I would like to try to use OpenSocial (or any other API) for my small project. What I want to create is a small console application that would gather some data from several sites (e.g., Facebook, LinkedIn, Xing, MySpace...) and calculate some things. What I've noticed in all tutorials is that OpenSocial is used for mobile applications, apps inside social networks etc., but I haven't seen it anywhere to be used for a console application. Is that possible? Can I create a simple Java console application which would gather and process data from social networks? Do you know some tutorial that could help me out with it? The biggest problem that I have is the authentication, since (if I understood well) all APIs request to forward the user to the original (e.g., LinkedIn) site to login so to grant permission to use the data for the application. But can I somehow login with my credentials using a console application?
Thanks,
Ivan
Yes, you can access the various data APIs from a stand alone Java application. The standard/protocol you're looking for is OAuth, not OpenSocial.
You will have to give your users some way to grant access to their social network account. (web based applications would redirect them to the social network site, which would in turn redirect them back to the application). OAuth has an out-of-band (OOB) mode especially for non-web based consumers.
I've used Scribe in the past to access the LinkedIn API.
Related
I'm on the google sheets quickstart page and when I click on "Enable Google Sheets API" button it comes up with a menu called "Configure your OAuth client". There's a dropdown menu with a bunch of options like web browser, web server, ios, chrome app, etc. I'm new to programming with API's so I have no idea what this means. Which one should I use?
I'm making a web scraping program in the Eclipse IDE with Selenium and I want to dump my data I scrape into a google sheet. Any help would be appreciated
URL: https://developers.google.com/sheets/api/quickstart/java
In order to use any Google API, you need to create a Google Cloud Platform Project
Google offers two authentication ways
In most cases you will want use OAuth2 for safe authentication
You will need to obtain Credentials that will be used by the App to obtain the access and refresh tokens
To obtain credentials you need to set up the conset screen of you App first, as described here
The exact way depends on several factors, e.g. either you want to publish an external application or just use it for yourself and on which type of device you want to use it.
For most internal applications specifying the application type, the Application name and Scopes (can be edited later) is enough
The possible scopes for the Sheets API are listed here
For the beginning the easiest will be if you follow the quickstart for Java and set-up the Consent Screen by simply clicking on the Enable the Google Sheets API button
This will do all the configuration automatically in the background
Now, as the application type:
This depends strongly on how you want to implement the application - your choice will influence how the user will be redirected after authentication.
For testing on your local machine, Desktop App will mostly be the correct choice
I am not very familiar with Selenium, but for this kind of integration Web Server Application is likely the correct choice.
I recommend you to read how Google implements Web Server and Desktop applications to decide which type would be the appropiate one for you.
I have a REST API that i call from within my web application in order to get the result. I have a client which asks for my API only but I can't expose my API without any security. Apparently I have to use it with my application as well, so far the API is not secure, I want my client to consume my API with valid credentials, whether OAuth 2.0, JWT , Certificate, or some extra mechanism. How can I achieve this objective, any working example in Java with Azure will do and it should not hamper my pre-existing WebApp which is using the API for its own purpose. Thanks well in advance.
I tried to do it and I even completed the task but eventually found that it does not provide much value in my case. In my case the API is accessed by long-running background tasks where human login is not practical. Now there is no way for an application to log in to Azure, it must be done by a browser application which is protected by every conceivable way against automatic login. Other than that, Microsoft's solution for these kinds of tasks is the shared secret-protected token which essentially means that the app and Azure share a secret (a password generated by Azure). This does not differ significantly from the case where you store and check the passwords.
Other than that, there is the issue of Azure Active Directory and Azure Active Directory v2.0. This is a bit confusing because both solutions are based on OAuth2.0 tokens but Azure AD v2.0 is really a very different beast. For starter, Azure AD v2.0 tokens cannot be decoded as of writing this answer, they can be consumed only by Microsoft services. So if you want to know, who was the user that has logged in, you need to pass the token to the Graph API and that supposed that you have a logged-in user. For Azure AD, the token can be decoded and verified by your app, see this demonstration application, how to do it
So as a summary, I recommend protecting your API with Azure tokens only if the application you provide the login service for is an user-facing application that the user interacts with after the login. If it is a long-running server-type task, protecting it with Azure AD is pretty pointless.
It is easy to protect the web API using the Azure Active Directory. Microsoft provide lots of code samples to help developer to get started.
You can refer the links below about the code samples for your scenario:
Azure Active Directory Code Samples
I am working on writing a private REST API with Play! that I will make calls to from a mobile application and I am confused about how to keep it secure.
When working through the Yet Another Blog Engine example in Play!'s documentation, I worked through their authentication example, and it deals with logging in through a browser. From what I understand about Play!'s Secure module, it helps with browser sessions. Additionally, every StackOverflow question I have seen has been involved with an administration module on the web and the questions have been pertaining to sessions as well.
Does the Play! framework have any built in mechanism to prevent session hijacking?
Enforce Https routing for login with play framework
My current understanding of how the security should work:
The mobile app "logs in" to the web app and obtains some kind of token
With each subsequent call the token is appended to the end of the API call
If the mobile user "logs out" or the token expires, the web app removes the token
Every API call uses HTTPS in order to maintain security
Is it possible for me to make an HTTP request from the mobile application to the web application I create using Play! Framework while keeping it secure?
Am I approaching the whole situation incorrectly?
This is the first Play! app I have created and this is the first time I have used Heroku. I am not too far in that I would be opposed to switching to something else if it were significantly easier/more efficient/better suited to solve this problem.
EDIT: Also, in Play!'s YABE tutorial, it seems like they check the password in plain text. Just from a general standpoint, how is that not a security issue?
EDIT 2: I have looked over OAuth provider information and it seems to solve the problem. My only apprehension with it is that v2.0 has known security flaws and v1.0 seems complicated to implement for a situation where all I need is a secure connection between a mobile app and a web app. If I were to make every call require SSL, could I make each Play method just take username and password as parameters and disregard OAuth completely?
Your example of having a mobile application authorize itself with a web application is achieved with an authorization framework like OAuth. This allows the web app to let the user login then issue an access token to the mobile app for making requests as that user, without the mobile app having to deal with the user's password.
Have a look at an OAuth provider module for Play. If you Google, you might find an OAuth client module for Play, but that's for the other side of OAuth, allowing your web app to authorize against a 3rd party provider. You'd then use an OAuth client library in your mobile app to deal with acquiring an access token.
It could even be a generic Java libary for OAuth - the Play 2.0 documentation for OAuth states that it hasn't provided an OAuth 2.0 module because it's simple enough not to even need a library. However there are a few Java libraries available.
Here's a project where somebody's put together some OAuth provider stuff with Play (referenced from this forum post):
https://github.com/mashup-fm/playframework-oauthprovider
I would like to create my own login page instead of using the default one that is from google app engine. After the user click the login button, it will redirect them to the home page of my website. so is there a way to do so?
I am using java as programming language.
Would appreciate if anyone could help. Thanks.
Doing this in App Engine is no different to doing it in any other Java servlet environment, except that you're storing your user data in the datastore. How exactly you implement it is up to you and depends on a number of factors; a complete tutorial on how to build a user authentication system seems out of scope for a stack overflow answer.
I'd strongly recommend using a prebuilt authentication solution, however; if you don't like Google User authenticaiton, App Engine comes with built in OpenID authentication as an option. Rolling your own makes you responsible for issues like secure password storage, which is hard to get right, exposes your users to potential security issues, and forces them to create yet another user account instead of using an existing one.
I am new to appengine. I will write application which consist of two parts.
1) Core written in app engine with REST interface for clients.
2) Client application written in J2EE on my other (not appengine) server. But here, client may use any other technology (android, swing etc.)
I dont know, how to handle authentication of users in this schema. I think that I am in the middle between standard login and installed applications.
The simplest solution that occured to me, that the client will request username+password, pass it to appengine application via https and it will authenticate.
But dont know how to synchronized the login with client app, because it will need also data from google applications...
Is there any solution or pre-prepared facility in Java how to handle this?
Thanks
You probably want to use OAuth for this; client login or using username+password is not a good way to do this, and informed users will be -- or SHOULD be -- hesitant to give away their passwords. There is a page for using OAuth within AppEngine applications written in Java which may be of use. There is also some support for Oauth in the GData client library for Java. The OAuth in the Google Data Protocol Client Libraries document may help you to understand how to use those features.