Get Facebook user basic info without authorization - ruby-on-rails-3

I want to be able to show a user which of their friends have signed up for the app as soon as they come to the site, before they are authorized, as long as they are logged into Facebook in the current browser.
Is this request possible? I have definitely seen this sort of thing, but I am not sure if this is universally available. I recall seeing some info on this topic on Stackoverflow, but cannot find it at the moment.
It's a Ruby on Rails app and I have been using Koala to make the authorized requests.
Thanks.

Related

Google Authentication via PHP Client Library/oAuth2

I have searched long and far for this on Google Identity documentation but my question seems to be out of it's scope (https://developers.google.com/identity/protocols/OAuth2).
This is what I have:
I have an app that is using Google's PHP Client library to authenticate a user via oAuth2. My application stores the retrieved token & refresh token from a user. I am able to use this token and refresh token to pull in information from various Google API's (Drive, Calendar, Mail, etc). I am also storing a cookie in browser to keep the user logged in to the application when the user closes the browser. I have created a simple way for users to login to the application via a QR code that matches up their stored token and refresh token. After the first login they are able to simply use a badge to login to the application.
This is what I want but don't know how to do
When a user logs into the application with their QR badge everything work perfectly (I am still able to pull in anything via the PHP Client Library/Google API's), however when a user goes to Gmail, Drive, or other Google service, Google is asking them to login (it's because they are not technically authenticated with accounts.google.com (only my application)). Is there a way to programmatically authenticate a user to accounts.google.com via a stored token/refresh token?
I was searching for a proper way to implement authentication of users with Google accounts into an app I'm developing. One thing led to another and I found this:
https://github.com/thephpleague/oauth2-google
They have a few implementations depending on how you may wish to implement OAuth2 (via separate repositories). I believe this directly answers your question, albeit 3.4 years later. Hopefully it will help someone else who is looking for this info.

OAuth2 Troubles with PicasaWeb API

I have spent the last couple of nights bashing my head against the wall amongst a see of conflicting out of date documentation and semi-helpful blog posts that were/are appropriate to what I am trying to do.
Essentially I want to write a wee personal app do download my images from PicasaWeb/Google+ and store them on my local hard disk.
I have managed to do the following:
Figured out the GData API for the appropriate request to get private album data (works fine in my 'google-logged-in' chrome browser)
Got the correct private data back from my GData URL with the token generated by the OAuth playground.
Managed to get an OAuth2 token back from https://www.googleapis.com/oauth2/v3/token using JWT.
However - when I try my access token I generate myself I get back a forbidden response with the message 'Not authorized to view access private'.
I am pretty stumped - my only guess is that my service account configured in google developers console doesn't actually have access to my personal google stuff like google+ photos. When I look in there I can see the OAuth playground has access. How do I give my app access - and do I need to in this scenario?
Thanks in advance,
Robert
"my only guess is that my service account configured in google developers console doesn't actually have access to my personal google stuff".
Totally correct.
I guess I see 2-3 questions per month on SO where people have made the false assumption that a Service Account is some kind of proxy to their Google Account. It isn't. It's a completely new and independent account.
The two approaches you can take are:-
Share the items to the Service Account so it has permission to access them.
Give your app direct access to your Picassa account. See How do I authorise an app (web or installed) without user intervention? (canonical ?) for the steps involved.

How should I store login details with appcelerator?

I have built a website that uses Facebook, Google, Yahoo, Twitter and standard email/password for account signup. It all works fine on the web but my client wants to make the website an app. I've been experimenting with using webviews with appcelerator and it looks like it will work well. The problem is the websites session will expire after 30 minutes or so. The client wants to be able to stay logged in and prevent the users from having to re-loging in all the time.
I'm thinking I need to store the login details and automatically re-login when the session has expired. Would this be the best way to handle this?
I think this is solved. I've going to use asiviero's suggestion.

Send Facebook friend request via iPhone app?

I'm trying to add a friend request feature to one of my apps. I've done quite a bit of research, and I've found out that I can't do that via the graph api. I've also looked into dialogs, and that isn't supported in FBConnect.
So my only option now would be to pop up a UIWebView and do it and format the url like this: http://www.facebook.com/dialog/friends/?id=FRIEND_ID&app_id=APP_ID&redirect_uri=REDIRECT_URI. That's not a problem, but if the user isn't logged in with Facebook on mobile safari, they will have to log in and that can get quite annoying.
Have any others dealt with this problem? Any good work-arounds?
Friend requests always need to be authenticated from the request sender side, hence the user will have to log in when using the friend request dialog if they are not already logged in.

Custom iOS Twitter Authentication page?

I am making a mobile application where users can connect their twitter accounts to the app. I am just kinda curious what's the best way to do it.
Right now, I would love to be able to make my own custom page (without having to use a UIWebView).
Is this possible? If how, so?
Thanks.
As I understand, you don't want the user to be redirected to Twitter's OAuth authorization web page. You can use xAuth instead, but you have to send Twitter an email why you want this, and they won't allow xAuth for your app until it is in a very late development state (when your app is almost complete). You can find the manual for xAuth in the Twitter development documentation.
Basically, what xAuth does is it allows desktop and mobile applications to skip the request_token and authorize steps and jump right to the access_token step. This way, you can provide the user with custom fields (e.g. UITextField objects) to fill their username and password in. Just make sure you don't save them anywhere, only the access token. Good luck. :)
A quick web search reveals MGTwitterEngine