in my website, I want to add a "invite friend of my contacts book" functionnality.
I would like that the user fills the loggin form in my website. Then the website contacts Google Mail, Yahoo Mail, Live Mail and retrieves the contact list.
In the Oauth protocole supported by Google and Yahoo, the user is redirected to a Google or Yahoo page (like Facebook) in order to permit the user to give permissions.
But I saw two websites which didn't any redirections to get the contacts book (LinkedIn for a Google mail account and Theauteurs with a live mail.)
Do you know how I can get a contacts book without redirect the user to Google, Microsoft or Yahoo website.
Simple. Neither of them are using OAuth to access contact data. That means users don't get the benefits (such as not having to share passwords and easy revocation).
The motivation behind OAuth is to avoid users to input their credentials of site A in site B (this would be you).
If you follow this path (and I believe you should not), you are not doing OAuth at all.
PS: Why Facebook doesn't use OAuth is something that puzzles me still...
Facebook will be dropping Connect in favor of oAuth. Outlined here-> http://www.pcmag.com/article2/0,2817,2362920,00.asp
Related
I and a friend are developing an app and would like to use Facebook as a way of users having their own accounts without us having to ask them to store passwords or make users for security and ease of use.
Passport.js has a facebook plugin but it talks about a redirect URL so my question is: is it actually possible to just send information like email address and password to facebook for authorisation and return the users profile without actually redirecting the user to a facebook login page.
I don't see how i could redirect the user to a facebook login while inside my app and also what on earth would i put as the callback URL? Am i just trying to use passport-facebook in the wrong way?
is it actually possible to just send information like email address and password to facebook for authorisation
No. Users are strongly discouraged from giving this information to any 3rd party app, and you are not allowed to ask users for them.
Login with username/email and password happens on Facebook, not in your app. You will get feedback from the login endpoint then that they logged in successfully.
I have a set of users who will never use Facebook on my site. Then again, I have users who insist on it.
I need to have a forum (like Facebook conversations) on my site so users can interact with it. I know I could homebrew this, but would like the native FB integration.
Is it possible to use FB Conversations with non FB-integrated accounts (any other authentication system)?
You can also allow third-party authenticated users via Yahoo, AOL and Hotmail. Instructions are listed on the Facebook Social Plugins documentation site:
How do I enable users to comment using other login providers?
On the settings section of the plugin, you can choose to enable third
party login on your comments boxes. Currently this will enable users
to comment using a Yahoo!, AOL or Hotmail account.
I there anyway to log users to facebook and google gmail, from another domain site?
Or are there specific API to do that?
I'm not talking about fb login or connect or google login API, i'm talking about "triggering" login forms in some whay or launch requests to sites to login in users.
I would like to make users able to log to facebook from another site, setting up cookies, so when he will return to facebook he will be logged, and viceversa.
And if is there, is it legal or not?
Thanks
Thats not possible, since Facebook are the ones that issue the cookies, I think it might be possible to generate a cookie that will log you into Facebook, but it would be illegal. Swift
I'm using socialoauth (http://code.google.com/p/socialoauth/) to implement twitter & facebook logins for a web site. The site is php and mysql based.
I've got logins implemented and working, but I need to get the users screen name or email so that I can store their preferences about my site in a mysql database. I'm not sure how to go about getting their information once I've got the oauth_token and oauth_secret. I couldn't find any documentation or examples using socialoauth, aside from getting the logins working.
I downloaded twitteroauth (https://github.com/abraham/twitteroauth), and mismashed that together with socialoauth.php via this tutorial (http://net.tutsplus.com/tutorials/php/how-to-authenticate-users-with-twitter-oauth/) and was able to get the twitter user's information, but I would prefer to use only socialoauth.php because it does logins for both facebook and twitter.
Specific question: does anyone know which functions in socialoauth are used to get the user's information (hopefully for both twitter and facebook)? I'm very new to this, so it's possible I saw the function I needed while I was looking through the code, and simply didn't recognize it as what I needed.
Twitter does not provide access to users email addresses. The users Twitter screen_name should be returned in the same request you get their access token however.
With Facebook you have to ask for the email permission and then their email address should be accessible with the profile details.
I'm developing a website where the user can either sign up creating his own profile or can sign in with FB or Twitter.
The thing is I don't really know how to manage it, for example: let's say my user signs up through the website and creates content, what happens if the user later decides to sign in with FB or Twitter? How can I keep it all unified?
I know I could just do the Twitter sign in, get the data from twitter and create a profile in my DB for the user with his Twitter handle, don't know how I'd deal with later if he wants to just log in through the site.
Anyone have any ideas?
So he later signs in with Twitter or Facebook. I think you have a couple of options in this case. Allow the ability to link accounts together once the user signs in with any one method. Say they sign in with your sites registration, let them hit a page where they can add in other linked accounts like Twitter and Facebook once they are in their logged in state on your site. See the friendfeed model for inspiration. Or, like we did with ucubd.com/index.aspx - let the user sign in with facebook and regsister an account on their behalf and ask for their email as the login credential. If it's found - great. If it's not ask for a password. This will allow the user to either login with your sites registration method or through facebook. You will have the information in your database to link both of them together.
Every account on your system will have an e-mail address. Every account with FB, Google, Twitter is also linked to an e-mail address. What you will need to do is link the accounts based on e-mail address. That way you will never get duplicate accounts.