I am using Twitterizer which works great. I have a website (.NET 4, C#) where a user visits and signs-in... I store tokens e.t.c everything works great.
The question is how can I avoid asking the user to grant access to my app via twitter since I already did this once the first time (and let's say user is already signed in twitter in a different tab on my browser)?
Use http://api.twitter.com/oauth/authenticate?oauth_token=zyx instead of /oauth/authorize?oauth_token=xyz.
Read more on the Sign in with Twitter and GET oauth/authenticate documentation.
Related
Update: It appears that when there's no API or token, software seems to simply ask the user for their account credentials, and probably has to store this information. I guess it can't be a huge security risk, since people are willing to share this information with apps like Mint:
So, my conclusion is that it is OK to ask users for credentials to other services if they can be secured safely and the user desires the service provided.
Many, many apps use others apps such as Facebook in order to get data from it, usually to verify the user is real and to get relevant profile data (e.g. a dating app would want age, gender, etc.).
When using such an app, I do not have to enter in my Facebook credentials. The app simply opens up my Facebook/asks for permission to access it, and voila it's done.
There seems to be a lot of documentation for well known companies like Facebook, Twitter, and PayPal on how to do this.
But how is it done for an arbitrary website that requires a user/profile, e.g. this website: http://ae.com/web/index.jsp
Unsurprisingly, if I google for FaceBook, there's a heap of resources, and even it's own dedicated tag (https://developers.facebook.com/docs/facebook-login/access-tokens).
However, if I start googling for American Eagle, e.g. "https://www.google.com/search?client=safari&rls=en&q=american+eagle+access+token&ie=UTF-8&oe=UTF-8", I get nothing relevant at all.
If I understand your question right, that you want to enable facebook login for your website,
you still need to create a facebook app. then use the access tokens in your website. so when user clicks on login with facebook, the app will be asking for permissions and finally you will get the access token and you can use that in your site to log in.
I am programming a little web application right now. At some point I need to thing about the user registration. My first thought was do it with a Facebook Authentication. Why? I think it's easier to get user like that, because most of them have already an account on Facebook and don't want to get over the usual registration form(EMail Confirmation, ..).
Now I am asking myself, what happens when I decide to cut of the connection between Facebook and my WebApp? I mean maybe at some point I do not want to be dependent on facebook. Can I easily remove the Facebook Authentication and keep the already registered User? I think the biggest issue would be to set a new password instead using the Facebook ones for the User.
I have a desktop app which uses a user access token to read the me/feed endpoint and I can see all the posts for the logged in user. If I wanted to simplify deployment to different users I would need to minimise the amount of setup/configuration they did.
Is there a way to access me/feed for a given userid rather than have to setup every user as a developer account and create an app for it?
I have looked at https://developers.facebook.com/docs/graph-api/using-graph-api/v2.0 and it is not obvious to me how to do this.
What configuration / permissions does the user in question need to do to activate this. Which access token should I be using, and will it give access to all the posts in the same way the user access token does.
[EDIT] I have looked at this again and the problem I am having is that when a user (who has a facebook account but is NOT a developer) tries to login to my App (which is in development mode) I get the following error
"App Not Setup: The developers of this app have not set up this app properly for Facebook Login."
Thanks in advance
I have a scenario, where an authorised user through my application is posting status/uploading pictures via my application by granting required permissions. My application uses graph APIs.
Now, as app administrator if I want to see the content of the post, that the user has uploaded via my application. How do i do it?
I know in graph APIs, I have INSIGHTS api. But, it just gives us the statistics of the posts done via my app or user.
Can i really see the posts?
Assuming as an app admin I only have app access token and app ID. I dont store user access tokens with me.
Actually, I worked on the problem with every possible way. Found out that, even being an APP administrator I will need user access token (stored with me), without which these data shall not be retrieved via APIs.
My need was not to use user access token; But, no Its not possible via APIs as of now.
I'm new to OAuth and I'm mostly done implementing OAuth against Facebook and Twitter.
The way my application works is user can sign on either through Facebook or Twitter. Once getting in, they can setup the other, i.e if they log in using twitter, I ask them to setup facebook wall and if they sign up using facebook, then I ask them to setup their twitter.
The issue I have is this. Users after signing out and come back again, how do I avoid them to setup the things again? I noticed twitter access token never expires, so I guess that solve this side of the issue. But Facebook access token does expire. It's very inconvenient to ask my users to sign into facebook everytime to have that part of the application to work.
I might understood this whole thing wrong, so any suggestion is greatly appreciate it.
As far as I remember Facebook (https://graph.facebook.com/oauth/authorize?...) returns back user immediately if user has previously approved your application, so that he/she won't notice it if you design your app flow correctly (for example you can redirect user to Facebook in a popup and close popup when user returns back).