I'm looking for a solution to create and configure Facebook Apps via the Facebook APIs.
It doens't matter if its Graph API / FQL or REST API but I couldn't find any way to do this.
You didn't find because this is not possible.
Facebook decided not to support app management and creation using the API, in order to avoid applications created or edited by bots.
Only a few actions are possible using the API:
Migration (like migrating to OAuth2, ...)
Restriction (Geographical, age...)
User ban (add/remove)
Test User Creation/edition/deletion
See http://developers.facebook.com/docs/reference/api/application/ for more info.
You'll notice one of the first sentence: "To create, administer or delete applications developers must go to the Developer Application."
You can use the Legacy REST API to set (and get) application properties:
https://developers.facebook.com/docs/reference/rest/admin.setAppProperties/
But no create API exists, and probably never will due to dirty spammers...
Related
I'm working on a project where I'm developing a platform. As a solo-developer I made the decision to use Lumen as a PHP back-end and create an RESTful API.
Web shops should be able to install a plugin so they can access the API without having to code themselves.
I need to keep track of the web shops that use the API. I just need the same way to retrieve access tokens like Twitter and Facebook do when you register an app.
So I was thinking about OAuth2 Server but I have never used it before so I'm not sure if I'm on the right path...
If you want your own OAuth2 system then yes you will need a server running it.
The idea of OAuth2 is to authenticate your clients where a shop equals one client.
OAuth2 is not about individual users but clients. With that idea in mind you can setup an OAuth2 server and its only job would be to authenticate each request, make sure it belongs to a recognized client and then issue a token.
With that token you can then go on and issue more requests to actually interact with the system you are building. This is a very high level view of the entire system, of course.
There can be multiple variations on this, how tokens are issued, what type they
are etc. I prefer JWT ( JSON Web Tokens ) as it's JSON and thus lightweight.
A quick search revealed this: http://bshaffer.github.io/oauth2-server-php-docs/overview/jwt-access-tokens/
I do have my own article on building your own OAuth2 system, however it is based on dot net not PHP. You are welcome to use it though maybe it will help clarify the concept.
Here's the link : https://eidand.com/2015/03/28/authorization-system-with-owin-web-api-json-web-tokens/
I'm a php developer for my firm, and I'm kindoff stuck with this concept form Oauth.
I've been searching the web and read almost every article I could find about oAuth but still it won't get to me how to handle this situation.
I live in the Netherlands so forgive me if my writing is sometimes a little bit off.
I'm working on an application for our company. Its an online work platform, where people can sign up to to find work.
We sell our online application to companies who offer jobs and such.
So we have for every company that buys our web application an url like: http://companyname.onlinejobs.com ( for example ).
So we have backend users that can login in their application and they each have different roles and permissions.
We also have http://onlinejobs.com as a website where everybody can sign up to view job oppertunities and much more.
So we also have a frontend user, that also can have multiple roles, such as a free user and a premium user.
We've build a REST API that holds all methods to add and view jobs and profiles etc etc. We want this API to only be accesible to the clients that we register.
So if I register company1.onlinejobs.com than that in my opinion is a client, and can only use our api.
But now we want to intergrate oAuth to the situation.
We want the API to be protected from any unregistered clients, but we also want to make sure that a frontend free user, cannot access surtain api calls that a premium frontend user can make.
or is that permission based behaviour not something for oAuth?
Wich grant type that oAuth2 uses can we use for our situation?
I really need some help with this guys.. Hope somebody can give me a clear explanation about what to use best, or maybe even not at all.
We had a similar use case and we built our own authorization server that can handle the following use cases
Authentication and authorization from the
web applications
javascript enabled apps [Like SPA apps]
Native apps like windows services or windows apps
We have used the following flows in OAuth2.0
Authorization Code
Implicit flow
Resource owner credentials
Hence, the right choice of the flow needs to be decided on the types of applications that you plan to support.
HTH
I am implemented In App Billing for android.I wanted to implement subscription validity checking through my backend server. As Google Play Documentation, for making call for Google Play API,need authentication using oauth 2.0.
I followed instructions for registering project and creating credentials. But from there I have no idea how to use those credentials, I tried authentication via CURL request, but it asking permission as shown in follwing image
This permissions works fine I can exchange code and get access token, but all this done by manually, how should I implement this on backend.
I even try to use google api php library provided by Google, but It adds confusion. Also they didn't provide any example, how to use library.
Can anybody elaborate how exactly use library or pure php?
Thanks in advance.
To perform LVL and/or IAB validation on a server, do not access Google servers directly from the server. Even if all information were available, you would face integrity problems, because your app and your server will see different information due to synchronization latencies.
Instead, use your app as a proxy and validate the Google Play information on your server as described here.
I am writing an app to interact with our Google Apps for Education domain using Zend Gdata framework and 3-legged OAuth.
So far I am only able to gain read-only access to Groups. It works fine and I have access to all information. However, write access does not work for me.
I end up with "Domain cannot use API"
$client = new Zend_Gdata_Gapps($httpClient, "domain.edu");
This works fine:
$client->retrieveAllGroups('https://apps-apis.google.com/a/feeds/group/2.0/domain.edu/');
This does not and results in "Domain cannot use API"
$client->createGroup('test-group', 'Test Group');
I found this page and it mentions something about Groups being Read-Only?
Groups Rosters HTTPS Read Only Scope:
https://apps-apis.google.com/a/feeds/group/#readonly
Is this true?
Edit: My Provisioning API is definitely enabled.
Drop the #readonly from the URL to get write-access to group feeds. What you picked up was meant for marketplace developers to access domain information when an admin installs the app.
A more generic scope for Apps APIs is documented here which allows access to all Google Apps Domain Information and management APIs:
It turns out that while i was testing someone else turned off Provisioning API because they did not like the scary warning message that told them about data not being synced between Google Apps and 3rd party management tools.
Hi guys I have a google apps account set up and even set up a simple hello world application from the available samples on the tutorial however I need to set it so I am able to interact with the google docs account associated with the account which has added my application.
To interact with google docs I am aware that a token is requested from google upon authentication and verification of the account however that is in a situation where you code specifically for interacting with google docs - I'm talking about having access to the google docs of the account which has added my application so my application can be used to upload documents to the google docs and make references to them - basically my application is a resource management application and it needs to be able to store references to google docs.
UH never mind I figured out ... next time I'll follow the documentation more carefully :(