I've created a AWS Cognito pool with Phone Number as required attribute and Facebook as one of federations. Since FB do not provide any Phone number during Oauth is there any workaround to map "any other FB attribute" to phone number so as user id is created (the attribute once in pool, can be changed later using api).
While I try to map it to available attributes on fb , I get this on url,
//redirect_uri#error_description=attributes%20required:%20[birthdate,%20address,%20phone_number,%20email]&state=STATE&error=invalid_request
Any workaround ? Help !
I was able to solve this ( rather correct this) by ensuring no parameters were used in AWScognito pool which are not provided by FB or google. Birthdate/Phone_numbers/Adress aren't provided by fb/google api
Related
When attempting to make calls to the Shop and Data SFCC APIs with a sandbox store, is it the sandbox URL itself that should take the place of "https://hostname:port" in the endpoint URL? It's not super clear from the documentation. My SFCC sandbox URL is in the format "https://XXX-001.sandbox.us01.dx.commercecloud.salesforce.com/on/demandware.store/Sites-Site/" (realm ID redacted here). Using that URL with the format suggested by SFCC's API docs doesn't seem to do the trick, but I'm lost as to what other URL would be used here.
Try using the API Explorer first
With the API Explorer, which is an SFCC-built API client UI. You should modify the URL with your sandbox URL:
URL- If your sandbox URL is https://helloWorld-001.sandbox.us01.dx.commercecloud.salesforce.com/on/demandware.store/Sites-Site/, your OCAPI URL should be https://helloWorld-001.sandbox.us01.dx.commercecloud.salesforce.com/s/-/dw/meta/v1/rest
Account Manager Access Role - You need to ensure that you have the OCAPI Explorer access role in your Account Manager as well, and to the correct realm
Client ID - Ideally, your administrator should assign you with a API Client ID too. Else, use the default client ID for sandboxes (which is, type out 30 'a') and for password as well. NOTE: Do not use this approach for production/dev instances as it is a security vulnerability.
Once you are able to see the APIs showing, you should tinker around with the Version (i.e. 20.2 etc.) and the Site (i.e. RefArch) until you see the desired APIs in API exploerer. If this works, then you should have the necessary access and permissions to access OCAPI
I have been trying to figure out after referring to their official documentation (Google Ads API Document) which is not clear enough
Here is what I have tried till now.
I have created an app where users can log in with their Google Ad words account. I need to fetch their Ad performance reports via REST API.
To make an API request to fetch performance reports, we need the Google Ad Words Account ID of the authenticated user. Currently, as I am testing it with my personal account, I can login to my Ad words Console and get the Ad Words Account ID. But, how do I fetch the Ad Words Account ID dynamically for other users who authenticate via my App?
I tried looking for a way in their official documentation. But I couldn't figure out.
Could someone help me with the REST API URL which needs to be called to fetch the authenticated user's Ad words Account ID.
In addition to previous answer, I guess this is what you are looking for:
https://developers.google.com/adwords/api/docs/guides/first-api-call#create_test_accounts
It explains how to setup Google Ad Words API and get your ID.
According to the documentation here Account overview, you need to list the customers to get the ID. For each user that logs in as long as they do not have access to multiple accounts you should get a single customer and their ID.
CustomerService
CustomerService provides information about your accounts. It has a
getCustomers() method that takes no arguments and returns a list of
Customer objects containing fields such as customerId, currencyCode,
and dateTimeZone. CustomerService also has a mutate() method that can
be used to update various attributes of a customer, including the
autoTaggingEnabled and conversionTrackingSetting fields.
If no clientCustomerId is specified in a request, the response will
contain multiple entries if more than one account is directly
accessible by the authenticated account.
I want to develop an application(action) on Google Home, which will return some confidential information to user. So, I can't authenticate the user based on account linking as that device can be used by any person in the room. How can I get user's unique identity(may be email id) from voice match profile?
Account Linking is tied to the specific user that says "Ok Google" or "Hey Google" to invoke your Action. If the user that says it does not have a registered voice on the device they use (they are an "anonymous" user), then they cannot do Account Linking. This sounds like the level of security you're aiming for and it isn't clear why you think otherwise.
You can get a user's unique identity (with or without Account Linking) by using app.getUser().userId if you're using the node.js library. However, if the user is "anonymously" on a device (no voice registration has been done, or they do not match a registered voice), this identity will change each session because there is no way to determine who the user is.
You cannot get the user's email ID. (And, even if you could, one would hope that it follows similar rules to handling anonymous users above.)
Update to clarify what I mean by an "anonymous" request:
When a user first sets up a Google Home device, they're prompted to register for Voice Match on that device. Registering their voice requires them to say "Ok Google" and "Hey Google" a few times so a voice pattern can be established. Afterwards, these trigger words spoken by this person will have the rest of the statement associated with their Google Assistant account. If they have done Account Linking to your service, their Google Assistant account (which is matched to their voice for the invocation phrase) is linked to your service.
Other users can be permitted to register for Voice Match for a device. This will associate their voice for the invocation phrases with their Google Assistant account. If that user has done Account Linking with your service, then their voice triggering the invocation phrase will have things associated with their linked account.
But what about someone who uses the Home without having setup Voice Match for that device? The invocation phrases still work. They can still invoke your Action. But what Assistant account is associated with it?
Since the specific Home device doesn't know the person invoking it and making the request, this is an "anonymous" user. Anonymous users can't do Account Linking, since there is no Assistant account that is associated with the request. Although there is a userID provided - this ID will change for every conversation since the device has no way to know that the anonymous person making the request this time was the same anonymous person making it last time.
But what happens if the user has setup a Home device, but has not setup Voice Match on it at all? For security reasons, the system has to assume that this is really a shared device and that all requests have to be handled anonymously.
Additional Update
The "anonymous UserID" that is talked about above has been deprecated and will be removed in May 2019.
It is now possible to get the user's email address, assuming they have registered it as part of their Google profile, by using Account Linking with Google Sign-In.
Conceptually, may other parts of the answer remain valid, although some details may have changed.
You can use Account Linking for that purpose. If your phone is in locked state, then only the person who's voice will be registered in phone will be able to invoke the google assistant using OK Google.
If this type of invocation works for you, then go ahead and read the rest of the post. I've already posted a similar answer here
We have to enable the webhook first and we can see how to enable the webhook in the dialog flow fulfillment docs
If we are going to use Google Assistant, then we have to enable the Google Assistant Integration in the integrations first.
Then follow the steps mentioned below for the Account Linking in actions on google:-
Go to google cloud console -> APIsand Services -> Credentials -> OAuth 2.0 client IDs -> Web client -> Note the client ID, client secret from there
-> Download JSON - from json note down the project id, auth_uri, token_uri
-> Authorised Redirect URIs -> White list our app's URL -> in this URL fixed part is https://oauth-redirect.googleusercontent.com/r/ and append the project id in the URL
-> Save the changes
Actions on Google -> Account linking setup
1. Grant type = Authorisation code
2. Client info
1. Fill up client id,client secrtet, auth_uri, token_uri
2. Enter the auth uri as https://www.googleapis.com/auth and token_uri as https://www.googleapis.com/token
3. Save and run
4. It will show an error while running on the google assistant, but dont worry
5. Come back to the account linking section in the assistant settings and enter auth_uri as https://accounts.google.com/o/oauth2/auth
and token_uri as https://accounts.google.com/o/oauth2/token
6. Put the scopes as https://www.googleapis.com/auth/userinfo.profile and https://www.googleapis.com/auth/userinfo.email
and weare good to go.
7. Save the changes.
In the hosting server logs, we can see the access token value and through access token, we can get the details regarding the email address.
Append the access token to this link "https://www.googleapis.com/oauth2/v1/userinfo?access_token=" and we can get the required details in the resulting json page.
accessToken = req.get("originalRequest").get("data").get("user").get("accessToken")
r = requests.get(link)
print("Email Id= " + r.json()["email"])
print("Name= " + r.json()["name"])
I am developing a iOS app, that will require the users to log in with third-party SNS account, like facebook, or twitter. However, I want to allocate "native" user id for each users for the benefits of future use.
For example, since each FB user is assigned an unique ID, say, 12345678, when this user log in with his/her FB account, I can get this FB id via FB's iOS api, then I can simply add a prefix "FB" to this id, stored a local text file with "FB12345678" as content in the i-device.
Then next time the app launches, it simply check the existence of this text file, and if not, pop out a view to require users to login, otherwise just use the content, like "FB12345678" as keyword to fetch data from my server.
Above is my own thinking. But I think there are some severe problems:
first, is it safe to store a string locally without encryption?
Second, if I use, say in the example, "FB12345678" to fetch data, is it safe to transmit via the Internet?
Chances are this " FB12345678" can be easily intercepted, and used to forge the identity of a user.
Lastly, if the user changes his/her FB password, I think my app should require the user to re-authenticate, but from the above strategy, obviously it does not work out.
So could anyone elaborate what is the most commonly used strategy, or algorithm, to enable thirdparty SNS account login? (like Instagram, Parse, etc.)
you can use the SDKs Provided by different Social Medias. It will maintain the session at your side. It is not proper to save userid on application side and other thing is that in almost all the medias you will require to send the access token and secret to request a data. and the Token Changes so its not good to save it. You can send it with your request and if it will be expired it will automatically ask you for the second time login.
please visit:
www.developers.facebook.com //for facebook
www.dev.twitter.com // for twitter
Try following links:
https://github.com/fhsjaagshs/FHSTwitterEngine
https://github.com/nov/fb_graph
hope this will help you.
I'm calling
https://graph.facebook.com/<user_id>/?access_token=<valid_token>
or just
https://graph.facebook.com/me/?access_token=<valid_token>
and getting back json object that doesn't contain primary user email which I need.
I setup email permission for the app and no effect.
What can be wrong?
Did you remember to ask for the email permission in the login request? You do this by adding the scope parameter like this in the login request (&scope=email):
https://www.facebook.com/dialog/oauth?client_id=YOUR_APP_ID&redirect_uri=YOUR_REDIRECT_URI&state=SOME_ARBITRARY_BUT_UNIQUE_STRING&scope=email
Facebook API reference
You probably do not have email permissions in your access token.
You can verify it with the Acess Token Debugger
I believe that your question is, even after granting permission to access email, you are not able to get email information through the Graph API. In newer versions, you need to pass fields param to the API to get additional information such as email. By default, it only provides id and name in response. Please find a sample below on how to get other info from graph :
https://graph.facebook.com/me?fields=id,email,first_name,gender,last_name,link,locale,name,timezone,updated_time,verified&access_token=<value of access_token>&debug=all
Hope this helps.
It is possible that the email is not verified in facebook. In this case facebook doesn't make it available via the API. Make sure your code handles this case.
Since the release of API version 2.5 you can get user email like this: https://graph.facebook.com/v2.5/me?fields=id,name,email