Getting user Email Yahoo Oauth (using Scribe-Java API) - oauth

Trying to access user profile from Yahoo using Oauth system and for that i am taking help of Scribe-Java API
its working fine except one issue whcih i am sure not related to the API i am using
In my yahoo profile i have following settings
Yahoo! Email --->amy_yahoo_id#yahoo.com
Email--->other_id#gmail.com Primary - Change
So what i am getting back is other_id#gmail.com which means i am not able to get correct information of the logged in user.Once i am able to get guid i am sending the request to following URL
http://social.yahooapis.com/v1/user/guid/profile?format=json
any way i can get the yahoo mail id to which user is associated in place of other id even if that is set as primary or along with any other email id all i want is to get the yahoo mail id of the user by which he/she logged in to the system.

Is there any specific reason you must get the yahoo account's email?
I also facing the same problem as you earlier.
After think over, primary email means to be the contactable email for the user.
So may be that's why yahoo make it that way.
Of course it will be good if they can provide one more email which is account's email.
But if you just want to have unique identifier, we can use the guid.
So may be you can check again, does your requirement must have the account's email?
or you just need an email where user set primary because they preferred to be contactable by that email?
Now I will just make use of the primary email return from Yahoo for my OAuth

Related

How do I save a user to a database after OAuth with Google Sign In API?

My question is similar to What data can I save in my database to verify a user with Google sign in API?
I've built Google Sign In correctly and I get a response from the API like this:
{
"iss":"https://accounts.google.com",
"at_hash":"xxx",
"aud":"xxx.apps.googleusercontent.com",
"sub":"xxx",
"email_verified":true,
"azp":"xxx.apps.googleusercontent.com",
"email":"xxx#gmail.com",
"iat":xxx,
"exp":xxx
}
The SO link above says to save the sub field as this is a unique identifier. I can save the email/sub no problem. My question is: How do I allow this user to sign in next time with an email/password form, if they choose to do this, versus OAuth? I guess I could force them to sign in thru OAuth, then verify they're signed in and have them create a password, but I don't know if that's the best way to do this.
The "sub" parameter is only guaranteed unique for the "iss" parameter. So the combination of "iss" and "sub" is globally unique.
If you MUST store a password you will need to ask the user. Some apps put in a random-complex password for every user as some application frameworks require a password. This may be helpful if they forget they used Google to sign in for you to do you due diligence in assigning a temporary password for the user with the email address.
You should of course consider that the email address is globally unique at any given time, but could be reassigned in some cases.

how to get facebook user id or user name with email id

I am developing a MVC project where I am trying to get the user id or user name from the facebook by using the email id provided by the user,
actually i want to fetch the photo of the user, which can be done using
graph.facebook.com/user_id|user_name/picture
where as i have only have the user email id.
with a little surfing on net i found that user name or user id can be fetched by using
graph.facebook.com/search?q=emailAddress&type=user&access_token=ACCESSTOKEN
but i was not able to get the access_token.
Also referred
developer facebook page
and also this
Any help or direction to work will help indeed.
Basically i understand that i need a access token to get the details.
So how do i do this in my MVC application
As you can read in the Search API docs, you can only search for Users by name, but not by E-Mail. It may have been possible in the past, but it is definitely not possible anymore.
Also, for searching by name, you need to use a User Access Token. You only get one by authorizing a User: https://developers.facebook.com/docs/facebook-login

Implementing normal user/pass, Twitter & Facebook auth

I have created a public facing website which allows you to login using a username/password, or with Twitter, or with Facebook.
When logging in with Twitter for the first time (for example), a user is created in my database with a nickname matching the Twitter screen name. I want this nickname to always be unique.
The problem is that in some cases a user with that nickname already exists, so the user can't be added. I am unsure as to the accepted approach for this problem, the only solution I can see so far is to ask the user to override their nickname, but this doesn't seem too elegant.
The reason the nickname needs to be unique is not a code issue, but an interface issue, for example there are forums and I want each user to be uniquely identified by their nickname.
Are there any other methods anyone can suggest for dealing with this problem?
Edit: At the request of some of the replies I will clarify an example:
Lets say I have a user named Joe Bloggs who is a member on my website. He is not a member of Twitter or Facebook. His nickname on my site is JoeBloggs.
Then, another Joe Bloggs comes along, and wants to sign in with his Twitter account. His Twitter name is JoeBloggs, so when he signs in with Twitter, my system attempts to automatically set his nickname to JoeBloggs. However, this nickname already exists. What is the normal or best practice in the cases where nicknames like this overlap? The only thing I can think of is to prompt the user to specify a different and unique nickname (just for display on my site).
The reason I ask is that this must be a common issue for sites which let you login via Facebook, Twitter, Yahoo - there must be an overlap in the names which are returned from said websites, so I wondered what the normal process is.
Could you use the Twitter API to confirm they really are the Twitter ID they say they are, and if no Twitter account, allow them other means to authenticate (Google+, Facebook, LinkedIn, old school username and password)? Allowing users to login with a Twitter ID that they don't own seems like asking for a world of hurt.
Maybe you could try and change the database itself - get a field like 'nickOrigin', allow there values like '[yourSite]', 'twitter', etc., and only allow new entries if no entry with the same nick AND nickOrigin exists. Execute a query to modify existing users to have a nickOrigin of [yourSite], and things should be backwards compatable, or at least I imagine them that way :)

I Forgot What Twitter Account I Registered API App In - How Can I Find Out?

I registered a Twitter API app, and it works fine. I have just one little problem: I can't remember what Twitter account I was logged into when I created it.
I tried to re-register the same app in another Twitter account, but Twitter seems to be rejecting it because the "Application Website" is already used, and Twitter won't let me leave that field blank,
Any idea how I can find out what Twitter account I was in when I registered the app?
Thanks in advance,
John
For single-user use cases, if you look at the value of the OAuth access token, it will have the form:
nnnnnnn-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
where n is a decimal number, and x is a base64-encoded character. The decimal portion of the access token, up to the hyphen, is the Twitter user ID that the app was registered under. To get the actual user info, run the following query (substituting the number from your access token for the nnnnnnnnn below.)
http://api.twitter.com/1/users/show.xml?user_id=nnnnnnnnn
This may hold in multiple user scenarios as well.

How to uniquely identify someone in oAuth

I'm currently creating a web app using Google's oAuth. I was wondering how I can uniquely identify an authenticated user so I don't accidentally add duplicates.
Doesn't Google give you other unique params like user name or user ID?
For example, Twitter and Facebook, give you user name and a unique url that identifies user's profile picture. If you save that params on server-side you can identify user next time that he comes on your site.
The best way to do this would be to use OpenID with the oAuth extension (aka hybrid).
I am currently using OAuth exclusively and I am requesting the https://www.googleapis.com/auth/userinfo#email scope as described on http://sites.google.com/site/oauthgoog/Home/emaildisplayscope to get the email address of the authenticated user. I am using the email address to uniquely identify the user. This should be good enough for now.
Edited:
According to a recent Google developer comment (https://groups.google.com/group/oauth2-dev/browse_thread/thread/cf5c137f872f9932), they are currently working on this problem, but for anything production ready, you should use OpenID authentication.
You should save somewhere the user_id you have for your users in your site, along with the corresponding access_token and access_token_secret.
Then you can query that table (or wherever you save that information) with the user_id and obtain the proper tokens
Regards

Resources