I saw PayPal REST request documentation for java SDK at https://developer.paypal.com/docs/integration/direct/make-your-first-call/.
It requires a developer to register an application.
Now, using the calls mentioned by using the clientId and secret, i can receive an access token. This access token will belong to me and not any other user, so i will only be able to access my resources.
Now, If i make an application, and want to obtain access token of the user using my application, how can the SDK be used to achieve this workflow?
We recently created the instructions to use PayPal Java SDK. You can read them about it here: https://github.com/paypal/PayPal-Java-SDK/wiki/Making-First-Call
Using Java-SDK, you do not need to create access token separately. Instead you create an APIContext object, and pass your clientId, secret, and mode(sandbox/live). You pass this instance to all the API operations, and SDK will automatically call the oauth, and get the access token. This also improves performance by caching the access token and re-using it for later use. This only should reduce number of network calls to half.
Related
I am trying to develop a Flutter app, with which users can login with their Square account credentials, and I can use OAuth2.0 to get their access token, and use it to make calls to the Square API.
I am confused with the whole flow: after the users sign in with their Square credentials, how do I get their client secret/ app id (which are required for the obtaintoken API call). To get the access token I need those, but there doesn't seem to be any functionality for that. Right now I am testing by hardcoding both in a .env file, but how to do it for an end user? I'm currently using FlutterAppAuth.
You would use your client secret and application id. The idea behind OAuth API in Square is that the Square merchant(s) you onboard do not need to worry about creating an application, so they actually wouldn't have these credentials at all.
Using the OAuth API, you will be able to generate an access token using ObtainToken with the code that you receive. The rest of the parameters are specific to your application.
You can see the full flow on the doc site here: https://developer.squareup.com/docs/oauth-api/how-oauth-works.
I am trying to build a webpage that shows information only to allowed users and allows those users to modify that information. I want to use Facebook to authenticate the allowed users. I would have those users' Facebook IDs stored in a database and check a logging in user ID against the ones stored to see if this person can access the information.
Using the Facebook JavaScript SDK I can log a user in and obtain his ID on the client side. But I'm not sure how I should proceed from there.
I believe I need to use PHP SDK to do what I described. Am I right? Or is there a way to use only JavaScript SDK that I am unaware of?
You can either use PHP SDK or Javascript SDK or No SDK or any combination!
It's flexible, it's on you how you like to code.
But since you are using JS SDK for login, if you wish you may use only JS SDK for all the functionalities on your app!
is there a way to use only JavaScript SDK that I am unaware of?
What exactly you mean by that? Just like you use JS SDK for login using FB.login(), you can call other APIs (Graph APIs) like -
FB.api("/me") FB.api("/me/feed") FB.api("/me/accounts") etc. etc.
You can go through this - Facebook SDK for Javascript
Edit
To make the request secure, so that no one misuses your API and get the user's data, you may send client's access token instead of facebook id. This access token is temporary in nature (valid for 2 hours only)
I'll explain this a bit-
client will send access token to the server
server will VERIFY this token. eg:
\GET https://graph.facebook.com/debug_token?input_token={token-to-inspect}&access_token={app-token}
you may use simple curl req or file_get_contents() to make this request
Reference
If it's a valid one, get the user_id from the response and send the appropriate data.
If the token fails, you may send authentication error to your application.
Since token expires after some time, nobody can misuse the token!
From what I understand about Oauth, a user logs in to Facebook, then Facebook provides my application with an access token that I can use to make calls to Facebook's API. Can I use that same access token to authenticate calls to my own API?
What would this look like in terms of storing and accessing user data for my own app such as personal settings and resources?
Can I use that same access token to authenticate calls to my own API?
You technically can. Token is just a random identifier that uniquely identifies a user within an application in the OAuth provider.
What would this look like in terms of storing and accessing user data for my own app such as personal settings and resources?
You need to store as much information as you need to uniquely identify a user and an application (if you support them) this token belongs to.
Using app access token had previously been asked in this question (How to use Facebook appAccessToken with Spring Social) and Craig Walls gave a good explanation why the spring-social API should be user-based for most cases.
I have a scenario, however where I would like our server-side application to make a couple of queries that should not require user-specific permissions. I picked a random public page for examples below
I would like to:
View details about a public page by alias/id
https://graph.facebook.com/v2.0/121727254549188
https://graph.facebook.com/v2.0/peterstevensmotorcycles
View posts for a public page by alias/id
https://graph.facebook.com/v2.0/121727254549188/posts
https://graph.facebook.com/v2.0/peterstevensmotorcycles/posts
Search for pages
https://graph.facebook.com/v2.0/search?q=Peter%20Stevens%20Motorcycles&type=page
When I test these in the Graph API explorer (https://developers.facebook.com/tools/explorer) using an App Access Token they work fine. App Access Token is obtained by hitting https://graph.facebook.com/v2.0/oauth/access_token?client_id={app-id}&client_secret={app-secret}&grant_type=client_credentials and replacing client_id and client_secret with my Facebook client credentials.
Our application would like to have the ability to make these for any given name so we can make queries about a company's presence.
We will have similar requirements for Twitter, LinkedIn and others so I just wanted to check if there are any means to do this in the current API or whether it will not suit our requirements.
You do not need to fetch an app access token - you can actually use the app id and secret separated by "|" as the access token. - You can see it at the bottom of the app access token section in the documentation: https://developers.facebook.com/docs/facebook-login/access-tokens#apptokens
Spring Social's Facebook API binding does not (yet) support v2.0, but that's something I'm working on right now...so hopefully soon. Once that's complete, there'll certainly be some operations that work only with user access tokens and some that only work with app access tokens, and some that will work with either (FWIW, Twitter's API has a similar set of circumstances).
Keep an eye on the project in GitHub or follow #SpringSocial on Twitter to know when the v2.0 stuff is available. (I'd appreciate any help I can get in testing it.)
Although it makes no sense at all to obtain your FacebookTemplate via the connection framework for app token requests (connections are, by nature, a user-oriented concept), you can always construct a FacebookTemplate wherever you need it, giving it an app access token obtained via OAuth2Template's authenticateClient(). You can certainly do that now with the v1.0 API binding, but I'm uncertain what ops an app token would work with.
FWIW, as I'm working on the v2.0 API binding, I'm starting to sense an opportunity for FacebookTemplate to carry two tokens: A user token and an app token. This way you can perform app-centric requests even from a FacebookTemplate obtained from the connection framework. Then the only time you'd ever want to construct a FacebookTemplate manually is if there are some operations for which either kind of token will work, but the results would be different depending on what type of token is used.
For this task I have already created my own facebook application to get the API key and secret key. Can anyone explain the next steps that should be done to
1) Read from facebook API
2) Write my own database
by using web services
Thanks in advance!
A high level answer:
I'm assuming you want to use the authorization code OAuth flow (this means you want Facebook users to give you access to their profiles so you can grab data from there). If so, you need to bring up a web server and an application that will run your users through the Facebook OAuth flow. In case you just want to access Facebook with your own credentials you don't have to have a web server, simply use the client credentials OAuth flow.
So, Once you have a valid access token, you simply make calls to Facebook API using this token. using Facebook Graph API is simply a matter of calling URLs and getting the data as JSON.
You can test-drive the API here.
BTW, according to Facebook's platform policy, you're only allowed to store Facebook data for caching purposes.
Let me know if this helps.