multiple users to post from the same account, without hardcoding the twitter account into the application.. you could create your own API, essentially just a proxy for the twitter API..
You could then add your own level of authentication over this, so each user would have their own account (and you don't give out the shared account's login details)
In pseudo code, the application would be something like..
if request['username'] not in ['bob', 'alice']:
raise AuthError
if request['password'] != ['theuserspassword']:
raise AuthError
twitter_api = TwitterLibrary.login("sharedaccount", "secretpassword")
switch request['api_method']:
case "getPublicTimeline":
return twitter_api.getPublicTimeline()
case "postStatus":
return twitter_api.postStatus(request['something'])
Final option I can think of - you could run your own Twitter-like site.. There are plenty of "twitter clones", such as status.net (which is the code that runs identi.ca)
status.net and several other similar projects have Twitter-compatible API's, so you could quite easily take an open-source client (NatsuLiphone for example), and, with permission, rebrand and modify it to use the URL of your own site.
I'm not exactly sure what you mean by "not want to use the original twitter server". If you only want a few people to see the updates from that classes twitter account you could protect the updates and only allow students to follow the account.
However, this should help you create/customize your own twitter iPhone application. This is a link to Stanford's CS-193P course on Cocoa Development. The assignments in the class are creating and customizing a twitter client. All of the project files are available online.
http://www.stanford.edu/class/cs193p/cgi-bin/index.php
I hope this helps.
Create a regular twitter app that requires credentials, don't hard code the credentials in the app. Problem solved. Anybody could get the app on their phone, but only people previously authenticated on twitter would be able to actually use it. If you want to use Oauth you have do this anyway.