I am working on an fbml application which can be added to a fan page. The application then sends ajax request to my php script for data etc.
I have to store some data on my php side against a key or something which remains the same throughout facebook session. How can I implement this? Is there any way to send facebook session id in ajax request? I am using fbml Ajax() element to send ajax request.
Here's a glimpse of code
function do_ajax(path)
{
var sessionKey = '###'; //Something representing fbml app's session state
var ajax = new Ajax();
ajax.responseType = Ajax.FBML;
ajax.ondone = function(data) {
document.getElementById('content').setInnerFBML(data);
}
ajax.post(path+'/'+sessionKey);
}
The visitor may or may not be logged in so I can't use userid. And php session id keeps changing in each request.
Thanks a lot
FBML is being deprecated. See: https://developers.facebook.com/docs/reference/fbml/ No more support for it in 10 days, and then in 6 months it will no longer work. I would suggest using the new Javascript SDK.
Related
I am new in shopify. I have created one app in php for shopify. I have registered webhooks using admin apis. But i don't know how to test webhooks. I have spent lots of time to figure out but not getting any proper response. How to get response and write stuff over there?
Is it like Apis? How to notify that webhooks are called or not.
Please help me.
Unlike APIs, Webhook is event driven(triggered on any event e.g. Order Creation) and send data in JSON/XML format to particular URL.
You can create a Webhook in your Shopify store by following steps.
Go to Settings -> Notification -> Webhooks -> Create Webhook
Select Event on which your webhook will be triggered data Format and URL(https) to which you want to send your data.
Now your data is available in JSON format to server location you have shared in URL field. You can use following code.
<?php
define('SHOPIFY_APP_SECRET', 'my_shared_secret');
function verify_webhook($data, $hmac_header){
$calculated_hmac = base64_encode(hash_hmac('sha256', $data, SHOPIFY_APP_SECRET, true));
return hash_equals($hmac_header, $calculated_hmac);
}
$hmac_header = $_SERVER['HTTP_X_SHOPIFY_HMAC_SHA256'];
$data = file_get_contents('php://input');
$verified = verify_webhook($data, $hmac_header);
error_log('Webhook verified: '.var_export($verified, true)); //check error.log to see the result
?>
We are currently calling third party(our API to OPT-IN that user in our system) API using ajax in cart page for OPT-IN feature. Consider that user is already created in our system at the time of registration using webhook. Now just need to OPT-IN that user.
But by calling API using ajax we are making Access Token Visible. So, it's not secure way to implement API'S.
Need API call to create shopify public APP. In that checking the user status in our system using API. Depending upon API response have to decide Show/Hide one button (that button is added in cart page.). I am talking about implementation of our API for creating APP. That API need Access Token which is provided by us.
So, for security purpose of access token need to implement server side API in Shopify cart page.
async function getData(){
const result= await fetch("https://s15.socialannex.net/apiv2/userstatus/SITE_ID/{{ customer.email }}?access_token=ACCESS_TOKEN",{
method: 'POST',
data: {
'first_name': 'Atul'
},
});
var res = await result.json();
if(res.error_code == 0){
$(".join-loyalty-button").css("display","none");
}
}
Above code is working fine but its ajax call. I want to call above API at server side.
You want to use the App Proxy pattern. See the documentation here:
https://help.shopify.com/en/api/guides/application-proxies
With that, you can callback using Ajax to your API with any information important to your callback. Example, the customer ID. The callback is secure, and no security tokens are exposed. You can return JSON meaning your front-end code can show/hide buttons based on an answer from your internal App.
Long story short. I have a login form in the header on every single page, when I log in successfully it works fine but when the user is incorrect for example it redirects to the default login page (a view that was originally created with MVC project) with the model errors. I don't want to do that, I want to show errors next to the login form without redirecting. So I decided to implement a login via WEB API - i.e. it does $.ajax jQuery request to the Login API Controller, tries to log user in and returns errors if needed so I can output them where I want.
All examples I've seen say to use Bearer Access Token. I don't understand why would I need to go this path - save the token somewhere and pass it along with every single request in the headers? That's what I did in my Login API Controller:
var user = await UserManager.FindAsync(model.UserName, model.Password);
if (user != null)
{
Authentication.SignOut(DefaultAuthenticationTypes.ExternalCookie);
var identity = await UserManager.CreateIdentityAsync(user, DefaultAuthenticationTypes.ApplicationCookie);
Authentication.SignIn(new AuthenticationProperties() { IsPersistent = false }, identity);
}
else
{
error = "Invalid username or password.";
}
This is the same functionality that is available out of the box when you create MVC5 project. I just moved it from regular controller to API controller. And it works without needing to take care of some bearer access tokens. What's the point of it if you could just do it like I did? I think it just makes requests more complicated when you use bearer token. Am I missing anything?
As I understand this, the bearer token would make more sense when you need to have a separately available backend authenticated with the same login as the front end we site in a pass through so the back end can "see" the request as coming from the same user.
You can verify that after logging in this way both the front end web site and backend api are sending the same session cookie, and if so you are golden. If on different domains, you may have problems with that, but otherwise not. If so, then a bearer token to pass that user to the backend may come back into play.
I am using parse.com and phonegap, and want to be able to pass user credentials between the native and phonegap/uiwebview part of the app.
I have a valid PFUser in the native side, and want to pass/create the same valid user to the web portion of the app.
Can a user be created using existing credentials, maybe Parse.User.current()._sessionToken?
Given a sessionToken and a User's objectId, you have all the information you should need to re-login a User on the JavaScript side. However, there is no supported method to do it. You would have to do something terrible like:
var user = new Parse.User();
user.id = "the object id";
user._sessionToken = "the session token";
Parse.User._saveCurrentUser(user);
user.fetch({
success: function(user) {
// Now the user is logged in.
}
});
However, this is unsupported, may not work, probably will break in the future, and may burst into flames at any moment. So don't do it. ;-)
I have some strange behavior with a Facebook request
My application allows users to send application requests to their friends.
When I process the call back I can't seem to read or write any of the session objects I set prior to or after this act.
What does Facebook do to my session objects?
I found it on another post
$.ajaxSetup({
beforeSend: function(xhr) {
xhr.setRequestHeader('X-CSRF-Token',
$('meta[name="csrf-token"]').attr('content'));
}
});