I decided to look into using Google Identity Toolkit. I knew I liked the UI, and the idea of using a "federated" login system. I'm now having my doubts, as while my site works well with gmail/ymail/hotmail etc, it doesn't seem to support any of the social platforms.
Essentially, I just need an email address from people to be registered with the site, so I thought GITKit was the perfect solution.
Should I have gone down a custom route (like stackoverflow?), or have I missed some of the GITKit documentation?
Any help would be much appreciated.
I did do a fair amount of googling prior to posting that question. However, I have come accross some answers. Rather than delete my post - I guess I should share the information. If others thought the information was clear, please delete this thread!
Firstly, there is a page identifying how to add custom IDP's: https://sites.google.com/site/gitooldocs/customidps
There is also a sample site (http://www.openidsamplestore.com/localmapping/) which uses facebook.
How does the advanced demo work for identity providers who are not
E-mail providers, such as social networks?
The hardest part about
designing the advanced site was to find a way to handle all the
edge-cases that can happen with these types of identity providers.
Google previously published a summary of best-practices for
account-linking that describes why these types of identity providers
are so much harder to support. However this demo provides a user
self-service mechanism for all the tricky cases to avoid the costs
that a website might otherwise occur if those users contact a customer
support representative.
Finally, a best practices run-down is available here:
https://sites.google.com/site/oauthgoog/UXFedLogin/loginlogic
EDIT 1 :
If that identity provider asserts email addresses that it does not
host, we suggest you also implement additional account linking logic.
A future version of GITKit will add support for these type of
identity providers, such as social networks, which will avoid the need
to implement that logic
Perhaps GITKit is the future after-all... Would be nice to have an idea of the time-frame in which this support will be added though...
EDIT 2 :
Direct from the horses mouth (Eric Sachs # Google - Source Link):
That feature is not expected to be generally available in 2011. We
are shooting for Q1 2012
Looks like someone got it working back in Dec 2011 but there is still an outstanding issue with mapping the id returned to an email address. It was probably resolved:
https://groups.google.com/forum/#!searchin/google-identity-toolkit/facebook/google-identity-toolkit/2218yW4zXw8/28X7btJEh_sJ
Here is the documentation for the sample store including brief info on basic, mobile and advanced mode (using facebook):
https://sites.google.com/site/oauthgoog/Home/openidsamplesite
An out-of-the-box IDP for facebook and twitter has not yet been released.
Related
My company has started looking into using a platform to generate chat bots, we came across microsoft's framework and are considering using it. we have a few concerns that we need to understand better about their product and would appreciate it if you could help us.
1) What kind of support do they give us when using Facebook messenger compared to what facebook gives natively? things like quick answer or image sending, buttons on the messages? do they support any of that?
2) We would like if you could elaborate exactly what the platform may give us and why we should use it, what we need is to keep all our logic in our servers and have a platform that will interact with all the messengers for us and keep us from coding to each a different code.
3) like question 1 but for telegram and any other messenger? (custom keyboards and stuff like that).
thanks for the help!
Thanks #ejadib
Regarding your second question, your bots logic does stay within your bot and your servers. The Bot Framework provides three things:
1) Connectivity services between your bot and the channels your users are on. All of the logic continues to reside in your bot.
2) Optionally - Bot Building SDK's you can use to facilitate dialog within your bot. These are SDK's you would code to, but still deploy to your own servers.
3) A directory where you could optionally publish your bot.
As #ejadib says, where we can be consistent across channels we add functionality to the core API; and where functionality is very specific to a channel we expose it through the ChannelData property of the C# SDK (SourceEvent in Node).
Regarding 1 and 3, if you want to be able to take advantage of special features or concepts for a channel (Facebook/Telegram) BotFramework provide a way for you to send native metadata to that channel giving you much deeper control over how your bot interacts on a channel. The way you do this is to pass extra properties via the ChannelData property (in C#).
Some things are already supported in the framework, for example Rich Cards will render differently depending on the channel.
Here you will find the information (including Facebook and Telegram).
Also, here you can find how for example you can use things like quick replies.
I apologize for my fundamental lack of knowledge in regards to these technologies in advance. I'm having a bit of trouble understanding the whole Azure AD/Authentication process in general, and I don't feel that Microsoft's support documents adequately describe much of the process.
I appears to me that the REST requests themselves are quite simple, and the following page seems to detail them quite well. https://msdn.microsoft.com/en-us/office/office365/api/files-rest-operations
However, what I fail to understand is the authentication process.
My goal here is to determine if what I'd like to do is even possible, so I will begin with that. What I need to be able to do is to be able to make REST API calls from a JSP or potentially a PHP script to access a link to a file located on a user's Onedrive for Business account. To put it simply, I would just like to be able to quickly get a publicly accessible link to a user's file. From the perspective of having access to the REST API, that seems to be a simple task, my challenge is understanding and implementing the capability to do so.
Correct me if I am wrong, but my current understanding of the process goes something like so.
Create an application in Azure AD, you need to define a location for signing on. I'm not certain how this works at all, does the defined location need to be making a request to sign on somehow? Does it need to exist on the same domain? I honestly have no idea the nature of how you actually go about signing in, but it requires some authentication of the application as well.
Once you have signed in, you have access to a 'security token' that has information about the application and what it can access. how is this token stored? A server session, browser cookies?
Somehow you pass this token along with your REST request and it is determined that you have access to the information you are requesting.
I have used pre-made JavaScript file pickers in the past to facilitate the selection of user files for things such as Google Drive and Dropbox, but it doesn't appear as though any such tools exist for Onedrive for Business, so I will need to become familiar with the authentication process myself. Looking into the Microsoft documentation has only served to confuse myself more, and unfortunately all of the examples are for .NET projects as far as I can tell. I am afraid that this means that is it only possible to access this information from a .NET project, but please correct me if this is not the case.
I realize that this question appears extremely ignorant, and that's likely because it is. Moving from JavaScript file pickers to something like this appears to be a significant leap in required technical prowess, and I'm still rather new, so please forgive my inexperience. Most importantly I'd like to know if what I'm looking to do is possible at all, and secondly if there are any readily available resources that are a little more focused than the Microsoft documentation.
Thanks in advance for any assistance.
There are some great resources available for coding for Office 365 and not just those on MSDN.
The best place to start is http://dev.office.com. This is the destination for information on O365 development. You can get to the documentation, training materials and code samples. The code samples have a filter so you can search on a number of properties including language and product. There are samples of course for .net, but also for iOS, Android and PHP, which is what you mention you want to use for your project.
http://dev.office.com/code-samples-detail/2138
This sample connects to the calendar, but the important part is understanding the authentication process for your application to Azure AD. Once you get the authentication working, you can call the other O365 services by getting the resource url to the appropriate resource from the Discovery Service.
If you need more samples, http://github.com/officedev is the place to look. These samples are from Microsoft, the community as well as the code used in Microsoft and community training events and presentations.
If you prefer, some great training courses exist on Microsoft Virtual Academy for Office 365 development. These are online videos that are broken into chapters and sections so you can easily find what you need. They often have labs associated with them as well. I recommend the Intro to Office 365 Development - Section 5 to get a quick overview of the Office 365 APIs and then look at the Deep Dive: Integrate Office 365 APIs in Your Web Apps.
If you still have questions, this is the place to post them. Hope this helps. Reply if you have any questions.
While brainstorming about six years ago, I had what I thought was a great idea: in the future there could be webservice standards and DTDs that effectively turn the web into a decentralized knowledgebase. I listed several areas where I thought this could be applied, one of which was:
For making data avail. directly from a business's website: open hours, locations, and contact phone numbers. Suggest a web service standard by which businesses have a standard URL extended off the main (base) URL for there website, at which is located a webservice. That webservice as well has a standardized set of services for downloading a list of their locations, contact telephone numbers, and business hours.
It's interesting looking back at these notes now since this is not how things have evolved. Instead of businesses putting this information on only their website then letting any search engine or other data aggregator to crawl it, they are updating it separately on their website, their Facebook page, and Google Maps. Facebook and Google Maps, due to their popularity, have become the solution to the problem I though my idea would solve.
Is the way things are better than the way I thought they could be? If so then why doesn't my idea fit the reality? If not then what's holding my idea back from being realized?
A lot of this information is available via APIs, that doesn't mean that it doesn't get put other places as well, through a variety of means. For example, a company may expose information via an API, and their Facebook app might use that API to populate a Facebook page.
Also, various microformats are in use that encapsulate some of this information.
The biggest obstacle is agreeing on what meta-information should be exposed, how it should be exposed, and how it should be accessed.
I've done quite a bit of searching for a CMS platform or robust framework that will perhaps facilitate the management of signup and subscriptions right of the box with a Twilio tie in.
Thus far I've only been successful at finding how many startups have been funded by the Twilio fund, who's building the nextgen voice enabled app, and various other things of that nature vs any real meat. Seems that there's a dearth of meaningful information without applying a plethora of negative google filters to reduce matches and even then it's still not giving anything real meaningful wrt my search.
So, I'm hoping that someone may have a better eye on the lay of the Twilio landscape as far as already existent systems go that can handle the bulk of needs that exist for a "regular" CMS esque site that needs to also handle subscriptions and e-commerce related tasks.
Hitherto I've just planned to build something out myself, but I wanted to do a sanity check before I spend a lot of time that could perhaps be obviated.
My suggestion would be to find a CMS that does everything you want (except the twilio links), on the platform you want, and then just add the Twilio stuff in. Twilio is simple to use, and should be simple to add-on to most open source CMS's. It'll probably be the easiest part of the project....
Does anyone else find that the documentation of a lot of payment processors have poor or incomplete documentation as to how to use their API? Or it's just plain confusing?
Recently I have setup both PayPal and Beanstream and found that both are either confusing or don't include full documentation.
For example, in the BeanStream documentation, they say they will return a "message_id", which is great, but no where do they tell you what the different id's mean. It also comes with some text, so you can start creating a list, but there is no way to check to ensure you get either a valid one or the one that means it was successful.
Has anyone had this experience?
Edit: I will agree that when you email them they are helpful, but unfortunately most of them are only open normal business hours for general tech support (other than emergency) which isn't always useful as that isn't when it seems like I do my integration.
well, this isn't really specific to payment processor documentation, in that, all things being equal, well documented APIs will help encourage development. for what it's worth, i've worked with paypal, authorize.net, ups, and usps APIs, and didn't find them overtly confusing (not implying that they were a particular joy to get through).
that being said, i wish more documentation was like PHP's. despite it being such a scattered language, the documentation is really quite good.
Having worked with a lot of APIs, not only for payment processors but for lots of other ecommerce related web services, I have to say to that while the docs can be less than stellar, they usually aren't that bad, and if you send them an email or give them a call, they will usually be pretty helpful.
I have found the documentation and code examples from Authorize.net and Nova's ViaKlix very helpful. I stay away from PayPal.
This may not be much help to you, but as you get more an more experienced w/in particular domain the interfaces get easier. By weird twist of world, I've coded a whole bunch of credit card interfaces, and once you kind of get the lingo they all work the same.
The only other suggestion I would offer is to avail yourself of support resources in addition too the documentation provided. We recently worked with a relatively well known payment gateway, and while their documentation completely sucked (by their own admission as well), the support staff was incredibly knowledgable and more than willing to help out/explain.
I've used Realex and PayPal. Realex documentation is fine. Clear and straightforward. PayPal's is absolutely eye-bleedingly horrible. And I'm the kind of weirdo who enjoys reading documentation so much I've been known to read it for fun (I've read through the entire OpenID specificiation, even though I have no immediate plans to use it).
I've only worked with PayPal, but the simple version (where you just set up an HTML form on your web page and submit it with the PayPal button) is super-easy to work with. And if you're looking for near real-time payment feedback, I always found it easier to just write a program to check my PayPal email account periodically, and parse payment details from the body of the email itself.
I've had to use Authorize.net for several sites and the supplied documentation is 'just ok' assuming you are working in the somewhat limited technology sets that they supply sample code for. It was a breeze to get it up and running with PHP but considerably lacking when trying to pull off the same thing in ColdFusion.
Several other sites done via PayPal which IMO was a much better experience.
PayPal is a nightmare when it comes to setting up and testing the test account (Sandbox).
Re: Beanstream you have to login then you'll see the documentation link on the left hand side.
The design is so '90s and they recommend using IE.
Re: Paypal I adapted this code from http://www.php-suit.com/paypal for my Zend Framework project.
Note: you've got to have ssl:// socket transport wrapper registered otherwise (visible in phpinfo()) you'll have to tweak the code to use curl.
Here is how to get the code using SVN
svn checkout http://paypalphp.googlecode.com/svn/trunk/ paypalphp-read-only