While building an app using actions-on-google, i ask user for device location.
I need google assistant to remember if user grants this permission to avoid asking for the same permission again when user uses the app later. How do I do this?
Thanks.
You can't save the permission, but you can save the location as Yuksel has suggested.
This works well if you're expecting the location from a relatively fixed device such as a Google Home, but not as well if you're getting the location from a mobile device.
If you are planning to get the location from a mobile device, you need to request it each time.
Once the user grants you access to the information you need, you can store that information in UserStorage. That way you can check if a user has information stored in their UserStorage, before asking for a permission.
Please not that if you're storing personal data about the user, you may need to ask for their permission,not only to query the data but also to store it as well. As stated in the docs:
Some countries have regulations that require developers to obtain
consent from the user before they can access, or save certain
information (e.g. personal information) in the userStorage. If you
operate in one of these countries and you want to access, or save such
information in userStorage, you must use the Confirmation helper to
ask consent to the user and obtain the consent before you can start
storing such information in userStorage.
You also need to state that you're saving data in your privacy policy:
If you store the user's information, remember to disclose it in your
privacy policy when submitting your project for review.
As discussed in the comments. You CAN'T get users permission once and query their location multiple times. You need a new permission each time you query the data. If you suspect that users location might change every time they use your action (i.e. Actions that mainly target smart phones), you can handle it as a dialog turn. Here's an example:
System: Would you like to know about the weather in $userSavedLocation?
If user says yes, no need for permission. If they say no, then ask for permission again.
Related
I've managed to get a Access Token that doesn't expire, however I've noticed that Data Expiry does have about a 3-month expiry lifespan on it.
From reading Facebook's own documentation, it appears that the access is based on when the user is last active.
Facebook Login also enables you to ask for permissions when people log in to your app. These permissions, if granted by the user, give your app access to items of user data. For example, your app can access a user's name and profile photo.
If an app asks for permissions, it is often necessary to put the app through app review so that Facebook can make sure that data is not misused. Your app can ask for people's name and photo (the default profile fields) and for email without going through app review, but all other permissions require review. For lists of permissions and which ones require app review, see Permissions Reference.
Does this mean that as long as I log into my Facebook profile that's linked - my Data Access will be extended? `
It's not related to logging in to your FB profile, but logging in to your app.
It looks like the token gets extended if it's being consistently used.
I want to integrate my application with Soundcloud for having the user statistics and so on, I use the client.authorize_url to send the user to approve the app on Soundcloud and I get the proper access_token but I want to know how to correlate between this access_token t the user that clicked on the client.authorize_url in my backend database (I mean I get the access token but how do I know to save it in the DB for the right user?)
Note: not a soundcloud dev.
There are two possible questions being asked here and I'm not sure really what you are asking.
If you are asking about storing data pertaining to a user that has connected through your app: Why do you need to store access tokens on your database? Access tokens expire, and they will change over time, even if it is the same user. It is better to store user-specific data (if needed at all) to a database referencing the users ID. That specific ID will not change. If you are talking about
If you are asking about the app itself, and how to reference that users information once they connect: This is done by using the method call on the SDK (not 100% on the name as I use custom implementations) for Me(). Check the documentation for more info. Hopefully this helps - if you needs some clarification let me know.
I can't really figure out what exactly the facebook API and its services are capable of in terms of user management. Given that I would completely rely on facebook for registration and login, does facebook only provide the authentication and registration process and return me data to store in my own database or does it also itself store a list of already registered user accounts which I can query later on so that I could completely outsource user management from my servers?
If you only need to authorize a User, you don´t need to store anything. You only need to store them in a database if you need to identify returning Users, or if you need to use his data while he is not online.
There is no user management though, you can´t just get a list of all users who authorized your App from Facebook. That´s what you have to store on your own. Make sure to implement the possibility to remove a User from your database, Facebook offers a deauthorization-callback in the App settings for that.
Is it required by Facebook that if a user deletes your app from their account settings, that you must remove their account/data from your database? Or if a user deletes their Facebook account you must delete their account from your database as well...I have heard this before, but can't find anything in Facebook's documentation that explicitly states this.
Quoting from Facebook's Platform Policies
You will delete all data you receive from us concerning a user if the user asks you to do so, and will provide an easily accessible mechanism for users to make such a request. We may require you to delete data you receive from the Facebook API if you violate our terms.
Also, from Facebook's Help about App Basics
Does deleting an app from my timeline mean that the developers no longer have access to my information? No. Deleting an app from your timeline simply means that it will no longer have access to any new information that you share. If you would like a developer to permanently delete all of your information, you will need to contact the developer directly.
So deriving from above two information we can say that it is up to you to either delete or not delete the User's data if the User has unauthorized or deleted your app but you should delete it when asked to delete the data by the User explicitly.
Also, there is no policy over the deletion of User's data on deactivation of the account and it is up to you to either delete it or not, but I would suggest in keeping as Facebook itself preserves all the User's data so that he may have his data intact when he reactivates.
When using the Facebook real-time callbacks to update user settings/details, are you able to access a users details even without a never ending token?
Realistically, we don't want to have to ask users for offline access, but still want to be able to update their details in our system. Is it possible to do this, or do you have to require offline access, or mark it to be updated whenever the user next visits?
If you want to access publicly available data, you can simply get it like this:
https://graph.facebook.com/{User_ID}
If you want the response to also include the extended permissions that you received from the user, you can first get your app's access token like this:
https://graph.facebook.com/oauth/access_token?client_id={App_ID}&client_secret={App_Secret}&grant_type=client_credentials
The URL above will return something like:
access_token={Your_App_Access_Token}
You can then include that access token in your graph API request like this:
https://graph.facebook.com/{User_ID}?access_token={Your_App_Access_Token}
Including your app's access token will return additional information (e.g. email, if your app has permission).
Strangely, the graph API still doesn't send user picture information, so if it's the user's picture that changed, I need to use their OLD API like this:
https://api.facebook.com/method/users.getInfo?uids={User_ID}&fields=pic_square,pic_big&access_token={Your_App_Access_Token}&format=json
Note: I don't believe you actually need your app's access_token to fetch a user's pic_square and pic_big, but I'm sending it anyways.
For data that you have access to any
time, you may wish to query for that
data immediately so that requesting it
does not slow down load times when the
user returns to your application.
Dangit!