I've been going through Apple's (awful) documentation for both MusicKit, the API and MusicKit JS, but I haven't been able to find an endpoint or method to retrieve a user's display name, email or any other information that I can use to identify the user.
Is there even a way to retrieve this?
I've been having the same issues as well. As far as I can tell, there is no way to identify the user. I'm getting around this by just giving users temporary sessions that get destroyed when they clear their cookies or unauthorize from musickit.
On the other hand, you could ask the user to log in with some other auth provider like google, github etc, and then authorize their apple music after that. Its's not the best user experience to log in to two things in a row, but I guess we have to make do
Related
I'm using omniauth to authenticate a user via Google. When the user logs in via Google, I check if an account already exists with the same email (if it does, I reject sign in).
When I create the new User model, I give it the name, email, and the URL of the user's 'image'. I am not sure how to dynamically update the information in my database when the user changes their settings on Google, including the image_url when they change their profile image.
A good example of this scenario is this Stack Overflow; I signed up to SO with Google. Having changed my profile image (recently), I was surprised to find that my old Google image remains attached to my SO profile. Maybe it takes time for Google to change the old URL to represent the new image. I have noticed that some parts of Google use my new image, and other parts continue to use my old. Of course, this question doesn't have much to do with Google's profile image mechanism, I just think this is a perfect example.
My questions are:
Should I want to do this, or should I instead provide the user the ability to change their details through my site, completely ignoring what happens to their Google profile?
If I should do this, what is the best way? Checking on every login isn't ideal as the user might not log out for days or even weeks.
Should I be storing the Google auth token? Currently, I'm not as I don't need to make any Google API calls -- I only use OAuth for the 'uid' to ensure it's the same account logging in (the email isn't used at all).
I don't think the answer will be "don't store user info, query Google instead", so I'm not really sure what best practice is in this scenario. A brief walkthrough on proper procedure would be very helpful.
Normally, oauth applications will use the endpoint /me.json as part of the login process: After the user is signed in, the app uses that fresh token to query their profile info right away and update data. In your case, I understand you ignore when email already exists. You should probably add a new step there, to update your local record if it already exists instead of purely ignoring it.
In other words, your app wont be automatically notified if users change their profile pictures. But you can always use their log in action to fetch the latest image (or use their token in a background job that runs every n periods of time using something like cron + whenever, assuming the oauth scope authorizes offline access)
I found that vine://user/907031926412546048 is working.
is there any way to open by username? vine://user/canaksoy
or any api call to find username by userid?
I would shy away from hard coding this. Usernames can change instantly and by hard coding it in, you literally would have to push an app update just to correlate to that new username. I think by using a user ID number its guaranteed and leaves no room for error. But if you really don't want to do that here is an alternative:
This is untested on my behalf, but I do know they have custom urls, you might be able to play with this:
https://support.twitter.com/articles/20170806-vine-profile-urls
A profile URL is a unique Vine profile address accessible from the web. Once you select an available URL you will be able to access your profile by visiting vine.co/[yourURL]. Selecting a custom URL allows you to share your profile easily and makes it easier for others to find and watch the videos you’ve created.
EDIT based on the discussion below :
This is why it's important to use unique ID :
A quick search for everyone with the username of Drew Carey:
This is why they don't have usernames in my opinion. Because they aren't unique. Even vine utilizes the unique ID when you invite someone to see your vine or profile via text or email. Additionally, when you sign up through twitter it shows your real name. There is too much room for error. I would simply ask the users to enter their custom url if they have one or unique ID until this feature is available publicly.
Is there an alternative to allowing the permissions of some sort rather then 'read_stream' permission in Facebook, for a user to read or an app pull their Facebook feed or home feed?
It's very hard, if at all, for Facebook to approve the 'read_stream' permission, so I'm looking for an alternative steps to still allow for our users to pull their favorite stories in our rails app. Any suggestions?
There is no alternative. You can use user_status to get the status posts of the authorized user with /me/statuses.
Btw, it´s not only "hard" to get read_stream approved, it´s nearly impossible ;) - but for very good reasons. Apps should not get access to posts of users who did not even authorize the App.
edit: There is also user_posts now, as replacement for read_stream: https://developers.facebook.com/docs/apps/changelog#v2_3_new_features
Did some investigation. And it is possible.
Instead of the feed you need to access the endpoint /me/posts
This API is accessible with either read_stream or user_posts permission.
https://developers.facebook.com/docs/facebook-login/permissions/v2.3#reference-user_posts
See here for more information:
https://developers.facebook.com/docs/graph-api/reference/v2.3/user/feed
It is quite hidden, but if you know where to look you can find the docs.
I'm building a feature in my web service to let people enter their Facebook URL into a field. Because few people know their FB user names or public profile URLs, I'd like to provide an interface to assist.
In brief: is there a way to get a list of matching users's public URLs by providing a name alone?
I have tried examining the Facebook Open Graph API; this appears to require knowing the user ID of the person, or the user ID.
I have tried using Mechanize and Nokogiri to automate the process, logging into Facebook as myself and accessing the search feature (http://facebooks.com/search/results.php?q=Person%20Name), but it's not returning any data when attempted this way. I suspect Facebook is using some kind of joojoo to keep me out that way.
Anyone have any suggestions?
With a valid access token, you should be able to query https://graph.facebook.com/me/ to get their ID, name, and public URL (Here's an example using the Graph API Explorer).
There's a search endpoint in the graph API, unfortunately it requires valid user access token.
https://graph.facebook.com/search?q=<name>&type=user&access_token=<user access token>
However it could be yours even, by getting a long living access token it would work for 60 at most, but it's probably a bad idea.
The type could be user, post, event, group, page.
Having done additional research, it appears to not be possible to get a user's public profile page without their permission. Hooray for Facebook privacy settings, I guess.
However, getting an access token is easier than I imagined it would be. Facebook offers an example on their site for getting user permission to access their account, implemented entirely on the client side. Nice and easy; the access token is returned in the URL.
The only downside here is you have to create an application on Facebook, at http://developers.facebook.com/apps. For my purposes, the "Website with Facebook Login" was the application type.
From that point, you can use that token to interrogate the Graph API with ease, as both Warpling and complex857 have suggested.
as I started to work with Twitterizer in order to publish on someone's wall I am in confusing time.
There is a page, my case, DefaultTwitter.aspx where is link to authenticate on twitter with token provided. Goes on Twitter and comes back to CallbackTwitter.aspx with outh_token and secret. And so the user is identified. On twitterizer example says:
Step 5 - Store the results
You should now store the access token and the user details. Keep in mind that the
only way an access token will become invalid is if the user revokes access by logging
into Twitter. Otherwise, those values will grant you access to that user's data
forever.
My questions are: - should I store any data in SQL datatable and what exactly(however I hope that is not the case to do so)
somebody said that I should save in a cookie(I thought in session); however then if another user comes then how should I create a button to logout or something like that?
-how will user revoke application access if he would like so?
A live example will be much appreciated as I could not found any on internet how exactly twitter api works.
When your application finishes getting authorization to access the user's data, the result is the access token (represented by 2 values, a key and a secret). Those values are, in effect, the username/password you can use in requests to the API on behalf of that user.* Save those values in your SQL database. You'll also be given the user id and screen name. It's probably a good idea to keep those handy, too.
The user can revoke access to an application by going to http://twitter.com/settings/applications, finding the application and clicking the revoke access button next to it. Your application cannot revoke access for the user.
You asked for an example, but you're citing the example application. Just look at the source code in that sample.
* - That's a simplification for explanation sake. Please don't crucify me, OAuth experts.