My Situation:
I'm trying to populate a shared Google Calendar when an event is created on the Salesforce interface. Im currently using the latest Google Calendar v3 (RESTful) API for the same https://developers.google.com/google-apps/calendar/ with APEX my development language.
I'm using a trigger that catches all the value from the fields (trigger.new) and passing those values to a class that does the JSON serialization, authentication and API call.
Till now, I was able to get all the data from the object and pass is to the class and get it serialized. But I need to do the OAuth 2.0 call before I can make a Google Calendar API call. https://developers.google.com/google-apps/calendar/
I have setup my application on the Google API Console and obtained the Client ID, Client Secret etc.
The usual way OAuth 2.0 works is that an authentication page pops-up waiting for the user to grant access to the API so that it can access the calendars linked to the users account.
My question:
Is there any way I can get the OAuth done in the background using a static/private key which is either obtained by granting access just once but not every time or just programmatically using the key value in the class to authenticate the user.
Looking forward to getting useful suggestions/inputs/help from everyone.
If the user --once-- have made the authorization you got the access_code and the refresh_code.
I found it helpful to store both codes with the application (here Firefox and password manager). With the next start of the application (Firefox/extension) I use the refresh_code to request a new access_code. That is used during the session for any further calendar call.
Related
I would like to allow users to login my web application using "Sign in with LinkedIn" Javascript SDK.
https://developer.linkedin.com/docs/signin-with-linkedin
Once user logging in using LinkedIn i need to transfer (post) the Member ID to my application server and look for a user with that linkedIn memberid in my application database.
The problem is that i couldn't find an option to validate the member id i am getting from the javascript SDK in the server side in order to make sure the end user didn't manipulate it using Chrome Dev tools for example.
Without an option to validate the value on a server side, i assume that users will be able to change the member id value before it post to the server. Am i right?
i found few old threads but the solutions do not work
If you want server side validation you should use the Oauth 2.0 approach.
Start by providing the initial link:
Li Auth
And continue from there:
https://developer.linkedin.com/docs/oauth2
I'm using API.AI with a backend in Golang to create a chatbot that queries an API. This API needs a API key.
This API key is user specific, it does not reply the same answer for different users.
I understand that context in API.AI can persist informations but it lasts only for a session.
Is there a way to memorize indefinitely (more or less) an information ?
Thank you all
API.AI doesn't store most dynamic data beyond the session as you've already indicated. For data as secure as API or authentication keys I'd recommend a secure database or datastore outside of API.AI and using user IDs for the platform's your working with through API.AI to connect the user to their API/authentication key (API.AI passes through information about where the request is coming from the originalRequest attribute of the JSON sent with every webhook request).
For instance you can retrieve the ID of a user who accesses your API.AI agent through the Google Assistant with originalRequest.data.user.user_id, Slack users with originalRequest.data.user and Facebook users with originalRequest.data.sender.id
I would like to be able to login with my google account in my unity game.
I've tried using Play Game Services, which imo would be the best solution, and I can log in and get name and ID and stuff, but I can't get the access token used, so I can verify who the user is on my server.
I have a server with a lot of player-data, that I can't put in Game Services, so I need to verify it's the correct user, and the ID is not safe enough.
How can I log in with google and get an access token in unity?
cheers
You can use this code to get token :
PlayGamesPlatform.Instance.Authenticate(success =>
{
if (success)
{
Debug.Log("Token :");
Debug.LogFormat("{0}", PlayGamesPlatform.Instance.GetAccessToken());
Debug.Log("End Of Token");
}
});
But you have to add a client id to your Google play services unity plugin.
Have you tried writing a custom Android plugin for your game?
You could get anything in your Unity game that you would be able to on a native Android app, and then pass that data to reference against your server.
They have pretty straightforward documentation for it:
http://docs.unity3d.com/Manual/PluginsForAndroid.html
I hope that helps!
Edit: Elaborated statement.
The PlayGamesPlatform.Instance.GetToken() will give you a string token, but can take a while to download, even several seconds. If the app setup is correct, it should populate after a while. Keep polling it whether it's null or empty, and it should eventually yield a valid token. The token is only good for 1 hour.
In order to access Google APIs on a backend web server on behalf of the current player, you need to get an authentication code from the client application and pass this to your web server application. This code can then be exchanged for an access token to make calls to the various APIs. For more details on this flow see: https://developers.google.com/identity/sign-in/web/server-side-flow
To get the Auth code: 1. Configure the web client Id of the web application linked to your game in the Play Game Console. 2. Call PlayGamesPlatform.GetServerAuthCode() to get the code. 3. Pass this code to your server application.
I am able to get the AuthCode and this code is given to the server and they generate the access token and authenticate my account.
Im writing a user registration mechanism by hand so I dont want to use existing plugins or something.
Im wondering what the best way would be. I planning to do the following abstract steps:
Writing an component which is in charge to output a button which calls the facebook-api --> login in via facebook (Im getting token and user name/id)
In my route im using that Data to call the REST-Server-Backend of my app. I will pass the token as well as the username/id to the Server. (POST api.myapp.com/users)
The Server recieves the request and will validate via Facebook-API
the user data and token on its own --> if valid: Add new user to
database.
If the user wants to login now (after registration) he will do again
step no.1 and than will ask the server if the user is existing. But
how: Since ember suggest that the REST-Server is somekind of a
CRUD-Server and using the store is for working for model data only, there
is no possiblity to do a "logic"-call to the server like "ask
him if user with id is existing". Should I call "GET ../users/" and than check in my route if the sum of the returned records are smaller than 1?
So is that a common pattern?
Sounds like a fairly simple OAuth workflow but obviously refer to the facebook docs. As far as point 4 is concerned, I would suggest that yes, on login you make a request for the login route on your server (which should abstract the facebook OAuth call), and if the user is authenticated, then send down the user resource, otherwise redirect them to the login and send down some sort of 401 HTTP error.
As all your API calls should be authenticated too your user won't be able to access any protected API resources.
I would also suggest you look into an ember plugin like ember-simple-auth which also supports OAuth.
You can find more information about OAuth2 workflows here.
I am trying to create a REST API using Java.
Now, for the front end, I am using socialauth, so that facebook/twitter/yahoo/hotmail/gmail users can sign in to the application.
After a user is signed in, he should be able to access the data for his account- I want to create a REST API that enables each user to access his data. I have understood the basics of creating a REST API using Jersey framework, however how do I ensure that only a user who is correctly logged in to the application, can access data via the REST API?
What I thought of is, I will store the user's email ID in session, when he logs in. And whenever he makes a request to the API, the email ID in session is passed as a input parameter to the REST API, and the REST API checks that data is asked for same email ID, as the email ID parameter.
Is the above way of thinking correct? What is the recommended/best way to implement REST API in the scenario as given above?