The tool I'm developing would do a thing similar to when you join Facebook and they ask your GMail username and password and with it they can grab all your contacts.
But my tool doesn't use a browser, therefore it is difficult to get the proper headers. I assume that the Google application (Orkut) checks only my Cookies and Identity(ip, machine name, user-agent) as authentication method. In this case all I need is to get the proper cookies.
I tried to call https://www.google.com/accounts/ServiceLoginAuth?service=orkut with the parameters Passwd=realPasswordHere&Email=mymail#gmail.com . But the response was a similar HTML with Set-Cookie: GALX=A9iBuq7y5xU;Path=/accounts;Secure
None of these cookies are the real thing. Have you tried it yourself? Do you know how to do it? Have you ever seen an open source project that does it?
Consider using OAuth -- the URL I just gave details how to use OAuth to authorize the OpenSocial REST interface on Orkut, and this one has detailed specs on the RPC interface to OpenSocial, if that's what you prefer (the authorization part is basically the same, anyway).
If you are just looking for the contacts check out the provided API:
http://code.google.com/apis/contacts/
other google APIs
http://code.google.com/apis/gdata/
If you need source code to view how to do this you can check out the following project.
http://sourceforge.net/projects/gccontactman/
hope that helps, and good luck!
Perhaps you could check the source code of a Google tool that does this:
http://mail.google.com/mail/help/email_uploader.html
Related
I found this tool from google recently https://developers.google.com/oauthplayground/
and well I am currently doing an authentication practice for an api with node and passpor.js, I would like to know which of these apis is the one that I should choose to obtain a token with the user, the email and the profile photo, in the tutorial I saw that use https://www.googleapis.com/auth/userinfo.profile, so I don't know if it is depreciated or has been replaced by a new one, or if it is something that can be used in production.
And well also if you could explain a little more about what this tool is, I would appreciate it a lot.
On OAuth Playground you can "input your own scope".
Copy and paste https://www.googleapis.com/auth/userinfo.profile and click Authorize APIs.
Then exchange for an access token.
After that you can call https://www.googleapis.com/oauth2/v2/userinfo and it should return the data you are looking for.
I'm building a single-page web application, fully based on RESTful API. I've seen several topics in that matter, but some things remain unclear for me.
I will need users to log in. Here are some of my ideas:
I can send e-mail and password to API and use basic auth. I'm not sure where should I keep password, should it be encrypted and if so: how?
Can I use built-in session system instead? Is it wrong to use cookies directly in the RESTful API? Why is it so popular to send credentials/keys to API itself instead of using cookies?
I thought about having one API key per user, return it in login action and keep it in localStorage. I guess it's not the greatest idea to have just one key per user?
Then, I came up with idea to have separate keys table and add random keys each time somebody logs in. On logout, the key would go away and no longer be valid. This is more secure than previous idea.
How is it solved in simple projects? I'd like to make it simple but not ridiculously inserure.
Please help.
The commonly approach is to use the header Authorization in REST. The state of the application must be on the client side with REST and shouldn'a be tied to a particularly client kind (browser with cookies)
I think that this link could be helpful:
Implementing authentication with tokens for RESTful applications : https://templth.wordpress.com/2015/01/05/implementing-authentication-with-tokens-for-restful-applications/
There is also à great question to à similar question here : https://softwareengineering.stackexchange.com/questions/141019/should-cookies-be-used-in-a-restful-api
Hope it helps,
Thierry
how can I get HTTPS authorization on site https://uslugi.beeline.ru not using UIWebView from iOS?
Their APIs I unfortunately do not have = (
Please help, and sorry for my english, it's Google Translate.
P.S. Username and password to login I can not give because important information is stored there.
P.P.S Maybe there are ways to fill out a form via http UIWebView, but so that it loads only source without pictures?
you need to know the API for the POST or GET (and parameters of the body data). Check the documentation(Configuring Authentication point): documentation
I was reading through the windows live developers doc here. In that I saw they are having an authentication method something like this.
GET https://oauth.live.com/authorize?client_id=CLIENT_ID&scope=SCOPES&
response_type=RESPONSE_TYPE&redirect_uri=REDIRECT_URL
I understood everything except for where do I give the username and password of the user?
I am planning to create an app(first one in my life) to learn the working.
I also have never used or coded something over REST.
When using OAuth, your application never receives the user's username or password. Rather, the user logs in to Windows Live on the Windows Live servers and authorizes your application for access to their information. After they have authorized your application, you receive an access token from Windows Live on behalf of the user. You then use that access token with the Live API to retrieve user information.
Coding something using REST protocols isn't anything too terribly complicated. It has been my experience that you're just specifying parameters to the API using GET or POST as your request method. Adding OAuth on to your requests is a matter of specifying additional parameters.
You're task is to learn two things here since you've never done REST or OAUTH before. Spend time looking at both.
Oauth is hard to get and hard to implement.
You should choose an off-the-shelf Oauth library they exists for most languages.
(Then you do not have to worry about the details. OTOH: You should know how it works to know how to set up and fix if something goes wrong.)
http://oauth.net/code/
I am trying to use Flickr API via Objective-C. Can I get a user-related information like shared pictures just using login and password that user has used to register in Flickr? Or the user needs to get key/secret pair bound to a particular application?
I've seen some of the Flickr tutorials out there, but I believe you need an api token from Flickr to pull in the image feed.
Here is the tutorial I used, which also contains links to get your api key.
iPhone JSON Flickr Tutorial Pt 1
The framework 'ObjectiveFlickr' is by far the best tool for the job here:
https://github.com/lukhnos/objectiveflickr
I've used it in heaps of projects.
It'll manage all your API authentication and requests.
No, you can't just use a username and password to access private information. Yahoo/Flickr use OAuth which is a bit more involved. There are also a few open source Flickr API frameworks that should do a lot of the work for you. (I've not used any myself, hence the lack of a recommendation.)