I have configured my app in google apps marketplace SDK. The scopes mentioned in it will be added to the admin console once the app is installed. In order to access the google apps data, my app needs access token. In order to achieve this I used google sign-in. But however this again shows me the user consent page which should not appear according to the SSO requirements. So how am I supposed to get the access token for my app by satisfying all the SSO requirents.
Related
Facebook recently released a step-by-step documentation for using a GrapAPI to manage Instagram messages. To obtain the access token to use it, it's necessary to create an application in the developer center, enable login via Facebook and include the permissions "instagram_basic", "instagram_manage_messages" and "pages_manage_metadata" but to activate these options it's necessary to submit various information for approval as statement of how the integration works and descriptions of the usage flow. I don't have access to this information because I can't develop an integration without it being approved.
It's not possible to use the provided test user as the pages raised by him cannot be linked to Instagram accounts.
Tutorial followed: https://developers.facebook.com/docs/messenger-platform/instagram/get-started
Someone with some experience with the Facebook API could give me a light on how to obtain the token with access required and proceed the tests?
I have done the tutorial as well, I faced the same problem. To enable instagram_basic, instagram_manage_messages and pages_manage_metadata without app review you need to create a test-app. For test apps all permissions are granted without review.
Instructions on how to create a test-app
Another usefull tipp: If you are wondering why you need to implement facebook login to access the instagram messaging api, the logic is the following: You need to implement login to then use your own implementation to logg in your own account and obtain the page access key that will let you do api calls to the instagram messaging api. This process is obviously overkill and instagram is working on a way of getting that access token through the developer dashboard.
For now to obtain that access token you need:
implement facebook login as a simple html website and console log the response. Be sure to add the required permissions to the data-scope attribute of the facebook login button:
<div
class="fb-login-button"
data-scope="public_profile,email,instagram_basic,instagram_manage_messages,pages_manage_metadata,pages_messaging"
></div>
deploy to a website that has https enabled (logging in from
localhost will only work if you use a tunelling service like ngrok).
Open your website that has facebook login implemented and logg in with your facebook account that is also linked to the target instagram account and also is admin of your test-app.
get the access token from the response to call the other API endpoints.
I went through the documentation of smartsheet api third party authentication.
Steps are :
1. Register into developer tool.
2. Create an app.
3. note down client id.
4. From the application code call "authorize" api with client id.
5. smart sheet will redirect to consent page.
Now here I am confused. as to the API we will be called using Application's client id, how it is related to user who is access my web application. Because the app which I created in developer tool has access, api will works. Doesn't matter who is logged into my web application and has access to work sheet or not.
How smartsheet will know which user is trying to access the sheets because in the API we are just passing Developer App client id.
Or How Developer App can access logged in user's sheet.
Am I missing something?
The consent page will urge the user to login the system if the user has not logged in the system yet. Then, the system will ask the user whether he grants permissions to the client application or not. If permissions are granted, the system will issue a token which denotes "The user has granted the permissions to the client application". This is a basic concept of OAuth. Please read "The Simplest Guide to OAuth 2.0".
I recommend reading this section of the documentation: https://smartsheet-platform.github.io/api-docs/#third-party-app-development
Essentially, your application grants user access-scopes on a per-user basis. Your app needs a developer account. Your users need some kind of Smartsheet plan. Does that help?
We are facing an web application integration challenge that I could describe in great detail but an example is easier. We would like to link accounts of 2 very separate applications exactly how spotify accounts can be linked to facebook accounts. I'm not referring to how you can create a spotify account with a facebook login but linking your spotify account with a facebook account when separate accounts exist.
My understanding of OAuth is that the authorisation / authentication tokens are stored on the end user device (browser / cookies, app storage on mobile etc.) and that it is secure. It seems to me that spotify seems to be storing facebook authorisation tokens on their servers which seems to me to be a large security risk. The reason why I think this is that after I link my spotify account to my facebook account it is linked regardless of which client / device is used.
I have tried to find out in the internet how this works and have also inspect the browser application storage but cannot find out much information this way.
I am using Facebook as advertising platform to promote my application on Apple and Google stores. I would like to make windows service which will download daily report(s) about advertising status of my marketing campaign running one Facebook, preferably using 60 day token, or some permanent solution so that token is retrieved when required. I think that i understand everything to do this except how to generate access token to use it with Facebook Graph API. Which token for which Facebook account do I need and how to obtain it?
You'll need a Facebook app and to grant that app the ads_read permission in order to retrieve reports about your advertising efforts via the API (source).
You'll want a long-lived token so that you don't have to re-authenticate very often. The access token documentation details the steps to exchange a short-lived token for a long-lived one.
You may also want to consider managing the app, ad account, and access tokens (via a business system user) with the FB Business Manager.
Create a facebook app.
Go to the Graph API Explorer in Facebook's Tools & Support section.
Pick your app from the drop down.
Hit Get Token > Get User Access Token.
In Select Permissions choose required permissions or select them from extended permissions.
Use the user access token that will be presented to you in the access token form input field.
Assuming it is possible to transfer the Facebook API access token from some web app to my mobile app (via physical storage or network), will my mobile app be able to use that token as a regularly acquired token (as if the mobile app itself requested the token from Facebook)?
Is this procedure allowed in the Facebook API's terms of service?
Will the mobile app be able to cache that transferred token and use it as its own?
Basically, what I want is for the user to do Facebook Login and authenticate on one machine, and use the acquired token on a different one (e.g mobile app).
Is there a better way of doing this?
You can set your mobile app to go through facebook's oauth steps onload and if the user has already authenticated the app, he will get logged in right away, since you'll get an access token at this point of time, save that in the mobile app.
Automatic login triggers are now being used on both stackoverflow and quora. (if you sign up here through facebook, when you visit the site, you'll get signed in again - same for quora).
Also, access tokens grant access to a particular 'facebook app'. If your mobile app uses the same app id, then you can certainly reuse the same access token on the mobile device.
yep, we can reuse it. I got an access token from mobile app then it's applicable on web browser.