I want to get a list of users using Asana API with parameters on each user indicating if that user has enabled two-factor authentication or not.
I read the documentation of User-list-api and found that we can ask for more data through the opt_fields parameter. But I do not find any allowed param listing for this.
So first, Is it possible to check if the user has enabled two-factor authentication or not?
If yes, How? What parameter should I pass in opt_fields to get this data?
Thanks in advance.
Related
I get a slightly changing User ID's on sign up/login when authenticating with xing oauth. Something like:
37578662_a467ef and 37578662_76a7fe.
Does somebody know if the user id changes when using a xing test key? Or if I could rely on the first part (before underline) to be equal and consistent on login?
Using python-social-auth and Django
Best
Johannes
Sry, found the answer. The user-id relies to the xing-app that asks for the user, which can only be configured by one developer account...
So you need to use the same credentials to ask for the users to be able to find the same user by using the user-id again.
Objective -C / iOS
I will use follow api of instagram .
set URL :https://api.instagram.com/v1/users/{userid}/relationship?access_token={access_token}
parameter string is "action=follow" ,and data sending way of post
But , it doesn't works. I received error.
meta = {
code = 400;
"error_message" = "This request requires scope=relationships, but this access token is not authorized with this scope. The user must re-authorize your application with scope=relationships to be granted write permissions.";
"error_type" = OAuthPermissionsException;
};
When i use login api of instagram , scope = relationships+likes ... data sended
How to use instagram follow api in iOS.
Instagram changed its API guidelines since mid April, 2015.
https://help.instagram.com/contact/185819881608116
The OAuth 2.0 specification allows you to specify the scope of the access you are requesting from the user. All apps have basic read access by default, but if you plan on asking for extended access such as liking, commenting, or managing friendships, you need to specify these scopes in your authorization request. Note that in order to use these extended permissions, first you need to submit your app for review. For more information on how to submit your app for review, please check out the documentation of the endpoint that you plan to use.
Hence you need to get your app reviewed by instagram first to use these extended permissions such as Likes, Comments and Relationships.
As stated in the error that you're getting, you need to have a certain permission for you to be able to perform a "follow" action. You can't just follow another account on a user's behalf without getting the proper permission first in the authentication process.
When calling the authorize api you can add a parameter called scope which specifies the permission level that your app is requesting. For example: scope=basic+relationships will allow you to read all basic user data and also follow and unfollow accounts on a user’s behalf.
This is a post request. To make post request to InstagramAPI you need to submit your application details and company details to Instagram for review. Maybe other relationship endpoints will work fine without submitting your app. Even though you are adding scope as scope=likes+relationships+comments, instagram will give you basic permissions only. For more details visit the following link https://instagram.com/developer/endpoints/relationships/#post_relationship
Is there a parameter I can pass to https://www.facebook.com/dialog/oauth that will force the user to login again?
The problem is if the user is logged into Facebook, it will redirect transparently back to my site, even if the user wants to use a different Facebook account.
Twitter's OAuth API accepts a "force_redirect=true" parameter which does what I want, but I can't find one for Facebook.
I think "auth_type=reauthenticate" is the option you are looking for.
Docs: https://developers.facebook.com/docs/reauthentication/
Developing a web application that I've registered with Twitter. In this app, I might have 10 different Twitter Identities that I want to either Allow or Deny access for the application to.
For example:
https://api.twitter.com/oauth/authorize?oauth_token=XXXXXXXXXXXXXXXXXXXXXXXX&oauth_callback=http:://localhost:24649/TwitterIdentity/GetTwitterAuthorizationCallback/
It always just defaults to whatever my twitter account is logged in as and I have to specify Logout, then sign-in with new account. Its almost like I need an extra querystring parameter such as
https://api.twitter.com/oauth/authorize?oauth_token=XXXXXXXXXXXXXXXXXXXXXXXX&oauth_callback=http:://localhost:24649/TwitterIdentity/GetTwitterAuthorizationCallback/&ForUsername=billgates
Actually, you can pass in an extra parameter with the callback url, like so:
https://api.twitter.com/oauth/authorize?oauth_token=XXX&oauth_callback=http:://localhost:24649/TwitterIdentity/GetTwitterAuthorizationCallback?ForUsername=billgates
and the parameter will be sent back to you when Twitter calls the return url, like this:
http:://localhost:24649/TwitterIdentity/GetTwitterAuthorizationCallback?ForUsername=billgates&oauth_token=XXX&access_token=YYY
You can read more about this in the documentation - http://dev.twitter.com/pages/auth:
Always use an explicit oauth_callback
- It is recommended that you specify a default OAuth callback in your client
record, but explicitly declare your
oauth_callback on each request token
fetch request your application makes.
By dynamically setting your
oauth_callback, you can pass
additional state information back to
your application and control the
experience best.
Note that in the general scope of authorization, the authorized agent does not necessarily know the identity of the user on whose behalf it acts. In other words, there could be an implementation where your app can be authorized to read the Twitter stream of updates, while still not knowing which identity that stream belongs to. Adding the parameter you ask for would be information disclosure in this case, as your app will need a piece of information that the system is designed not to provide.
Or to put it in a real life example - imagine a valet parking, where instead of giving you a parking ticket and taking the keys to the car, the valet would ask you for your SSN just to park the car, just because the valet parks cars for other people too.
I'm currently creating a web app using Google's oAuth. I was wondering how I can uniquely identify an authenticated user so I don't accidentally add duplicates.
Doesn't Google give you other unique params like user name or user ID?
For example, Twitter and Facebook, give you user name and a unique url that identifies user's profile picture. If you save that params on server-side you can identify user next time that he comes on your site.
The best way to do this would be to use OpenID with the oAuth extension (aka hybrid).
I am currently using OAuth exclusively and I am requesting the https://www.googleapis.com/auth/userinfo#email scope as described on http://sites.google.com/site/oauthgoog/Home/emaildisplayscope to get the email address of the authenticated user. I am using the email address to uniquely identify the user. This should be good enough for now.
Edited:
According to a recent Google developer comment (https://groups.google.com/group/oauth2-dev/browse_thread/thread/cf5c137f872f9932), they are currently working on this problem, but for anything production ready, you should use OpenID authentication.
You should save somewhere the user_id you have for your users in your site, along with the corresponding access_token and access_token_secret.
Then you can query that table (or wherever you save that information) with the user_id and obtain the proper tokens
Regards