Authorization Scopes To Get Follower Count From Tiktok
The Tiktok developer API documentation only lists three sets of scopes that an application can request:
video.list
user.info.basic
share.sound.create
Unfortunately, the user.info.basic scope only allows you to see some really basic info (not even a profile URL!). Are there any "hidden" scopes that I can request that would allow me to get more information about a user? Specifically, I'd like to be able to get at least their follower count, and ideally also the profile url. Such a scope definitely does exist; if you make a request to /user/info/, and you include a field which doesn't exist, you simply get no data. However, if you ask for the field "follower_count", you get an error that user.info.basic doesn't grant sufficient permissions.
Related
Based on LinkedIn Documentation:
The following selection of profile fields are available to all
LinkedIn developers:
Basic Profile Fields
Location Fields
Position Fields
However, when creating a LinkedIn OAuth app (https://www.linkedin.com/developers/apps), I only get access to Basic Profile Fields (through the r_liteprofile scope).
How do I enable access to Location and Position Fields (and what are the corresponding scopes)? My intention is to avoid having to request Partner Program membership as (1) I dont need as much info and (2) it takes a while to get approved.
Thanks in advance, Miguel.
I manage an Instagram client that has been approved with scopes basic and public_content. I'm trying to add the follower_list scope as well. Before Instagram's approval, the scope should work in sandbox mode with user=self. I have requested an access token with the follower_list permission, but I'm receiving an OAuthPermissionsException: This client has not been approved to access this resource.
Logging in to my Instagram account and viewing my Authorized Applications, the client is indeed listed with 'Access your friends list' as a permission. Other restricted endpoints work fine with user=self, such as comments and likes. It seems to just be an issue with the follower_list scope.
Any advice, or is this perhaps a bug on Instagram's part?
Update:
I received the follower_list permission from Instagram, and can now get the followers/followings for self. However the API currently does not support retrieving followers for any user other than self. So you can access the followers of the logged in user, but no one else.
You can only get logged-in users (self) following list, for this you need follower_list permission. You cannot get any other user's following list via API anymore.
I am having a scenario within our iPhone App where people post things on their Facebook wall through our App. User's signup to our App. At a certain action, they post something on their Facebook wall and we want to track if this post will still exist after a certain time.
Once they signup to our App, they will either select as "Public" or "Friends" when they download our App. Is it possible to track from our end whether a certain post still exist or not?
Is there anything on the Facebook account settings as a user to disallow this to check?
When you post a feed, a post-id in returned in response. You can make a call using Graph API: \GET /{post-id}. If the post still exists, it'll return you all the details of the post but if not it will return the error in the response.
But, according to the documentation of /user/feed,
A user access token with read_stream permission is required.
Now this will make the things a bit complicated. Since a user token is valid for only few hours, you have to extend it (validity: 60days) and save it at your end. Also, read_stream perms is required.
To know more about extending the token and refreshing it again, see the "Expiration and Extending Tokens" section here: Access Tokens.
I'm following the client side authentication as described at https://developers.google.com/accounts/docs/OAuth2UserAgent
I am routinely signed on to multiple Google accounts. Normally, the flow will prompt me to choose which account I want to authenticate with. However there are sometimes instances where it assumes the first account I signed in with, which is not the account I wish to use.
When users register with my service, they do so with a specific email address (and google id).
How do I qualify the oauth dialogue such that it will always take place using only the specified user?
On https://developers.google.com/drive/about-auth I can see a comment...
Note: If you want to use the user_id parameter to select the current user from
(potentially) multiple logged-in accounts,
also add https://www.googleapis.com/auth/userinfo.email.
The implies that there is a user_id parameter I can include in the oauth call, but I can't see it documented anywhere, and there is nowhere in the Javascript API where I can inject a user_id.
Add the user_id parameter to your Authorization URI.
gapi.auth.authorize({..., user_id: 'ali#gmail.com'}, handleAuthResult);
Developing a web application that I've registered with Twitter. In this app, I might have 10 different Twitter Identities that I want to either Allow or Deny access for the application to.
For example:
https://api.twitter.com/oauth/authorize?oauth_token=XXXXXXXXXXXXXXXXXXXXXXXX&oauth_callback=http:://localhost:24649/TwitterIdentity/GetTwitterAuthorizationCallback/
It always just defaults to whatever my twitter account is logged in as and I have to specify Logout, then sign-in with new account. Its almost like I need an extra querystring parameter such as
https://api.twitter.com/oauth/authorize?oauth_token=XXXXXXXXXXXXXXXXXXXXXXXX&oauth_callback=http:://localhost:24649/TwitterIdentity/GetTwitterAuthorizationCallback/&ForUsername=billgates
Actually, you can pass in an extra parameter with the callback url, like so:
https://api.twitter.com/oauth/authorize?oauth_token=XXX&oauth_callback=http:://localhost:24649/TwitterIdentity/GetTwitterAuthorizationCallback?ForUsername=billgates
and the parameter will be sent back to you when Twitter calls the return url, like this:
http:://localhost:24649/TwitterIdentity/GetTwitterAuthorizationCallback?ForUsername=billgates&oauth_token=XXX&access_token=YYY
You can read more about this in the documentation - http://dev.twitter.com/pages/auth:
Always use an explicit oauth_callback
- It is recommended that you specify a default OAuth callback in your client
record, but explicitly declare your
oauth_callback on each request token
fetch request your application makes.
By dynamically setting your
oauth_callback, you can pass
additional state information back to
your application and control the
experience best.
Note that in the general scope of authorization, the authorized agent does not necessarily know the identity of the user on whose behalf it acts. In other words, there could be an implementation where your app can be authorized to read the Twitter stream of updates, while still not knowing which identity that stream belongs to. Adding the parameter you ask for would be information disclosure in this case, as your app will need a piece of information that the system is designed not to provide.
Or to put it in a real life example - imagine a valet parking, where instead of giving you a parking ticket and taking the keys to the car, the valet would ask you for your SSN just to park the car, just because the valet parks cars for other people too.