I have a web-site with users "site-account".
Users also are registered in VSTS / (project1.visualstudio.com, project2.visualstudio.com, ...) "vsts-account"
I need allow user once link a "site-account" to "vsts-account" (one or multiple)
After link a account i can read / write a Work-Backlog item in any time.
Example, in background read Work-Backlog and send email notification.
I cant understand how i can link and grand access to "vsts-account" from "site-account"
I can create a Extension, that will be installed in VSTS.
Thanks for any links
The simple workflow:
Create a web app with OAuth authorize, refer to this article: ASP.NET web app (OAuth sample)
The user login your web-site with "site-account"
After login, enable the link (e.g. vsts-account), the user can click the link to authorization to the VSTS
Associate the access token and refresh token to that user (store in database)
Using refresh token to get access token if the access token expired
Using access token to get work item in VSTS
More information about OAuth with VSTS, you can refer to Authorize access to REST APIs with OAuth 2.0
Related
Facebook recently released a step-by-step documentation for using a GrapAPI to manage Instagram messages. To obtain the access token to use it, it's necessary to create an application in the developer center, enable login via Facebook and include the permissions "instagram_basic", "instagram_manage_messages" and "pages_manage_metadata" but to activate these options it's necessary to submit various information for approval as statement of how the integration works and descriptions of the usage flow. I don't have access to this information because I can't develop an integration without it being approved.
It's not possible to use the provided test user as the pages raised by him cannot be linked to Instagram accounts.
Tutorial followed: https://developers.facebook.com/docs/messenger-platform/instagram/get-started
Someone with some experience with the Facebook API could give me a light on how to obtain the token with access required and proceed the tests?
I have done the tutorial as well, I faced the same problem. To enable instagram_basic, instagram_manage_messages and pages_manage_metadata without app review you need to create a test-app. For test apps all permissions are granted without review.
Instructions on how to create a test-app
Another usefull tipp: If you are wondering why you need to implement facebook login to access the instagram messaging api, the logic is the following: You need to implement login to then use your own implementation to logg in your own account and obtain the page access key that will let you do api calls to the instagram messaging api. This process is obviously overkill and instagram is working on a way of getting that access token through the developer dashboard.
For now to obtain that access token you need:
implement facebook login as a simple html website and console log the response. Be sure to add the required permissions to the data-scope attribute of the facebook login button:
<div
class="fb-login-button"
data-scope="public_profile,email,instagram_basic,instagram_manage_messages,pages_manage_metadata,pages_messaging"
></div>
deploy to a website that has https enabled (logging in from
localhost will only work if you use a tunelling service like ngrok).
Open your website that has facebook login implemented and logg in with your facebook account that is also linked to the target instagram account and also is admin of your test-app.
get the access token from the response to call the other API endpoints.
The Snapchat Marketing API outlines authentication in the following steps:
1.) Open the authorize link in the browser:
https://accounts.snapchat.com/login/oauth2/authorize?response_type=code&client_id={client_id}&redirect_uri={redirect_uri}&scope=snapchat-marketing-api&state=wmKkg0TWgppW8PTBZ20sldUmF7hwvU
2.) Authenticated user clicks the authorize button
3.) Physically copy the code out of the browser address bar
4.) Issue an API/cURL request- exchanging the authorization code for an access token
5.) When the access token expires- exchange a refresh token (from step 4) for a new one.
My main issue with these steps is that the flow is a hybrid web flow/client credentials flow. I am completely dependent upon a browser session to create an access token.
Furthermore, the code obtained from step 3 needs to be regenerated each time an access token is created with it.
There is no [obvious] way to programmatically create an access token. Is there? Even my Selenium attempts trigger a Captcha ...
Turns out - permanently caching/storing the refresh_token was the ticket. With it- I can repeat step #5 above ad infinitum.
We would like to enable the following scenario :
user can login to a web application leveraging Azure AD B2C as the identity provider.
user can also interact with a bot on FB messenger (built on MS Bot Framework). He is asked to log in so that we can get him an access token for subsequent web api calls.
user has access to a persistent menu on his FB messenger where he can navigate to some pages of the actual web site and be logged in straight away.
I have the following question :
Could Azure AD B2C be used in conjunction with Facebook Account Linking ? Could not find any samples... What I am doing now : in the FB login button, I pass a link to one of my bot server controller method as a level of indirection. Then in this method, I get the redirect Uri and account linking token that FB is adding to the url and then do a redirect to my B2C policy url passing these 2 arguments in the state and my own redirect Uri (not the one from FB). This way, once authentication is done, b2c redirects to my bot where I rebuilt the callback to fb url. Any security concern with this approach?
Thx !
After looking at this post Facebook Messenger: get access token of linked account it seems that FB account linking is not really useful in regards to access token. I was expecting similar behavior as Amazon Alexa account linking but in fact it has nothing to do with exchanging an authorization code with an access token and having this token manage by FB... So I am just going to leverage the BotAuth code https://github.com/MicrosoftDX/botauth to store the access token in the bot state... I dont really care about collecting the PSID...
Regarding the last step of the scenario, we are investigating cookies reuse from the first authentication flow.
I'm trying to develop a React application that will allow users to login with their Azure AD accounts and their Facebook accounts.
The first thing is that I didn't understand about the 2 tabs "User
Pools and Federation Identities". Do I need both to get it done or
just the User Pools is enough?
My goal is just the authentications. I don't want to allow users to access any AWS service. I just want the authentication token.
I already got the user logged in via facebook using the Federation Identities and the Facebook SDK, but I don't know how to keep the user data saved after getting the token from facebook auth. Also is it correct to use the facebook SDK or should I use Cognito to take care of all authentication methods for me?
Do I need both to get it done or just the User Pools is enough?
No. Userpool is more than enough if you just need authentication and do not need to use AWS services.
I already got the user logged in via facebook using the Federation Identities and the Facebook SDK, but I don't know how to keep the user data saved after getting the token from facebook auth.
What user data do you need to save. If you want User's profile data to be saved in Cognito, you need to use Cognito Userpool & not Federated Identities. Add Facebook directly to Userpool. Upon using Facebook login, a user is auto-created in the userpool based on all user data available in the token. See this doc on how to add Facebook to a userpool directly.
Also is it correct to use the facebook SDK or should I use Cognito to take care of all authentication methods for me?
Depends on your use-case. If you just want to add authentication to an app, the best way would be to Add Facebook to a Userpool directly, create an app client in the userpool for your application; enable Facebook for that app client & use Cognito Userpool's built-in UI to login using Facebook. This feature (built-in UI) is called App Integration. After successful Facebook login, a valid token will be sent to your app. Do note that the token sent to your app would be from Cognito.
Client--> Userpool built-in UI --> Redirect to Facebook --> Login using username +password --> Facebook sends its token to Cognito ( https://your-user-pool-domain/oauth2/idpresponse)-->Userpool vends its own token & redirects to the URL mentioned in the redirect_uri.
I am using Facebook as advertising platform to promote my application on Apple and Google stores. I would like to make windows service which will download daily report(s) about advertising status of my marketing campaign running one Facebook, preferably using 60 day token, or some permanent solution so that token is retrieved when required. I think that i understand everything to do this except how to generate access token to use it with Facebook Graph API. Which token for which Facebook account do I need and how to obtain it?
You'll need a Facebook app and to grant that app the ads_read permission in order to retrieve reports about your advertising efforts via the API (source).
You'll want a long-lived token so that you don't have to re-authenticate very often. The access token documentation details the steps to exchange a short-lived token for a long-lived one.
You may also want to consider managing the app, ad account, and access tokens (via a business system user) with the FB Business Manager.
Create a facebook app.
Go to the Graph API Explorer in Facebook's Tools & Support section.
Pick your app from the drop down.
Hit Get Token > Get User Access Token.
In Select Permissions choose required permissions or select them from extended permissions.
Use the user access token that will be presented to you in the access token form input field.