We want to update our user profiles with information from LinkedIn (should the user choose to import this information). However, we want to this this authorization using Oauth2, but accordoing to LinkedIn's website only Ouath 1.0a is supported for their REST API: https://developer.linkedin.com/apis
Any way around this?
As LinkedIn is providing OAuth 2 access using their JavaScript API you could dive into their Javascript code and somehow get to the file, that has the OAuth 2 endpoints in it:
l.api = "https://api.linkedin.com/v1";
l.login = "https://www.linkedin.com/uas/connect/user-signin";
l.authorize = "https://www.linkedin.com/uas/oauth2/authorize?immediate=true";
[...]
l.logout = "https://www.linkedin.com/uas/connect/logout?oauth_token={OAUTH_TOKEN}&api_key={API_KEY}&callback={CALLBACK}";
l.userspace_renew = "https://www.linkedin.com/uas/js/authuserspace?v=0.0.2000-RC1.20001-1400&api_key={API_KEY}";
For requesting resources, probably the endpoints in their REST API documentation could be used.
However, note that it is probably forbidden by their terms of use to use these endpoints without their JS API and could result in your client being sanctionized. You could contact them and ask for permission.
I've created a Play 2.x client in Scala and Java which supports OAuth/CAS/OpenID/HTTP authentication and user profile retrieval : https://github.com/leleuj/play-pac4j.
For OAuth support, it's based on Scribe and supports LinkedIn, Facebook, Twitter, Google, Yahoo, DropBox, Github, Windows live, WordPress...
Related
I know this question has already been asked by someone else, but I didn't found the answers to my exact question.
I'm building a backend that provides its API written using Django REST Framework and integrates Facebook using Django Social Auth.
The frontend consumes the API using AngularJS.
I used a simple Token-based Authentication and everything went well, when somebody authenticated with Facebook I could retrieve the simple token (which never expired) from the DB and return it to the frontend, which will use it for subsequent calls to the API.
My problem now is that I want to publish my APIs and use oAuth2.
In order to do this I am using Django OAuth Toolkit.
If a user uses the native login there is no problem, because I use resource owner password based grant type (giving only client_id because the frontend is a JS app).
Now, if a user authenticates using Facebook there is a problem! I have no password to use!
This fact made me reconsider everything about authentication in my backend.
I thought this:
Is it sensed to make my "official" frontend app consume the APIs using oAuth2?
Isn't it better to use Token-based authentication (or Session-based, if you prefer) only for my frontend app and let third party apps consume APIs using oAuth2?
And, if I do like this, how can I tell my "official" app from other apps? Wouldn't it become a leak in security (for some reason, I don't know...)
I'm a bit confused about how omniauth works for facebook and twitter. I notice when I use twitter, then I end up getting back credentials which include a token and a secret. My understanding is that twitter will return the same set of keys for the same application keys.
For facebook I notice that I only get back a single token. I would like to use this token to identify the user when they use my application-- but my concern is that since I am only getting one token back, that this is a short lived token which might change.
I did some research to find out if Twitter supports OAuth 1.0 (which I'm quite certain Twitter uses).
Am I missing something? Is a it a matter of Twitter and Facebook using different OAuth versions.
Twitter and Facebook do, in fact, use different versions of OAuth. Twitter uses OAuth 1.0A, while Facebook uses OAuth 2.0. These versions have different implementations.
For Twitter, there are two options for accessing the APIs via OAuth, application-only auth and application-user auth.
For details on Twitter's OAuth, check out https://dev.twitter.com/docs/auth/oauth
For details on how to obtain access tokens for Twitter APIs: https://dev.twitter.com/docs/auth/obtaining-access-tokens
For this task I have already created my own facebook application to get the API key and secret key. Can anyone explain the next steps that should be done to
1) Read from facebook API
2) Write my own database
by using web services
Thanks in advance!
A high level answer:
I'm assuming you want to use the authorization code OAuth flow (this means you want Facebook users to give you access to their profiles so you can grab data from there). If so, you need to bring up a web server and an application that will run your users through the Facebook OAuth flow. In case you just want to access Facebook with your own credentials you don't have to have a web server, simply use the client credentials OAuth flow.
So, Once you have a valid access token, you simply make calls to Facebook API using this token. using Facebook Graph API is simply a matter of calling URLs and getting the data as JSON.
You can test-drive the API here.
BTW, according to Facebook's platform policy, you're only allowed to store Facebook data for caching purposes.
Let me know if this helps.
I want to use http://api.twitter.com/1/blocks/create.json?screen_name=xxxxxxx (Twitter API) to block particular friends or followers from my account with the use of Twitter & Account Framework in iOS 5,
So what should i do to solve this issue, because i just want to use Twitter account , don't want to use OAuth.
It generate an error like : HTTP/1.1 401 API is secure. Needs security Credentials
The Twitter API requires OAuth authentication. However, if you're happy with targeting iOS 5 and up you can use the in-built Twitter framework to perform the OAuth calculations on your behalf, which will save you a lot of time. Take a look at the documentation for TWRequest:
http://developer.apple.com/library/ios/#documentation/Twitter/Reference/TwitterFrameworkReference/_index.html
Actually you need to put parameters of post requests in the body. This is described in the OAuth tool description under Request query:
This tool is available on the right of every rest API documentation page like this if you are logged in
You can use apigee console for twitter to test it but you will get the same error unless you include the screen_name parameter in the body
Firstly I understand OpenId is for authentication and OAuth is for authorisation and unlike other questions on the site I am not asking which should be used for which but whether anyone can advise a solution for my issue.
I want to allow users to login to my site via their LinkedIn/Twitter/Facebook account once logged in say via LinkedIn they could also then authorise their Twitter and Facebook account as a optional login method. This would allow the user to authenticate via any of the three but end up with their user account on my site as the end result.
I also want to use the authorisation they have provided to get basic user details (profile pic/name etc) and post status updates.
I don't want to ask a user to login with their account via openId then have to authorise the same account again via oauth to allow my site to publish to their service feed and have to do this for each of the 3 services.
Any ideas or issues to this issue?
If you are using ASP.NET MVC, DotNetOpenAuth is an excellent solution for supporting OpenID/OAuth sites. StackOverflow is using it, and they are quite picky for the code they use in the site.
The integration if OpenID with DotNetOpenAuth is quite straightforward. I have not tried OAuth, but I don't expect it to be of any less quality.
Unfortunately, Facebook does not support OpenID/OAuth, so you need to use a different solution for it. The one I use is Clarity Consulting's Facebook Developer Toolkit. It works, although I do have certain complaints about the quality of the code; unfortunately I haven't found anything better yet. (Note: If anyone knows a better alternative, by all means let me know)
The basic integration of Facebook Connect with the Facebook Developer Toolkit is also relatively straightforward. However, their object model is somewhat messed up, due to their attempt to stay as close to the Facebook APIs, so the HTTP API patterns are bleeding through a lot. Still, it does the work.
Update: Now that Facebook announced that they'll be supporting OAuth 2.0, DotNetOpenAuth might turn out to be the best solution.
Have you looked into RPX?
https://rpxnow.com/
I don't want to ask a user to login with their account via openId then have to authorise the same account again via oauth to allow my site to publish to their service feed and have to do this for each of the 3 services.
I'm afraid you'll have to connect the user's account to each of the 3 services individually. What platform are you using to build your app? If it's Ruby, then a gem like OmniAuth looks promising.