Zendesk provide script for their chat widget. But the script can easily be copied by anyone who use our website. How do we ensure that widget is secured and only authenticated users can chat.
It looks like you can define domains or IP addresses where the widget can load in the Zendesk Chat Dashboard. See this article for more details - https://chat.zendesk.com/hc/en-us/articles/219848967-Restricting-the-Chat-widget-by-country-or-domain
Beyond that, you can require that users sign in to the chat widget as explained here - https://chat.zendesk.com/hc/en-us/articles/360002037187-Authenticating-users-in-Chat, or you can build it in to your website as well.
Related
How can I add a configuration page for my slack app?
example: asana has an add configuration button which leads to a page which we can use to then connect the slack user account with asana account
Several Slack apps (e.g. Twitter, Google Calendar) provide a configuration page after installation into Slack. However this feature seams to be available only to commercial partners of Slack, but not as a standard feature for every app developers.
Developers need to implement it by themselves with an external app / script that is linked the Slack app and store the configurations in their own database.
See also this answer for a full explanation on how this works.
Looking on the official Slack Plattform Roadmap for Developers this feature might be implemented in the future under "Install apps from within Slack".
Update:
You can now use Dialogs to create something similar to configuration pages. It allows you to open a custom modal window with up to 5 inputs (text or drop-downs). Its still not the same as having a full configuration page like the internal Slack apps have, but its a huge step forward and might be sufficient for many cases.
Normally, I invite new members via. email, that I get from them individually.
Let's say I want to campaign publicly for volunteers to join our community, then what is the best approaches with various level of control?
It is not possible out-of-the-box, but you can develop a custom website, where people can apply for your Slack and enter the name and email address.
You can then forward their request for you to approve (e.g. a page with a table of all open requests where each can be approved or denied or an automatically generated email to you etc).
Finally you can auto-invite every approved user with his email address. The Slack API has an undocumented API function that allows that. Check here for my post about that method.
I have done a similar website for inviting people from a gaming community (Eve Online), where they have to first authenticate themselves with their game login before getting an invite to our Slack. It works pretty well. I made this website with PHP, but basically every server based script language will work.
I have a rails application that allows third party sites to embed my widget on their site. Part of the functionality of my app requires people to 'link up' their facebook accounts. Can this be done through a widget? Can they link up facebook to my app through a widget on a third-party site?
It should work if
your widget is in an iframe (so the window location url matches the one you set for facebook oauth)
and you use client side oauth (you don't want to overwrite top.location)
Why don't you try it and come back if you have any problems
I want to create an web application that will link up a student's facebook, twitter and orkut accounts all under one shed. Its like connecting all the students within a college, to login into the web app, the userid will be the unique studentID provided by the college
itself.
Now, once a student has logged-in, he can open his facebook, twitter and orkut a/c in the same window, lets say under tabs. How can i do that??
I mean how can i pass a student's Facebook's user-id and password to facebook server and if user authentication is done, then show the student his facebook wall.
I am very confused and don't know how to deal with this.
Storing username and passwords is not a very good idea. Neither Facebook nor twitter supports it through API.
For Facebook integration use the OpenGraph protocol with any SDK that Facebook provides, like Javascript SDK. Mogli is a ruby wrapper for OpenGraph API
For Twitter, there are multiple options like John Nunemaker's Twitter gem. Use that to talk to Twitter API.
Ultimately, it comes down to the architecture of your application. You can start by creating models like 'FacebookConnection' or 'TwitterConnection' and linking them to your 'User' model.
Solving it easy, just make the link open twitter/facebook. if they are signed in there already, their homepage will show, otherwise they will be prompted to enter user/pass.
To integrate your application with those platform, each platform got it's API and connect method, with this you won't need the user password be stored in your app. You instead will, twitter as an example, create a twitter application that communicate with twitter's API, and then redirect the user to twitter asking twitter to grant your application some access to the signed in user account, almost the same as you will sign in with your google account here on stackoverflow.
To do the communication with each of those platform, refer to the API/Connect documentation they provide and implement it in your web application. Don't reinvent the wheel, most of the communication functionality will be already coded in an easy to use library, whether for rubyonrails or most other development frameworks/languages.
look at facebook connect, oath (for twitter) etc instead of storing passwords
divs/iframes with some kind of tab control (jQuery?) to handle toggling of what should be visible.
I am using RPXnow.com authentication solution for a rails app and am now at the point of wanting to develop Facebook integration features using Facebook Connect and the client api. What I am unclear on from RPXnow docs is the level of integration their solution provides. When a user connects via rpx using their FB creds, are they now using Facebook Connect? Can I make calls to the client api from my app? Do I need to use the RPX api to access the FB client APIs?
Anyone with experience using both who can shed light here, much appreciated.
dnewman,
Great question. Facebook Connect is simply a javascript layer built on top of the Facebook Platform APIs. RPX uses the platform APIs to authenticate the user, and after they have signed in, you may safely use the native Facebook Connect javascript to implement FB specific features on your site like posting activity back to the News Feed. You just need to set your connect URL on the facebook developer site and drop in the Facebook Connect javascript and then start implementing. After authenticating via RPX, the user will already have approved and "connected" to your website, and you'll have access to the breadth of Connect directly.
Also, if you have an RPX Plus/Pro account you can make simple RPX API calls to set a user's status and post activity on Facebook (and Twitter/MySpace).
Brian Ellin
RPX Product Manager
Once you've hooked up RPXNow (JanRain) single sign-on, you can follow the Facebook documentation. The Server-side Personalization example is in PHP but the idea is the same in any language.
// Fetch the user's friends
$friends = json_decode(file_get_contents(
'https://graph.facebook.com/me/friends?access_token=' .
$cookie['oauth_access_token']), true);
$friend_ids = array_keys($friends);
The key point to note is that the $cookie['oauth_access_token'] referenced in this example needs to be the string returned by the RPXNow sign-on API response in the JSON field
['accessCredentials']['accessToken']
Hint: from your RPXNow dashboard, check out the Test Sign-In Widget page under Resources to see where that token is in the response.
Initially I thought this would be hampered by having your Base Domain set to rpxnow.com in your Facebook Application settings, but this is not the case. It works fine.