A site I manage uses the my_twitter.php class simply to receive tweets from one certain account. As of a few hours ago this has stopped working, it displays a wrong username / password message while the credentials are correct.
On various websites I am reading about API problems but I'm not sure if the my_twitter class needs to be replaced with another one that uses OAuth, or will the problems be resolved and my_twitter start working again? That class is still listed as an official library by Twitter.
EDIT: turns out I do not need OAuth to just receive the latest tweet. http://dev.twitter.com/doc/get/users/show This link explains things well
This is from an email I received from Twitter this morning, titled 'Update: Twitter Apps and You':
Update 1: New authorization rules for
applications
Starting August 31, all applications
will be required to use “OAuth” to
access your Twitter account.
What's OAuth?
OAuth is a technology that enables
applications to access Twitter on your
behalf with your approval without
asking you directly for your password.
Desktop and mobile applications may
still ask for your password once, but
after that request, they are required
to use OAuth in order to access your
timeline or allow you to tweet.What
does this mean for me?
Applications are no longer allowed to
store your password.If you change
your password, the applications will
continue to work.Some applications
you have been using may require you to
reauthorize them or may stop
functioning at the time of this
change.All applications you have
authorized will be listed at
http://twitter.com/settings/connections.
You can revoke access to any
application at any time from the list.application at any time from the list.
So it does look like you need to find another library, that uses OAuth.
Quote from twitter received email:
Some applications you have been using
may require you to reauthorize them or
may stop functioning at the time of
this change.
Related
I have an existing web application which is used for HR, managing tasks, sending forms and so on.
My client wants me to integrate Microsoft's multi-factor authentication when signing resources, forms and other stuff.
For now, the signing process is just a token that is generated and sent by email, so the users have to click a link to sign it. My goal here is to give users the possibility to also choose to sign whatever they're signing with multi-factor authentication through their own Microsoft account.
The only thing I've done so far is managing to log in and authorize with the Microsoft Graph API and get Calendar events and other stuff from the user.
Of course, I've googled a lot - but I haven't found the right documentation for my use case. So I need someone to pin point me to the right documentation for my use case. Can anyone help me with that?
Based on my investigation on this issue, I have not seen a direct way of signing files and other resources as well as enabling MFA via the Graph API. I however saw a feature request related to enabling MFA via a Graph API call here. Please consider upvoting it
I am new to OpenID and have been requested to build a login system to work with the company's Google account. They want to restrict logins to users of their domain. They login into Gmail using their domain and they want this feature to allow access to their systems.
Let's say the domain is example.com. They would log into Gmail as user#example.com or go to their domain login page to access their accounts.
I have been doing some research and it seems that the Google Federated Login is what I should be working with. I downloaded the Google APIs Client Library for PHP and have been playing with the examples but I still cannot get it to restrict access to whom logs in. Currently anyone with a google account seems to be able to login. Also, the API wants to access certain information... I only want to authenticate the user to ensure they are a valid user of the domain and eventually allow SpreadSheet Access in Google Docs so that another script (in the same system) can create SpreadSheets while the user is updating the system.
So my questions are:
1) Which service do I need to enable in the Google API console? Enterprise License Manager API is the only service that is enabled.... I'm starting to think maybe I should disable it.. Do any services have to be enabled? I'm not really sure about this.
2) Is there anything special about the PHP Google APIs that would require me to use Google's API or is this functionality available with any OpenID library? If the latter, which libraries are good for what I am trying to accomplish? (PHP)
3) I have found a few examples for allowing login with a Google account but I haven't found a single one for restricting it to a single domain. I am sure this is possible but am starting to feel that it's very difficult to implement... Any information on this would be very beneficial.
Thanks for any information you can toss my way.
I'm writing an Android app that will require folks to identify themselves. We figured that the best course of action is to NOT have folks register with our server since practically everybody has an account somewhere else with a major service (Google, Twitter, Facebook, Yahoo! for example).
The REST API is being built around CakePHP. This in itself isn't a sticking point for what I need, but the issue is more on the Android app along with its communication to our API. Essentially what I'd like to see is a user with X number of devices having the ability to login to a service they already have access to.
This identity would then be known by our server as an identity for that user. My app would then need a way to tell our API that "I am John Doe from service example.com, and here's proof". The servers would also accept a new device for the same identity and tie it in to that user.
I am stuck on some issues here:
OpenID seems to be the way to go (though I'm not sure if Twitter supports OpenID). But how can I do OpenID from my device? I don't need somebody to point me to OpenID for Java. This is NOT 100% of the answer I am looking for. Where is the website going to redirect to?
What will the authentication piece be like between my webserver and Android app? I'm not logging in. I'm using an OpenID. Should I just take some/all of the OpenID information and pass it to the webserver for storage, and then pass it again to check against for every API call?
Twitter not only does OpenID, but they also have a dedicated page talking about what the flow is and what you need to store. Google has a similar page for their login. The OpenID login flows are (for the most part) OAuth2.
Hi guys I'm building a Google Apps based solution. Basically I'm setting it up such that:
When a Google Apps account holder installs it he/she enters the authentication details for a single Googles Apps account to be used - that account would be used by all users of the instance of the installed system for uploading to Google Docs associated with that account and managing Google Calendar entries associated with that Google Apps account.
The user as mentioned can create other users and invite them to sign in from a separate login screen and they should be able to interact with the system's facilities which allow interaction with the services associated with the Google Apps account used to install the system.
Any other user of the same domain as the original user can also install the system and be automatically associated with the instance created by the user of the same domain.
I got parts one and three all set up but the second part is where I'm stuck - I'm storing the credentials for the centralised Google Apps account in a database and would need a way to authenticate seamlessly using the details i.e. I don't want the users to have to add in the sign in details nor have to go through the process of having to be asked for permission to allow the application to access the Google Apps services - I wish that when the users log in they are automatically transparently also signed into the Google Apps account as well and be able to use its services.
How can I do that I wish to do away with the process of 'asking the user for which account to sign in or the Google Apps login screen' and the second step asking for permission to allow the application access to the account.
I know it can be done - I've installed loads of applications and none of them require me to go through this two pronged process of authentication which I find quite unnecessary - what do I do? - Help please!
Have you seen the Zend Frameworks' Zend_Gdata? It's a PHP 5 interface for accessing Google Data, at first glance it seems to do all the things you want.
http://framework.zend.com/manual/en/zend.gdata.introduction.html
You will need to take over the authentication process to handle authentication of Web sessions. The good news is that you can indeed do that (SSO / SAML), bad news is that it can be a lot of work.
Essentially you'd build your own SSO provider, stick it in front of your domain (so it handles all auth), and let it handle the login process so it's as seamless as you need it.
At a higher level, it sounds like you are using a single account to proxy multi-user access into Google Apps; you might want to check the TOS as I'm pretty sure that's frowned upon (kills traceability).
Hi guys I'm working on my google apps application - currently I've build the authentication upon the example available at google namely this url
The problem is that the session seems to time out and that everytime I am logged into my google apps account and go to my application I need to authenticate again and go through the screen where google asks me if I should allow the application to access the services like GMAIL, Docs etc listed in the manifest xml file. I don't think I'm doing it right as other applications allow instant access.
Any ideas
you should store and reuse the oauth access & secret key. this should avoid the re-authentication with google (or other oauth based services) - unless your access key has been revoked of course.
Cheers!