I digged much into internet, but being newbie, couldn't do much.
I have summed up the following :
Facebook Chat can be used via two Authentication (via Facebook Chat API official documentation) :
1> X-FACEBOOK-PLATFORM
2> DIGEST-MD5
1> X-FACEBOOK-PLATFORM Method has very less documentation, none being official, closest using pyfacebook & pyxmpp (The official facebook chat api page has a reference at the end). Implementing the both to GAE is another headache, apart from the debug problems suffered hence. The creation of apps and using its ID as stated in some resources is not a problem though. I found a nice GAE walkthrough of pyfacebook on riccomini.name/Topics/Web/GoogleAppEngine/FacebookConnect/
2> DIGEST-MD5 is the common method of username - password which can be carries out by any xmpp client. So i though i could use a XMPP python client library like xmpppy which suited me best (as i don't need advanced functions)
Coming staraight to my question : is my inference correct? I am thinking to proceed via Method 2 (Im well aware of the security risks involved in MD5 crypting of password, please don't remind me of that). I could find no refence of using xmpppy with GAE, so am I proceeding correct?
Could anyone provide me a reference of xmpppy used along with GAE ??
(I'm sorry if i was unclear. Cant help, i am no silicon valley engineer but a simple student of age 15yrs)
You can't connect to external XMPP servers using App Engine, so if Facebook requires it for chat integration, this isn't possible.
GAE has a built in XMPP service. Perhaps you can use that instead of xmpppy.
http://code.google.com/appengine/docs/python/xmpp/overview.html
You should have a look into XEP-206 (XMPP Over BOSH) for connecting to XMPP through HTTP-protocol. http://xmpp.org/extensions/xep-0206.html
I don't know if FaceBook supports BOSH though.
You need c2s-protocol to talk to FaceBook, as the s2s-protocol (federation) is not implemented by FaceBook.
Related
I was just fiddling around different machine learning platforms and was planing to use Google predictive API for creating predictive chat bot.
The issue that I am facing now is each request to the API requires OAuth authentication. The fact that I will not be able to authenticate requests for processing the text entered by a client is the real concern. How will I probably respond to a text entered in the chat by a guest user in real time? Is it possible or is Google predictive API not made for this use case?
I am following Prediction API Quick Start Guide by Google and using POST MAN for making API calls.
If possible, please guide me using references or code snippet.
You can create service accounts in place of OAuth authentication tokens. You can create these through the Google Cloud Console. It will then give you the ability to create a server to server (Google) auth that you can use to interact with the API.
In my current work, I have to develop an intern REST API engine.
I have read the Roy Fielding thesis, documented myself, and I finally got something that works great easy to use, with high performance, corresponding to the Fielding REST spec.
There is only one point that I dont really know how to overcome : the security problem.
Again, I documented myself, and I wanted to use OAuth2.0 in my engine.
The problem is that I dont understand nothing at all how to use this protocol.
I dont understand how the consumer can connect himself and be recognized by the server.
I dont understand if I have to provide API key to my consumer(like Facebook, Twitter and Google make it) or if a token will automatically be generated if I send a login / password to the server
I dont know if I have to create my own OAuth2.0 server that provides keys, or if OAuth2.0 libraries are sufficient to provide security.
In fact, I dont understand nothing at all with OAuth2.0, and I need to learn. The problem is, every documentation that I try to read is like chinese, I didn't find an easy one, step by step that will help me with this.
That's why I post here, can you help me understanding a bit more OAuth2.0 and the secured authentication for API ?
I willingly didn't speak about the technologies, because I want to understand OAuth2.0 before applying it technically.
Thanks for all
The main problem with OAuth (both versions) is that you'll see a lot of talk about the three legged version. That is when you have user, a data-providing service and a consuming service, let's say a service that will create physical copies of your flickr photos. In this case the OAuth flow allows the user to tell flickr that the third party can access their data. This is not the scenario you are after, you are interested in 2-legged OAuth, see here for a description.
Of course you could look at other methods too. I've used HAWK in a number of REST/Hypermedia APIs and found it to be great to use in both nodejs and .NET server stacks.
Thank you for your answer, I studied a bit more OAUth2 en tried to implement it with 3 stragery : basic, clientPassword, bearer.
I created a new thread for an other problem, if you want to take part of it :
OAuth2 server creation with nodejs
I have tried Google with queries similar to the title of this question, but haven't found anything useful.
Background: I am building a web app and would like to add a user authentication level to it. I cannot imagine anything worse than building a user authentication system from the ground up, so I want a quick solution.
I'm looking for open source software I can host on my server that provides an auth layer I can connect to, with multiple user accounts
Criteria:
I want to host the software on my own server
Provide a log in screen that works with multiple sign in strategies - twitter, facebook, vanilla email, etc.
Persists users to a database (preferably postgres) and persists session data
Preferably lets me store a minimal amount of data per user, like key value store
Has a client-side (Javascript) API, like Facebook's JS, so I can use this auth service on multiple sites. Namely, I want to use it on localhost or my own file system (when allowing file cookies). Client side JS API exposes methods like log in / log out
Has a server side API (such as exposes local RESTful endpoints) so that when I do build out my server side app for other data storage outside of the user, my app can query the auth service for log in status.
I want to run this stack completely independently of my own app - in fact I want to run this auth service and purely communicate to it from my local dev environment without building any server side app of my own.
I have used Firebase and they do many of the things that I want, including log in strategies and the client / server side APIs, but I want to be able to host my own version of this.
I can't imagine anyone takes pleasure out of building user authentication of any kind, so I'm surprised I haven't found anything in research.
I also know this is an open-ended question, but as far as I can tell I haven't found anything satisfying my requirements.
I like Devise (https://github.com/plataformatec/devise), which is for Rails. It has an active community with a boatloads of plugins available that can fulfill many of your requirements.
I didn't see a language specified; most languages and frameworks have their own implementations. Can you provide more information?
Example: I use the Flask framework on python. In addition, I use the Authomatic library which provides Oauth access for twitter, google, facebook, etc.
What I was looking for is something called a Single Sign On solution. According to this list there is nothing currently that meets my criteria.
Instead I have chosen to just run a local webserver and implement a regular auth flow.
I am working on a commercial application on iPhone that is using google map. I have Google map api premier client id and cryptographic key to use google map for some limited services like "directions".I generated the signature key using this code:
http://code.google.com/p/gmaps-samples/source/browse/trunk/urlsigning/urlsigner.m?spec=svn2498&r=2498
But still the WS claims "too many connections".
Is there any problem for using Google Maps API Premier in iPhone?
Please Help.
Also, you can learn more on the quota on Maps API web services for Business users, here:
https://developers.google.com/maps/documentation/business/faq#usage_limits
Most likely not related to the use of the API from iPhones.
I would suggest that you open a case with Maps API for Business Support Team (new name for Maps API Premier). You can do it under:
http://support.google.com/enterprisehelp/bin/answer.py?hl=en&answer=142858&rd=1
If you don't yet have access you can also submit a request using a form:
http://support.google.com/enterprisehelp/bin/answer.py?hl=en&answer=142246#request
Putting the error messages aside , it seems alarming that you want to use server side geocoding from an iPhone. The problem with this is that you won't be able to scale as your user base grows since your limits are set.
Instead you should try reading on client side geocoding.
There is a really good article that explains how to make this decision:
https://developers.google.com/maps/articles/geocodestrat
"too many connections" does not sound like an error message you might be getting from Google Servers, but rather something to do with the platform. If you contact support they will be able to check that for you.
I hope that helps!
I am trying to connect to FB Chat using the X-FACEBOOK-PLATFORM authentication technique. I am currently using the Strophe library.
Everything else is done and working, I saved this bit for last (I knew it was going to be hard).
However Strophe only provides support for MD5 which I can't use as its a JS client. So instead I need to find a way to do a special Strophe connection.
I have seen the Strophe plugin at;
https://github.com/rubenjgarciab/turedsocial/blob/dc12d71339ad509c946b5de727f2d77999153b02/strophe-plugins/src/facebook.js
However this doesn't work since OAuth 2.0 enforcement. I'm confident to do the connection manually if I absolutely have to however I'm hoping somebody has already solved this problem.
At the very least could somebody tell me how to do the connection manually (as in the Strophe functions to bypass .connect(); and do it yourself).
Thanks
Andrew
You can try changing rows 104-110 of this strophe facebook plugin by the following instructions under: "Authenticating with Facebook Platform" here:
https://developers.facebook.com/docs/chat/
Mainly, IIt involves removing the session key and adding an access token param.
Andrew,
Here is my fork with the proper changes. Good luck!
https://github.com/javierfigueroa/turedsocial