I'm working on a rails app that powers multiple facebook apps (serving them via iFrame) and allows users to install / customize the different apps from an admin area in my app.
I'm using the Facebooker2 gem and noticed that I can only specify one app_id and app_secret in the Facebooker.yml config file. Any tips on how I can modify it to support multiple Facebook apps.
My first thought would be to store the app_id's and app_secret's for my apps in the database then have Facebooker dynamically load them accordingly from there.
Any advice would be much appreciated!
Well I have worked on this problem before, the way we did it was to store the facebook credentials in a database, depending on the customer we had a before_filter in our controller which would switch the configuration as needed. I hope this helps as a starting point. I can elaborate more if you need me to.
Related
We have an Google client App which we are using in production currently and now we need to add a new scope(https://www.googleapis.com/auth/gmail.send) to it which is a sensitive one. For this we need to apply for verification and I am confused with the steps to do it.
The documentation says:
Show that the OAuth Consent Screen correctly displays the App Name.
Show that the URL bar of the OAuth Consent Screen correctly includes your app’s Client ID.
If my App is currently in production how can I add a sensitive scope to it and create a video?
Is there any way to create a video without taking my App off production in this scenario?
I went through this and this but didn't get the proper info for this scenario. But I feel this is very generic case and most of the organisations would have faced this.
If my App is currently in production how can I add a sensitive scope to it and create a video? Is there any way to create a video without taking my App off production in this scenario?
Your going to have to add the new scope to your project on Google cloud console, and then create the video showing your application using the sensitive scope as instructed.
make sure your browser window is sent to english
run your application and show the consent screen where it displays the scopes
and make sure to get a shot of the URL bar where your client id is displayed in the url.
Unfortunately this will probably knock your project out of verification and impact the fact that your application is currently running in production. As far as i know Google does not have any guidelines to existing verified in production applications requesting additional scopes.
If your issue is with development google recommends having a second project that you can use in the testing stage to develop on your application and then move to the new client when you are ready to go to production. This does not however answer how to request additional scopes without breaking your production client.
I am going to contact Google directly for some advice. I will let you know if i hear anything.
I've built multiple Rails/React applications for my company (all in one using Rails 6. Rails renders json to React).
All applications will be on the same domain and eventually, access rights will be done via VPN. For now, I would like to build a Single Sign On app that would give a list of apps to choose from (Accounts, Dashboard, Audits, etc). Based on the users credentials, they may or may not have certain privileges on these applications.
I appears that the Doorkeeper Gem is the way to go and that the SSO app would also be using Devise for User?
I should add but not sure if it makes a difference. Some of the apps are Rails MVC only. Others use Rails api and React frontend.
And do I create a 'portal' app with just User and devise?
Here's a wireframe of the setup:
I am using rails 4 and developing my first API. The API will be used solely for our android and ios apps to communicate with the rails app / database.
I am struggling to see the difference between API authentication and user authentication when it comes to an API. It seems people use these terms interchangeably.
I want my api to be secure, meaning only the apps can submit http requests, but I also want users to be able to log in. And when I say users, I mean app users... not outside clients who are accessing our api (we don't want this at all).
Would love if someone could clear this up for me. I may just not be thinking about it in the right way, therefore confusing myself.
So to break it down, these are the two things I need to be able to do:
secure the api of course... making it so only the mobile apps can access it
users are able to log in and access their profile, resources that belongs_to to them, etc. When users aren't logged in, they still need to be able to see the index and other pages that don't require a logged in user.
thx!
Have you heard of JWT? It's a good option to hadle users with the app and rails api separated.
Gem for jwt in rails: https://github.com/nsarno/knock
I am exploring facebook integration with my rails app and wondering what is the best practice for rails applications.
1 - Is js sdk the better route or the facebooker gem? I would like to allow users to login via facebook, post content/links to their walls, see friend activity in the application, invite fb friends, from the rails app etc.
2 - Can either of these methods be tested locally or do I need a hosted internet app?
3 - I already do fb authentication for login using janrain/rpx-now via authlogic-rpx plugin. Will this have any conflict with the facebooker gem or the fb js sdk. And..in order to use the fb pluging/js sdk/facebooker etc, is it required to do the authentication via those methods or can I authenticate via rpx/janrain but access feeds/friend activity etc from the facebooker gem/js sdk etc?
Thanks
1) I often use both. I find most of the work to be easier using the server side SDK, but we do occasionally use the js one as well. I would check out Facebooker2, it's much more simple than the original Facebooker
2) Both can be used locally, but you do need internet connectivity to talk to Facebook.
3) If you get a valid access token, you can use Facebooker with the RPX stuff. You would need to change the way you do the client setup.
Can I use Facebooker without having to create a whole Facebook App in their Developer section?
I don't need to create a Facebook App with Facebooker, I just want to be able to create events and posts on Facebook with my own custom admin panel on my site. Facebooker seems to have everything built already, so I wouldn't want to use just a raw Rest-Client library.
Can I use Facebooker to read/write to Facebook without creating an App? I'd love to know. If not, can I read/write to Facebook without creating an App another way without resorting to either raw REST requests or page scraping/mechanize?
Thanks for clearing this up.
You have to have created an App in order to get an API key and Secret Key. You must have these keys in order to use any of the FB platform API (including Facebook connect).