As per this SO answer and other google search results, it seems that twitter has stopped supporting username and password based authentication to post updates. However to my surprise, when I downloaded this app, it amazed me as it simply allows me to send tweets using my username and password only, requiring no consumer key and consumer secrets. So how is that possible?
All the tutorial I went through after googling suggested that I need to register my app and use the access token for posting. This also requires entering some PIN if I use it in my app. What I want is that my app must allow the client to enter only username and password to post tweets. So how should I do that in java?
I would even welcome a solution which utilizes the above app only to post tweets.(e.g. using Runtime.getRuntime())
Also refer this unanswered SO question. This is similar to what I want to do. Only that I want to do it using desktop application.
Related
I have a website and my own server and database, I also have an native Android app. I need to allow users to be able to sign-in with their account from the website inside the app in order to sync information and other things they need to use. I've been stuck for a couple of days trying to figure out how to do that. I've found a lot of content regarding OAuth and AppAuth but they are focused on using an OAuth API to the job. Back on my server, I use Hybridauth for social login, but users can also register directly on the site. How would be the proper way to allow my users to sign-in to their website account through the Android app?
You're overthinking it. OAuth isn't meant for users to log in, it's meant to enable external services to access data on behalf of a user.
To make a user log in? Create a POST endpoint on your webservice named login. It should take two parameters- username and password. The body of the login service should salt and hash the password, then check if the hash equals the hash stored in the db for the same user. If so, you're logged in and you return a success packet with a unique token to authenticate you for later requests. If not, you return a failure. The Android app would ask the user for their data, then send a request to the endpoint. On success it saves the token and sends it in all future requests to authenticate yourself, either as a parameter or as a header.
This is of course the simplest possible version. More advanced features would include expiring of login tokens, refresh tokens, possible lockout if you have too many bad requests, etc. But the above is the basic idea. Although really I'd look for an open source solution you can take, as there's quite a lot of complexity when you get into all the stuff mentioned above, and its a place where a mistake that leads to a vulnerability is probably the most dangerous.
I have SiteA storing user information(name, office, department etc.).
The back end has exposed REST WS that give the information to the front end. The site uses Google OAuth2 authentication - Users log in via Google account. With OAuth2 we let google handle the login(without asking for username and password). Google generates an authorization code that is used with the client_id and client_secret to generate an token for the user.
I have SiteB. I am creating a job that is going to be executed once a day.
I need it to login programmatically to SiteA so I can get a security token that I can use in requests to the REST WS API provided by SiteA and fetch the needed information.
I was unable to find a similar question online. Everything usually ends up to the user opening a browser and navigating to an approaval URL.
Something similar is Google Drive API - OAuth2.0: How to Automate Authentication Process? Doubts and Questions, but it is about connecting to Google Drive without login.
I am starting to doubt that it is possible. Have anyone figured out how to implement this way of communication between systems?
The only option that I could thing of is connecting to SiteA DB and extracting records manually, but that would duplicate the login in SiteA and SiteB.
What I was asking is not possible in the time of writing the question.
What we did to solve the issue is to extend the life of the token for the account that is used to login to SiteA and set it it in the header of the request from SiteB:
connection.setRequestProperty("Authorization", token);
We changed the lifespan of the token from the database and since this are internal systems the long life of the token is not a problem.
Another option is to follow How to get offline token and refresh token and auto-refresh access to Google API and generate an offline token, but the idea is still the same.
Hope this helps someone.
I have to send an email from IntentService. My data is mostly the backup from a phone. I am using smtp.google.com + javamail.I can use a gmail account and send data through it.(http://www.oracle.com/technetwork/java/javamail/faq/index.html#gmail):
From my point of view the problem with this approach is that my app uses the gmail account and sends data via my account. All personal data would go through one my account. Question#1 - Is it a good approach to do it?
The gmail api uses OAuth 2.0. And I have to store my client ID in some place of my program. I read that it is impossible to restore login/password from it. This token has validity. Question#2 Is it possible to use this token for reading or deleting something from gmail account until it is valid?
For all examples of my app would be the same gmail account. This think bothers me sometimes, because if something happens with gmail account I will not be able to do anything.
Question#3 Is it worth to use services like https://www.mailgun.com/ or maybe to create at least another gmail account and to use them both?
Only if you're the only one using your app.
Yes.
Email is probably not the right solution to your problem. But without knowing more about the problem you're trying to solve and what your requirements are, it's hard to know what to suggest instead.
I am trying to write an external Java application that collects posts from Yammer using its REST API and I am experiencing issues with the authentication part.
To extract the data I want a regular yammer user (I do not have admin permissions) to be authenticated automatically from the Java application without any prompts. Does anyone know whether this is feasible and moreover - whether it is feasible in a SSO-enabled network? If yes, what kind of authentication libraries should I use? Is there some documentation/sample code snippet describing how to log in to Yammer via Java and not via a Yammer app?
I've seen that there are similar questions here, but are still unanswered.
I will appreciate any know-how on the topic!
Thanks!
The only way to authenticate to yammer without any prompt is to pass a persistent oauth token as an authorization bearer token in your request header. The caveat is, users cannot be dynamic.
It is pretty simple to generate the access token. For that you need client Id and client Secret.Steps are available in https://developer.yammer.com/v1.0/docs/test-token.
But if you don't have that information, go to https://developer.yammer.com and log on with the credentials and try some Rest API(Try It Out section) in the developer site. Copy the Authorization code from the Request Headers and you can use it in your application.
Note: Access Tokens for users are long lived, expiring when users are suspended, change their Yammer password (non-SSO networks only), or users manually revoke them
I'm trying to create a web service to use the Google Plus API. I'm writing it in java, however I can't figure out what files I need and how I would go about posting to Google plus groups using Java
If you have any insite please could you post relavent links and helpful tips to help me out.
EDIT 1:
I have been playing around with the GooglePlus API provived by Google and have written a project based on the sample code given from this page: https://developers.google.com/+/domains/posts/creating
The code runs fine until it gets to the GoogleTokenResponse tokenResponse = flow.newTokenRequest(code).setRedirectUri(REDIRECT_URI).execute(); line. Where it returns a null error. I am copying the link provided in the console and pasting in the code, however everytime it just returned a null error, is there a specific part of the returned code given that causes an issue?
Posting to Google+ is only supported for accounts in a Google Apps Domain (and even then, with restrictions).
If you are logging in using a GMail account - you don't have an Apps Domain account. If you're logging in using some other email address (ie - you have an email address, but you can't use Google account features such as GMail or Google Drive with it) then you don't have an Apps Domain account. If you are using a Domain account, your Domain admin may need to enable Google+ for your Domain before this works.
See https://developers.google.com/+/domains/getting-started for the differences between what you can do with the Domains API and the regular Plus API.
Note that neither API lets you post to a Google+ Community or post publicly. The Domains API does let you post to a user's circle, as long as the members of that circle are also part of the Domain. The Domain API also lets you post to everyone in the Domain. The normal Plus API does not allow posting at all.
There is a third API, knows as the Pages API, which allows Pages to publicly post on their stream. This API, however, is available to a limited number of partners such as Hootsuite. You can read more at https://developers.google.com/+/api/pages-signup, but there isn't much more available publicly.
Your web service should first authenticate against Google. This authentication can either be using a service account (if you want to post only through one account) or users's account (if you want to post via user's account) using oAuth mechanism.
For more details about how to authenticate, refer to How to authenticate our users in our website with Google Account
Have a look at https://developers.google.com/+/api/ for detailed information about how Google Plus APIs can be used.