How to make authorize request with Google Plus Social Graph - google-plus

I am working on PHP application, which communicates with Google Plus. For getting information about people in circles I send request to this link: https://plus.google.com/u/0/_/socialgraph/lookup/visible?o=%5Bnull,null,%22GOOGLE_USER_ID%22%5D&rt=j and it retrieves me list of people in circles for specific user.
In my application I want to check for each user in my friend list (person in circle), if he/she has me also in circles, which means we are friends. But if person has blocked to list people in circles for public, then I get empty array in response despite he/she is my friend. So I would like to know, how to send with this link authorized request. For example how to include there access token.
Because now it shows only public data and it acts like I am not logged in.

Use: https://developers.google.com/+/api/latest/people/list and ask the user to sign-in then you'll be able to get their consent and retrieve the list of people they're following.

Related

Using Instagram's Graph API, how can I retrieve post data (media url, caption, poster username, etc)

I want to use Instagram's Graph API on my backend server to retrieve data about an Instagram post. On my frontend, users will submit a post URL (like https://www.instagram.com/p/CAvPIm2lszQ/). Then on my backend, I want to take the ID of the post from that URL (so in this case CAvPIm2lszQ) and then I'm hoping that I can pass that ID thru the Instagram Graph API and then retrieve the data that I need (media URL, caption, poster username, etc.).
So would that be possible? I did find documentation on "IG Media" for the Graph API, but under permissions, it says, "A Facebook User access token from a User who created the IG Media object, with the following permissions.."
Unless I'm misunderstanding it, I'm not sure if I'll be able to access posts from various public accounts. I think it's also worth mentioning that my users are not logging into their Instagram accounts to use my service so the only possible "User access token" would be my own.
Any ideas on how I can go about this? I was using the instagram.com/p/{post_id}/?__a=1 endpoint to meet my needs before but it doesn't work on my production server for some reason. So I'm kinda stuck.
Most probably you will not be able to achieve that using Instagram API. First of all the ID you are referring to CAvPIm2lszQ is not the ID that you will use for getting IG Media. The ID is different (it's numeric value like in the sample request from the page you've linked). The full URL that includes CAvPIm2lszQ is in the shortcode field.
At the moment it is not possible to look for the post detail using shortcode. If you want to use that endpoint you need to get the real post ID first, for instance by listing list of posts from given user.
But in order to do so - you need to use Facebook login authorization window to get token from given user. Alternatively you can try to request https://developers.facebook.com/docs/instagram-api/guides/business-discovery but it requires going through App review and having your own company to pass the Business Verification. Keep in mind that this endpoint returns information only about Instagram Professional accounts (Business/Creator account). You will not be able to get information about regular accounts.
And the last thing about ?__a=1 endpoint. This is not the official Instagram API. They use it only for their own purposes. Most probably your server IP address has been blocked due to sending too many requests.

Can the instagram api pull likes and comments from an account that I do not manage

I want to pull likes and comments from any account that I specify. Can this be done with the Instagram API or do you have to have the accounts permissions to pull this info.
Essentially I want to be able to analyze this data without having log in credentials for the account.
Thanks!
Following the June 2016 changes to the API, you will need to invite the other users to be "Sandbox Users" of your API client. And even then, the access will be limited to their last 20 posts. Here's a quick explanation of the new Instagram API rules.
TL;DR
Sandbox users are other Instagram users that you “invite” to your
client. The main reason to do this is so that your app will then be
able to “see” their last twenty posts in addition to your own. In
other words, when they accept the invitation, they show up on the tiny
desert island where your app lives.
So you don't need their actual login credentials, but they do need to accept your invitation in order for it to work. The only other alternative is getting your app through the submission process to "go live" but there are very few use cases which they will accept anymore.

Is it possible to send website invitee to google plus users

Is it possible to send website invitee to google plus users.
I have a website with option to login using google account. I want to send an message to all friends of logged in google users on logged in users request.
I think interactive posts would be a good solution for this.
This allows users to choose themselves who and if they want to invite.
You can define an invite text that will be prefilled in the share box (even though users can adjust that text).
If you want you can also use the people.list method to fetch some of the more relevant friends and prefill the share box with them.
See https://developers.google.com/+/features/interactive-posts and https://developers.google.com/+/web/share/interactive for details.

Basics of Facebook login

I'm having a hard time understanding how Facebook communicates with my server when a user logs in (after approving my facebook app). I've been looking through guides and other Stackoverflow questions for hours on end but can't seem to get the hang of it. The documentation on http://developers.facebook.com/ isn't to much help much either.
What I want to do is to have a Facebook login button on my page which opens a Facebook login window (using Facebook's Javascript SDK). When the user then logs in to Facebook and approves my app I want to get the user's data (name, email, age) and store it in my database. How do I get this data, SECURELY (server-side confirmation/authorization)?
Basically, in this order;
a user clicks log-in button on my site
a pop-up is shown where the user can log in & approve the app on Facebook
check if user has already logged in before by getting user's user_id
if it's the users first time logging in, the user's Facebook data (specifically: full name, picture, email adress, age) is gathered by me and stored in my database
After the user logs/approves the app in the Facebook pop-up, where is the user's data then sent?
After the user approves the app, the user's data is not sent anywhere. You need to make an API call to retrieve the data.
Facebook is an OAuth provider. You use Facebook Login so the user can give you permission to access her Facebook data (such as email, friend list, messages, news feed etc). You can also get permissions to take action on behalf of the user (such as uploading a photo, posting to news feed etc.) While starting the OAuth flow, you specify which permissions you will request from the user. These are called scopes.
The authorization flow that happens in the pop-up window is there for the user to give you permission to access the data that you request. This permission is represented as an access token which you have to use everytime you want to retreive user data, or attempt to do something on behalf of the user.
Once you have the access token, you can use the Facebook Graph API to get whatever data you want from Facebook. If you try to access some data that you did not get permission for, then the API method will return an access denied error.
I wanted to give some more links about scopes and access tokens from the Facebook Developers site but my reputation score is too low :)

Google+ circle membership check by API

Is it possible to use the Google+ API to check if a user is a member of another users particular circle?
Example use case:
User Joe adds User Bill to "Joes Friends" Google+ Circle
User Joe is also a user on my website "videos-from-my-weekend.com"
Joe Picks a particular video from my site, then grants access to that video to anyone in his "Joes Friends" Google+ Circle.
User Bill logs in to my website, and is able to watch Joe's videos.
Nefarious Steve tries to watch Bill's videos, but fails the Google+ api check since he's not a member of the "Joes Friends" Google+ Circle.
I hope I explained that clearly enough.
This is really a code independant question.
If you're trying to check a particular circle, then no you can't do that.
If you're trying to check that the viewing user exists in any circle, then the following conditions must be met:
Users must have authorized your app to request their friends list by requesting the auth scope https://www.googleapis.com/auth/plus.login, which is included by using Google+ Sign-In or you can just do a straight OAuth 2.0 flow with it.
When the user authorizes your app, they have a choice of whether to allow your app to know about all, some, or none of their circles. The a flat list of people from any circles they allow your app to see would be available with people.list.
After they authorize your app, you make requests and get both of their friend's lists and store those in your DB for checking nefarious Steve against later.