I am using app login access token retrieved through following API -
https://graph.facebook.com/oauth/access_token?client_id=&client_secret=&grant_type=client_credentials
Can I retrieve email address (primary email not the facebook email) of any user if it is public using Graph API?
Thanks
Lakhan
Two ways to get users primary email:
For the authenticating user (ie the one who has granted your application access to their profile) and only when you explicitly request that permission.
If the email is explicitly made public by some arbitrary user not authenticating with your app, then that will be available to you also. Any publically visable info you can see via facebook.com is equally accessible via the API.
For getting the authenticating users email, when you first request the oAuth dialog you need to pass a scope with the email permission (as well as whatever other permissions you require). See more about permissions here and more about using scope here .
When the email is available it can be found in the User payload, see more about the API request and payload here.
Check the doc here : http://developers.facebook.com/docs/reference/api/user/
With the email argument, you will be able to get the email.
Related
I am trying to get the impersonated userguid from the docusign api. Per the documentation I need to call /restapi/v2/accounts/account_id/users?email=email, which is not working for me. I assume the full url would be https://admin.docusign.com/restapi/v2/accounts/account_id/users?email="sampleemail#gmail.com" .
I am getting a 404 when entering my email in the above format.
Looks like you have the incorrect domain. API Calls generally don't get made against admin.docusign.com. You'll want to make that call against the Application Server your account is on.
In the Sandbox environment that will be demo.docusign.net. In prod you'd need to make a UserInfo call to determine which server your account is on. It could be something like www.docusign.net or na2.docusign.net, but there are several possible domains.
In order to get Impersonate GUID ,
Login to admin account
Under setting options Click API and keys
Value under the user id text box is Impersonate GUID
During configuration & setup:
1. You have an account admin enter information such as account, their userId ("API User Name" in web app). Save both items.
2. You follow the "consent flow", get their consent, generate a JWT and
exchange for a token.
3. Use the /user_info call against the account
server to get the list of their accounts. If more than one account
in the array, find the one that matches what they entered in the
configuration. Get and save the associated "base_uri". You will
use that for all subsequent API calls.
Your application now has stored the account ID, the admin's "userId", and the base URI to built API URLs.
During business application operations:
Admin is "Bob". Sender is "Jill"
You need to get an access token for Jill.
1. Create JWT for Bob, exchange for access token, make GET /users?email={Jill's email). This gives you Jill's "userId".
2. Create JWT for Jill, exchange for access token.
3. Make API call as Jill, using her access token.
I have an app where the user logs into Facebook (and thus has an Auth Token) and then sends that token to my server for authentication within the app.
If it's the users first time in the app, I need to sign them up as well (gather email and name)
Using the users FB auth token (and any server-side tokens) how do I retrieve the user's email address and name? (What endpoints do I need to hit with what tokens/body?)
--
Additional Info:
The login is scoped with ['public_profile', 'email']
The application is running in Node.js on AWS Lambda, and I'd prefer to make a simple fetch if possible instead of installing a whole gql client.
I have tried looking at their graphQL documentation, but I can't
seem to make heads or tails out of it.
I do have access to the user's ID (example: 10157426730xxxxxx)
This would be the API call to get the name and email of a user, with a User Token:
https://graph.facebook.com/me?fields=name,email&access_token=xxxx
Alternatively, you can add the version:
https://graph.facebook.com/v4.0/me?fields=name,email&access_token=xxxx
All the existing fields for users are here to find: https://developers.facebook.com/docs/graph-api/reference/user/
You do not need the User ID, the User Token identifies the User anyway and you can just use "me" instead of the ID. The Graph API is a REST API though, not GraphQL.
Our application uses oauth2 & openid connect for auth&auth. It's built using an angular client that calls a REST API. I would like to know how to authorize access to the API, based on the possession of an unguessable url.
I'll explain this a little more. In the application, a user can invite another user. When this happens, an email is sent to the second user. When user 2 clicks a link in the email, he is sent to a webpage with details about the invitation.
Only user 2 should be allowed to see the invitation page. I was planning to solve this by using an 'unguessable url' in the email. Upon visiting the url, the user must somehow be authorized to fetch the invitation details from the API.
The question: how do I authorize a user, based on knowing the unguessable url? How do I assign a claim when the page is loaded, and how do I verify this claim in the API call that follows? The only solution I see, is to set a cookie containing a token. But this is not in line with our existing auth mechanism. I prefer not writing my own token validation code, and let the Identity Provider handle this.
Additional info: user 2 may or may not have an account in the system, and he may or may not be logged in. Neither should prevent the user from seeing the invitation details. In other words: a totally unknown user should be able to see the page. The knowledge of the url should be the only requirement.
Any solution to this problem? Or am I handling it all wrong?
After asking around, the general consensus is to NOT let the external auth mechanism take care of this, but to validate the link ourselves.
The solution is to turn the unguessable part of the url (the 'link id') in some kind of token, which can be validated upon calling the API. This is done by the API itself, not by the Identity Server.
Applied to the invitation issue: when an invitation is created, store the link id together with some info, i.e. what kind of access it allows (invitation access) and the id of the invitation. When the user calls the API to get the invitation, pass the link id for validation. Match the invitation id with the invitation id stored in the link, and if it doesn't, throw an error.
I have SSO working in Disqus, so that my authenticated users can automatically post to my Disqus forum without separate authentication. However, I cannot find a way to whitelist my SSO users via a server-side API call. It seems that my SSO users are not recognized in any user-related calls to the API.
I've tried calling whitelists/add with both user=[userid] and email=[email], passing the exact userid and email with which I setup the SSO user. No error is returned with the userid, but it does nothing. Passing the email throws an error.
I've tried locating the Disqus user id or username for my SSO users via the users/detail API via:
user=myuserid (the same id used for SSO)
email=myuser#email.com (the same email used for SSO)
user=remote:forumshortname-myuserid
user:username=forumshortname-myuserid
No luck.
API calls to /listUsers and /users/detail do not list my sso users at all, so I cannot retrieve their user handles that way.
The frustrating thing is that I can see the users in the UI console here:
https://disqus.com/api/sso/users/
for the domain (as opposed to the forum), so I know this data exists. But I can't find a way via API to reach it.
Does anyone have this working?
As far as the Disqus API is concerned, the user ID and username of an SSO user is the one that is assigned by Disqus, and not the site. They're unique across the Disqus network, even though they're local to your site only.
However, if you have your own local user ID, you can do a reverse lookup of the Disqus username for the purposes of using the API. The pattern is {sso_slug}-{user_id_md5}
Assuming your SSO remote domain slug is example, you can retrieve the Disqus username like this in python:
import hashlib
def get_disqus_username(user_id):
m = hashlib.md5(user_id)
hashed_id = m.hexdigest()
return 'example-' + str(hashed_id)
Now you can make API requests like this:
GET https://disqus.com/api/3.0/users/details.json?api_key=YOUR_PUBLIC_KEY&user=username:DISQUS_USERNAME
My Facebook application has a few thousand users but they have not visited the application for a long time and I don't have access tokens for them. I do have their uid's.
How could I make contact to my application users?
I used to use the Notification.sendEmail but it is now deprecated and won't send any emails. I have email permission for all of the users but I didn't store the users email address earlier because I used that function. I should have stored the addresses.
I have understood that all use of new Graph api require access token. So my option would be to use the old Rest api. But is there a method that could be used in a situation like this?
You should be able to still retrieve the email addresses of the users who granted your app the email Permission if they haven't subsequently removed it - you can do this with the App Access Token (see the Authentication docs for more info)
Make a call to /<USER ID>?fields=email to get the address