Is there any way with Twitter to get the auth code without having to go through Twitter and being redirected back to the source page ( my website ) ?
I am aksing this because we need to connect the user to Twitter, but without refreshing the current page the user is on.
Is this possible with Javascript, jQuery or whatever?
PLease help me out.
Thanks
Using whatever, Python and Java in this case. I ran into this article a few days ago you'll find interesting:
Automated Browserless OAuth Authentication for Twitter
quote from the article:
This article describes how to use the OAuth 3-legged protocol with a
headless browser like HtmlUnit to get tokens from twitter without user
intervention.
Related
I am trying to authenticate a user inside a desktop application using the web api. I am not using a browser, I am using straight up GET and PUSH calls to the endpoints of the Spotify servers. Immediately I ran into some problems. It appears that upon the initial GET command to "accounts.spotify.com", the returned response includes HTML with a javascript function that runs and is responsible for dynamically generating HTML that you see on the initial login page. If you look at the Javascript function, it is clear that this is what is going on, however, you can also see this code is obfuscated and not meant to be used by us, the developers! (Link to Javascript code here for reference: Javascript function)
So my question is, while I can probably reverse engineer the code to get this working, would this be against the Spotify developer TOS?
Thanks!
Spotify's authentication happens through oauth, and a big part of user authentication as per the oauth rfc is where the user delegates permissions to your app to carry out API calls that affect their account, or return information about them. That's the web page you're seeing - it must be presented to your users so that they can delegate permissions so that Spotify can give your app an access token. It doesn't necessarily need to happen in a browser - it can happen in a web view inside your desktop application - but it does need to be loaded over https, and your application must not alter or reverse engineer the Spotify permissions delegations page.
As you correctly guessed, reverse engineering any Spotify APIs is against terms of service.
For more information on authorization on the Spotify platform, I'd recommend having a look at this guide.
Hope that helps! Please ping me if you have any more questions.
Hugh
Spotify Developer Support
I have multiple ember apps, but just one of them has the login page. I want to authenticate all of them with this unique page. How can I redirect other apps to an external login page using ember-simple-auth and redirect to the corresponding app after the authentication?
You need to write custom authenticator. In it's authenticate method I suggest to not redirect, but open a child window with login page. And that login page should be able to communicate with your ember app in some way (window.postMessage for example) in order to give your app auth token. Authenticator must wait until it receive answer (promise and timer will help with waiting). I used such method with google's oauth in node-webkit application (my authenticator opens google's oauth page where user prompted to give my app an access). I don't want to share a code because its too big, complex and have code specific to nw.js but I hope my answer will help. I used code of oauth2 authenticator to develop my own, it helped me a lot.
While implementing the Facebook Connect to a web application , its possible to show Facebook Sign up page in a pop up and once logging in and Granting permissions are complete, its possible to Authenticate Again in PHP and to get the necessary details of the user, - id, email etc.
I believe, thats secure because, the User Insertion is not based on the Ajax Request Parameters.
Is it possible to do the same with Google Plus Login also ?
Means - Logging in to Google - Using Javascript SDK, asking permissions, Authenticating all done in a Pop Up Window. and then, Creating a new user with the Help of google-api-php-client ??
Yes, what you're trying to do is outlined with https://developers.google.com/+/web/signin/server-side-flow which includes some PHP code samples to help you do this. In general, the steps at authentication time are:
User clicks the "Sign in with Google" button which may pop-up a new window at Google prompting them to log in and authorize your webapp.
After they do so, a one-time code is sent to a JavaScript callback you specify.
Your Javascript method sends this code to your PHP server.
Your PHP server uses the client library to contact Google's server and exchange this one-time code for an access token and refresh token, which you keep and use to perform actions on the user's behalf.
Looking at this site http://www.thefancy.com/ and clicking the Sign up button followed by the Twitter option it brings up a window for Twitter Login.
I assume this is the JS approach to Twitter login in a similar fashion to Facebooks.
On my site I have already implemented Connect With Facebook (using JS) and to keep my site consistent I would like to know how to do this using Twitter's Sign On service.
Does anyone have any useful advice or links to help me with this - I can only find guides that take the user to Twitter's website during login and then back again to mine which is not what I want.
Many thanks
EDIT:
I did notice this on Twitter's site:
"Reminder: It is strongly discouraged to use OAuth 1.0A with client-side Javascript."
Why do Twitter recommend against using JS with OAuth while Facebook and Google are happy to go with it?
tHave you looked into Twitter OAuth? In order for Twitter to grand your site details, it has to redirect your users momentarily to twitter for them to verify this access. This link explains it a bit better: https://developer.twitter.com/en/docs/basics/authentication/overview/3-legged-oauth
Temboo simplifies the process of developing Twitter sign up (via OAuth). See here for details: https://live.temboo.com/library/Library/Twitter/OAuth/
Temboo doesn't have a JS library though, so you will have to use the REST API.
Full disclosure: I work at Temboo.
Is it possible to modify or show a more iOS friendly login page from googles oauth2 services? I'm not sure if I have seen a modified on before but i can't find any information on it. Any help would be appreciated.
I think the only change you can do is to provide your own logo as described here: https://developers.google.com/youtube/2.0/developers_guide_protocol_oauth2#OAuth2_Register
To make the login process more like a part of your application it is possible to open the login page in an embedded browser instead of open it in Safari, but you will not be able to change how it looks.