Everything worked well until today when I received an email from LinkedIn indicating some significant API changes. And subsequently I was seeing Exceptions while authenticating users via. LinkedIn.
Following is the exception from logs
OAuth::Problem (Scope NOT_AUTHORIZED : r_fullprofile):
oauth (0.4.7) lib/oauth/consumer.rb:178:in `request'
oauth (0.4.7) lib/oauth/consumer.rb:194:in `token_request'
oauth (0.4.7) lib/oauth/consumer.rb:136:in `get_request_token'
OAuth logic to get request token.
consumer = OAuth::Consumer.new(LINKED_IN_API_KEY, LINKED_IN_SECRET_KEY,
{
:site => "https://api.linkedin.com",
:scheme => :header,
:http_method => :post,
:request_token_path => "/uas/oauth/requestToken?scope=r_fullprofile",
:access_token_path => "/uas/oauth/accessToken",
:authorizeEmapath => "/uas/oauth/authorize"
})
### Exception occurs at this call.
request_token = consumer.get_request_token(:oauth_callback => callback_url)
Email from LinkedIn
My Analysis till now
If I change the scope to r_basicprofile it works fine but then I don't get skills info of the authenticated linkedin user.
What should be the additional changes I need to do to suffice the API change ?
Starting from May 12, 2015, Linkedin has limited the open APIs.
Access to r_fullprofile scopes requires that you apply for and are granted access to this information from LinkedIn. The full profile fields are only available to applications that have applied and been approved for the Apply with LinkedIn use case.
SOLUTION:
Apply for partner status with LinkedIn, explaining what your integration is and how it works. If it meets the criteria of "we feel that they’re providing value to members, developers and LinkedIn," then some or all of the restricted endpoints will remain open for that app, and ONLY that app.
Member profile fields
The following selection of profile fields are available to all LinkedIn developers:
Basic Profile Fields
Location Fields
Position Fields
Member profile fields available to Apply with LinkedIn developers:
The following selection of profile fields are only available to applications that have applied and been approved for the Apply with LinkedIn use case:
Full Profile Fields
Contact Info Fields
Company Fields
Publication Fields
Patent Fields
Language Fields
Skill Fields
Certification Fields
Course Fields
Education Fields
Volunteer Fields
Check out this linkedin page for more details on which fields are available to all the developers and which are not.
I tried this https://api.linkedin.com/v1/people/~:(id,first-name,skills,educations,languages,twitter-accounts)?format=json at https://apigee.com/console/linkedin.
It is giving skills at apigee, but here https://developer.linkedin.com/docs/fields , Skills are something you would need to be approved by Linkedin.
Related
I'm building an application where a user can connect their own Paypal account through Paypal Permissions SDK (https://github.com/paypal/permissions-sdk-ruby). I was able to successfully get permission from the user and was able to store the tokens that were returned from the Paypal Permissions SDK. Now, I am using the following gem for Express Checkout (https://github.com/nov/paypal-express). But the documentation for Paypal Express Checkout on behalf of a user is not clear on how we should use the tokens to invoke a call for Express Checkout.
I have the following codes
#api = PayPal::SDK::Permissions::API.new({
token: #credential.paypal_access_token,
token_secret: #credential.paypal_secret_token
})
Where #credential is my object stored in the database that has the tokens from the Paypal Permissions SDK.
Now after getting, I can use the #api object to get Paypal Username, Password, and Signature
request = Paypal::Express::Request.new(
:username => #api.config.username,
:password => #api.config.password,
:signature => #api.config.signature
)
Now, my problem is that the money isn't going directly to the users paypal account but it is going to our account (we made an account so that we can create a Application in the Classic API part of Paypal).
Is there anyone who can help me? or point me to the right direction?
When calling API on behalf of other account, you need to add parameter "subject" to indicate the account that you are calling API for. The value of "subject" could be the account primary email address or payerID. Then the money will go to the account which was the value of subject.
Yihui gave the right answer. But I wanted to explain/post here what I did to fix my problem (using Yihui's guidance).
You need to get the Payer ID from the 3rd Party Permissions SDK of Paypal. So you will need to ask for the following "ACCESS_BASIC_PERSONAL_DATA", "EXPRESS_CHECKOUT", and "REFUND".
Then you will need to use the NVP (Name Value Pair) SDK of paypal to perform Express Checkout on behalf of another party/merchant.
For more information, we followed the following article of Paypal
https://developer.paypal.com/docs/classic/express-checkout/ht_ec-singleItemPayment-curl-etc/
I am using linkedin login for one of my websites, however regardless of what "members permission" (OAuth User Agreement) I set for my Linkedin application which used linkedin to login, when the user enters my application it only displays
The application like to acess some of your linkedin info:
1-YOUR PROFILE OVERVIEW
2-YOUR EMAIL ADDRESS
3- NETWORK UPDATES
I however want my application ask for
4- YOUR CONNECTIONS
as well!
But even if I select all the (member permissions [as show in image below]) it again only lists the three items above to the user! Any tips please?
You don't mention any language/library you're using. We use the ruby devise gem for LinkedIn Oauth which has a config setting for config.omniauth which is passed a scope, e.g.:
:scope => 'r_basicprofile r_emailaddress r_contactinfo r_network'
The LinkedIn API documents the passing of scope with you auth request here:
https://developer.linkedin.com/documents/authentication
When you use OmniAuth to login to a web app through Facebook, these are the permissions the webapp has:
Access my basic information Includes name, profile picture, gender, networks, user ID, list of friends, and any other information I've shared with everyone.
Send me email WebApp may email me directly at email#email.com
Access my data any time WebApp may access my data when I'm not using the application
Whereas when you use the mini_fb gem to link a web app to Facebook, these are the permissions (have to specify this as code otherwise formatting was weird):
Access my basic information
Includes name, profile picture, gender, networks, user ID, list of friends, and any other information I've shared with everyone.
Required
Send me email
WebApp may email me directly at email#email.com ·
Required
Access my profile information
Likes, Music, TV, Movies, Books, Quotes, About Me, Activitie...s, Interests, Groups, Events, Notes, Birthday, Hometown, Current City, Website, Religious and Political Views, Education History, Work History and Facebook StatusSee More
Required
Online Presence
Required
Access my family & relationships
Family Members and Relationship Status
Required
Access my photos and videos
Photos Uploaded by Me, Videos Uploaded by Me and Photos and Videos of Me
Required
Access my friends' information
Birthdays, Religious and Political Views, Family Members and... Relationship Statuses, Hometowns, Current Cities, Likes, Music, TV, Movies, Books, Quotes, Activities, Interests, Education History, Work History, Online Presence, Websites, Groups, Events, Notes, Photos, Videos, Photos and Videos of Them, 'About Me' Details and Facebook StatusesSee More
Required
Post to my Wall
WebApp may post status messages, notes, photos, and videos to my Wall
Access messages in my inbox
Access posts in my News Feed
Access my data any time
WebApp may access my data when I'm not using the application
Access Facebook Chat
Send me SMS messages
WebApp may send SMS messages to my phone:
Manage my events
WebApp may create and RSVP to events on my behalf
Access my custom friend lists
Access my friend requests
Insights
WebApp may access Insights data for my pages and applications
Manage my advertisements
I'm using OmniAuth at the moment, and would like to keep doing so, but my app needs more permissions, like some of the extra ones that mini_fb has. Does anyone know how I can customize OmniAuth to request extra permissions?
You can check on option using the :scope attribute:
use OmniAuth::Strategies::Facebook, 'app_id', 'app_secret', {:scope => 'email,offline_access, your,scope,you,want'}
Check the Facebook permissions documentation what scope you really want and define it separate by a commant on :scope option.
If you use an initializer to define your OamniOauth, it's like that:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, 'APP_ID', 'APP_SECRET', {:scope => 'email,offline_access, your,scope,you,want'}
end
If you are using devise (like me) the easiest solution is to have both 'devise' and 'omniauth-facebook' in your Gemfile. Then in your devise initializer you can just add:
config.omniauth :facebook, "app", "secret", :scope => "user_photos"
This does the trick pretty well. Adding the omniauth initializer with devise set-up
I'm successfully using Paypal Express Checkout in a marketplace web app passing for every seller the three parameters to the PaypalExpressGateway (login, password and signature).
So, I see that Shopify lets the seller set only the e-mail address of the Paypal account requesting to grant scott_api1.jadedpixel.com as the API Partner Username.
I could't find anything in the ActiveMerchant doc on how I can do it...Someone can help?
Thanks a lot,
zetarun
We use PayPals "Accelerated Boarding" method of setup for Express. They should send you an email after the first attempted sale with a link that automatically sets up the correct API settings.
To manually set them up, you can follow the instructions listed in our PayPal wiki, http://wiki.shopify.com/PayPal which are as follows:
Third-party authentication: Grant Shopify the appropriate API authentication permissions
1. Log in to your PayPal account and click the Profile subtab.
2. Click the API Access link in the Account Information column.
3. Click the Grant API Permission link.
4. In the Enter an API Partner Username field, enter scott_api1.jadedpixel.com.
5. Check the following API permissions:
* Express_Checkout
* Direct_Payment
* Admin_API
* Auth_Settle
6. Click the Save button.
Best regards,
Mike # Shopify
Ask the client to grant permissions on paypal and pass in the client's paypal email as :subject when creating an instance of the gateway:
ActiveMerchant::Billing::PaypalExpressGateway.new(
:login => '...', :password => '...', :signature => '...',
:subject => 'client#example.com')
I have an existing Rails web application which I would like to integrate with Facebook, so that when the user takes actions in my application news items containing external links are later posted to the users wall / feed by a daemon which summarises the latest activity. I don't need single signon etc. at present, just the ability to send updates.
I would also like to be able to send notifications to the user's friends if they are also using the app, but I'd be happy with just the news feed functionality.
I'm working off the pragmatic programmer's book Facebook Platform Development by Michael Mangino, which uses the facebooker plugin, and early on the book says this:
Facebook uses sessions to verify that
our application is performing actions
on behalf of an active user. When we
want to send a notification on behalf
of our user, we will provide Facebook
with that user’s session information.
Facebook will verify that the session
does in fact belong to the requesting
user and will also verify that the
user has been active on our
application within the past hour.
Facebook uses the session to prevent
applications from taking action on
behalf of a user who isn’t actively
using them
What counts as 'being active in the application' and what does it mean in this context? I have seen other apps that do things like automatically publish RSS feeds to a user's profile so it does seem to be possible to have similar apps where the only interaction is a one-off install and configure.
How do these apps work and is it possible to get at this functionality from facebooker?
user = session[:facebook_session].user
user.publish_to(user, :message => "action!",
:attachment => {:name => "name of attachment",
:href => "http://link.where.attachment.description.should.link.to",
:media => [{:type => "image",
:src => "http://link.to.where.attachment.is",
:href => "http://link.where.attachment.description.should.link.to"}]},
:action_links => [{:text => 'Action Link Title',
:href => 'http://www.action.link'}])
You have to prompt the user for the "publish_stream" extended permissions. After this is complete you will be able to publish to user's streams who have your app added and accepted these extended permissions. http://wiki.developers.facebook.com/index.php/Extended_permissions
Then use the Facebooker::User.publish_to. Also to send notifications see Facebooker::Session.send_notification (this does not require any extended permissions)
Since 99% of the documentation I have seen for facebooker and the facebook API in general, seems to all deal with active sessions and a lot of it within the canvas. Haven't really seen much about doing all this from the backend.
So basically with facebooker, since you aren't within the canvas, you have to create your own Facebooker::Session and Facebooker::User.
fbsession = Facebooker::Session.create(api_key, secret_key)
fbuser = Facebooker::User.new(<Facebooker user id>, fbsession)
#requires "publish_stream" extended permission
fbuser.publish_to(fbuser, :message => "This is a post")
fbsession.send_notification(fbuser.id, "<fb:fbml>some sweet fbml</fb:fbml>")
Hope this helps you out some.
I'm in a similar situation...here are my current findings. Hope they help.
To obtain the url that a user must click to grant publish_stream access
facebook_session = Facebooker::Session.create
facebook_session.permission_url('publish_stream')
To then post a message to a user's profile
facebook_session = Facebooker::Session.create
facebook_session.post 'facebook.stream.publish', :uid => [UID], :message => 'test'
I'm sure that the above method has limitations, but it's late, I'm tired, and I'll pick it back up in the morning. :-)