Get all user data from hybridauth - hybridauth

I need to get all user available data like work experience and education does hybridauth provide that ?
Now I can get user basic data using hybridauth. I want to get all user data from Google+ ,Facebook and linked in. Any help ?

Information that you can retrieve from social networks depend on what the providers offer.
Currently neither of those providers has functionality to go beyond getting the basic user information from the social network and maybe posting to user feed there.
It's also unlikely that this will be added as very few need it. It requires additional permissions and for other reasons.
But you can just add additional functionality to the given provider in hybridauth/Hybrid/Providers/

Related

Multiple user tiers Google+ API?

The question is fairly simple, but I've yet to find an answer to it. Is it possible to use Google+ API in an asp.net-mvc web app that requires multiple tiers of users?
For example, this app basically needs three sets of users and permissions associated with each: Admins, Members, Guests. Mind you, I've never handled user authentication of any type before, so I'm happy to hear suggestions for other frameworks if you think those would be better.
I think its going to be very hard for you to get three sets of user credentials in a single app.
For you to be able to authenticate as user one your going to need user one to authenticate your application then you will have access to that users data. If you need access to user twos data your going to have to have that user authenticate your application. If you need access to both users the same time its going to be very hard for you to get this access unless they are both using the same computer together.
While it is possible to get a refresh token for user one returned which you could store on your server some place and then use that to access user ones data when user two is on their machine. This becomes a gray area as you are responsible of holding user ones data private especially from user two.
as for your different leaves of users thats just part of your system it should just be a matter of strong the users ids associated with their role within the system.
None of this has anything to do with doing this in .net. You could probably work it all out using the .net client library. Web applications (ASP.NET MVC)

Ruby on rails 4 - What would be the best way to allow one user to see the data of another user

I want to allow one user on my app to chose who can see his own data, I don't know if I'm really clear so here is an example :
User A creates data on a table and he can only see his own data and/or decide to share it with another user.
User B can only see the data from another user that allowed him to do so.
I was thinking of some random token generated when the user is created and then the user can decide to share this token with someone else and then display the data based on this token?
It really depends on your "business rules" here. For instance, in an application I developed read rights were based on "privacy levels". Privacy level 0 meant that only you can view the data whereas privacy level 1 denoted that anybody could view the data. All of my queries were tailored to that datapoint, and a model relation to the user denoted the "owner."
So in your scheme, you propose a system where each record has it's own permission token, much like the system used in Google docs. This is a totally valid way of sharing records in a system. You could also get much more complex by allowing users to add users to the record, which might be another optimal solution for your use case.
Anyway, those are just a few thoughts on the subject. Let me know if that helps.

Prompting for credentials on saving data

I am developing an ASP.Net MVC4 app that uses windows authentication. One of the requirements of the app is to prompt for credentials when an item is edited, even though the app is already aware of the user's credentials (User.Identity.Name). This requirement is necessary to meet FDA software validation standards.
I read I can do Response.StatusCode = 401 and that will force a login prompt, but I am not aware of a way to capture that information so I can save it with the data. I also read doing this has other side-affects.
Would I have to use a mix of forms and windows authentication? If so, does anyone know of examples that might help me get started? Like I said, I have to capture the user credentials so I can save it with the data.
The basic purpose of the prompt is to ensure that the person editing the data is who they say they are. For instance, I can walk away from my computer with the app still open and someone else can come along and change data in my name. Hope that makes sense.
Thanks.
Anything dealing with reauthorization will need to be customized for your specific needs.
My recommendation would be to open a (client-side) modal with username/password, and pass that information along with the rest of your POST data. Obviously you will need to have a fallback for <noscript>, if that's a requirement as well.

Rails - Tracking Referrals to Conversions

We just launched and are looking to better understand where the users who are converting to registered users are actually coming from. We can see our traffic sources and referrals via Google Analytics and our other web statistics programs, but in volume, it's difficult to tie these specifically to which users in our database have converted and from where.
We have several "goals" in Google Analytics setup to better help track conversions, but what are others doing to associate user signups with inbound traffic sources?
One thought we've been kicking around - capturing the referral on the first page load and pass it along in the session into the registration form where you store it into the user record.
Any other solutions that are working successfully for you?
Thanks!
Indeed, I would suggest storing the referrer in the user record. Then you can write some code to sensibly draw out additional data from the URL. For instance, you could parse Google URL's to determine the keywords used to discover your site. And your code could detect things like referrals from ad runs, specific SEO campaigns you're running, or partner deals you have going.
It would be beneficial to spend some time building an admin-only page to visualize these conversions to help you better learn what is working and what isn't. And when things are going well, such a page is encouraging for the whole team!
Capturing referral is a good start. You should capture it to persistent cookie instead of a session so that if user returns tomorrow it still has the same referral information.
I've created a gem to automate tracking and saving referral infos. See https://github.com/holli/referer_tracking for more info.
Some notes when designing tracking (I've tried to catch these with the gem already)
It might be better to save tracking data to separate table. So that when you delete user account you won't delete information about how that user account was created. You get the answer like "where does bogus user accounts come from?"
Save also cookies to db. If you are using Google Analytics you can parse Googles cookies to get additional information about the visitor. Like the number of visits or campaign information.
It's good to save also user_agents etc to be able to differ between mobile and desktop browsers etc.
In the end its good to visualize the information and conversions. But in the beginning its hard to know what data you want to visualize and how. So try to capture as much data as possible and then later decide how to crunch that data with scripts.

Securing web application on the data access level

Please consider the following setup:
Multi-tenant webapp.
Tenants create company accounts and company accounts have user accounts under them.
Users have roles, there's a special role "Owner" (the user who created the company account).
I'd like to have users to edit other user accounts (some admin tasks), but two conditions must be met:
Noone may edit owner's data (except for owner, when he's editing his own profile, and own profile editing is the same user editing).
Users may access user data and edit users only within their company account.
The app uses MVC architecture. Currently I check for those two conditions in the web layer and it works for me, but I have some concerns. If I go with some sort of API or some other type of data consumer, I may "forget" to re-inforce these conditions. Also, there will be other objects in the app with similar functionality requirements and which will have similar restrictions on them, so it's better for me to come up with some sort of pattern which will enforce my restrictions on data access level.
Could anyone recommend some approach worth looking into?
Thanks!
I beleive aspects or interceptors should be able to help you. If you work with objects you should be able to intercept requests containing your business data and check wether your user is allowed to work on it. The interceptor could then stop or proceed the execution.

Resources