I have just found out that Facebook policy prevents pre-filled messages. What about twitter, I cant find such hard restriction on Twitter policy, is my understanding correct ?
According to Twitter Developer Rules ,
Section II Principles
1. Don't surprise users
B. Get users' permission before:
sending Tweets or other messages on their behalf. A user authenticating through your application does not constitute consent to send a message.
Related
I would like to be able to sign a message after a user has been verified via OAuth. Anyone should be able to publicly verify that the Twitter user has indeed authenticated and signed this message.
Example case:
I want to build an app that ties certain information to a Twitter account which anyone can verify. Say I want to ask the user for his / her favorite fruit. I have the user authenticate with my frontend and have them sign the message 'pineapple' with some Twitter key.
Requirements:
the authentication should not be tied to my app: anyone that performs the same steps can generate a valid signed message (if they are given permission by the user to authenticate via Twitter)
the signed message does not carry any sensitive information, because it will be publicly shared
anyone can verify that the message was signed by Twitter user with id 123456
Is this possible with the current Twitter OAuth API?
The only workaround we have so far is to store this information in the user's Twitter Bio and fetch it, which is not ideal.
No, there is nothing in the Twitter API that would allow you to store arbitrary information in an arbitrary / invisible field in the user profile. Twitter also does not provide "signing" like this.
I'm currently building an application that uses sign in with Twitter. However, some users report losing their Twitter account (or also possibly getting banned from Twitter, etc), and am wondering if it's possible to switch those accounts to Google signin or email signin. Have not found docs on this, especially if the linked identifier is a Twitter handle instead of an email. Any help will be appreciated!
check here --> https://firebase.google.com/docs/auth/web/account-linking
But I think that the user must be logged in to do so, as you comment if they do not have how to enter with Twitter what you could do is a validation of additional data you have of the user (indicate their name, twitter user, something that you know about him) in a section that you build within the platform where new users can request to claim an account.
I am using google's oauth2 to allow users to register/login into my site (php library). The first time a user attempts to login I get the user's email address and google+ id which are provided by the Google OAuth2 API (with the user's permission).
In a different part of the site I need some information from the user's youtube channel. I am using the incremental authorization to get the extra permissions as it is recommended (and described here: https://developers.google.com/identity/protocols/OAuth2WebServer#incrementalAuth ).
The problem is that I don't have a unique identifier for the user between the calls, in order to keep track of him/her in my side of the application. A user, for example might have multiple youtube channels and each one can be associated with a different google+ account/id and a different email address, which most of the time is not a real address but a provided email with the format 'username-XXXX#plus.google.com'.
I was wondering if google's apis can return a unique identifier for the 'parent' account of a user across different apis.
Thanks in advance.
I have a setup where users are required to log into my ios application using facebook. I want to poll their friend's information every couple hours and notify them on any changes. Is this possible with what is allowed by facebook api? Essentially, if i user facebook ios login to sign the user in, and I receive an access token, could I use that token days or weeks later?
As WizKid commented, you canĀ“t access friends information anymore, friend permissions are deprecated since v2.0, as you can read in the changelog: https://developers.facebook.com/docs/apps/changelog
Information about Access Tokens and how long they are valid can be found here:
https://developers.facebook.com/docs/facebook-login/access-tokens
http://www.devils-heaven.com/facebook-access-tokens/
Also, polling information is a very bad idea, if you want to check for changes (of an authorized user only!), you better user the Realtime API: https://developers.facebook.com/docs/graph-api/real-time-updates/
I am using Twitter as an OAuth provider for ASP.NET MVC 4 web site. I would like to be able to follow up with a registered user at a later date, either by email or via a tweet. Outside of having the user follow me on Twitter, do I have any other options to communicate with the user?
Here is what I unsuccessfully considered:
It appears that there is no way to get access to the email address since Twitter OAuth API does not return it.
It appears I cannot send a direct message unless a user
follows me on Twitter.
"Read/Write/DirectMessage" permissions seem
too intrusive -- all I want to do is send a user a message that a
new product is released -- I don't need any of the write
capabilities that this level of permissions provides.
To recap, if a user used Twitter to sign in to my website, what are my options to contact that user at a later date?
Thanks.
Twitter's solution for this sort of person-to-person communication is the Direct Message, however, Twitter has (rightfully) decided that both parties need to consent to this channel being available. This decision is intended to reduce the amount of spam in the Twitter ecosystem.
Posting public tweets that mention the username will get your users' attention, but it is also broadcasting their relationship with your company to the entire Twitter ecosystem. You will, essentially, be advertising their relationship with your company without their permission. This approach will bring you headaches sooner or later.
Email is probably a better choice for the sort of announcement to existing customers.