I created a linkedIn application to get company page updates and post them on a webpage.
Every time I visit the page I have to log in to linkedIn (Oauth2) to get the feed.
Is it possible to remove the log in part so that when anyone visits the page they will see the update feed?
Well the LinkedIn access token lasts 60 days so you could store the oauth 2 access token e.g. database and just use that so you don't need to login every time.
Related
I need to create ratings grabber from my Facebook fanpage. It can by PHP, Python or Ruby code fired once a day by cron.
I've created an FB_APP so I get APP_ID, APP_SECRET and CLIENT_TOKEN.
When I use Graph API Explorer, there is a access_token which I can use to temporary call to API. Using generated USER_ACCES_TOKEN I can get PAGE_ACCESS_TOKEN by call
GET https://graph.facebook.com/v9.0/me/accounts
then grab page and token
To get ratings I use
GET https://graph.facebook.com/v9.0/{page_id}/ratings?fields=review_text,reviewer&access_token=xxxx
Parameter access_token is a PAGE_ACCESS_TOKEN.
Is it possible to get USER_ACCES_TOKEN or PAGE_ACCESS_TOKEN server-side only without show user login dialog? My script should download ratings without any user attention.
I tried to use OAuth APP_ACCESS_TOKEN, but it is not permitted to access pages.
I am using instagram API in my client's app. This is a kind of a social networking app with profiles for each user. In this app, there is a section which displays instagram recent pictures of a person on their profile page. The issue is that I'm having to log the user in every time they go to view the profile in the instagram section. Can we have it so the user only has to login once and never again?
In other apps like Tinder, we login only once and then our profile is connected to instagram - even if you close the app. This means the app is either storing instagram credentials or the pictures. But latest documentation on instagram developer portal says don't store login credentials or pictures. How can I mimic this behaviour in our app?
For the login purpose, you can retrieve the access token for the particular use which you can store and for the every data retrieval request you can use that access token to get data without making user login again till the access token is valid
to get an access token you can follow the Instagram guide : Instagram: User Authentication
Which is like
Direct the user to our authorization URL. If the user is not logged
in, they will be asked to log in. The user will be asked if they
would like to grant your application access to her Instagram data.
Client Side login
For the images for another user,If you want the public feed of the user you can get directly if you already have the username of the Instagram user by making a get request without need of authentication/access token
https://www.instagram.com/{user-name of Instagram user for which you have to retrieve the media}/media/
Ex: https://www.instagram.com/instagram/media/ , this will return json with the public feed images
*Apologies in advance for the long background but I think it is necessary and helpful to other devs once this is answered.
Background
I am building a very social web-application in which there are several events that trigger social actions such as updating the user's Twitter status.
Currently, I use a library called "TweetMoaSharp" (.NET) to handle the Oauth workflows and events that trigger a status update or follow action work brilliantly as long as the user is briefly redirected to the Twitter authentication page.
To clarify, the user is not asked to re-authorize my app each time, but there is an unsightly flicker that lasts for 1-2 seconds while the user is directed to Twitter and then back to my app. This will annoy the end user as there are frequent Twitter interactions.
So--to relieve the situation, I use TweetMoaSharp to obtain an OAuth Access Token via the server and then store that token along with the user id returned from Twitter in my database. I then set a cookie on the client that contains the user's Twitter Id so that for future requests I can simply pass that ID to the server, grab the OAuth token form the database and do my business. No redirect required!
Problem Solved, Right?
Well, no. Stupidly, I overlooked the fact that this can cause a collision with multiple Twitter Accounts being used on the same page and ended up tweeting test-tweets to a second twitter account I own because I had changed Twitter sessions. This could happen to any user(s) who access multiple Twitter accounts from the same browser; a husband and wife for example.
Back to the Drawing Board
I thought to myself, "The Facebook JavaScript API" makes it super easy to get the id of the currently logged in user without going through a bunch of server-side token steps so I am sure Twitter offers the same approach." Ha! I haven't found one yet.
Bottom Line / Question
How do I get the ID of the currently authenticated Twitter user without redirecting them to Twitter (even for just a second)? If I can do this, then I can compare the returned ID to the one in my cookie and know if it is valid for my application's current session or if I need to have that (new) user authenticate as well so that I avoid "Tweeting" under the wrong account.
Thanks in advance.
Use your app tokens to do a verify credentials call
https://api.twitter.com/1.1/account/verify_credentials.json
The returned info is the logged in user.
Unfortunately limited to 15 calls per 15 minute window!
I have successfully let users to connect to my web application with twitter oauth. And I can insert user information after they logged in.
My problem with is that existing users are always redirected to the Allow/Deny application screen on twitter each time they click on sign in with twitter.
How can I skip this step for my existing users so they don't have to click on allow every time they sign in?
I am using this library: http://www.haughin.com/code/twitter/
thanks.
This is done with the Sign in with Twitter flow. Instead of sending users to https://api.twitter.com/oauth/authorize?oauth_token=xyz send them to https://api.twitter.com/oauth/authenticate?oauth_token=xyz. In this case if the user has previously authorized your app and are already authenticated with twitter.com they will automatically be redirected back to your app without being prompted to allow/deny access.
When a user authorizes your application to use their Twitter account, Twitter gives you two tokens: OAuthToken and OAuthTokenSecret.
Stores these tokens in a cookie, or a settings file, or whatever.
Then, the next time you need to make a request to Twitter on behalf of this user, you use those tokens.
How is the server-side flow supposed to be for Facebook Apps? What I mean is, on every page load, do I have to get an access token?
Currently, in my application_controller, I have a before filter that basically
redirect_to #fb_auth.client.web_server.authorize_url (authorizes the app)
#fb_auth.client.web_server.get_access_token (gets the access token)
This seems really slow to have to get another access_token from Facebook on every page load. How is this normally done? The problem that I'm having is that to access the /me object you have to get an access token, which requires me to get the access token on every page load.
You shouldn't need to get a new access token on every page load. The access token should be good for many page loads as it takes over an hour to expire (expiration info is available when you get the token).
Also you don't have to redirect every time. On POSTs to your app (such as when the user clicks over to your app) a signed_request is included with the post data. If the user has not authorized your app, that's the time to redirect to the fb_auth. If the user has previously authorized your app, an access_token should be in the signed_request.
More info here:
http://developers.facebook.com/docs/samples/canvas/
there is a sample skeleton application available # https://github.com/michaelbaldry/fb_graph_canvas
access_token is gained when a person first visits the canvas url on apps.facebook.com/appname/ once this has happened the access_token is stored in a table and used until the next time the user comes straight to the canvas url.