Huh, after some searches on the net on how to retrieve user email address, the short answer is - there is no way.
But, is there really no way of fetching user email? A hacky one or something?
It's not meant for spamming or stuff like that, but, my application local user storage uses email as it's core ID, and I have to compare if that particular twitter account is already registered in database or not. I'm using this technique for facebook authentication and it works flawlessly, but client demands twitter login too, but I have no idea how could I compare it without looking at emails.
P.S. I hope I've made myself clear enough, if not, don't hesitate to ask, this is actually pretty important at the moment.
Thanks in advance!
There is absolutely no way at all. It is not in the API, it is not on any pages to be scraped. The email appears nowhere on Twitter and cannot be obtained from Twitter.
We can create twtter account with out email, so in api's twitter will not provide the email of its users, as a user is not necessarily a human.
to get the friends list please use api :
https://dev.twitter.com/rest/reference/get/friends/list
Related
Okay, So I have a client that wants their wordpress site to only require user to use their email to login. They instead want the site read through a google spreadsheet of all the users. Then if the users email is found in the spreadsheet it allows the user to login.
Before people start screaming, I know its extremely bad from a security stand point, we've told them this. They don't care.
So my question is, has anyone one done this or something similar in the past. How did you do it.
And how would say is the best way to go about doing this. So far I have thought of a few ways to do it.
Secretly embed the doc on a hidden web page then access it.
Some how just access it using APIs
Maybe using google forms as the email entry, and some how use that to search the google docs.
Any ideas or helps, is appreciated greatly. Thank you.
Logging in via an email address is easy, there are already plugins to do it. https://wordpress.org/plugins/wp-email-login/
There is also a plugin for external authentication. Don't know if it does it from a spreadsheet, though you may have a way to sync the spreadsheet to an external DB (via an API perhaps):
https://wordpress.org/plugins/external-db-auth-reloaded/
Would you need the logged in user to have any user-specific account info? Could you get by with allowing each logged in user to essentially be using the same single account in WordPress?
I could see a solution where you hook into wp_authenticate() https://codex.wordpress.org/Plugin_API/Action_Reference/wp_authenticate
And in your hook function call, run out to Google Spreadsheet via their API and see if that email address is found in the list. If so, log them into WP using a preset, single account that's meant to be used for all such users.
Here's some basic info for reading from a Google Sheet via their API:
https://developers.google.com/sheets/samples/reading
For a project I am working on, I think having the functionality to sign in with facebook/ twitter would be beneficial.
I have some design theory to iron out.
When the user first logs into the website using either twitter or facebook, I'll get their email and other relevant information and store it in the database where a normal signed up user would be stored.
When they return, they would log in with twitter/ fb again and it would locate the information in the database and not add it again.
If anyone tried to sign up with the email address provided by either of these services, an email would be sent to the email address to confirm it is them and then they could generate just a password to allow them to log in with information already stored.
I could they link other data on the website to the userid I have stored for them throughout the entire process.
So my query would be whether this is the correct way to go about this?
How have others used these types of login api's and then binded them to on site data?
I believe this to be a reasonable question but if I have placed it in the wrong section, please feel free to move it!
Thanks.
well, everything should be written here http://developers.facebook.com/ also try using php sdk for facebook api, for twitter here https://dev.twitter.com/
Create an app in both fb and twitter, take the access token and access token secret
You should download all the files necessary and then configure them as is written in manual, if you will have trouble connecting to them write me a message to my mail(jurijs.nesterovs#inbox.lv) i'll try to help
Have done that before myself for my site. It was Fb/Twitter/Google. I bet thats the best thing to do. Google's API is the easiest out of these 3. Twitter was hard for me since I dont use OOP and all the libraries out there was OOP.
And about your design, my site was made not to not allow the user to join with the same email again. If they have joined using Facebook with an email, when they try to join using twitter with the same email, I would tell the user that they are already registered using Facebook.
I am curious to know how to authenticate the user with twitter and after successful login, i need the email of the user... how can it be done?
Heard that twitter does not support openid.... any alternate solution ?
Just to update this issue, it is now possible (from April 2015).
You can send a support ticket to Twitter to whitelist your app to make it possible to ask for an email. Then, after an user connects their account, you need to make a GET request to verify credentials with the "include_email" option set to true.
It is explained in more detail in the second link.
Check out this article and try this search.
Twitter supports OAuth, and I am myself having trouble with it (I am writing a Python script app). A switch to xAuth is possible.
"Mobile and desktop applications are also given the opportunity to use xAuth, a means to exchange a login & password for an access token. To use xAuth, send a request to api#twitter.com with plenty of details about your application and why xAuth is the best choice for it." - http://dev.twitter.com/pages/auth
Late answer, but I hope it will help someone.
There is no way to obtain the email from the API.
See the doc there : Twitter doc
Other post relating that : SO post
The link provided in tarantinofan's answer is quite old, but the principles are there, as an explanation on how OAuth works.
Twitter API cannot provide Email address so you cannot get it from twitter API
(See Doc of twitter api)
you can get it from user after log in or try another way
I am willing to implement website where will be top 10 best members' pictures or something like that. Before voting for pictures or uploading pictures people will have to register first. But how could I protect my website from multiple accounts? Store IPs to database? But will it help me while there thousands proxies out there? What should I do? Thank you.
edit: maybe I could make accounts paid, for examples 0.99$ for month via paypal and somehow do no let people register twice with the same paypal and IP? Is it possible?
Use a confirmation code that is sent to mobile no upon registration. and confirm it. like google.
You can't stop it, but you can make it difficult and do things to detect it like you said with the IP's.
You can get a lot of data from user, not only IP but also browser version, sended headers in request, even resolution etc. with javascript. Rosolve IP to region etc. But it's not simple to write a system that would search all of that data for similarities.
You can also set cookies or even do a little swf object with cashed some information on user local hdd.
You can send mail confirmation... and don't allow multiple users from the same mail!
This is fast and easy to implement :)
Here's the deal:
-Flair pretty much demands a Facebook app
-I'm working on learning the Facebook platform
Therefore, I've written a dinky little Facebook app to embed your Flair into a box on the side of your profile. If you're interested and on Facebook; beware that this is very much a work in progress, prone to change and has a whole bunch of rough edges.
However, I don't have an elegant way to say "this is MY Stackoverflow profile" from this dinky app. My current solution is best demonstrated this image. It is, frankly, idiotic; and there's nothing preventing impersonation.
Having no experience with OpenID, I'm wondering if there's some way (and some example of this way, please) to get a user to provide their Stackoverflow identify to a third party?
Behavior changed to that suggested by Noldorin's answer.
Request for a saner way to do this declined on UserVoice.
There's no way to get a StackOverflow ID from OpenID and to do the opposite would be possible but unnecessarily complicated (compared to your suggested method). Copying and pasting the user ID/profile URL isn't terribly inconvenient, in my mind.
However, I can suggest some sort of solution to the issue of impersonation. This may seem like a slightly silly method, but it's the simplest way of which I can think to insure that only the user themself can display the badge. Again, I don't think it's too inconvenient. (The more traditional method of using an email confirmation isn't possible, given that emails aren't public.)
Have your Facebook app generate a random (alphanumeric?) code. Something in the form A8IO45QW6T should do.
Hold this code on the server side of your Facebook app for a short time period (say, 5 minutes).
Instruct the user to edit their About Me information by adding the given code to the last line, then to return to the Facebook and confirm. Simple inspection of HTML for the profile page of the specified user would verify ownership. The user can then remove the verification code from their About Me text.
Nice idea creating this Facebook app, by the way. I may just give it a try!
Another solution that would allow for instant verification is hashing the email address and checking to see if it matches the user's Gravatar. Granted, not every user has provided an email address, but you can always perform this check first and if it fails you can fall back to the About Me section editing (or simply require that the user have an email address). This idea is not mine, so I'll let null explain:
Do you still have the source available? As I've gotten a solution to prevent other users from messing up your results. You just need to hash the email address used by the viewer and check for the gravatar image link on the page as outlined on the gravatar site. If the user id and image hash match, then record the change to the database, otherwise... just show results. I can make that change, but the source seems lost... :(