We have developed an application which is integrated with quickbooks.
I have two admin users on my quickbooks account and i m trying to login with both the admins but after the first admin is being logged in then it doesnot let me logged in with another admin.
In the developer account in my app.i have disconnected all the connected connections.but it always makes only one connection and shows : "You are using 1 out of your 10 connections".After having that one connection when i try to login with another admin it gives me the below error message.
Error Code: invalid_database
Message: The application has already been subscribed to by another user for this company
Can anybody please help me how to subscribe two admin user to my app OR i can only login with a single admin user ?
In practice you can only have one connection or perhaps more accurately one set of valid OAuth tokens per company. Get and store the OAuth tokens for a particular company. Use those OAuth tokens for all users within a company.
You can only have one user signed up for a connection at a time. If you need to have more than one person access the company file, you need to handle the user authentication and data access in your app for that company.
Related
I am working on a java web project where a manager logs into a system and then completes activities on behalf his subordinates. Depending on what AD security group the subordinate belongs to an email may be sent for notification purposes. I am looking for a java 'hasRole' function that will allow me to pass a network id and security group name as parameters and return a boolean to indicate the membership in the group. The app is currently using UserPrincipal to authenticate and check for group membership but this requires user credentials. I would need to connect to AD via a service account then check for membership at that point. Has anyone seen anything like this before? All I have found online are ones simliar to my current setup that only check for the user with the active session.
You can inspect the source code of my Tomcat ActiveDirectoryRealm. I does exactly what you are looking for.
I am working on an application that is authenticated by Google for the login part. The application is on AngularJS and is managed by Java RESTful services. The domain that we are using is managed by Google. The requirement is that I need a service from back end to check with Google if the email is still active or not. Let us say that the Admin disabled or suspended a user while the user was logged in. I need a way to check with Google if this email is still active or not. The only way that I found so far is by having the user name and password.
I wanted to know if it is possible if Google can call my service for me to disable the user from my end and if it was not possible how can I check the user status without the need of using the password.
Thanks in Advance
I am working a mobile application based on facebook. The application creates local user by facebook login. The steps of application are below.
Login With Facebook
Backend Service Create Local User
Find Friends Who use The App By Facebook SDK
Vote Your Friends
Notes:
I don't want to keep user friends on my database system
I use JWT
Problem:
I have to verify that authenticated user and voted user are friends on facebook. The user must be voted by its friends.
I found a couple solution but they have vulnerability too.
For instance;
I authenticated and i fetched all my friends by facebook sdk. The request is to vote a user like this:
/vote/user_id/vote_id
The backend service checks and verifys jwt token and vote user whose id is user_id as vote_id by authenticated user.
table structure
from_user_id,vote_id,to_user_id
So the problem is that when a user authenticate, it can vote a user from application outside taking jwt token whether it is its friend or not. This is a realy big problem for us. So I wonder how can verify two user are friends without send request to facebook for it. Or how can design the archtecture to avoid this situtation.
This can simply be done making a request to
/me/friends/{id_of_friend}
using the current app user’s access token. If they are friends, you will get back a data structure that contains the friend’s id and name – if they aren’t friends, data will be an empty array.
This of course requires that both users have granted user_friends permission to your app.
I have a mobile application (HTML 5, JavaScript) and a Restful service (Java, Jersey) to cater the mobile application.
Mobile application sign in is handled via a Facebook (Sign in using Facebook account). And currently there is no any security mechanism integrated for the Restful service
So my question is, can I authorize users on the Restful service via the access token retrieved from Facebook, to the mobile application ? To further clarify, if someone has logged into the mobile he/she should be authorized to make requests to the Restful service.
Thanks in advance
Asanka
If the user has authenticated with Facebook and you have the access token with you, you can get the user's facebook profile's public information.
You've got to hit this link - https://graph.facebook.com/me with the access token.
Go ahead, click on the link and see what happens. When you pass a valid access token, profile info will be returned as a JSON object.
(if you FB profile page is = facebook.com/yourname, then just try https://graph.facebook.com/yourname -> you'll be able to see what the data returned looks like.
Now, with the user data returned you can keep an entry in your DB if the user is registered or not, for first time users you can register them.
PS - https://graph.facebook.com/yourname actually returns someone's profile info! I didn't know anyone could keep their profile handle as yourname!!!
PPS - I just checked facebook.com/yourname -> Guess who uses this handle! It's the brazilian defender Roberto Carlos!
I have developed many stateless RESTful webservices for a mobile application in Java and they are working very well.
For example:
http://.../api/coupon
http://.../api/coupon/{id}
...
Now, I have to extend these services because I have to send different data back to the mobile for every user. So I need to know on the server side which user try to get or set information. And I have to prevent the serve of unauthorized users.
There are two different way how user can login into the mobile application:
log in with facebook account
log in with an application account
I need to develop two login and a logout services because the users who use the mobile application have to login into the application.
I read lots of article about auth and RESTful and OAuth.
I think I have to develop two login services with two imput parameters: username and password.
For example:
localLogin(String username, String password) -> token
facebookLogin(String username, String password) -> token
These logon services have to generate a same token and send it back to the mobile application in the http header. And after the login process the mobile client has a token. And the client has to send this token to the server when it makes a RESTful server call.
What do you think? Is my idea good?
If it is, could you help me how can I start to develop this in Java?
If it is not, could you tell me the good way?
You do not need 2 log in procedures. Just use the Facebook SDK!!
i) In your app would be a login with facebook button.
ii) User clicks on it and is then redirected to the facebook login page, where the user enters his credentials and facebook returns a token to you. You do not have to worry about the user's facebook credentials or storing them anywhere! Facebook will handle that for you. Consider the FB login part as black box to your app - you simply make a FB SDK's login call and it will do some processes and give back a access token to your app.
iii) Now, you can exchange the access token for the user's profile information. Enter this profile info to your database - that will ensure authenticated call.
Once you have verified that the user is logged on you can do whatever you want.