Error when trying to log into ESPN Masher API - api

I'm a long time user of Mashery, but when I try to sign into the ESPN API I get the following message:
Login Failed
You must click on the link in your user confirmation email before you can login.
This seems easily solvable - however, I've never received a confirmation email.
Any help from the ESPN API staff would be greatly appreciated.
//MD

I took a look at this, but it's difficult to see which user account is yours without more information. I do see one account in a "waiting" status, so I'll presume that is yours. I do see another account using a gmail address that has the same first and last name as the one that is waiting to be confirmed. The email address of the account waiting for confirmation is a .co account.
I don't see an option to resend the confirmation email, perhaps requesting a password reset on the login screen will help. I'll see what else I can do, but try the reset first.

Related

Allow user to choose how they receive forgot password code

Tried searching for this in Amazon's docs but couldn't come up with anything.
Assuming that both email and phone number are checked in the verification section of the user pool. If the client app wants to allow the user to choose how they receive the code (assuming they've forgotten their password) - how do we get Cognito to handle that? Is there a way of getting the forgotPassword method to select a route (email or SMS)?
From some early testing, it seems like it always goes one route if both are available. I do see that Amazon themselves have made this available on their site though, so hoping that it should be possible?
For this example, we can assume that we've got a verified email address and phone number for that user.
I am on the Cognito team. Currently the behavior is that if both phone number and email are verified, the code goes to the phone, hence phone number is given preference and there is no way to select where the code actually goes. However, we have heard this request in the past and I will add a +1 to the feature request on your behalf.

Auth0 : Multistep signup form for paid users

I am using auth0 in my existing regular php web application.
I have free as well as paid users in my site. For free users registration process is simple, I call the create user api which triggers the verification email.
But for paid users I have a multistep form. In first step users enters his information and registered as a free user in application then redirected to payment page. I can not call auth0 reg api after first step as user will get immediately verification email before payment.
If I call it after successful payment then its impossible to track if user bails out(Doesn't fill payment form, but already registered as a free user).
Please suggest what approach I should follow.
Thanks in advance
Make sure that you disabled public signups (this endpoint) and instead are performing the registration of users from your backend through the Management API create user endpoint.
Then you can use the verify_email parameter to indicate that a verification email should not immediately be send after user creation. You could then later use this endpoint to trigger a verification email to be sent after the payment form is completed.
If you have want to achieve best result i think you must follow below step to get rid of this problem:
1. Remove public signups in your application by trying this authenticating signup.
2.Perform the registration of individual user by this way create user's
3.Now you can simply use the verify_email parameter.
This parameter can be easily use post verification email process which prevent the issue of signup/signin before making payment.
Hope you got it & feel free for any help.

Logic Behind Social Login

I have created a nice little login script for my website that lets users login with Facebook or Google at the moment.
What I am trying to do is set some checks to make sure that duplicates do not appear in the database.
Here are some scenarios I have covered :
Login with Google/Facebook account and I have already registered this account, This will log the user straight in as they have already linked this account.
User has already registered with Google account, yet clicks Facebook because they cannot remember which account they used. This will alert the user that the email address returned from Facebook has already been registered with a Google account. This will enable them to click on Facebook to Login ??? NOT SURE ON THIS LOGIC AT THE MOMENT ???
User clicks on Google/Facebook to login, yet the email address returned is a user that went through the manual registration. This will alert the user that the social account they are trying to login with will require a password.
What I am thinking of doing is allowing users to LINK ACCOUNT so that the alerting process does not happen because I can link my facebook account to my google account through my website, and vice versa etc etc.
What I am asking :
Are there any other checks I may be missing? Is this logic sound? Is there anything I am doing which makes you question the login process??
Basically asking logic advice on this one.
Well congratulations! You're almost on the right track. Let's breakdown your situation here.
Ideal Situation
1. Registered on your site
2. Log in with Google
3. Log in with Facebook
Now, let's take the common denominator here, I mean the primary key. I am guessing in your case it should be the email address.
Actual Process Flow
1. User registers. You save the email address
Or,
2. User registers with Google/Facebook and you save the email address.
Login Procedure
1. You receive the email address either from direct login/facebook/google.
2. You match it against your table
3. On positive match, you link this social login to an existing account
If,
4. It is not a positive match then you accept whatever data you receive and then forward
and then pass on to the registration page.
Hope this helps! Let me know if you want to know anything else.
Cheers!

Disallowing link from opening in Forward email

we have a use-case wherein a notification email is sent out in response to some postings on forum. This notification emails carry a AHREF link which basically allows to launch the post page from the email itself. Additionally, these links carry an authentication token so that the user don't have to sign in when opening the page. This works fine in the normal use case, but in the scenario when the original recipient forwards the email to some other account we are not sure how we identify that the link is opened from forwarded email address. Can somebody provide some insight ?
There is principally no way for you to detect that a link was clicked in an email that was forwarded vs. an email that you sent directly to someone.
Do not put an authentication bypass in the link if the need to secure your content outweighs the need for user friendliness.
You can weigh allowing the user, once they log in, to set a persistent authentication cookie in the browser they logged in from. That way, if they click a link in an email and that cookie is set, they can get directly into the website. StackOverflow.com works that way, which is convenient and the downside risk is not too great. Fortunately my bank does not work that way. The potential for loss is much greater with home banking.

Create a MySpace API - (verify your email error)

I am trying to create a MySpace API so that my users can connect to my site using MySpace.
All the tutorials say "go to http://developer.myspace.com/ and create a developer account..."
I signed up for a new MySpace account, verified my email, gave them access to my gmail so they could search for friends, invited a few friends, basically completed all the steps they ask you too as a new user...
But whenever I go over to http://developer.myspace.com/ and click "Developer Sign Up" or "Start building!" I receive an error message that says:
We're sorry, but you must verify your email address first! You cannot access many MySpace features until you complete this step. Please return to your MySpace profile and click the "Verify your email address" link. When this step is complete, you can re-apply to the developer platform.
I have verified my account 3 times using the link in the email they sent me, and waited 24 hours for any changes to be applied. There is no "Verify your email address" link on your profile page, so this appears to be a deprecated error message.
A bit of digging around shows this problem has existed since at least 2 years:
http://developer.myspace.com/community/forums/t/9579.aspx?PageIndex=1
... and has even been posted on here, without resolution: Myspace developer api: No access / verify email
Any ideas how to get access to my API key?
Do I just have to wait for my account to show as verified...? (It's been 24 hrs already)