I'm using Pusher to add realtime functionality to my app. Is there a way to provide my users with realtime functionality through an API? I'm using private and presence channels, so connections to these need to be authenticated. Has anyone worked with Pusher and provided some sort of API to their users?
I'm doing this using Rails 3.1.
The solution here is to give the users you want to be able to access your data your app_key (not app_secret). They can then connect to Pusher and try to subscribe to your channels. They'll need to use JSONP authentication which makes a call to your server where you can authenticate the request to the private or presence channels.
Pusher.channel_auth_endpoint = 'http://yourserver.com/pusher_jsonp_auth';
Pusher.channel_auth_transport = 'jsonp';
var pusher = new Pusher('YOUR_APP_KEY');
var channel = pusher.subscribe('private-your-channel');
channel.bind('your_event', function(data) {
// do something here with data
});
In your authentication you'll need to check the referrer (domain) to see if you've given them access to your data along with what they are subscribing to.
You could also wrap this JavaScript up in your own library so that a subscription_error (authentication error) disconnects the client from Pusher.
Hope this helps. You can always drop an email to support#pusher.com too.
Related
I'm using Slack Bolt JS api. Can successfully install apps into slack workspaces following the http://example.com/slack/install URL. I'm trying to integrate this into a SaaS. The question is how to distinguish Slack app installations and how to determine which Slack app installation belongs to which of the SaaS user? My guess is that some information should be injected during the OAuth flow, but now sure how to do that using Slack Bolt SDK.
const app = new App({
installerOptions: {
installPath: '/slack/install',
redirectUriPath: '/slack/oauth_redirect'
},
// token, etc
});
seems like you need to implement authentication with OAuth and your own installationStorage. Take a look this doc
The basic steps that you need to cover are:
You need to start you app with SLACK_CLIENT_ID, SLACK_SECRET_ID and SLACK_SIGNING_SECRET
Include your custom callbacks to handle app installation (installationStore option).
In the above example, you will need to replace database.set and database.get by your own database query, server API or something else. Here you can see a full example.
After this setup, slack will call your app from many different workspace and the correct token will be recovered thowth installationStore.fetchInstallation. This will happen before call the event or message handler.
PS: You should not include token in the initialization of the app. It will be set later.
I'm currently using Cloud Firestore as my backend for a mobile app. I've got basic payments working with Stripe with cloud functions programmed with node.js, however, when setting up for Stripe Connect, the process requires a redirect uri (which I input in the settings of my Stripe account).
I have very little experience with redirects and callbacks. What is the address that I can use as a redirect uri? How does this address get established?
It would also be great to hear your thoughts on how I would go about capturing the information from the redirect through a firestore trigger (node.js).
Any help would be much appreciated!
Thank you.
One solution is to use an HTTPS Cloud Function.
As explained in the doc, "after you deploy an HTTPS function, you can invoke it through its own unique URL.". The URL will look like: https://us-central1-.cloudfunctions.net/stripeWebhook and you just have to declare it in your Stripe settings.
In the Cloud Function, you will be able to get the values passed to the body of the HTTP request, as follows:
exports.stripeWebhook = functions.https.onRequest((req, res) => {
const orderId = req.body.data.object.metadata.orderId;
const sourceId = req.body.data.object.id;
const sourceType = req.body.data.object.type;
....
});
and also to write to Firestore, in order to update the record corresponding to the paiement. You may watch the following official video for an example:https://www.youtube.com/watch?v=7IkUgCLr5oA&t=1s&list=PLl-K7zZEsYLkPZHe41m4jfAxUi0JjLgSM&index=3
It is not immediately obvious how one would go about adding Network Traversal Service if you are using Twilio Video.
The example of using the Network Traversal Service here shows token creation using :
var client = require('twilio')(accountSid, authToken);
client.tokens.create({}, function(err, token) {
process.stdout.write(token.username);
});
However the basic video example here shows a completely different method of token creation using the AccessToken lib.
var token = new AccessToken(
process.env.TWILIO_ACCOUNT_SID,
process.env.TWILIO_API_KEY,
process.env.TWILIO_API_SECRET
);
Twilio developer evangelist here.
The Twilio Video service actually uses the Network Traversal Service under the hood, so you don't need to worry about adding it in yourself. The AccessToken method is the most up to date version of granting access to the client side SDKs, so I would continue to use that.
Let me know if that helps at all.
I'm pretty new to Meteor and a total beginner with the Twitter API. I am creating a simple application in Meteor for demonstration purposes only. I need to be able to search Twitter for a specific hashtag. I just need to be able to get the tweets using that hashtag and display them in a list. Super simple.
I've registered my app, received keys and such. I just need to see an example of the code flow from starting before Oauth to receiving the results of the Twitter search.
I will be running this app locally and just need to be able to send a GET request and receive a RESTful response.
I have seen documentation about how jQuery isn't supported due to security risks. Since my backend is JS I need to be able to do this with JS.
Can anyone suggest documentation on how I can do this where I can see code examples?
Since the v1.1 of Twitter API (may 2013), it's not possible to search without being authorized using OAuth.
If you want to do it client side in a simple way, you may want to use OAuth.io.
I've just made an example in jsfiddle to make a simple search using Twitter API
The code is quite simple:
//Initialize the SDK with my OAuth.io public key, then display the OAuth authorization form
OAuth.initialize('YOUR-PUBLIC-KEY')
OAuth.popup('twitter', function(err, twitter) {
var search = encodeURIComponent("#oauth.io")
twitter.get('/1.1/search/tweets.json?q=' + search)
.done(function(data) {
console.log(data); //your search results are in data
})
})
Good question. You are correct, the Twitter 1.1 API requires oAuth tokens even for simple GET requests like the one you need. Yeah, requesting an oAuth key and secret from the twitter dev site can seem like overkill for a locally running project, but it's required for every one of their API endpoints.
Once you have the oAuth consumer key and secret, you are all set to make your API calls. Casual googling on the twitter dev site suggests that sending oAuth creds via JQuery is not supported by Twitter for security reasons. You can read more about that here.
I am not sure what you need to do with the Twitter data, so I'm not embedding any code samples for oAuth. In the mean time, check out how oAuth works as you think about how to implement your solution. PHP? Python? Ruby? Perhaps these oAuth code samples from Twitter are a good place to start?
There is a meteorite library intended to get around this exact problem.
https://github.com/subhog/meteor-twit
You can follow the documentation for use:
https://github.com/ttezel/twit
Below is some example code:
if (Meteor.isServer) {
Meteor.methods({
twit_get: function() {
Twit = new TwitMaker({
consumer_key: 'foo',
consumer_secret: 'foo',
access_token: 'foo',
access_token_secret: 'foo'
});
Twit.get(
'search/tweets',
{
q: 'banana since:2013-12-11',
count: 10
},
function(err, reply) {
console.log(reply);
});
}
});
}
I just got through the hello world for Pusherapp. Now I want to create private channels so users only read messages that they are supposed to read.
The Pusher docs only give some details on how to do this, and I'm kind of lost.
From the docs:
...
The Pusher JS library is returned
a socket_id when it connects to
Pusher.
When it attempts to subscribe to a
private channel, it sends back an AJAX
request to your server with the
channel_name and socket_id as
parameters.
The default URL for this is
http://yourserver.com/pusher/auth.
...
class PusherController < ApplicationController
def auth
if current_user
response = Pusher[params[:channel_name]].authenticate(params[:socket_id])
render :json => response
else
render :text => "Not authorized", :status => '403'
end
end
end
Given a unique user id (current_user.id), how can I authenticate that user then have him/her subscribe to the corresponding channel?
Thanks
This blog post on the implementation seems to explain things a bit more: https://pusher.com/docs/client_api_guide/client_private_channels
The authorization scheme is based on
the idea that, rather than
implementing custom user
authentication, and adding complexity
and state to pusher, we should trust
the existing level of authentication
offered by your application. We also
wanted to ensure that someone reading
data sent from your application to the
browser would not be able to connect
to a channel as that user, and
therefore couldn't include any secrets
in the page HTML.
Sounds like your application's business logic should authenticate the user and decide that they should access the private channel.
Their diagram shows:
Once authenticated, the app requests to subscribe the user. Pusher replies with the socket_id. Then they are connected using that.
Here's how they describe it:
As shown in this diagram, a unique
socket id is generated and sent to the
browser by Pusher. This is sent to
your application (1) via an AJAX
request which authorizes the user to
access the channel against your
existing authentication system. If
successful your application returns an
authorization string to the browser
signed with you Pusher secret. This is
sent to Pusher over the WebSocket,
which completes the authorization (2)
if the authorization string matches.
The example at the bottom of the blog post further clarifies:
Suppose you have a channel called project-3, to which users A and B have access, but not C. You'd like to make this channel private so that user C cannot listen in on the private events. Simply send events to private-project-3 and subscribe to it in the browser. As long as you're using the latest javascript (version 1.3 or above), you'll see that a POST request is made to your application to /pusher/auth. This will currently fail, and therefore the subscribe request will not be made to the socket.
So, to me this sounds like:
1) Request to subscribe is sent to Pusher
2) Pusher POSTs to your /auth method to determine if the user can access the channel
3) If your business logic allows the user to access this channel, the auth method returns the "ok" response:
auth = Pusher[params[:channel_name]].socket_auth(params[:socket_id])
content_type 'application/json'
return JSON.generate({
:auth => auth
})
I haven't used Pusher itself, but its model seems to mirror the structure of other push-based models. Hope this helps!