I have a question about the Keycloak's consent.
I would like to know if it is possible to individualize the granting of consent.
Currently, when a customer logs in to the keycloak he can allow all scopes or deny all, I would like him to be able to select which one he wants to allow.
For example, today it presents this way:
I would like to segregate into something like:
Would it be possible? checking the keycloak documentation I did not find such information.
Thanks
Related
Working on adding course completion information to users that have authorized our system to write to their profile. Looking at the LinkedIn API, https://learn.microsoft.com/en-us/linkedin/compliance/ it looks this is possible if granted the w_compliance authorization but it doesn't seem to be available in the application setup.
I have been trying to contact developer support email provided but have had no response in the last week. Is there a path or setting that I am not seeing?
How does one get an authentication grant that includes the ability to update user profile course information?
I see Mailchimp has a feature to create facebook campaigns through its UI and I can't understand how they just need to have access to one of my pages to create ads for it.
As far as I understand you need to be a business manager administrator to claim a page as agency with the ADVERTISER role (cf. https://developers.facebook.com/docs/marketing-api/businessmanager/assets#pages) but
If the user who makes an AGENCY claim call does not have the proper permissions on the Page, the response will be PENDING. The Admin for that Page may login and grant the access, deny it, or even report the claim as a spam.
So how come Mailchimp doesn't require this validation?
So there is another way which doesn't involve business manager directly: adding a system user as advertiser.
Assigning permissions to a page from the API requires special permissions. Please reach out to your Facebook rep if you require this feature.
My team is still in the process to “reach a facebook rep” (it's been two weeks already…) but once this will be done a simple POST to <PAGE_ID>/roles with
admin_id: system user ID
role: Advertiser
should allow to create ads for pages using the system user access token.
Turns out facebook desn't want you to use the features they advertise, so there's in fact no solution.
I need only the basic permissions "email", "public_profile","user_friends" and I need all of them for my app to work.
FB login takes the user to permissions page and he/she can just uncheck email and user_friends and I will have to handle it separately.
Yes, I do understand the trust equation here that has been discussed in a lot of questions on SO.But a lot of apps somehow circumvent this. e.g. Uber
Uber is probably using an old App created before end of April 2014. Those basic permissions where included back then. In newer Apps you can´t force a user to authorize all permissions, he will always be able to skip the extended ones.
One good way is to use the "return_scopes" flag of FB.login and check if the user accepted the neccessary permissions right after the authorized your App: https://developers.facebook.com/docs/reference/javascript/FB.login/v2.2
This works: https://developers.facebook.com/tools/explorer/145634995501895/?method=GET&path=me/groups
This doesn't: https://developers.facebook.com/tools/explorer/145634995501895/?method=GET&path=1234567890/groups
(where 1234567890 is someone who is not a friend, but is in or applying to a group I admin).
However, this works:
https://www.facebook.com/1234567890
and I can see their groups just fine.
QUESTION: Is there a way I can act-as-me or other permission to see someone's groups through an app?
This is likely a permissions/token thing - but I need to 'act-as-me' and see what I can see/have-rights-to.
END GOAL: I need to assist my rejecting of automated spammed join-requests. Easy to recognize who is fake, so I want to automate that. But, how can I have an app see what I see in FB (without screen scraping).
Thanks,
Even though you can see their groups publicly, you can't get their groups using the Graph API unless you have a valid Access Token from that user with user_groups permission.
The documentation for the User Groups clearly says that:
A user access token with user_groups permission is required to view the groups that person is a member of.
A user access token with friend_groups permission is required to view the groups that person's friends are members of.
You can find more details about Access tokens here.
I have users who have authorised my app and are using it. I now need to request further permissions on top of this and I remember reading that the Javascript SDK has some inbuilt methods which allow you to just request the permissions which have not already been handed over. I've looked around a fair bit but I can't find any information on this anymore.
Can someone confirm that this exists, and if possible, how I can do this? I actually switched from using the PHP SDK for the login just because I read about this feature!
You can actually do this in the php-sdk as well. What you need to do is inspect the permissions connection and see if the user has granted the required permission to your app
https://developers.facebook.com/docs/authentication/permissions/
If not you can either redirect them to the auth dialog, or prompt them with a button and explain why you want them to authenticate again.
You can view a sample response at
https://developers.facebook.com/tools/explorer/?method=GET&path=me%2Fpermissions
Alternatively,using the Auth Dialog
https://developers.facebook.com/docs/opengraph/authentication/
might also achieve what you are after, though this only works on referrals from Facebook I believe
It's the same procedure as with users who have disconfirmed a permission. In that case the documentation for invalid access tokens applies: https://developers.facebook.com/docs/authentication/access-token-expiration/
So, you just need to reauthenticate the user including the additional permissions in the scope parameter.
You should be able to check for granted permissions, then if they are not the same as the ones you need then just redirect them to log in with he extended permissions you require and that's it.
http://developers.facebook.com/docs/reference/fql/permissions/