According to Uber documentation a new user should be referred via: "https://m.uber.com/sign-up?client_id=YOUR_CLIENT_ID"
So, is there a way to refer a new user using oAuth authentication with:
GET https://login.uber.com/oauth/v2/authorize?
And shouldn't it be automatically referred since oAuth authorization requires client_id to authenticate?
If an application directs a new user to the OAuth authorization endpoint, htts://login.uber.com/oauth/v1/authorize and the user clicks "Sign Up" they will be taken to https://get.uber.com/go/?client_id=XXXXXX.
If the user creates an Uber account the client_id is recorded and the referral is tracked.
Related
I'm building an app that allows users to sign up with facebook login. Facebook login gives us an expiring access token.
So far I've thought through having the phone app collect the facebook access token itself and it should POST it to the api. The api can search to see if it's seen this token before and if it hasn't the api should generate a new user account.
However the facebook docs mention that this token expires. If a user's token expires and they provide a new token to my api, the api will generate a new account for the existing user. How should I solve this?
Use the access token to access https://graph.facebook.com/me?fields=id, which will give you the user's unique ID for your application. Use that as the primary key.
You can try this out with the graph explorer tool https://developers.facebook.com/tools/explorer/
You'll get a response like
{
"id": "10123455041265200"
}
Docs https://developers.facebook.com/docs/graph-api/reference/user/
I want to allow users to sign up using either a user-pool identity (email + password) or a Facebook-federated identity.
But I also want them to be able to switch later on: either add Facebook federation if they didn't sign up using Facebook initially, or remove the Facebook link from their account if they initially signed up using Facebook.
Is this possible?
Thanks in advance!
Yes, it is. I'm assuming that Facebook is added directly to the Userpool as an IdP.
Splitting your query into 2 parts:
1. User signs up using username & password. Later, he wants to link his Facebook account
This is pretty easy. Give an option in your UI and use the AdminLinkProviderForUser API to link Facebook/Google account to the user. Now, when the user signs in using this Facebook/Google account next time, Cognito will treat it as the native user & generate token for the same. Of course, the Facebook info will be mentioned in the identities claim. If the user wants to remove this Facebook/Google link later, it is possible using the AdminDisableProviderForUser API call.
2. User signs up using Facebook
This is a bit tricky since Facebook login will automatically create a user in your Userpool with status EXTERNAL_PROVIDER (unlike native users who have CONFIRMED status). As the name suggests, this user can only be logged in using the relevant external provider - Facebook in this case. If the user wants to login using a username password, a new account will have to be created using SignUp API or AdminCreateUser API. Also, this account can not be linked to the previous Facebook account using AdminLinkProviderForUser because a pre-requisite is that no Facebook user with the same details (email etc.) should exist in the Userpool. But at this moment, we have an auto-created Facebook user with EXTERNAL_PROVIDER status.
So, in short, you would have to - create a new user using SignUp or AdminCreateUser API, delete the auto-created Facebook user & Finally link the Facebook account as mentioned in case 1.
I have been checking this document to find out how to authorize my user but I couldn't see any signup information on the UBER API itself. You can easily login and authorize the existing user but how do you actually sign up using the API? Which API calls to make?
Cheers
Visit this URL to register and manage your Uber client apps:
https://developer.uber.com/apps
It will prompt for your Uber credentials if you're not logged in.
What do you mean by sign up using the API?
Actually Uber can let you login via Uber's login page and you can input the credentials in the form and submit it; once you pass this authentication, you will get a web page saying if you want to allow your third party app to access user's info; then once you allow or deny it, Uber will redirect to the redirect_url you registered earlier on your app dashboard and send an authorization code to it; then you could use this code to exchange for the access_token for further use.
I have an app with a login screen with a button that invites users to login using facebook.
That authentication part of the integration works fine. I have also parsed the returned cookie variable to obtain the userID. The next step is to obtain the users information.
I found this stackoverflow article Difficulty parsing string with Facebook one click sign on and ColdFusion which says
Once you get parsed signed_request (stored in your cookie) you can use
user_id (which is Facebook User Id) and oauth_token (aka access_token)
to get needed info via Graph API or FQL.
But, how do you obtain the access_token the poster speaks of? It is not in the cookie variable (that I can see anyway).
Sorry for being such a noob. I got twitter working easy. Facebook is a pain.
https://developers.facebook.com/docs/authentication/ is your friend. Read the server side flow section.
"If the user presses Allow, your app is authorized. The OAuth Dialog will redirect (via HTTP 302) the user's browser to the URL you passed in the redirect_uri parameter with an authorization code:
http://YOUR_URL?code=A_CODE_GENERATED_BY_SERVER
With this code in hand, you can proceed to the next step, app authentication, to gain the access token you need to make API calls.
In order to authenticate your app, you must pass the authorization code and your app secret to the Graph API token endpoint - along with the exact same redirect_uri used above - at https://graph.facebook.com/oauth/access_token. The app secret is available from the Developer App and should not be shared with anyone or embedded in any code that you will distribute (you should use the client-side flow for these scenarios).
https://graph.facebook.com/oauth/access_token?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL&
client_secret=YOUR_APP_SECRET&code=THE_CODE_FROM_ABOVE
If your app is successfully authenticated and the authorization code from the user is valid, the authorization server will return the access token:
In addition to the access token (the access_token parameter), the response contains the number of seconds until the token expires (the expires parameter). Once the token expires, you will need to re-run the steps above to generate a new code and access_token, although if the user has already authorized your app, they will not be prompted to do so again. If your app needs an access token with an infinite expiry time (perhaps to take actions on the user's behalf after they are not using your app), you can request the offline_access permission."
In my facebook app I need to authenticate users on a different domain (not facebook.com), for example xxx.facebook.com, is it possible?
Yes, it is possible, only IF facebook endorse it.
For example when we log in the Developers.facebook.com.
Each domain is a child of facebook which mean that you need to have approval by Facebook to create a sub-domain.(well you won't create it but they will)
a little bit of search in the dev section resulted in this,
User authentication and app authorization are handled at the same time by redirecting the user to our OAuth Dialog. When invoking this dialog, you must pass in your app id that is generated when you create your application in our Developer App (the client_id parameter) and the URL that the user's browser will be redirected back to once app authorization is completed (the redirect_uri parameter). The redirect_uri must be within the same domain as the Site URL you specify in Web site tab of the Developer App:
https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL
If the user is already logged in, we validate the login cookie that we have stored on the user's browser, authenticating the user. If the user is not logged in, they are prompted to enter their credentials:
Hope this help