I have created Facebook app to get the feeds and i am using java with restfb to get the access token. I have specify scope for user post 'user_posts'.
The problem is when i login with my account i am able to get feeds but when i login from my friend account and accept the app permission i am not getting feeds.
I debug them in in facebook debuge tool the user post_scope is not listed in my friend account token and its totally different from mine.
See following screen shots.
Access Token From My Account:
Access Token From My Friend Account
Can anyone tell me whats going wrong?
You can only request extended permissions for other users than admins/developers/testers of your app if the app passed the Login Review process. It's all in the docs:
https://developers.facebook.com/docs/facebook-login/review/what-is-login-review
https://developers.facebook.com/docs/facebook-login/best-practices#loginreview
Related
Im trying to integrate the DropBox into my java app but I didn't understood how can I create a general login (email and password each time someone click 'log in'). I used the token to access data from my account, but now I want get from anyone who logs in.
Your app can obtain an access token by redirecting the user to the appropriate URL (preferably within a web browser, otherwise something like a webview), where they will sign in with their dropbox credentials (username, password).After this, they will be redirected back to your app, and you can now get the access token (token secret) as part of the response.
You should then store this somewhere, and propbably keep using it, till the user asks you to log out of their Dropbox account, in which case you should then get rid of that access token (token secret).
You can refer to this page for the specifics on how to do it:
https://github.com/dropbox/dropbox-sdk-java/blob/master/examples/web-file-browser/src/main/java/com/dropbox/core/examples/web_file_browser/DropboxAuth.java
Another useful link:
https://www.dropbox.com/developers/reference/oauth-guide
NOTE: The 'access token' that you used so far was probably just an access token provided by Dropbox to your app for testing purposes only.To actually access the user's Dropbox, you would need to obtain an access token for each user, using the method described above.
I am working a mobile application based on facebook. The application creates local user by facebook login. The steps of application are below.
Login With Facebook
Backend Service Create Local User
Find Friends Who use The App By Facebook SDK
Vote Your Friends
Notes:
I don't want to keep user friends on my database system
I use JWT
Problem:
I have to verify that authenticated user and voted user are friends on facebook. The user must be voted by its friends.
I found a couple solution but they have vulnerability too.
For instance;
I authenticated and i fetched all my friends by facebook sdk. The request is to vote a user like this:
/vote/user_id/vote_id
The backend service checks and verifys jwt token and vote user whose id is user_id as vote_id by authenticated user.
table structure
from_user_id,vote_id,to_user_id
So the problem is that when a user authenticate, it can vote a user from application outside taking jwt token whether it is its friend or not. This is a realy big problem for us. So I wonder how can verify two user are friends without send request to facebook for it. Or how can design the archtecture to avoid this situtation.
This can simply be done making a request to
/me/friends/{id_of_friend}
using the current app user’s access token. If they are friends, you will get back a data structure that contains the friend’s id and name – if they aren’t friends, data will be an empty array.
This of course requires that both users have granted user_friends permission to your app.
I have created a facebook app. I have my own access token and its working. My aim is to generate a app access token for the users who are going to use my app. User will provide their credentials and appId,appSecret and should get the access token.
My aim is that user should not have to go to developer site. He will just run the app.
I have been trying to work through the instagram API but I am caught up on getting the access token. In the instagram API, it states:
At this point, we present the user with a login screen and then a
confirmation screen where they approve your app’s access to his/her
Instagram data.
Now I was wondering what if you don't want the user to have to login? For instance, say I have a site and I only want to display my latest images. The user should not have to login to be able see these. However, all the endpoints(http://instagram.com/developer/endpoints/) to get a users media require the access_token provided by the user login. How can I just get my latest images without a user login?
Which endpoint are you using?
The GET/users/{user-id}/media/recent endpoint requires authentication. So there is no way to get a specific users' media without an access token.
At the time of writing, this seems to work without needing authentication:
https://api.instagram.com/v1/users/USER_ID/media/recent/?client_id=CLIENT_ID
You could generate an access token with your instagram account here: http://instagram.pixelunion.net/,
then use this url: https://api.instagram.com/v1/users/self/media/recent/?access_token=ACCESS-TOKEN to retrieve all the info about your latest 20 posts including images urls.
I've developed a Chrome Web Store app using Google App Engine. I'd like to follow these instructions: http://code.google.com/chrome/webstore/docs/identify_user.html#realm
But I need to call User::getFederatedIdentity() so that I can call the Chrome Web Store licensing server and find out if the user has purchased my app.
The trouble with that is, in order for UserService::getCurrentUser() to work, the user needs to be logged in.
The trouble with that is, when I call UserService::createLoginURL() to generate a redirect URL, the redirect URL takes the user to... the OpenID approval screen. This happens even though I've set the App's OpenID realm, as per the instructions in the page linked above.
Is there a way for me to do what I want but still use the User and UserService classes?
(Possibly a legit alternate phrasing for this entire question: using Google App Engine's UserService class, is there a way to request permission from the user to access their federated identiy, without also requesting permission to access their email address?)
Thanks in advance!
Please reread how to skip the OpenID approval screen. Have you set the realm? And are you asking for any information other than the URL? If you request the user's email address (or other information), then it is necessary to inform the user and obtain their permission to grant access to that information.