is it possible to store the id of a user who grants permission to accept the app and then post a "share" when the user completes an action but they are not logged into linkedin? i have done this with facebook but currently struggling to get my head around the oauth/linked in libraries.
Yes, once the user has authorized your application, you can store the user's oauth tokens and use those to update LinkedIn via the API when a user trigers a share/update, etc.
The only trick is to cover yourself in the case that the user rejects your application's access rights; filter all responses from the LinkedIn API looking for an error indicating that the access token is no longer valid (you should be doing this filtering anyways for throttling issues).
LINKEDIN API has no proper documentation..as to how i can use it..sample code which is provided SKuS
Related
We are using the Oauth 1.0 authentication Flow with the Twitter API. This basically come down to this spec: http://oauth.net/core/1.0/#anchor9.
We created the app and started to get users. Later we implemented Signup with Twitter where now we require the users email address from the API. We asked Twitter and therequest was granted. It works, great.
Now we have an issue with existing users because those authorized the App before we had that Email permission and with their existing Access Token, Twitter doesn't give us that.
Twitter writes in their documentation (https://dev.twitter.com/rest/reference/get/account/verify_credentials)
Note
Your app will need to regenerate the user access tokens for previously authenticated users to access their email address.
How can this be done?
When we delete the corresponding data (token and secret) on our side and ask for new Auth it doesn't have any effect. Twitter always gives us the same token and secret again.. and with that in the account/verify_credentials call no email address.
The only way which we found works is when we log into Twitter and revoke access to the App. Then we get a new token and secret which gives us access to what we want.
But we don't want to tell that to our users but rather do this programatically utilizing the API. How?
Try to request a new/different permission from the users:
What if I want to request a different level of access for my
application instead of the one my application is registered with? You
can do this now by using the x_auth_access_type parameter during the
request_token phase. Using this parameter you can request a read or a
read/write token even if your application is registered for read/
write/direct messages.
More information on this method is in our developer documentation:
http://dev.twitter.com/oauth/reference/post/oauth/request_token
I am still getting confused in understanding the concepts of authorization and authentication in Google Analytics API.
I created the new project at Google Developers Console and enabled the Google Analytics API. But why they are asking these two things in API & Auth section?
Can Anyone give me any real life example which gives clear cut idea about these two things?
Authentication is the process of identifying yourself. When you log in to a service, you authenticate yourself by using some credentials. This credentials usually are a pair of username and password. If the provided credentials are correct then we can say that you have successfully authenticated yourself. But it doesn't means you can do anything on the system. For example maybe your account has been banned or you don't have permission to access the resource.
Authorization is the process of checking if you have the right to do something. To do this, first you have to authenticate yourself, because without knowing who you are it is not possible for someone to check if you have the right to do something or not.
Just imagine an invite-only party. When you arrive, at the door a big guy asks your name. You will say that you're Akilsree1, so you have authenticated yourself. Then the guy will check if your name is on the list of invited people or not, so he will authorize you to enter the party or maybe he will say that you cannot enter because you're not on the list (you do not have permission).
Edit:
In case of the Google Analytics API things are a little bit trickier.
Basically this is what happening:
When you use their API in your app, the user will be redirected to Google to log in (user authentication).
Then when your app tries to do something in behalf of the user, he/she will be asked by Google to give permission to your app to do so (authorization).
After that your app will receive a token which can be used by the app to authenticate itself when uses the API to do that specific thing (app authentication)
More details you can find here.
Authentication meaning recognizing the subject identity. Like, does it exist in the DB?
Authorization meaning granting access to a resource. Like, can this user/role access X page.
In simple language if you want to understand
Authorization is level of access rights that a user has i.e. the
amount of information which he is authorized to access. Example: The
data that a normal user can see in a system will be quite different
from the data that admin user will be able to view and manipulate.
This difference is achieved by means of authorization.
Authentication simply means the submission of valid tokens(i.e.
username,password in most cases) which are recognized by the system
and by which system will grant access of system to particular user
Google analytics API requires authorization token for every request sent to it. and OAuth2.0 is the protocol used
hope this helps!
Good luck!
Basically, I'd like my users to be able to register and log into my site using their Soundcloud accounts (much like Google or Facebook).
But I'm following the login flow from their docs (http://developers.soundcloud.com/docs#authentication), and I understand how to redirect them to the Soundcloud connect screen to authorize my app. And from that, I get a code that I can exchange for an access token. But after that the docs state this:
You should now store the access token in a database. Associate it with
the user it belongs to and use it from now on instead of sending the
user through the authorization flow.
So they're assuming that I already have registered users who then connect to Soundcloud through some other function of my app. But what I want, is for them to be able to create their account from their Soundcloud user info. I think this is initally possible, but when they return to log in again, I need that access token to identify them. But I can't get that access token without sending them through the auth flow again.
I'm guessing what I want to do can't be done, but it's also possible I'm overlooking something. Any help would be appreciated!
I've done this with IMGUR OAuth2 API. After you get the access token, make a new request to their /me endpoint. This way, you'll have the SoundCloud id for that particular user. Now you can check if you already saved this user in your database. If you have, just save the new token to make sure this user has granted your app access to their SoundCloud. I'm not sure if I were clear enough. Let me know if you need any further help .
I'm working on a social hub page which aggregates info from all social networks. Currently I'm trying to fetch infos from one specific foursquare venue.
To get the information I want, I have to use an access token and therefore authenticate my user. In my case this would always be the same (my own) user.
Is there a way to get an access token with my username/password without having to redirect to the authentication page?
I couldn't find any answers here so far, thanks for your help!
Update:
I just discovered exactly what I want to implement on http://de.puma.com/creativefactory - if you scroll down you can see foursquare information on the bottom right corner, that's exactly what I want: Display how many users checked into my venue and the last persons who checked in. How did they do that, there is no auth dialog required? Thanks again!
Unfortunately, this is explicitly not allowed for security reasons. Although it may seem safe in your case, we don't generally want to support 3rd-party applications handling our users' passwords when OAuth makes it unnecessary. This is the same policy that many other large social networks have.
If you're just looking for venue information (e.g. just information about a venue and NOT any user information) then you don't need to have an authorized user. The venues API can be accessed with only your client ID and client secret. See the Foursquare API documentation..
Some of our endpoints that don’t pertain to specific user information,
such as venues search are enabled for userless access (meaning you
don’t need to have a user auth your app for access). To make a
userless request, specify your consumer key's Client ID and Secret
instead of an auth token in the request URL.
You should be able to get the required information without user authorisation.
Just create an app and you will be provided with a client id and client secret, you can then use these to access the API.
Here is the required venue API string format:
https://api.foursquare.com/v2/venues/[VENUE_ID]?client_id=[CLIENT_ID]&client_secret=[CLIENT_SECRET]&v=20120101
In the returned json you should find:
"hereNow":{"count":x,"summary":"x people here","groups":[]}
I have a site written in PHP.
I need to get a list of events from a Facebook page and publish them on a page of the PHP site.
This call works but but it require an access token:
https://graph.facebook.com/mtv/events?access_token=....
I want publish the list on the PHP site without requiring an user to login with Facebook.
Is this possible? Is there any way that I can get a permanent token to hardcode in my PHP code?
offline_access Enables your
application to perform authorized
requests on behalf of the user at any
time. By default, most access tokens
expire after a short time period to
ensure applications only make requests
on behalf of the user when the are
actively using the application. This
permission makes the access token
returned by our OAuth endpoint
long-lived
.
I don't know if this is valid for Graph API.
EDIT:
I think your only chance is to use DOM Parser and parse http://www.facebook.com/MTV?v=app_2344061033, this shouldn't be hard at all.
If it is a public page you should be able to get the events using any access token with offline_access rights.