What is the best practice to manage user profile when using Huawei Auth Service - huawei-developers

When using Huawei AppGallery Connect Auth Service, I tried to get user profiles by using getPhone(), getEmail(), getDisplayName(), etc according to the reference from Huawei Developer Site. But for the most time, if not all the time, getEmail() returns a null. So does getPhone().
How do I suppose to manage the user profile if such info is always empty?

Your best practice would be to capture such info and mange it locally regardless what is available from AGConnectAuth.getInstance().getCurrentUser(). getPhone() would return a value when using Auth service by registering with phone number. getEmail would return a value when registering with email account. This is not ideal, but this is what has been designed.

getEmail() and getPhone() are used to obtain information about the email address and the mobile number of current signed-in user. This parameter is returned when email or mobile number authentication of Auth Service is used by a user. Then you can manage the user profiles.

Related

How to restrict anyone from signning-in using google sign-in in flutter?

I want only people whom I register or with specified email should be able to use google sign in, rest are not allow to sign in.
example:- I run a institution and I have separate id for my fellow students and I want them to only be able to sign in using that id and otherwise they should not be allowed to use any other Id(email to be more precise).
in my flutter application using firebase-> google_sign_in.
hope I am clear!
bro add some g mails in your firestore those people you want they can access my app if this emails exist in your db then they can google signin otherwise show toast your account is not regirsted by admin
try{
FirbaseFirestore.instance.collection("alloweduser).doc().where("emial",isequalto:123#gmail.com).then(){
Goolglesinin()
{
google signcode
}
}.catch(e)
{
showToast("ask admin to app permission")
}
You are talking about authentication vs. authorization.
Authentication: Since google is your authentication provider... anyone with a valid google account is authenticated.
Authorization: Who has access to what parts of the application?
You need to implement an authorization system / flow to determine if an authenticated user has access to the app. By default... all users will have NO ACCESS.
How you implement authorization - depends on your backend and how you store user data. If you are using firebase, something like this will help: https://firebase.google.com/docs/firestore/solutions/role-based-access

How can one enable SAML federation in the Cognito Hosted UI without advertising their customer list?

I am building an enterprise app and federating signin using the Cognito Hosted UI solution, and people can sign up individually using any email, but they might also work for a company which has signed an enterprise deal with us and use SSO.
The desired workflow is one in which they input their signin email, then it is checked against our list of SAML Single Sign On providers, and if they match an enterprise client using SSO they are sent to the proper federation page; if they don't match any, they are taken to the general purpose login.
So far, I have successfully used the Hosted UI and the critical idpIdentifier parameter to create the desired behavior successfully. The following React code summarizes how this works:
hostedUILogin() {
const idpIdentifier = this.state.email.split("#")[1];
let url = `https://${domain}/oauth2/authorize?response_type=code&client_id=${clientId}&redirect_uri=${redirectSignIn}`;
if (idpIdentifier) {
url += `&idp_identifier=${idpIdentifier}`;
}
window.location.assign(url);
}
This produces the desired effect. When somebody signs in with an email address that ends in "#corporatecustomer.com" they are taken to the SSO page for Corporation's federation. When somebody signs in with "#gmail.com", they are taken to the Cognito Hosted UI.
Unfortunately, the Hosted UI seems to be unable to help itself but to show off our customer list on the left-hand side.
I am unable to discover in the documentation or tutorials any way to use the Cognito Hosted UI without advertising all available SAML providers on the left hand side, thereby giving away our customer list.
I have tried taking away the IDP for this Hosted UI App in the App Client configuration, but then it no longer captures through the idp_identifier successfully.
If it helps to you, one of the solutions I found was to create a single User Pool per Corporate Customer
You can create different App Client, and you can enable only identity provider on the first one, and native username/password on the other one.
For each App Client, you can dynamically change your AWS Config on the client side.
On our use case, SSO users may not have the same identity provider name on their email domains so we have "Login with SSO" button, which first handles kind of "Home Realm Discovery" by sending a request to backend with user's email and that endpoint returns the identity provider name belong to that user. Then the client initiates the federated sign in (or direct call to the hosted UI with identity provider parameter).

Google Contacts - Get contacts of another user using service account

I am trying to get contacts of another user using Google Service Account. I even set the user credentials to the username and password of the account for which I want to fetch the contacts. However, I keep getting an error - Exception in thread "main" com.google.gdata.util.ServiceForbiddenException: Cannot request contacts belonging to another user
Initially I was using admin account to get the contacts of another user for which I kept getting a Forbidden error. I was told that service accounts will work in this case.
Can anybody please help? Is it really possible to get the contacts of another account with service accounts or any other method? If yes, any idea why I must be getting this error?
If you want to access a user's contacts using a service account, you need to do three things (see https://developers.google.com/accounts/docs/OAuth2ServiceAccount):
Create a service account in the Google Developers Console.
Delegate domain-wide authority to the service account using the domain’s Admin console.
(Necessary to access contacts:) Impersonate the user by specifying the email address of the user account with the setServiceAccountUser method of the GoogleCredential factory.
For example:
GoogleCredential credential = new GoogleCredential.Builder()
.setTransport(httpTransport)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId(emailAddress)
.setServiceAccountPrivateKeyFromP12File(new File("MyProject.p12"))
.setServiceAccountScopes(Collections.singleton(SQLAdminScopes.SQLSERVICE_ADMIN))
.setServiceAccountUser("user#example.com")
.build();
The error message Cannot request contacts belonging to another user suggests that you forgot the last step.
You can only get access to other people's contacts using Service Accounts if your Service Account client gets white listed at the domain level. In other words - you can't arbitrarily get others' contacts across domain boundaries without some admin access.
The simplest option is to use the OAuth 2 web server or client side flows - where each user has to authorize your data access.

How to contact Facebook application users without token

My Facebook application has a few thousand users but they have not visited the application for a long time and I don't have access tokens for them. I do have their uid's.
How could I make contact to my application users?
I used to use the Notification.sendEmail but it is now deprecated and won't send any emails. I have email permission for all of the users but I didn't store the users email address earlier because I used that function. I should have stored the addresses.
I have understood that all use of new Graph api require access token. So my option would be to use the old Rest api. But is there a method that could be used in a situation like this?
You should be able to still retrieve the email addresses of the users who granted your app the email Permission if they haven't subsequently removed it - you can do this with the App Access Token (see the Authentication docs for more info)
Make a call to /<USER ID>?fields=email to get the address

Retrieve email using Graph API

I am using app login access token retrieved through following API -
https://graph.facebook.com/oauth/access_token?client_id=&client_secret=&grant_type=client_credentials
Can I retrieve email address (primary email not the facebook email) of any user if it is public using Graph API?
Thanks
Lakhan
Two ways to get users primary email:
For the authenticating user (ie the one who has granted your application access to their profile) and only when you explicitly request that permission.
If the email is explicitly made public by some arbitrary user not authenticating with your app, then that will be available to you also. Any publically visable info you can see via facebook.com is equally accessible via the API.
For getting the authenticating users email, when you first request the oAuth dialog you need to pass a scope with the email permission (as well as whatever other permissions you require). See more about permissions here and more about using scope here .
When the email is available it can be found in the User payload, see more about the API request and payload here.
Check the doc here : http://developers.facebook.com/docs/reference/api/user/
With the email argument, you will be able to get the email.