Janrain contacts - contacts

I am using janrain to log onto site and also to pull contacts the users facebook, gmail, etc. accounts. As it is now it will only pull in contacts from the logged in account. Is there a way to pull in contacts from their other accounts. For example if they are logged using their facebook account, is it possible to also pull contacts from their gmail account?
Thanks

If a user has only ever authenticated to your site using Facebook, you would not have access to their Google contacts... only what's returned from the API by Facebook.

Related

Firebase get Provider Tokens

I am using Firebase for my app. I can successfully authenticate users with facebook and twitter providers. I have added the linking the user accounts. Now a user can authenticate with email and then connect the facebook and twitter providers. But I have a problem in this case.
The scenario is, the user signed in with email. Connect twitter and facebook accounts to original account. Then, try to send a tweet. Right there, twitter login page opens. The user did not know the twitter tokens for twitter provider. I need to get custom tokens from the firebase for facebook and twitter. This way its meaningful to link providers. How can I do that?

Facebook API: is the email field guaranteed to be validated?

I'm implementing a Log In With Facebook button on my website, and will be using the email field for two purposes:
create a new account if I don't have this email in my user database
match an existing account if I have a user with this email address
Does Facebook guarantee that they verified the user owns this email address when they return the field in their API?
Otherwise, in the (unlikely) event that a user of my website does not have a Facebook account, someone could create a Facebook account with this email, without validating it, to log in to my website with their account.
They are supposed to be but Facebook has had issues in the past of unverified emails being allowed to pass through the API Is it possible to check if an email is confirmed on Facebook?.
If you implicitly allow Facebook accounts to link up via email, then the next time Facebook has an issue they can effectively take control of all your users accounts.
The secure way to link users up is to either:
Ask a normal user to link their facebook account by logging into it.
Ask a Facebook-user to login with your sites normal account.

FB Connect API - cannot get friends email id

I'm developing an web application in Java and using facebook account for login to my applications. After sucessfull login i need to get the logged in facebook account user friend's details including email id's. I can get the logged in user's friend's profile details but not the email ids of them. It always shows null. How do i get the email ids of my facebook friends.
Any help is very much appreciated.
Currently, this is not supported by Facebook. You cannot get user's friends' email, regardless of what permissions the user gives your app. Refer to the this for details.

Site Sign Up, Sign In with Twitter and Facebook

I'm developing a website where the user can either sign up creating his own profile or can sign in with FB or Twitter.
The thing is I don't really know how to manage it, for example: let's say my user signs up through the website and creates content, what happens if the user later decides to sign in with FB or Twitter? How can I keep it all unified?
I know I could just do the Twitter sign in, get the data from twitter and create a profile in my DB for the user with his Twitter handle, don't know how I'd deal with later if he wants to just log in through the site.
Anyone have any ideas?
So he later signs in with Twitter or Facebook. I think you have a couple of options in this case. Allow the ability to link accounts together once the user signs in with any one method. Say they sign in with your sites registration, let them hit a page where they can add in other linked accounts like Twitter and Facebook once they are in their logged in state on your site. See the friendfeed model for inspiration. Or, like we did with ucubd.com/index.aspx - let the user sign in with facebook and regsister an account on their behalf and ask for their email as the login credential. If it's found - great. If it's not ask for a password. This will allow the user to either login with your sites registration method or through facebook. You will have the information in your database to link both of them together.
Every account on your system will have an e-mail address. Every account with FB, Google, Twitter is also linked to an e-mail address. What you will need to do is link the accounts based on e-mail address. That way you will never get duplicate accounts.

Oauth : Get user's permissions without any redirection to a server

in my website, I want to add a "invite friend of my contacts book" functionnality.
I would like that the user fills the loggin form in my website. Then the website contacts Google Mail, Yahoo Mail, Live Mail and retrieves the contact list.
In the Oauth protocole supported by Google and Yahoo, the user is redirected to a Google or Yahoo page (like Facebook) in order to permit the user to give permissions.
But I saw two websites which didn't any redirections to get the contacts book (LinkedIn for a Google mail account and Theauteurs with a live mail.)
Do you know how I can get a contacts book without redirect the user to Google, Microsoft or Yahoo website.
Simple. Neither of them are using OAuth to access contact data. That means users don't get the benefits (such as not having to share passwords and easy revocation).
The motivation behind OAuth is to avoid users to input their credentials of site A in site B (this would be you).
If you follow this path (and I believe you should not), you are not doing OAuth at all.
PS: Why Facebook doesn't use OAuth is something that puzzles me still...
Facebook will be dropping Connect in favor of oAuth. Outlined here-> http://www.pcmag.com/article2/0,2817,2362920,00.asp