We are developing an application where we will use Facebook to authenticate users. We have a business requirement that customers need to be re-authenticated for getting into the "My Profile" section. i.e. When customers try to enter "My Profile" section, they will be treated as recognized but not authenticated.
To see a similar example: visit Amazon.com -> log in -> Add any item to cart -> Proceed to checkout. At this point, you'll be asked to re-enter credentials.
Is there a Facebook API that allows me to do this? By the way, I shouldn't log out the customer if the customer chooses not to re-authenticate.
Apologies if this question has already been asked - please point me to the relevant thread.
Send the users to login.php with the next url to your application authorization page.
https://www.facebook.com/login.php?skip_api_login=1&api_key=&signed_next=1&next=
Related
How would I get the email address associated with an active Facebook App ID, if all the usual methods (such as here, and here) don't return any email information with my creator-uid?
(I simply don't get the email field returned, even when I specifically request it as per here. I don't think this is a case of this as I didn't get an "App has no owner" error, or any error whatsoever.)
I've also tried this, but I'm in a catch-22 as I can't log in to select the application first.
I'm looking for the owner email address, so I can log in to make administrative updates following graph API updates.
Other specifics:
I get the following when I hit the Graph API via: https://graph.facebook.com/{my-app-id}?access_token={my-access-token} or https://graph.facebook.com/{my-app-id}?access_token={my-access-token}&fields=email
{
"name": "my-name",
"id": "my-creator-uid" }
I've tried to recover my FB account using all emails I can think of, but FB says 'no account exists' for each that I try. (This is a data-analytics corporate account being used to gather data for 12+ months, so I can't simply create a new account/app ID and start using that instead, as app-scoped user IDs will change.)
I've also tried viewing https://www.facebook.com/app_scoped_user_id/{my-creator-uid}/ and https://www.facebook.com/{my-creator-uid}/ from another company FB account, but both get:
Sorry, this content isn't available right now The link you followed
may have expired, or the page may only be visible to an audience
you're not in.
What else would you suggest? What might have happened? I've tried to contact Facebook, but that search led me to this forum post, so I'm here. Thank you in advance for your help.
This is not a programming question, try to get in touch with the Facebook Team, if you are working with Facebook paid services (like Advertising) you might have an account representative that can accelerate the things a little bit (But this can be a really long wait).
A more realistic option is to create a new profile and an new app, also your application will be reviewed as well (Take a little less time than previous option).
The below the page did not open, please let me know the REST API of "create passenger name record". I tried to open the page several days, it always failed.
I know SOAP API of "create passenger name record", What I want is REST API.
https://developer.sabre.com/docs/rest_apis/air/book/create_passenger_name_record/
Uh oh. You don’t have access to see this page. Try logging in to see if that does the trick. If that doesn't work and you think you should have access to this page, send us a note. NOTE: if you are a current customer who just registered, it can take us up to 24 hours to set up your account to see the resources. If this is an urgent request please contact us through the site.
Please Sign In or Register.
Error Page as signed in - Image Capture
Which browser are you using?
I tryed it in different browsers (Firefox, Chrome, etc..) and in all of them I get a notice to sign in or register to access this page.
Obviously you're not signed in. Have you tried creating and or signing in?
We have Google Identity Toolkit implemented on our server and can successfully create "simple password accounts" and "Facebook accounts".
However if a user has first signed in with "simple password account", created password, confirmed email, etc...
How can this user then at a later time add Facebook as an alternative provider?
In our case, if this user clicks "Sign in" he will see:
On the following login screen however, he can only choose the existing "simple password account".. if he does, the login proceeds to password input, without a chance to use Facebook as an alternative.
What do we have to configure so that the user has the possibility at any time to link another provider to his "simple password account"?
Scroll down to the Account Linking section in this doc.
The key phrase here is Thus if Google Identity Toolkit detects that the same email address was used at both identity providers, we link the two accounts. It appears this is not something you can do manually, and accounts can only be linked in this particular situation. In the case of Facebook I believe the email to which they are referring would be the primary email found in the Facebook user settings.
I hope they implement more comprehensive account linking in the future! The Gitkit account manager would be the ideal place to do this if you are listing Google.
I am building a Login that uses "Login with PayPal button".
and uses the generated button: https://developer.paypal.com/webapps/developer/docs/integration/direct/identity/button-js-builder/
After getting the user's consent, I wants to get the user email address.
the web runs without error, however, I only gets User Id. others are null.
I did the example from the document: https://developer.paypal.com/webapps/developer/docs/api/#get-user-information
what are the right steps to get the user information?
Thank you.
Please look at the code example on https://devtools-paypal.com/guide/openid/ruby?interactive=ON&env=sandbox
As you can see there is a scope defined as
:scope => "openid email"
Most probably you missed email in your code.
I'm developing a site for a client, and he wants people to be able to buy licenses/support contracts via PayPal. What I'm stumped on is how I can make the payments secure. My current idea is to generate a random string using MD5 or whatever, plug this into a database, and send it along with the rest of the PayPal button code. When the payment is completed, the user is redirected to a PHP page where there is code to update their information in the database. The only thing stopping a hacker giving themselves a license/whatever without paying is the random hash, which can be found out using a sniffer of some sort, and plugged into the POST data returned by the PayPal code.
So. My question is this: How do I execute custom PHP code only on a successful PayPal payment, without leaving any loopholes open for the more evil users of the interwebs?
I think you should use a Payment Gateway such as PayFlow
if you're on the website ready to pay, there maybe a session already with your user logged in?
in this scenario, when the user returns back to the website, you can check you have a particular session variable and if it exists, you do the following
1) check your session, do you have a user logged in? should still be logged in if you just visited paypal a few minutes ago.
2) does the session contain your sale_id?
3) if no, dump the user on the home page, remember to header("Location..."); die("DEAD"). the die() part is important
4) if yes, check the sale_id was paid, the notify url should have caught the POSTED payment data, if valid, allow them to update the data
5) if yes, but not valid, allow them to repay using another method, this means to redirect them to another page to attempt to pay again, but don't let them access the "change details" page, the only way you get there, is by strictly validating the payment was successful.
how does that work for you ?