I am trying to create a website where a user can sign up for the site (with a master username and password) and enter account information for various services, Google (anayltics, adwords) and non google (hootsuite).
Once they have created their account and logged in, it will take them to a custom page displaying their data from the various services.
I have created a Google Console Developer account and created the credentials (API keys, 0Auth2.0 client ids, and a service account.)
How I will access the users' custom data? The information I entered when setting up the credentials pertained to the server my website is hosted on. When I call the API won't I be getting data on my own website?
Which ID will I use to access the users' data like their Audience overview? Will I need their Google account information to be stored (username and password) or will username be enough? I haven't been able to find this information reading the beginners guides nor on YouTube.
Related
I'm writing an application for limited amount of users and logging to app is designed only via google accounts. Now I need to add functionality of adding permissions of accessing app based on email address. Problem is, on the database level, verification of permission to access app is based on Google ID. Since Google ID is more of less not a secret information, is there a way how to get Google ID of account based on email address, without actually logging in with this account?
I'm building an app in which I'm trying to allow a user to log in through Google+ (currently using the Google API PHP Client Library) and pull their entire contact list in to decide if they want to send an email to their list from my app. I can easily see how to allow the user to grant access to multiple permissions through different Google APIs through setting scopes.
I'm struggling to see either what scope I should be setting when making a request and/or what API should accomplish pulling a logged in user's contact list along with each contact's email address.
Any help would be greatly appreciated.
I found the answer, you have to pull contacts with an valid OAuth request through the Google Contacts API. On the documentation page for the Google Contacts API, Google says:
The Google Contacts API allows client applications to view and update a user's contacts. Contacts are stored in the user's Google Account; most Google services have access to the contact list.
You can find the documentation here.
https://developers.google.com/google-apps/contacts/v3/
I'm currently building a web service to allow a mobile app to login to our app using Facebook.
What is the best practice on implementing that feature?
My current flow is :
1st condition : User haven't registered yet...
User tap "Login with Facebook" button in the mobile app.
And then, user allows permission for the Facebook app that I created
for the mobile app.
The app retrieved email address, Facebook ID number, and Name from
the Facebook API
The app check if the Facebook ID && Email address already registered
in our database
If not registered :
The email address, Name, will be automatically filled into the
Registration form
After submitting, the app sends the information (Fullname, email,
hashed password, and facebook Id to the server, registering the user)
If already registered :
- The server returns the token code, which used for in-app activity
Do you think there will be a security issue there? I'm thinking if maybe someone knows you, knows your Facebook ID which can be fetched using Graph tool, and possibly know your email address, that people can logged on to the app easily by sending all the data to the server.
ALSO, I'm thinking of implementing the same method with Twitter, but it seems that email cannot be retrieved using Twitter API.
Any work-around on using Twitter API?
Thank you very much for your answer.
We have a scenario where application is scheduled for a private beta launch. Also, application will only have login via facebook facility.
As per the app workflow, we will initially send invite to a few selected users who will then authenticate using facebook. Authenticated users can establish connections with their facebook contacts within application context. As they establish these connections, application will send out invites visible only to connected contacts of the user. Invited contacts can then login into the application using facebook auth.
What I have tried and where the problem is:
Notifications: As per facebook docs, only canvas applications can send light weight notifications. Even if we decide to launch application within facebook canvas, notifications can be sent to user contacts (those contacts who have not already authorised application) only via User-generated requests (i.e. via Request dialogs). This doesn't go well with application requirements and needs i.e. showing a request dialog every time user establish a connection with it's contact doesn't seems like a nice user experience to us.
Wall Posts: Another possibility is to post invitation on contact wall. However, facebook doesn't seems to provide an ability to control privacy of posted feeds on contacts wall. Documentation says Post privacy settings (can only be specified if the Timeline being posted on belongs to the User creating the Post)
Is there a legal way to launch application under private beta / invite only using facebook authentication mechanism ? Since application is targeted for a specific kind of user group, we would like to control who gets to try the application.
I am building an app on top of Google Reader. Since users have to enter their Google Account data, I'd like to use this data to assign personal settings to each user.
However, if I do so and a user would change his email adress or password(for the whole Google Account), I wouldn't be able to identify him anymore.
Thus, I need to know if there's a Google Account ID or something that I can use to identify users regardless of an email adress or password.
Thanks for your help!
If you use the Google Account API, you can connect the user to your app using OpenID or OAuth. Both methods return an account ID which stays static for that user.
More information: http://code.google.com/apis/accounts/