This is my working scenario: i have created and successfully published an App on the Google Apps Marketplace / Chrome Web Store. Let's say some users did install this App on their own domains and are using my App. When they installed this App on their domains they granted data access to the scopes I declared for my App, for example scopes A and B.
Now let's say we went on improving our App adding a new feature and we released it. This new feature requires us to add a scope C to the App configuration. So let's add scope C and save the new configuration.
For those users who have already installed the App, scope C is "new" and needs to be granted access, while A and B are already granted.
Now we need to find a way to notify users about the need to grant access to the newly added scope before going on using the App (otherwise end users may incur in some issues).
The question is: is there a way to programmatically detect for a specific domain installation of our App which scopes have already been granted access and which ones not?
Assuming you have an access token you can use oauth2.tokeninfo() to determine which scopes a given token is good for.
Related
I’m trying to automate creation of ad accounts for my own business, and then upload custom audiences into these ad accounts. I wish to do this using a system user.
I have written some scripts to automate this process, but I am unsure how to receive the appropriate permissions from Facebook as I can not create a screencast, as my scripts has no UI. It’s just a collection of scripts.
Some research has a said that if apps only talk to a small number of accounts, you can just leave apps in dev mode to avoid going through app review, but I don’t think that’s possible in this case for the following reasons.
When my app is in dev mode, and I try to POST to https://graph.facebook.com/v7.0/<my-business-id>/adaccount to create a new ad account in my business, I get the error: "(#270) Development access is not allowed to access business API post:Business/adaccount.” OK. So my app has to be live for me to use this end point. If I set my app to Live, and then try to hit this end point, I get this error "(#294) Managing advertisements requires an access token with the extended permission for ads_management”
Then, looking at the permissions screen in my app, it appears I need to submit an app review with a screencast to be able to use the ads_management permission.
Additionally, if I want to use a system user, I can only approve permissions that have been approved by the app review process.
Given that my app has no UI (and nothing to screencast) how should I proceed? Or am I missing a way to do this without going through the app review process?
Facebook as provided instructions on how to submit those kinds of apps here, https://developers.facebook.com/docs/apps/review/server-to-server-apps:
If your app has no user interface because it exchanges data directly with our APIs, refer to this guide when configuring your app's Basic Settings, and when completing App Review.
Before the data breach at Facebook I had an app that was approved for the user_managed_groups permission. When they changed things my app became useless due to the restrictions on getting the user data from the comments.
I'm seeing now that Facebook has updated the API to allow apps to get that data provided each user of the group provides consent via graph login. I can easily add this to my workflow and provide the group admin a link for their users to consent.
The issue I am facing now is that the group admin must install the app into the group (see this help article for how this is accomplished), but apps cannot be installed unless they are approved by Facebook. This workflow seems like a catch 22: I can't test unless the app is installed but the app can't be installed unless it's approved.
How do I test my app if it can't be installed to the groups?
Test it with a group your app admin is an admin of, and a comment also made by that app admin user, that seems to work for me, according to a quick test in Graph API Explorer. (Comments made by other people with a role in the app probably work, too.)
The app must be in dev mode though, in live mode you will just get the error message saying the app must be installed in the group. If your app is currently in live mode and you can’t set it to dev mode, because you have other features that are in production already, then create a test app version of your app, https://developers.facebook.com/docs/apps/test-apps
I have an app with SwiftyDropbox that function correctly, but I need to insert email and password for Dropbox every time that I use the app.
The app it's only for my use, it's not a security problem if the app auto-login in my account.
I don't find examples or documentation to make an auto-login with SwiftyDropbox. It's possible?
While the Dropbox API was designed with the intention that each user would link their own Dropbox account, in order to interact with their own files, it is technically possible to connect to just one account. We generally don't recommend doing so, for various technical and security reasons, but those won't apply if you're the only user anyway.
So, there are two ways to go about this:
1) Implement the normal app authorization flow as documented, and log in and authorize the app once per app installation. The SwiftyDropbox SDK will store the resulting access token for you, which you can programmatically re-use after that point each time using authorizedClient.
2) Manually retrieve an access token for your account and hard code it in to the app, using the DropboxClient constructor shown here under "Initialize with manually retrieved auth token".
I work a lot with AppsScript within my workplace. I've built lots of custom OAuth2.0 flows within AppsScript, that allow the application to call Google's REST APIs, and I've also worked with enabling the 'built in' API interaction objects (GmailApp, CalendarApp, etc). If you enable any of the built in APIs, the script editor adds the relevant scopes to the project information, and then asks the user for permission to interact with these APIs, when the web app first loads.
If I need to interact with both REST APIs and the few built in API calling objects, the user needs to first grant permission to the built in API scopes, then has to follow a separate OAuth flow, for the REST APIs. This makes for a really ugly user experience.
Is there a way to add REST API scopes to the list of scopes within the project information, so that when the user first loads the app, it asks them to grant permission for ALL scopes that the project will need? I could then retrieve the users oauth token from the script session with ScriptApp.getOAuthToken(), and use that in all external REST API calls.
EDIT (~12:00:05 18/DEC/15):
Please note, I already know how to enable APIs through the Developer Console Project that's linked to the AppsScript project - I want to find a way to add ALL APIs that are enabled to the Scripts properties, so that when the user launches the app, it asks them to grant permission to access all enabled APIs on their behalf (even REST apis), so that I don't need a second manual OAuth flow / token for the REST APIs.
EDIT (~14:00:08 18/DEC/15):
I've also looked into the Import/Export functionality within Drive, documented here:
https://developers.google.com/apps-script/import-export
and can't find any way to alter the scopes (or supply any scopes) for the project, this way.
In apps script you can enable specific API if you go to the menu "Resources > Advanced Google Services". It will open a Popup with a list of API, but there you also have the option to go to the Developer Console with the project associated with your Apps Script project.
And from there you can get the necessary information (clientId, etc.) related to the same Apps Script project and use it in you OAuth flow.
If you already have a project with all the required configurations and all the necessary API already enabled, you can also link your current Apps Script project to that app, so you don't have to do the same again.
In the menu "Resources > Developer Console Project", a popup will open and there you will have the option to access the Developer Console, but also you will have the option to associate the current Apps Script project to any other app you already have.
Just keep in mind that when you are trying to use an API you will have to enable it in the "Advanced Google Services", both in the list that the popup shows as well as in the Developer Console.
After doing this, the access tokens will be related to the same app and the users will grant permissions only one time when enabling a new API.
I hope this helps.
I'll be needing some help regarding the Facebook permissions. Actually, I have defined a permission set on my facebook developer account under permissions and setup an application as well. I would like my ios application to pull permissions (On Login) that are specified under my account. I know I can use iOS or FB SDK 3.5.1 in my application (which I am using) but I don't want to specify permissions set on device, Just want to save version submissions of my application on store, don't want to keep this on client side. I know how to achieve permissions etc on iOS device as well which I have been using since Facebook 2.0.
So, is there a way using which application should pull permissions from the application ID (developer account) instead of specifying the permission set on the client (iOS).
Many Thanks,
Reno Jones
I think you are trying to think in reverse direction but this is not possible to achieve.
Permissions are never attached to any app, we specify permission so we can use those explore more using that appID.
Means there is nothing as such permissions for appID, appID & permissions are both different thing.
For Eg: I have created an app to see my details on Facebook. In order to achieve it we are not required to configure my appId on facebook. So its only us(the developers) who know what user can do with Facebook using that FBID.
So we just ask permissions separatly.