So on my mobile app, I wish to use Google login API for users registration. I'm saving the user details like first name,Lastname, email. The above data will be stored in Firestore.
My question is
will this uid and OAuth Token be useful later? if yes in what way it'll be useful?
After registration what should I do to verify the user and make the user login? Since we don't use any passwords for verification.
and what is the professional way of storing user data in a database?
The Oauth Token allows you to make calls to google API based on the authorised scopes. When working with identity attach make a call to...
https://www.googleapis.com/gmail/v1/users/me/profile
Attach the Oauth token to the Authorization Header. If you get a response then it means the user is signed up.
With the Google Login API this is pretty much all you can do with the token. :)
I am new to web development. My goal is:
- I have username and password for a facebook (FB) user.
- Now, I want to pass these credentials(via POST,GET or any other way...whatever) to FB to validate the user and if validated, save the user session.
- I read articles on oAuth and understood the idea. However, in that you need to create an APP on FB first and then you can use the APP Id and validate FB user. I do not want to create any APP on FB. I have a username and password and just want to pass it to FB some how and validate the user.
Let me know if this is possible? I work on C#.net/VS2008. However, if it is not possible in .net then please advise if it is possible in any other language/technology.
Thanks and regards,
AG
A user is not allowed per the policy to share its username and password, so what you are proposing is therefor also not allowed, and hence not made possible.
Im starting to implement the Facebook apis into my website..
Where i am having trouble is understanding the oauth api. Maybe this inst the correct api?
Basically what i am trying to do is allow the user to sign in / register with Facebook and and storing that information in my database as a new user as i will be creating a profile from this. I would also like the user to be able to login with or without Facebook using his credentials. I understand he would have to create a password on my site. Is it practical to store his information .. Name Address email and other information.
I am very confused with the api and need help. reading through the documentation i cannot find where this explained.
Look at how to authenticate user using facebook login system on your website
About your question on storing emails, check facebook policies are mentioned here
Use graph api for accessing user details and other stuff
Hope this helps
I'm trying to implement facebook connect to my website, and i have couple questions.
1: Is it possible to register user in my website using his current facebook email/password.
Let's say user clicks on link Register via facebook and then he have to give me permisions to access his password, email, etc... and after that is done i put that info in my own database and he will be able to login with that account any time he wants without needing to give me permisions any time in the future.
2: If that kind of registration is not possible, what's other solution would be the best for me? Because i need to somehow keep track of that user who logged in with facebook, because he can upload photos, send messages etc.
Anyways, i'm quite new with facebook and similar things, so i'm really lost here, hope some one can help me :)
EDIT Thank you all for wonderful answers it helped me a lot, now all that's left is to read documentation :)
Yes it is, it is possible to get the information of the user. But it is rather complicated, when you have never dealt with it.
First you need to send the user to the following link:
https://m.facebook.com/dialog/oauth?client_id=your-client-id&redirect_uri=xxx&scope=listof-information-you-want
Facebook will then return your client to the uri specified, if the user rejected it will give a reason. If it is not you will get an code in urlencoded format.
This code is needed for the following step, the request of the access token:
https://graph.facebook.com/oauth/access_token?redirect_uri=xxx&client_id=xxx&client_secret=xxx&code=xxxx
This will give back an access token, if the authorization didn't fail.
After that you can ask for the information you want:
https://graph.facebook.com/me?method=GET&metadata=true&format=json&access_token=access_token
This will include a facebook uid, which is unique for all users. Store it and you can discern between a register and login.
This is roughly the process for any oauth2 application.
Facebook will not ask repeatedly for permissions after the user granted them to you. So you can store the access token and reuse it for backend stuff and also use the same procedure you use for register for login.
You can never access the user's password from Facebook even with his/her permission, so the user will always have to authenticate via Facebook and have Facebook pass you the user id of the logged in user once authentication succeeds. You can store all kinds of other data locally, but not enough to authenticate the user yourself.
Once the user is authenticated, you'll have access to the user's Facebook user id via the API, which should be enough to connect all kinds of information to that specific user.
Facebook does not provide access to accounts when passwords are taken from your controls. It provides it own canvas for login information. Therefore you cannot use your first approach to store passwords in your databases. Check this out.
You can however store email addresses once user logins into his account using the facebook sdks. Check this out link for the example of C# SDK sample code.
You can use the Facebook APIs to fetch user email-id, photos, friendslist and other information and then play around accordingly.
You don't get access to the users password - only email if you ask for it.
Best way would be to have a table of users and their Facebook account id's.
If you want to allow users to sign up without Facebook then have a nullable field for their password and facebook id, and also have a field for username - which you could populate from Facebook if they register via that route.
I am wondering if anyone has an idea on how did twitbird developers use oauth for allowing the user to authorize their app ?(they say that they did use OAuth)
when I was trying their app they used the username and password directly without redirection to twitter.
I searched for a solutions and there is no obvious answer because as far as I know OAuth doesnt allow the 3rd part applications to use the user's password..
Thanks in advance
Twitter has a new OAuth method called xAuth. It takes your username and password and does a one time exchange for OAuth access tokens which are then used for normal OAuth.
http://apiwiki.twitter.com/Twitter-REST-API-Method:-oauth-access_token-for-xAuth