Getting access for test account - facebook-instant-articles

Since Facebook got really strict in their policy of who can and can't access Instant Articles we're having trouble testing our app out.
I created a test user inside our app and a page for it, but applying with that page gives me the ol' This Page is ineligible for Instant Articles error.
I would have thought that access would be granted when using a test user, since none of that is visible to the public. Did anyone figure out how to setup a development account for Instant Articles? If so, how did you go about it?

Related

Instagram Authentication Page Doesn't Auto Redirect When The User Is Logged In on Another Tab

I did my best to find a similar problem, but I did not come across one. I speculate this error may have been introduced with Instagram recently changing its API. I'm wondering if anyone else came across the same issue.
I use instagram for authentication. The problem is that, when a user is logged in to Instagram on another tab, if he clicks the instagram sign-in button to log in to my app, he lands on the instagram authorization page and is asked to enter username and password. The problem is that instagram is supposed to auto-redirect to my app directly since the user is already logged in on the browser. But this doesn't happen. Moreover, even if the user enters wrong password or empty user name, instagram still redirects to my app with the logged in user. So the browser definitely knows that the user is logged in to instagram. I am quite sure that the problem is related to instagram, because when I change the provider settings to twitter, redirection occurs with no problem.
And this problem occurs for returning users as well.
For reference, I use rails 4 and my authentication strategy is omnioauth-instagram (no devise). I mainly followed this tutorial http://www.sitepoint.com/rails-authentication-oauth-2-0-omniauth/ for authentication. I am still in development mode so I use localhost.
EDIT: Here is the instagram notice:Instagram Platform and documentation update. Apps created on or after Nov 17, 2015 will start in Sandbox Mode and function on newly updated API rate-limits and behaviors. Prior to going Live, and being able to be used by people other than the developers of the app, these apps will have to go through a new review process. Please read the API documentation or the Change Log for more details.
I started creating my app before nov 17th.

Is there a way to skip the "Your domain administrator has approved" page in Apps Marketplace Oauth2?

I have a Google Apps Marketplace (v2) app I am working on setting up Oauth2 for.
I've got everything working, but for some reason when I do a redirect to the authentication page, after, after you select which Google account to use (if like you're me and are testing, you have to pick one of several Google accounts you're currently signed into), I get sent to another page which seems utterly pointless:
This is bizarre and annoying, because I am logging in as the domain administrator!
Does anyone know a way to skip this screen, or what I might be doing to be cursed with this terrible user experience?
I just confirmed that having access_type=offline will always display this page, even with approval_prompt=auto. You will always get back a refresh token as well.
The only way to hide it is to remove access_type=offline on future login requests (ask only on signup).
I believe this shows up only if app requests refresh token for offline access. Also this should only appear first time you access the app after installation.
In order to skip this you need to update app to not request refresh tokens.

OAuthWebSecurity, MVC! Can you force the user to log in each time?

I am using the code that gets implemented in a new MVC Project for user to Log into Google,Yahoo, Etc.. I have it all working but what I notice is when I try to log-in with Yahoo, there might be another user (my brother-in-law) logged into Yahoo on my machine, so when I try to log-in, it tries to register him. That is annoying, so I want it to force the user to re-enter their username/password on Yahoo (google, etc). Is that possible? This seems like a security flaw also. If I was in my app and then logged out, but did not log out of Yahoo, Google,etc.. anyone could come along and log in to my app. That hole is so wide and obvious it tells me I am probably doing something wrong, because they would not have designed it that way. I am thinking I need to destroy some cookie or token on my site when the sessions ends or I log out..

asp.net mvc application need access to users google drive account from "service"

Im writing a web-app that gives our customers the possibility to SYNC their files on their personal Google Drive onto OUR bushiness application. (only limited file types).
So - what works so far:
Users signup to the app, (using OAuth2 and saves a refreshtoken in my end) the user/and my app, have now access to files on their Drive, and can manually invoke file transfers.
Working fine.
Users can afterwards login again and repeat this without having to authenticate the app again. Fine.
In parallel, I need some kind "service" that loops thru our app's user-base and AUTOMATICALLY syncs files in a designated folder - say every 10 mins.
Now im running into problems because of OAuth2 model, needs to redirect to authenticate every user. But I cannot make multiple redirects out of a single request to, say "/SyncAllUsers".
Also, when testing with one user only, the user still have to be logged in into the browser session, or else google will redirect to the service-login page.
(We use a chron-job to invoke these methods at a specified interval - and it is working well with dropbox-accounts, and these users also use OAuth)
So basically 2 questions:
How can I access my users Drive accounts, with my already authorized app, without having users to "be logged in"
And how should I handle the sync-service to run without having to redirect at every user.
I have spent days searching for answers on https://developers.google.com/drive/ and in here.
I have impl. the OAuth code from here https://developers.google.com/drive/credentials#retrieve_oauth_20_credentials
and I modified it so it is using my own user-database.
For your infomation im using the Client ID for web applications, in Google APIs Console
Once you have the refresh token, you can use it to perform synchronization without user intervention. This is the nature of offline access and the whole purpose of a refresh token.
(Sorry if this doesn't answer your question, I am not exactly sure what you are asking, so please explain more and I will try to give you a different/better answer.)

MyOpenId not sharing email address

I'm trying to use MyOpenID for my sign-in, but it doesn't seem to be sharing the email address.
If I use Google or others I do seem to get the email address, though. I thought that this was a standard field to return.
I even see some documentation here that seems to suggest they would share email:
https://rpxnow.com/docs/providers
(I'm using Ruby on Rails and Janrain for this project)
One interesting thing is that if I setup an identity page on MyOpenId, then the email IS shared with my application. I thought that there was supposed to be a way when logging in with MyOpenID to specify what data is shared during "SimpleRegistration"?
The problem was that I was testing with my own MyOpenId account and the very first time I logged in to my development server I had not paid enough attention.
When logging in the first time it said something along the lines of "blah site is asking you to share information with it. Click here to use an existing persona or to create a new one. I didn't select one and it defaulted to "don't ask again".
I was able to fix this by going in to MyOpenId and revoking permission for my site. Then the next time I logged in it asked me again and it worked.

Resources