Account Strategies on New Social Enabled Sites - authentication

So I'm in the midst of creating a Facebook Connect enabled site. The site in question will leverage your social graph - as defined by your facebook account - to do social things (what is really not important here). Here's the big question I have:
Are people still rolling their own authentication heuristic when using something like Facebook Connect? That is, are newer (FBConnect) sites today providing only FBConnect as an authentication strategy, or are they pairing it with other auth strategies (such as Google Auth, Open ID, etc)? What do you think is the best way to go? With Facebook having over 300,000,000 users now, is having 1 authentication strategy (FBConnect) enough? Or is it proper netiquette to provide users other means?

Some of the references I have been looking at today:
http://www.kenburbary.com/2009/08/five-reasons-companies-should-be-integrating-social-media-with-facebook-connect/
Increased Registration - Data from Facebook states that sites that use Facebook Conect as an alternate to account registration have seen a 30-300% increase in registration on their sites.
• Citysearch.com – Daily site registrations have tripled in the 4 months since Facebook Connect testing began
• Huffingtonpost.com – Since integrating with Facebook Connect, more than 33% of their new commentor registrations come through Facebook
• Cbsinsider.com – Over 85% of all new user registrations are coming from Facebook Connect
http://www.simtechnologies.net/facebook-connect-integration.php
"according to the current statistics using facebook connect increases 30-40% user traffic as compared to non-facebook connect websites."
http://wiki.developers.facebook.com/index.php/Connect/Authentication_and_Authorization
Our research has shown that sites that implement Facebook Connect see user registration rates increase by 30 - 200%.
No Need to Create Separate Accounts
In general, it's not a good practice to force a new user to create a separate account when registering on your site with Facebook Connect. You'll have the user's Facebook account information, and can create a unique identifier on your system for that user.
Just make sure you understand what Facebook user data you can store, or simply cache for 24 hours. See Storable Information for details.
If the user ever deactivates his or her Facebook account, you have a chance to contact the user to request the user create a new account on your site. When a user deactivates his or her account, we ping your account reclamation URL to notify you of the deactivation. Then Facebook sends the user an email regarding the deactivation. If the user has connected accounts with any Facebook Connect sites, and if your site has specified an account reclamation URL, the email will contain a section with your application logo, name, and reclamation link, in addition to an explanation about the link's purpose. For more information, see Reclaiming Accounts.
http://www.chrisbrogan.com/how-facebook-connect-points-the-way-towards-velvet-rope-networks/
The Drawbacks
Though there are advantages to using Facebook Connect for integration, there are some drawbacks, mostly from the marketer’s point of view. If you build out a social network project using Facebook Connect, Facebook gets all the information and you get none. You don’t get a database of users. You don’t get a way to message people participating in your event, except for “in stream,” the way everyone else is using the app. You don’t have any sense of demographics, nor any control abilities to block trolls or other unwanted types.
Crystal Beasley "All of the FB Connect sites we have built so far have incorporated "standard" accounts as well, even with the added complexity of supporting dual login methods."

There are still people who use mySpace (myself not included), and I know a several people coming out of college that have completely deleted their FB accounts to get rid of information of them they don't want potential employers to find (I know, there are a lot easier ways of doing this). If there are people who for whatever reason do not want to have a FB account, at least give them the option of creating a private google account.

Using ONLY Facebook as the register/login-method seems pretty dangerous to me. If you had a regular user management system, with Facebook Connect to speed up the process from a user-perspective is a good idea.

The Problem is somewhere else
if you really want to leverage the social graph only facebook brings "pure" data
the graphs people build at e.g. myspace arent telling much about that person and its social env. - at google neither
if you are just heading for viral spreading prefer the plattforms that share the best (just facebook again)

Related

Linkedin APIs for authentication, connection invitations and user search

I wrote this same question to #Linkedin support service and I was redirected to this link where they indicate to ask questions in Stackoverflow.
We are developing a mobile App for the Polytechnic University of Madrid and we plan to expand to other Universities in the future. This aplication will need in a first instance OAuth via Linkedin. It will also need to allow the authenticated user to send connection invitations to other users contained in a list. For creating that list of users, it will be useful if the admin of the system could search in a bar similar to the one which Linkedin has, write a user name and select it, retrieving its user ID or what is needed to identify the invitation destination.
Summing up, the App needs:
OAuth API
Connection request API
User search API
I have read on the web that some of Linkedin's APIs suffered some modifications in which most of them where limited to allowed users or apps. So the aim of this post is knowing:
Do the APIs my mobile application needs exist?
What do I need to do to obtain the access to those APIs in case they exist?
User search API
For this feature you could use something like Algolia Instant Search
LinkedIn has changed many things related to user data. If you need access to its data then you must follow the given guidelines.
Basically you have to create a LinkedIn App and then the users have to grant permissions to your app by installing it in their device(s) and then only you can collect their data.

Is it possible to identify the person talking to the google assistant by voice?

Recently google has added multiple user support to the assistant so how would use the API to identify the person by voice?
It depends what you mean by "identify the person".
There is no way for an Action to get the raw audio, so there is no way for it to do voice printing or anything along those lines.
Although each voice has to be reported against a Google User ID, you do not have direct access to that user ID.
What developers do have access to is a UID that is sent along with each request to your fulfillment server. This UID is consistent across requests, although it can be reset by a user (for example, if they reset their Google Home). You can think of this the same way you think of an HTTP cookie - you can track the UID and, if you see it again, have reasonable assurance it is the same user that accessed it last time. This breaks down, however, for the "default" account on Google Home, since anybody who doesn't have an account will map to this user.
Beyond this, you can also use Account Linking to connect a Google Account consistently to an account in your own system. If you have sufficient authentication in place, or are using one from Google or Facebook for example, this can act as an identity.
There isn't an API for developers to identify users by voice.

Instagram doesn't approve my app with some partly irrelevant feedback

I have written an app which notifies users when someone make them unfollow (As like as any other apps in this area). Then, I got my app approved by Instagram. After six/seven attempts, they don't approve the app till now. I followed their instructions as feedback and fixed any probable privacy problem which my app might have. But I didn't get any bright answer from them as far.
I throw my app on the following use case:
My product helps brands and advertisers understand, manage their
audience and media rights.
And I wrote my API use cases as follows:
Thank you for considering our request to approve our application. The
required information for enabling live mode for our application is
explained in the following lines:
Q1: How your app does use the Instagram API?
First of all, our user (i.e. brands or advertisers) selects the “Unfollow Finder Service” on our application.
We redirect the user to Instagram login page, as indicated in API documentation, to authorize his account to accessing required scopes.
i. Note that we already told the user everything that we are going to
use.
We tend to call follow APIs whenever the authorized user clicks a button in our application.
Ultimately, we inform the authorized user with the information obtained from step 3.
Q2: How does it fall into one of the approved use cases?
The list of users who recently unfollowed/followed an
Instagram account are definitely crucial and beneficial for the brands
and advertisers on Instagram. In this way, they can get feedback
implicitly from their customers. Our service help them to manage their
audiences and provide better content for them. So, according to Q1,
our use case falls into “My product helps brands and advertisers
understand, manage their audience and media rights.” We never violate
the approved scopes and Instagram's privacy.
Q3: Who will be using your app?
In our region, lots of brands and businesses utilize
Instagram to publish their content. They are the users of our service
and can use it to improve their relation with their audiences. Kind
regards,
As you see, I'm trying to tell them everything in detail. But in my last submission, they declined me with the following feedback:
General issues:
Policy Violation ("Like", "Follow", "Comment" Exchange Program): Your
app shouldn't participate, enable or promote any “like”, “share”,
“comment” or “follower” exchange programs. In working to build a high
quality platform experience, we ask that you comply with our Platform
Policy (http://wwww.instagram.com/about/legal/terms/api/).
I just want permission on follower_list scope from them. The surprising part is that they noted me with almost irrelevant feedback. It seems that they do not want to approve my app at all.
Do I violate their privacy?
Does anyone face this problem? How can I fix it and had my app approved?
Sorry for asking this question here since I almost googled entire web (+Stackoverflow) and find no helpful answer. All of my previous attempts were gone away.
Thanks in advance.

How to get the social networking profile information through Email Id?

I am working on iphone application.I wanted to get the social networking (facebook,twitter, etc) profile details by giving email id as query. Is there any method to get the profile ?
For Facebook you can try this answer: https://stackoverflow.com/a/5247066/580173
For twitter this this not possible. You can use oAuth to authenticate the user and get the profile.
For LinkedIn I believe it's also not possible. LinkedIn doesn't communicate the emailaddress anywhere in their API.
See this forum post: https://developer.linkedin.com/thread/1131
I'm assuming that you're wanting to just add the social profile links to a user's profile inside your app...correct? (If you want to actually allow your users to post to their various social media accounts, your best bet is to go ahead and let users sign into each individual account via OAuth.)
If you're looking to get public social info via email address, your free options for a simple solution are pretty limited. Each different social network has its own method, so you'd need to build out a different process to query each social network you want to support. Without more info on which networks you want to support, there are any number of different answers to this question - so I'll just say your best bet is to check out the developer docs of whichever social networks you want to use.
If you're looking for a paid solution, you might try FullContact (full disclosure - I work for them). The Person API pretty much does exactly what you're looking for - pulling all public social media profiles associated with a particular email ID. API docs are here.
However, it is a paid solution, which may not be what you're after.

For Twitter , how to create test user accounts?

Facebook allows you to create test user accounts that can only be used for testing purpose.
Does Twitter provide similar functionality ? I don't want to get my application blacklisted for creating fake user accounts; do I have to use my real user account for testing my application ? What strategies are your using for testing application with Twitter ?
As far as I know, there is nothing in Twitter's rules against creating account (unlike Facebook, where with the exception of test accounts, you're not allowed to create multiple accounts for testing purposes). So, you can just register the account like you normally would.
You might want to take a look at this post for some other tips for test accounts (hiding your tweets, deleting the account when you're done testing, etc.).
I'm currently creating a Twitter application and here are some of the strategies I'm using.
I create my accounts in combination with Gmail addresses. If I create a gmail account as user bob#gmail.com , I secure the Twitter name #bob on Twitter. That way it's kind of hard to forget where to email a lost password. I don't go crazy, as I don't need 100's of test accounts but I do have up to three.
I log on to my test accounts using Chrome because it will automatically recall your password as soon as you type in your Twitter name on the home page. That way it is easy to switch between them, but note that I find it hard sometimes to know which account is actually active because I'm constantly looking at other profiles. This gets confusing if I don't constantly look at the logged in user icon indicator.
Never, ever re-tweet anything unless you absolutely have to for a test case or use hash-tags unless for a test case. Unbelievably even on a completely un-publicized account, I had a few surprise Twitter users in my DB a few seconds after I re-tweeted a link.
on Localhost, close all your other browser windows while your testing. Especially if your calling the API through AJAX. You never know which sites you have open whom also call the Twitter API through AJAX, and this can seriously screw with your tests and rate limits. Especially when your developing live.
I would not recommend protecting your tweets. It's too limiting for most use cases.
For my site, I need to place a link in the tweets. Twitter will not
allow live links to http://localhost so you have to plan around
this and have a live test server sooner then you may anticipate.
Twitter has one of the easiest registration processes I have seen. You can quite easily create several test accounts; this is the only method I have used.
Here is a blog post about it.