Google+ Sign-In - stop requesting people you're connected with - oauth-2.0

Is there a way to make the Google+ Sign-In not request the user's "list of people you're connected to on Google+"?
My goal is to use the G+ sign in for authentication purposes today, and in the future also use it for social sharing functionality. As the owner/operator of the service requesting sign in I don't care who is in a user's circles.
Is it possible to remove the request for all of the people a user is connected with? Am I missing something with this? For example if I didn't request all of a user's connected people would the user no longer be able to share to them?
I'm aware of the Google OpenId sign in functionality, but it doesn't provide the functionality I'd like for the future.

Whenever you use the Google+ sign-in button, the scope plus.login is added. As such, it will request the "know who you are on Google+" and "List of people you are connected with". A few notes on this:
The user has control over which people they share with you so if they don't want to share this information, it's within their control.
If you're interested in the information in the future - using the existing connections people have is a great way to make your site better - the access will be available to you.
If you still feel you should be able to just request the user's profile, please add a star/feature request to the issue tracker here:
https://developers.google.com/+/
The more information regarding why you want to do this and the clearer your request explanation, the better!

Related

Facebook Graph API User object subscriptions Whitelisting

in my iPhone app, I implemented the Facebook API, to piggy back on their user identification.
Now, rather than polling Facebook every once in a while to see if the information of a logged in user has changed, I would like to use the 'User object subscriptions'. From this document I learned, that I have to create a Callback URL (done, and tested), and that my app needs to be Whitelisted.
On developers.facebook.com/apps/ I can't find a way to apply for being whitelisted, and Google doesn't seem to be my friend anymore.
I hope you are.
The docs are stating
...some of these objects may require your app to be whitelisted by Facebook for access.
Basic Realtime Updates should work without any whitelisting involved, at least they do so for myself.
Whitelisting your app is not always easy to do, as certain APIs are meant to be quite restricted at a developer level. You can find further information about whitelisting here if you have not already done so.
As far as whitelisting, in your case I believe it just a matter of your app settings and IP whitelisting, which you can find more information about here .

How to let users login with Twitter AND Facebook (Firebase/Firefeed)

I am working with the Firefeed app (based on Firebase) and I am wondering how I can give users the option to both login with Facebook and Twitter.
I correctly set-up my firebase but I guess the issue is that I either use
authClient.login("facebook");
or
authClient.login("twitter");
How can use both to give them the choice? I know, its probably a beginner questions. :)
Many thanks!
I'm not quite sure what you're looking for here. If you want to allow people to log in with either option, then you can simply have 2 buttons, one that says "Log in with Twitter" and one that says "Log in with Facebook".
If you want to have an account system that merges multiple social accounts into a single account on your system, so that users could log in with either system and access the same data, this is a little more complex. There's a thorough answer here:
How can I login with multiple social services with Firebase?

Can we add Twitter permissions on demand in an iOS app?

We are making an iOS app that has two points of integration with Twitter:
1. User can use Twitter account to login (or FB account or just email/password)
2. User can share his freshly done work to twitter (just post a tweet)
So for some users we need a read/write access to twitter, but for some only minimal permission for loggin in would be enough and I wouldn't like to scare users away by asking for a write permission on the first login, when they might not even realize the app can share their work to Twitter.
Is it somehow possible to request only login permissions on first start and tweeting permission only on a first Tweeting need?
P.S.
We are not going to use the built-in iOS sharing sheets, because they are good only for sharing to either FB OR Twitter OR elsewhere. We want to offer sharing to Twitter, Facebook, Email and maybe somewhere else simultaneously, in a foursquare app style
I'm not familiar with the recent changes, but I believe that the permission is the one you set in https://dev.twitter.com/apps. So no, you can't do it. I don't think you can do that on facebook as well.
(sidebar: twitter's documentation now is complete mess. I can't find any useful information there)

Why do iOS apps recently change authentication method?

Recently I just notice how Path, Pinterest, and the like change the way they authenticate their users. Currently it seems that they require us to create an account associated with Facebook or Twitter. I could not understand the reason behind this. Is there any security concern for them to make this move?
Why is simple authentication with Facebook and Twitter not enough?
I think it is about giving the site more control over their future and the relationship to their users.
If they have their own account system, but allow the users to link it to Facebook or Twitter, that link can later be changed if the relationship with those providers turns sour.
The big reason is that they don't have to take any risk with handling passwords, etc. which can get hacked. They are offloading the security of user accounts to bigger partners, so they don't have to worry about it.

How to delay asking for Facebook timeline post permission until it's needed, with Omniauth?

For my site, I'm using Omniauth for Facebook authentication, and use Koala to access some misc. data about users.
The site hosts user generated content that's pretty visual, and I used to just use Facebook like button to let people share their content preview to Facebook. However I realized that, due to the nature of the type of content, it's better to post the preview as a photo on their albums (and this is what users want).
However, I don't want to scare away people who just want to try out the service by suggesting them with the permission request to post photos to their timeline when they sign up. Ideally I would want to start out with a default permission with no extended permissions, but let users opt in when they want to share for the first time.
How can I do this? I have read both Omniauth's and Koala's documentations but couldn't find one that describes this particular situation.

Resources