I am making an real time NLP model, for which I'm trying to stream data from twitter using tweepy. I'm new to APIs and the twitter developer authentication is asking for call_back url and website url. Now, I don't have a website, I just need data which I'll save in a dataframe. What URL should I give for callback and website?
If you are going to use an App-Only OAuth 2.0 authentication (or only the tokens of your dev account), you don't need a callback URL since this is supposed to be the URL where your users would have been redirected after having authorizing your application in a Twitter page.
If the field is mandatory in the form, just input localhost (this is standard for dev env anyway).
Related
Have created bot.
Have web site where user has been registered using facebook account.
From facebook manually building login flow :
https://www.facebook.com/v2.8/dialog/oauth?
client_id={app-id}
&redirect_uri={redirect-uri}
In the client_id i am sending my website facebookid.
What parameter should i use for redirect uri to make redirect to bot ?
Is it possible to get this work this way ?
Take a look to the SimpleFacebookAuthBot sample to understand all the pieces.
The RedirectUri must be something in your side that will receive the access code that later will be used to get the access token. Here is the implementation of that callback in the sample above mentioned.
I'm running a Classic ASP website, that has its own user authentication and login mechanism. For example, In order to remember a logged-in user, ASP creates an encrypted cookie and a 20-minute session for each connected user. If the 20 minute session is elapsed, the server revives the session from the cookie saved previously, and saves some data regarding the user to the database.
I want to to be able to allow users to connect with their Facebook or Google identity, but the mechanism used by Facebook or Google is based mainly on Javascript and on client-side code.
How Facebook or Google login can be used while maintaining server side code in ASP? (So that the ASP server can still manage the session and save data regarding it, for example whenever a session is revived)
For me somehow it seems that it may become less secure to use client-side authentication as the code may be altered easily. Isn't this the case?
If I use client-side javascript and log in with Facebook, how would I update the user data retrieved from facebook back into my database, for example the user's first and last name?
For me it sounds that it should be a "server-to-server" communication (between my ASP server and Facebook's or Google's servers) and what they propose is a "client-to-server" communication ... Any ideas how this can be done?
Any help or explanation would be very much appreciated! Thanks.
I'll try to address your Facebook-related questions one by one. However, I will not give you an implementation or any ASP-specific feedback, but only a rough approach. Additionally, I recommend that you study Facebook's documentation on Facebook Login extensively to further your understanding of the matter.
1. Facebook documents the server-side OAuth 2.0 flow in their Manually Build a Login Flow guide. Basically you redirect the user to a specific FB URL that (in the parameters) tells FB to render the "Login with Facebook" dialog, and which permission scopes to ask for. Once the user approves the Facebook Login for your webapp, they will be redirected back to your web app, e.g. with an OAuth token in the query string, that your webserver can then exchange for a user access token.
Once you obtained a user access token, you could e.g. store it in your web app user's session.
2. I don't know what you mean. Client side apps are fairly secure. Perhaps you can convince yourself about how secure JS apps are when reading about things like CORS.
3. If you only use JavaScript (e.g. Facebook's JS SDK) and you want to store e.g. app-scoped user IDs on your server, you need to expose an endpoint on your server that your JS application can submit that kind of information to.
4. You state
what they propose is a "client-to-server" communication
Who are "they", and where are the proposing this? The resources I linked to in 1. should explain how you can use Facebook login in a pure server-to-server way.
I am a little confused with the Facebook call back URL. I am building a iPhone application with Facebook login. So I will receive the access token from Facebook after the user logged in. Then I save this access token to my local (server side) DB. After that I want to use this access token to sent for example a post via C#.
What should I define for the callback URL? What is the importance of this?
The callback url is used to provide fast app switching, that is, the user of your app is first redirect to facebook app or site to do the login, then it invokes the url you did define and, if properly configured, it will be redirected to your app again.
You can specify the callback url from developers section on facebook, then you have to support it in the your app plist.
I am using the new javascript sdk and I am developing locally (ie. no hosted server).
I was successfully able to get the access token which the js api stores in a cookie for localhost domain. However what I don't understand is:
How fb js is able to set a cookie for localhost. Doesn't this violate same origin policy?
If fb uses Oauth 2.0 protocol for authentication/authorization, how is the single sign-on able to retrieve the access token even when though I haven't specified a callback url and there are no redirect from my main page.
Can someone demystify what is happening under the hood here?
FB JS is able to set cookies on localhost because you're including the FB JS SDK on your domain via a <script> tag there by giving them access to your cookies (much the same way Google Analytics writes cookies for your domain).
OAuth 2.0 involves a redirect to your website, there's really no other way for Facebook to return the code necessary for your app to retrieve the access_token.
We're hoping to create mobile phone applications for (among other features) posting video to a user's FaceBook page. However, using their API, it looks like we would need to open a web viewer and have the user enter their login credentials every time the application is used. We would prefer to store these credentials so the user only has to login once.
We could of course save the http login post and resend it as needed, but this breaks if FaceBook changes their API and I worry about their terms of service and using an unofficial hack such as this.
Maybe someone knows of another application that uses Facebook this way?
You should have been returned an oAuth token to use.
The new Facebook API has a service you can call with the old tokens and it returns you a new oAuth token.
You just have to add offline_access to your permissions. You do this by adding &scope=offline_permissions at the end of your authorization url. Then your oAuth token won't expire.