I am fairly new to Blackberry development and need help in terms of having a simple application. User enters a login/password which is authenticated on a MYSQL database on website. Once authenticated, he/she is shown a listbox/select boxthat is pre populated with some values. Once the user selects a value and hits submit, an email is generated and sent to a dummy email address.
Can someone guide me to either a good tutorial and/or some instructions that can help me set up something like that. Again I am a seasoned developer that is making a transition to Blackberry development. All replies would be highly appreciated.
Thanks
There are some good Blackberry dev tools on the RIM website, you can get a simulator for each type of handset you need to support. When it comes to authentication, as you already suggested, entering credentials is the easiest thing to support, but a bit of a pain for users, you can also look at using your Blackberry gateway as a kind of signing authority and enabling pin/email http headers (see here)
In terms of development, just remember you want a style sheet as basic as possible, and a webpage which is only 320px wide, otherwise its just another browser...
Related
We are developing a Java application that is supposed to show models from users store.
initially, I'm trying to allow users to login using their autodesk account, and check if they are entitled to access my app.
I couldn't find any good example to show how it is done, I just want to confirm that what I will be doing is the recommended thing or if there is better options.
First, on app start, I will show an embedded webbrowser that will open
"https://developer.api.autodesk.com/authentication/v1/authorize?response_type=code&client_id=XXX&redirect_uri=XXX&scope=XXX"
the app will get the url from our server (so not saved locally) and the call back is pointing to an api on our server. then as user login and consent, will get the code from the url, close the login dialog and continue to get the bearer token using plain rest apis to /authentication/v1/gettoken.
As I said, not 100% sure if this is approved way or not or even if it is doable or not. so thought to check before we implement it.
After that I will just use rest apis to browse and get the model.
any thoughts or complains ?
Thanks in advance
Rest assured that the workflow being proposed here is actually orthodoxical and well “approved” by our official tutorials:
https://forge.autodesk.com/en/docs/oauth/v2/tutorials/get-3-legged-token/
http://learnforge.autodesk.io/#/oauth/3legged/
Unfortunaly the code sample for that bit is in node and we are still working on a Java equilvalent
Some of our endpoints require 3-legged oauth to access personal data - see here for an example and you can always refer to the authentication context section of each endpoint for the oauth flow required.
Is it bad if I shared with the ones developing my website my Facebook client id and secret id so that they can create the Facebook logged in button?
He also asked me for all these other information and I gave it all to him to create the Facebook, Instagram, and Twitter logged in button on my website. I also gave him the ones for google.
INSTAGRAM
Client_name
Client ID
Client Secret
Client Status
Website
Description
FACEBOOK
App_id
App_secret
App_page_id
TWITTER
Consumer_key
Consumer_secret
In short: No
This is a question the answer of which depends heavily on the circumstances and kind of setup you have, but in short these days its not a good idea as its easy to avoid the need to share these secrets.
The IDs are normally public so there is no harm in sharing that, but the secret keys should be entered directly into server's (or app service) environment settings if you can manage them yourself. Different hostings have different ways to enable this, consult your hosting provider and developer team to guide you.
When its fine
If you are not technical yourself, don't want to go through the hassle of managing access to your server, find it hard to learn and trust your developers greatly then its fine and they would need it to do actual deployment.
Remember, while they are developing and testing the website/service they can use temporary app-id and secret keys that they themselves can get in most of the cases.
Follow up questions:
Q. If I go to the settings and ask for a new secret key for all of these social services, will it affect the programming of the developers and create a problem or will it be fine since the client id is good enough for the job?
Answer Yes if you reset the secret keys the service would fail and would require the new keys to be configured on the server. There are tons of guidelines on each of Facebook, Google, Instagram developer pages that you can read on this topic and are pretty easy.
Q. Can they get inside my Facebook, Instagram, etc if they have the secret Id?
Answer No the keys are for the app/service to allow your website request user's information who allow your app, not for accessing your account.
Q. Please tell me whats the worst thing that can happen with the secret after sharing it with the developers if they do something wrong with it?
Answer Its basically a security risk. One of the worst things, IMO, that can happen is that they commit it into an open code repository or implement it in the wrong way so its accessible to anyone easily. That would allow attackers/hackers to get your app users to believe they are giving access to their requested data to your app (by using your app id and secret) in their attacks. But again this is heavily based on how careless the developers are, if they are good they would work to keep it secure. Ask them in your next meeting how they are using it and how it will be secure from other people copying it. Chances are they are good people and have taken this into consideration and would also explain it to you.
Hi everybody,
well, here it is my problem.
I have a corporation gmail user, lets say developer-user#mycompany.com, and I would like to list all the gsheets I have in my gdriver trhough the google API for Java applications, so I generated the credentials I supposed to need:
the email, which was auto-created by google with a different domain,
in this case something like 1234567890#developer.gserviceaccount.com
then I created the p12 key file.
After that I tried the connection and everything ran fine, but It did not list the spread sheets I had, and I figured out that I can not list all the gsheets I had 'till I shared them with the 1234567890#developer.gserviceaccount.com mail/user, but the problem is that I can NOT share anything outside of the #mycompany.com domain, even though the email (1234567890#developer.gserviceaccount.com) created for the authentication is linked to my developer-user#mycompany.com account.
I am not sure if I was clear enough, but what I need is a solution for that. did someone figur out something? may you help me?
Anyway, thank you guys and I appreciate your time.
You'll have to ask your Google Apps Admin to enable sharing outside your domain on Google docs, that's the only way Drive will allow the service account to reach existing docs.
The only alternative is to recreate the docs using the service account (programatically) and share them with your account.
Your admin can delegate domain wide access to your app which will then be able to impersonate you.
Alternatively, don't use service accounts and simply generate a refresh token for your own account (which is by far the easiest solution).
I am writing my very first Google App Engine application, mostly as a learning experience, its a sort of Pastebin very simple... I dont want to deal with spam so figured that requiring users to log in would be a safe enough choice.
At this point this is what I want:
Visitor sees main page, if visitor is logged in to Google he sees the "Save paste" button, if user is not logged in he sees a link/button to log in to Google
I have read a few articles and tutorials (1) but they give me the idea that I would be locking everyone out except a few allowed ones or that this sort of authentication is to manage my application instead of just checking if a user is logged in or not.
If on the other hand you can suggest a spam checker or similar, that is easy to implement please let me know.
I find particularly confusing that we have to define the type of authentication when creating the app, since this is going to be implemented by code I dont understand this.
So to summarize: How can I check if a user is logged in to Google and display a link/button if he is not?
Note: Im using Java
The Users API you mention is just what you need. Just follow the example provided in that page.
You fetch the user, if the user is not null you show the Save paste button, you should also set the url of the save paste action to require login. If the user is null you show the login url. In case the user is not logged in a login page will be shown.
There are three types of authentication systems:
Google Accounts: available to anyone with a Google Account (can even be a non gmail account) This is probably the option you want to use.
Google Apps: available only to a specific Google Apps domain (example yourcompany.com)
Open Id: available to anyone with an OpenId identity (Google, Yahoo, MySpace, etc.)
Instead of checking if User is logged in to google or not, have them login to your app using google Oauth api. You will have more controller over the user in this approach.
I'm trying to implement a Facebook login for my site and am having a world of trouble. I understand the difference between the client (JavaScript SDK) and server-side implementations, but am confused as to which is the correct approach. What I need is to store the user's info in my database (userID, email, name, etc.), so I know I'll need the data on the server side. I don't want to log in via the JS SDK and send the data to the back end because it can easily be spoofed, so here's what I tried:
I've tried using the SDK and, once the user is logged in, refreshing the page to check for the cookie that Facebook puts in the session, but it doesn't seem to be present; the only cookie that's there is the session id.
Additionally, I tried doing a server-side implementation, but this caused the Facebook log in screen to be in the main browser window instead of a popup. This is undesirable because it takes the user away from my site. To force the login workflow to be in a separate window, I've thought about popping up a child window that points to my login url that ultimately redirects to Facebook, but then I don't know when the user is done logging in (I'd need to refresh the main page to hide the facebook login button, etc.).
Any help or ideas would be greatly appreciated! I'd like to do this the right way... not the easy way!
Bottom line: use spring-social in java applications for connection to the social networks. It's cake!
There is no official Facebook API for standard Java that I am aware of. Specifically for Facebook, your java app can use the REST API here http://restfb.com/