Is there an api to updated the callback url and verify token of the webhooks in the messenger settings if we know the Application Id and the Application Secret ?
Related
I have a Web API developed with ASP.Net Core. I also have a client app developed with Next.js and it uses NextAuth.js to handle the authentication.
In the UI, when a user is authenticated, I have access to the access token from Facebook.
My question is how can I use this access token to authenticate the requests sent to the back-end API.
This is the back-end code used to register the Facebook authentication scheme (it is all standard):
builder.Services.AddAuthentication()
.AddFacebook(
facebookOptions =>
{
facebookOptions.AppId = "<my_app_id>";
facebookOptions.AppSecret = "<my_app_secret>";
});
I want to construct a Postman request that can authenticate my user using a specific access token but I do not know where to put this access token and whether this is possible at all.
Just sending the request like this (without any modifications) results in visualizing the Facebook login page.
Your Asp.NetCore project integrates Facebook login. After logging in, the token you get can only access protected resources in the current project, such as: [Authorize].
If you want to access Facebook's resources, you need to write your own code to get the token and then access the resources.
1. How to Get Facebook Access Token in a couple of minutes: 2020 guide
2. How to get current user access token from Facebook SDK in C#? Not the App access token
After you get facebook access_token, then you can access Facebook's resources.
In an Ionic app, I am using twitter-connect-plugin to enable users to authenticate to the app using their twitter account.
The result returned by this plugin includes the authenticated user twitter account Id, username and his picture.
In addition to these fields I also need to retrieve the email address.
I tried to use twitter API v2, by calling the https://api.twitter.com/2/users/:id endpoint. But from the v2 docs the email address is not included in the user fields.
In the Twitter API v1.1, the https://api.twitter.com/1.1/account/verify_credentials.json endpoint has the include_email parameter, but from the v1.1 docs it requires the user access token:
Please note - Your app will need to regenerate the user access tokens
for previously authenticated users to access their email address
Any idea on how to get the user access token in the v1.1 in order to use it in the GET account/verify_credentials request?
According to the documentation for that plugin, once you've called .login you get back a response.
The login reponse object is defined as:
{
userName: '<Twitter User Name>',
userId: '<Twitter User Id>',
secret: '<Twitter Oauth Secret>',
token: '<Twitter Oauth Token>'
}
You should be able to use the secret and token values from that response object to call the verify_credentials endpoint.
Note that this plugin appears to rely on Twitter Kit, which is no longer supported and may stop working in future.
I have enabled Account Linking by Google Sign-in following this method [Account linking with Google Sign-In][1]. It says I am supposed to receive a JWT Google ID Token with each call. From where I should extract user information. But in my webhook endpoint I am getting below information
{"handler":{"name":"create_user"},"intent":{"name":"","params":{"AccountLinkingSlot":{"original":"","resolved":"LINKED"}},"query":""},"scene":{"name":"Main_AccountLinking","slotFillingStatus":"FINAL","slots":{"AccountLinkingSlot":{"mode":"REQUIRED","status":"SLOT_UNSPECIFIED","updated":false,"value":"LINKED"}},"next":{"name":"Main"}},"session":{"id":"ABwppHExhpgFArUhkwMtFsGCHLkgH9-Ixar7iSZFv9lwtKoilI2gN1Cuh-0FEvVN6f3x5v_BN8t0o4EhRB479w","params":{"AccountLinkingSlot":"LINKED"},"typeOverrides":[],"languageCode":""},"user":{"locale":"en-US","params":{},"accountLinkingStatus":"LINKED","verificationStatus":"VERIFIED","packageEntitlements":[],"lastSeenTime":"2020-09-18T21:57:48Z"},"home":{"params":{}},"device":{"capabilities":["SPEECH","RICH_RESPONSE","LONG_FORM_AUDIO"]}}
So where is the ID Token? Please guide me.
[1]: https://developers.google.com/assistant/identity/google-sign-in
I have a website using ASP.NET Core, which uses MS Identity and external login from Facebook.
I have a Xamarin app that logs to this backend via login/password using Xamarin.Auth. I am wondering which is the best way to allow external login to Facebook from the app?
Should I create a separate Facebook app for Android or should I use the same as the website?
What would be the flow?
I am thinking of something like:
Using the Facebook sdk to log in
Pass the token to the server
Check from server side if the email exists or the FB user id exists
If yes check whether the app is registered using Facebook and if yes login
If no create an account
But until now I haven't stored the user's Facebook Id (only the email, that the user can also modify).
Xamarin.Auth is client library and currently has no server side implementations.
So, your server is Protected Resource and Facebook will be Authorisation Server. After you obtain your tokens (access_token and refresh_token) you would try to access Protected Resource presenting access_token as a credential. Protected Resource will perform token introspection (this could be separate service-server) which will decode the token, lookup username (mail) and check expiration of the token.
This is not specified in draft (RFC) so check how FB does token introspection.
Few links for more info:
How to validate an OAuth 2.0 access token for a resource server?
http://blog.api-security.org/2014/10/oauth-20-token-introspection-profile.html
https://www.quora.com/In-OAuth-2-0-how-do-resource-servers-assert-a-token-issued-by-an-authorization-server
https://connect2id.com/products/server/docs/api/token-introspection
https://leastprivilege.com/2015/12/27/oauth-2-0-token-introspection-middleware-for-asp-net-5/
I have a web api which I want to secure using ACS, but I want to use ACS for authorization only. The flow I want is:
The user is redirected by the app to authenticate with Facebook and
the app receives a Facebook token.
The app sends a request to ACS with the Facebook token and receives
a new token, which he can use to access the API.
The user calls the API and passes the token received from ACS as
authentication/authorization for the API.
Is this flow possible? How do I set this up on the ACS side and the API side?
I already have the Facebook authentication working in the app. I would like to leverage the token I am already getting in order to call the API.