I'm busy with identifying my website's users via single sign on OAuth providers.
The key is email, so I would like to get a list here of services who provides email.
Twitter, viadeo, linkedin doesn't gives email even with granted access to user's details.
Right now, I'm ok for facebook and live ID.
Which other services based on OAuth are used ??
Going after big companies may be a good idea...
Google has a lot of services used by many people, there are also companies using google apps and all their employees have a valid google account! => They provide oAuth
Microsoft has MSN Live, a few years ago it's predecessor Instante
Messenger was included in Windows, also used by many people! => They
provide oAuth
Facebook has 845 million monthly active users and 483 million daily
active users users => They provide oAuth
I would go after these three as they're big players on their areas and all of them provide oAuth.
I would say the important ones are facebook, google, yahoo and maybe myopenid
Related
Sorry if my question to too naive. But i wish to find audience level information for a particular twitter handle. Lets consider #BarackObama, i wish to find his followers by gender, age, language, location etc. I used python scripts in this link https://github.com/GnipDz/Python-Insights to achieve it.
I do have access to twitter ADS API but it still shows your application ID is not authorized when i try to run the scripts. Is there a special API or addition over Ads API to achieve this? can someone guide me as to how i can do this?
Those scripts use Twitter's enterprise (commercial) Audience API. This API does not enable you to access audiences for individual users, only aggregated data for large numbers of Twitter handles. Additionally, this is not a free-to-access API so you need to have an active enterprise subscription for this to work.
I'm not aware of any programmatic way to access this data, and particularly not for any organic account - the Engagement API enables access to Tweet engagements for the authenticated account, but you're not able to access that data for other users.
According to this question: Architecture for merging multiple accounts and registering a user account
Various answers have said that using email is a good way of establishing correspondence between different accounts and then doing automatic merging for multiple account sign in.
However, twitter is a major provider that does not provide email through their oauth API.
How can we reliably and automatically establish a correspondence between a twitter account and for example Google, Facebook, Github... etc accounts? So that we can auto-merge those accounts.
I'm writing a library to help in this, so it's not really useful to say do it manually, since I would like to provide options.
There is no secure-way to automatically do it, I implemented an application with local account/Twitter.Facebook/Google and I didn't have other choice.
I suggest you to allow your users to register with one method (local account, Twitter, Facebook, Google...) and create a page in "My account" that allow them to associate other accounts.
In Twitter a user can be identified by either a name or a key, you have no way to know them unless you explicitly ask them to the user.
Moreover now in Twitter 1.1 you have to redirect your user to Twitter to approve your application and then you get the OAuth token and security key. As you can see there must be an interaction with Twitter, at least if you need to perform some restricted queries on his behalf (e.g. create a Tweet).
I am using Twitter as an OAuth provider for ASP.NET MVC 4 web site. I would like to be able to follow up with a registered user at a later date, either by email or via a tweet. Outside of having the user follow me on Twitter, do I have any other options to communicate with the user?
Here is what I unsuccessfully considered:
It appears that there is no way to get access to the email address since Twitter OAuth API does not return it.
It appears I cannot send a direct message unless a user
follows me on Twitter.
"Read/Write/DirectMessage" permissions seem
too intrusive -- all I want to do is send a user a message that a
new product is released -- I don't need any of the write
capabilities that this level of permissions provides.
To recap, if a user used Twitter to sign in to my website, what are my options to contact that user at a later date?
Thanks.
Twitter's solution for this sort of person-to-person communication is the Direct Message, however, Twitter has (rightfully) decided that both parties need to consent to this channel being available. This decision is intended to reduce the amount of spam in the Twitter ecosystem.
Posting public tweets that mention the username will get your users' attention, but it is also broadcasting their relationship with your company to the entire Twitter ecosystem. You will, essentially, be advertising their relationship with your company without their permission. This approach will bring you headaches sooner or later.
Email is probably a better choice for the sort of announcement to existing customers.
This is a very high level question, to a high level answer too, so I'm just looking for some pointers on the right direction.
Let's say I want to build a web application to manage a user's Google Contacts. I understand this is done by allowing the user to log in with his Google Account while asking for permissions to manage his Google Contacts. So far so good.
Now I want to expose my own API layer for external browser extensions, Android clients, etc. But while I want the API clients to authenticate against Google, I don't want the applications to have full access to the user's Calendar, as the Secret Token is stored on the server.
So, how is this typically handled? I would like to do it by the book as much as possible, without having to implement a lot of security code.
Btw, while the question is too high level, feel free to point me to technical docs.
Thanks
Limited access to the user's resources can only be guaranteed by limited OAuth scopes:
https://developers.google.com/gdata/docs/auth/oauth#Scope
Some APIs, for instance the Contacts API, only provide a single scope which gives you access to all the data. In cases like this, the user can only choose between giving you access to all his contacts or none of them.
Other APIs expose different OAuth scopes, allowing the developers to only request access to a subset of the user's data. A good example of this is the Google Drive API, which has 5 different scopes for the developer to choose from:
https://developers.google.com/drive/scopes
I have a little app that mines data on social networks and returns interesting results (e.g. the latest conversations around a certain topic). However, the front end requires that the users connects with the various services first via oauth, before these services' APIs can be scanned.
I would like this process to be automated on the server, so that a person using the app does not need to auth with Twitter, Fb, Linkedin in etc just to get results from those services. Is this possible?
No. This is not possible. The OAuth specification requires a user to first authenticate with the service and then authorize your application to request data on the user's behalf.
For twitter there is a hack: search, search, search! and 'connect' the tweets yourself :-)
This hack works for apps like http://jetwick.com