I have been checking this document to find out how to authorize my user but I couldn't see any signup information on the UBER API itself. You can easily login and authorize the existing user but how do you actually sign up using the API? Which API calls to make?
Cheers
Visit this URL to register and manage your Uber client apps:
https://developer.uber.com/apps
It will prompt for your Uber credentials if you're not logged in.
What do you mean by sign up using the API?
Actually Uber can let you login via Uber's login page and you can input the credentials in the form and submit it; once you pass this authentication, you will get a web page saying if you want to allow your third party app to access user's info; then once you allow or deny it, Uber will redirect to the redirect_url you registered earlier on your app dashboard and send an authorization code to it; then you could use this code to exchange for the access_token for further use.
Related
Facebook recently released a step-by-step documentation for using a GrapAPI to manage Instagram messages. To obtain the access token to use it, it's necessary to create an application in the developer center, enable login via Facebook and include the permissions "instagram_basic", "instagram_manage_messages" and "pages_manage_metadata" but to activate these options it's necessary to submit various information for approval as statement of how the integration works and descriptions of the usage flow. I don't have access to this information because I can't develop an integration without it being approved.
It's not possible to use the provided test user as the pages raised by him cannot be linked to Instagram accounts.
Tutorial followed: https://developers.facebook.com/docs/messenger-platform/instagram/get-started
Someone with some experience with the Facebook API could give me a light on how to obtain the token with access required and proceed the tests?
I have done the tutorial as well, I faced the same problem. To enable instagram_basic, instagram_manage_messages and pages_manage_metadata without app review you need to create a test-app. For test apps all permissions are granted without review.
Instructions on how to create a test-app
Another usefull tipp: If you are wondering why you need to implement facebook login to access the instagram messaging api, the logic is the following: You need to implement login to then use your own implementation to logg in your own account and obtain the page access key that will let you do api calls to the instagram messaging api. This process is obviously overkill and instagram is working on a way of getting that access token through the developer dashboard.
For now to obtain that access token you need:
implement facebook login as a simple html website and console log the response. Be sure to add the required permissions to the data-scope attribute of the facebook login button:
<div
class="fb-login-button"
data-scope="public_profile,email,instagram_basic,instagram_manage_messages,pages_manage_metadata,pages_messaging"
></div>
deploy to a website that has https enabled (logging in from
localhost will only work if you use a tunelling service like ngrok).
Open your website that has facebook login implemented and logg in with your facebook account that is also linked to the target instagram account and also is admin of your test-app.
get the access token from the response to call the other API endpoints.
I am using the Graph API for Facebook on my iPhone application. The problem is, I don't want the user to have to re enter their email address each time they want to login to integrate Facebook with my app. Is there a way to save and auto fill the login information using the Graph API?
Using the Graph API, there is no need for you to store the credentials, more than that, you should NOT store the credentials. As explained in the API dedicated help page the authentication process is handled by a secure token.
Meaning that if the user is already authenticated on Facebook using another application, it might be ( based on authentication process used ) already authenticated within your app.
You might check the token validity by using the isSessionValid method from the Facebook class.
Have a look to the iOS Facebook SSO link, it explains everything you need.
I want to allow users connect to my website using their facebook account.
First, the user authorizes my application and then I get an access token. Problem is, that I'm supposed on the first time to register the user, and the next time to auto login him based on his facebook email.
How do I create a SECURE way to auto login the user?
I'm using pure javascript, but I can't find any way to create a secure mechanism.
Thanks.
Facebook should handle all that for you - when they come back to your website, they can click the 'login' button(javascript SDK) and facebook should pass you back an access token.
I may, however, have misunderstood the question.
We're hoping to create mobile phone applications for (among other features) posting video to a user's FaceBook page. However, using their API, it looks like we would need to open a web viewer and have the user enter their login credentials every time the application is used. We would prefer to store these credentials so the user only has to login once.
We could of course save the http login post and resend it as needed, but this breaks if FaceBook changes their API and I worry about their terms of service and using an unofficial hack such as this.
Maybe someone knows of another application that uses Facebook this way?
You should have been returned an oAuth token to use.
The new Facebook API has a service you can call with the old tokens and it returns you a new oAuth token.
You just have to add offline_access to your permissions. You do this by adding &scope=offline_permissions at the end of your authorization url. Then your oAuth token won't expire.
I'm curious how these systems work technologically. As I understand it you do the following as a user:
Go to your favorite 3rd party site.
Click the "Facebook Connect" button.
Log into Facebook (if not already).
Authorize Application
You are routed back to the 3rd party site logged in.
But, how does the 3rd party site talk to FB about who you are? I can understand how it could get the information it needs when you initially authorize the application, but how would it know afterwards? Here's a scenario:
You go to Facebook and log in.
You then go to your favorite 3rd party site (which you already authorized).
It already knows you are logged in!
A background ping using an IFrame is performed, and if the currently signed in account has already authorized the application, then the access token and user id are returned to the application. With this the application can decide what to do (usually, set a cookie and refresh the page so that the server can re-render the page knowing who you are based on the cookie that was just set). If you're curious, you can look at the Facebook implementation of the client side JS method called FB.getLoginStatus() here: http://github.com/facebook/connect-js/blob/master/src/core/auth.js#L117
It's using a 3-legged authentication system called OAuth.
After you start the process, the 3rd party site connects to Facebook, and if you were already logged into Facebook (live session with cookies) then it will just use that, and ask permission to authorize the 3rd party app.
Once it is authorized, it will get an auth_token, which it can use to access information from your account, unless you revoke it's access.
Check out OpenID. Also this presentation is very interresting: Facebook Connect vs FriendConnect
It all happens through OAuth2 mechanism ,where the third party application already registers with the facebook(or any other website which has oAuth2 implementation) and gets the Id(usually termed as clientId) and secretCode(i.e., clientSecret).
So, when you want to login into the third part app through fb, the service provides (clientId+clientSecret+callbackUrl )---> to facebook.while , the first two were to authorize the third part service and callback URl is URL where facebook responds back with a "accessToken" for that account.
Using this accessToken , the third part service will invoke facebook's graph api's to get the user related info and use them to login the user into their service.