We have a special case, where we are uploading audio assets from our asset management system to Soundcloud. It works fine, but when redirecting the user I would like to do the authentication to a certain user on their behalf if they are not logged while doing the redirect. The workflow goes something like this:
User chooses an audio asset in DAM
User clicks the plugin that calls an API which handles the upload to Soundcloud
We redirect the user to permalink_url from the response
The problem is that we have two separate accounts. I would like to authenticate / login the user with certain credentials before the redirect. Is this doable?
yes that should be possible.
user grants access for your app, you store the tokens and may refresh it later or request new ones.
more here:
https://developers.soundcloud.com/docs/api/reference#connect
https://developers.soundcloud.com/docs/api/reference#token
oAuth 2.0 - Acting on behalf of the user
Related
I'm writing a React app that needs to have a login with Facebook button.
The React app is already communicating with a PHP API that already has a system in place for registering and logging in users with a username/password. The API generates a JWT and sends it to the front-end, which stores it in local storage and uses it to authenticate the user on subsequent API calls.
I've gotten my front-end app to the point where I'm successfully opening the FB permissions dialog, and receiving a response from FB that contains a userID & accessToken after the user grants permission.
My question is:
Do I need to store the FB accessToken if I don't need to access FB's API afterwards? Can I simply store the userID and use it for authentication?
My proposed auth flow would look something like this:
User clicks login with Facebook button, grants permissions in the dialog.
My React app sends the userID to my PHP API.
The API looks up the user in our DB by FB userID. If it finds one, it sends back a valid JWT, logging in the user.
If no user is found, the userID will be stored in the app's state, and it will begin the registration process, passing the FB userID along with the rest of the registration data when the user completes registration. The API then generates a JWT and proceeds with login like normal.
Would this be wildly insecure and a would be hackers easiest-day-ever?
Or is it safe to implement?
I have a game where I want to track user logins/installs. I need to be able to detect when a user was just redirected to my app from the authenticated referral dialog. Since we cannot specify our own redirect_uri after the user authenticates, nor does Facebook append any sort of flag for canvas apps - is there any way to achieve this?
3 Auth Token Parameter: If Authenticated Referrals is enabled and when a
user authorizes your app through the in-line Auth Dialog, we will pass
your app the Auth Token in the format specified here. Available
formats: URI Fragment: if your app is using client-side
authentication, Query String: if your app is using server-side
authentication. If your app is a canvas app, we will not use this
setting and will use the "signed_request" as the response type
automatically.
Based on that information from http://developers.facebook.com/docs/opengraph/authentication/, I would suggest you read the signed_request and see if the auth token is there. If the token is there and that id is already in your data store, you dont log is as a new app install. If the token is there and that id is not already in your data store, then you can add the user to your list of app users in your data store and track it as a new install.
In my facebook app I need to authenticate users on a different domain (not facebook.com), for example xxx.facebook.com, is it possible?
Yes, it is possible, only IF facebook endorse it.
For example when we log in the Developers.facebook.com.
Each domain is a child of facebook which mean that you need to have approval by Facebook to create a sub-domain.(well you won't create it but they will)
a little bit of search in the dev section resulted in this,
User authentication and app authorization are handled at the same time by redirecting the user to our OAuth Dialog. When invoking this dialog, you must pass in your app id that is generated when you create your application in our Developer App (the client_id parameter) and the URL that the user's browser will be redirected back to once app authorization is completed (the redirect_uri parameter). The redirect_uri must be within the same domain as the Site URL you specify in Web site tab of the Developer App:
https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL
If the user is already logged in, we validate the login cookie that we have stored on the user's browser, authenticating the user. If the user is not logged in, they are prompted to enter their credentials:
Hope this help
I am a little confused with the Facebook call back URL. I am building a iPhone application with Facebook login. So I will receive the access token from Facebook after the user logged in. Then I save this access token to my local (server side) DB. After that I want to use this access token to sent for example a post via C#.
What should I define for the callback URL? What is the importance of this?
The callback url is used to provide fast app switching, that is, the user of your app is first redirect to facebook app or site to do the login, then it invokes the url you did define and, if properly configured, it will be redirected to your app again.
You can specify the callback url from developers section on facebook, then you have to support it in the your app plist.
How do they manage to get user to login to Twitter / Facebook through Javascript so smoothly?
I am trying to replicate it for the web app. Basically, the user only needs to add a javascript snippet to their site to kickstart but I am clueless as to how to integrate facebook and twitter connect seamlessly.
Do they store access tokens after successfully authenticating a user?
Short answer is yes, they store access tokens after successfully authenticating a user.
After you try facebook and twitter apis, you'll see that, they both returns ids for every user who succesfully logged-in through your application. You can then simply add those ids pairing with the platform they logged in to your database. You can then use that data to track users easily.
You need to
Create applications on both platforms
Have pages for each provider to check if user performed a succesful login
Check if user is a newcomer and add that user to your database if so.
Set a session or cookie variable of user's local id in your own application or do whatever you are normally doing to track if a user logged-in as that user is your local user.