I'm building a Rails API with a proper front-end to go along with it (probably React). I'm currently implementing the API and haven't written a single line of front-end. I'm trying to implement OAuth with Facebook as explained in #a14m's answer for this post.
However the problem is that my API would require an authentication code so that it can exchange it for an access token with Facebook. As far as I understand, the code is obtained via a login dialog on the front-end. Now I want to test whether or not my API is getting a valid access token from Facebook in exchange for the code. But to get the code I have to open a dialog on the "front-end" which I have not implemented yet.
Any way I could open the dialog for Facebook login and get the code without writing the front-end? I probably think Postman would help but I don't know how. Also if there is a way to obtain the token without triggering the dialog would also get my job done. So I just want a way to access the code without a front-end.
You can definitely use Postman for this. I write Rails APIs often and I always use Postman to hit the endpoints without having a front-end. All you have to do is find out what you need to send to the Facebook API and set it up as a form body on Postman.
Related
I am trying to retrieve a web auth token for CloudKit using their web services and postMessage API token. According to Apple's documentation, token should be returned as part of "data" object through the message callback, but all I am getting is the ckSession variable. It seems like documentation is wrong, or I am missing something.
Is there any additional API which should be called to retrieve the web auth token after this step? I tried being naive and passed ckSession to record listing APIs but that doesn't seem to work. Also, if I use a different token retrieval method, like custom URL scheme, for example, token gets retrieved correctly. This issue seems to only be related to postMessage option.
"Allowed origins" is set to "all domains" and I'm calling auth API from localhost. I am running Windows 10 and am using Chrome browser (if it means anything here, probably not).
It seems like someone had the same issue a couple of years ago and it was posted on the Apple forums, but it hadn't got much love back then.
Any help would be greatly appreciated. Also, I can provide more information, if needed.
As I understand it, you can only obtain the web auth token (ckWebAuthToken) via the front-end JavaScript API. It should be returned after the user signs in with their Apple ID. You could then POST that value to your back-end app and store it somehow (probably as a session variable).
You can read more about getting the web auth token on this page.
If you have since learned more about solving this and know more than I do, I'm all ears. :)
Likewise, I never managed to intercept the ckWebAuthToken with the postMessage method. I suspect it can be used only with the sign in button generated by setUpAuth in the JS SDK.
So instead I redirected to a page of mine hosted somewhere, where I grabbed the token from the query string and sent it to my host app, all in JavaScript. Clunky but it worked! :)
When trying to create app requests through facbeook http graph api I'm getting the error "(#2) Failed to create any app request".
As described in the documentation (https://developers.facebook.com/docs/graph-api/reference/user/apprequests/) I'm using the URL https://graph.facebook.com/{userid}/apprequests setting in post the access token, a title and a message. I've tried different combinations of parameters just to check if I needed anything else, but just if I remove access token and/or title I get different errors.
In addition to that, if I use my own userid, instead of other userid (obviously a friend) that I want to send the request to, there's no error at all, but no request is created.
I don't think it may be related with permissions because both users (source and destination of the request) are admin, developer or tester of the app.
Thank you
Just in case anyone needs it, the problem is that user apprequests can only be created if using any facebook ui methods. That's why in this thread Apprequest of Android Facebook sdk 3.0 comment 1 advices to use webdialog instead of sending the request in code.
More on this topic, I've been researching and I found out that I started with my app really long ago (using API lower than 2.3) so I didn't need to set the category as "game" to be able to send apprequests. I updated its category and after multiple tests I've found the following scenarios:
Javascript API works correctly to send requests in my app
Graph API fails to send requests if using user auth token getting the same error as before
Graph API is able to send requests if using app auth token (from app_id + app_secret)
As far as I've read, there's no limitation in using either kind of auth tokens for apprequest calls.
In addition, my app will be running in web, desktop and mobile. The scenario in which I'm using graph API directly is desktop for obvious reasons (there's other APIs tor the other platforms). As recommended in the FB api documentation, the app secret should not be included in binary code deployed to users, so I would need to use the user auth token.
Any help would be apreciated
Thanks
Everything I have read (e.g. https://api.slack.com/docs/oauth) makes it seem as though I can only build an app that integrates with a Slack team I manage. E.g. I have to create my Slack Client ID .. etc ... and then I can oAuth users for my team.
What I want to do is allow my app's users to login to my app using their Slack login (for their Slack team I do not control or have access to.) I don't want to force my users to generate a Client ID to use my app. I want them to login the same way Google Login or Facebook Login works.
The closest thing I have found is a "login with slack" HTML button, but I'd like to do it in iOS using Swift.
Is that possible?
Sadly, that's not possible. For google or facebook, the way authentication works is that they provide you a mobile API which handles the communication between your app and their web service. So you task is simply adopt that API, make simple function call and retrieve information for user from the API. For example, the facebook button is provided by the API.
However from a look at slack site, they only have RESTful API documented. So in this case, you have to handle the passing and storing of parameters by yourself, and send HTTP request manually. You can have a look at Alamofire framework, which is the best choice for making HTTP request. Basically, you have to send needed parameter with the specific url though HTTP request to perform a log in action, and you have to parse the respond data and then see if the login is successful or not, etc
Thanks to some help from friends it looks like the answer is yes.
You must first make sure you "Distribute App"
Then set up the permissions you require and "install app" (which is a bit not "smart" since you can accidentally add conflicting permissions and get an error when trying to install).
Once that is done you will get an Auth Token and can make requests for any user to login using oAuth.
You can also trigger a sign in request like so:
https://slack.com/oauth/authorize?client_id=[client id]&scope=identity.basic
Edit: For future Googlers, Slack now also provides a specific documentation page for this type of OAuth grant/login: Sign in with Slack
For this task I have already created my own facebook application to get the API key and secret key. Can anyone explain the next steps that should be done to
1) Read from facebook API
2) Write my own database
by using web services
Thanks in advance!
A high level answer:
I'm assuming you want to use the authorization code OAuth flow (this means you want Facebook users to give you access to their profiles so you can grab data from there). If so, you need to bring up a web server and an application that will run your users through the Facebook OAuth flow. In case you just want to access Facebook with your own credentials you don't have to have a web server, simply use the client credentials OAuth flow.
So, Once you have a valid access token, you simply make calls to Facebook API using this token. using Facebook Graph API is simply a matter of calling URLs and getting the data as JSON.
You can test-drive the API here.
BTW, according to Facebook's platform policy, you're only allowed to store Facebook data for caching purposes.
Let me know if this helps.
I'm getting into the grimy guts of a problem that has turned out to be rather cumbersome so I turn to you, the experts, for help.
what I've done so far: I am building an iphone app with phonegap. I am using the provided fbconnect (in phonegap github) code which gives some rather convenient javascript based example code to build things like a comment and check in request. I have comments and checkins fully working how I want, and I have an auth_token that I am successfully toting around.
enter the like button: I understand that you cannot make like requests via xmlhttprequest in the same way that you can with comments for example, so I am stuck using an iframe (unless there is a better alternative).
what I need help with: right now, since the iframe is triggering its own login, I have the situation where the user might log in to like, and then have to log in again to comment which is not a viable. Is there a way to pass a valid auth token to the iframe so the user wont be prompted to log in again or some other sneaky way to authorize through the childbrowser solution that I have currently implemented and then share the auth token to the rest of the app?
notes: I havent passed an app ID to my auth implementation but I noticed that the iframe does pass an app ID. would including an app ID in my auth request somehow link the logins so facebook could recognize that the user is already logged in through the app?
I can't think of any specific code to include since this is more of a general question but if there is anything you'd like to have a look at please let me know.
The short answer is no, mainly for security and spam prevention. The only way to have the user like your page is rendering the iframe code in a webview. This requires a traditional email/password login with Facebook. Using the graph api is the only way to use things like commenting and checkins, and this requires a user to login via a separate mechanism and then subsequently approve your app. There is no back door logging in mechanism.