In Facebook API, when we fetch user information we can get profile picture.
The URL is like this:
https://graph.facebook.com/{some_app_user_fb_id}/....
Using this URL, anyone can get the facebook id of the user and can get the facebook account of the user.
My question : Is there any way to make the profile picture URL secure in facebook API or something where no one can make out the original account of the facebook without uploading the profile picture to some other place ?
Similarly I want to ask about google plus profile picture.
The URL is something like this:
https://lh3.googleusercontent.com/{some id}/{something here}/{something}/{somethingelse}/s11-c/photo.jpg
Google picture seems to be more secure, and I don't think anyone can access the main google plus account or gmail email using this picture URL.
2nd Question: So is google plus profile secure ?
Related
i am working on a new project, and i want to get all user photos in facebook by providing an email address using the facebook graph-api.
I tried to search for some information for how to do it, but with no luck.
Is it possible to implement this?
You can only get photos of a user by authorizing the user with the user_photos permission. After that, use the /me/photos endpoint. There is no way to get photos (or any data) by email.
I'm using the Google Admin Directory Users endpoint to retrieve all the users in our company's domain. The request is working as expected and I'm receiving the full list of users.
But a large number of users are missing photos. The thumbnailPhotoUrl property is present on each user entry, but following the URL leads to
https://ssl.gstatic.com/s2/profiles/images/silhouette200.png
which is the default avatar, for a large number of our users.
However:
If I go into Inbox and send one of the users showing the default avatar an email, their profile pic appears when sending the email
And when the user logs in to our app using their company email (using
Firebase Auth), their user response contains a public URL for their avatar
And if I log in to G Suite Admin and view our users, the majority of them have avatars. Only a small handful of users show the silhouette avatar.
Also, the docs state:
Note: In this version of the API, a photo is the user's latest Gmail Chat profile photo. This is different from the Google+ profile photo.
From the accounts we've viewed, all users have Gmail Chat/Hangout profile photos.
So it seems the users have photos associated with their account. Why are the photo URLs in the Google Admin Directory showing the default avatar? And not the user's uploaded photo?
I ran into this today and found your question while trying to solve the problem. I think I have the answer!
The thumbnailPhotoUrl property in each of the user profiles that leads to silhouette200.png starts with https://www.google.com/s2/photos/private/ followed by a long id string.
On the other hand, any user profile that returns a valid photo (instead of redirecting to the default/anonymous photo) starts with https://www.google.com/s2/photos/public/ ... like my Google Apps/G Suite profile photo.
I discovered fairly quickly that if I am logged into my G Suite account in the browser where I try to view those thumbnail photos, they resolve as expected with actual photos instead of silhouette200.png.
So: to display G Suite user photos in a custom app, the app user needs to be logged in with a G Suite account that is authorized to read other G Suite domain users' private thumbnail photos
or
your app will need to proxy the photo request in order to return the actual thumbnail.
Of course, please do consider user privacy expectations and
regulations; the fact that the profile photo is private usually
indicates that the user did not set their own profile photo but had it
set by some external application or sync process. (As far as I can tell, when a user
sets their own profile photo using My Account or About Me,
it is always made public.)
Adding some documentation reference to help define the ultimate purpose.
Google API part is here.
Parameter viewType() defines what part of the user profile is returned which in turn depends on GSuite Directory settings. This parameter also defines the level of
authorization when using the Google API.
When using a third party app as defined here, more elements come into play.
In the end, thumbnails appeared...
Direct access to profile pictures via the Facebook graph API has recently stopped working and appears deprecated. Apparently, this now requires an access token (which requires the user to login to FB first)...
https://graph.facebook.com/{user-id}/picture?redirect=false&type=large
I'm developing a web application in JavaScript, unrelated to Facebook. I would like to offer users the option to use their FB profile picture for posts. They provide their numeric user-id which I save on our server. Until recently, my client app could use the numeric user-id in the above URL to produce a JSON response with a link to the user's profile picture.
Is there an alternative approach to getting a user's profile picture without first requiring the user to login to FB to get a client-side access token?
If They (the users) provide their numeric user-id means that you're using Facebook Login, and they at least gave their public_profile permission to your app, you can just add the App Access Token to the request and it should work.
https://graph.facebook.com/{user-id}/picture?redirect=false&type=large&access_token={app_access_token}
If you don't use Facebook Login, I see no chance to be honest.
So I was going through Instagram's API and I implemented it. However it isn't as useful as I thought it would be because when trying to get and OAuth2 token a user is taken to a page to authorize them in what looks to be and effort of insuring that the user realizes that they are about to view and share Instagram content with my application. This all makes sense to me although not ideal. You can find it in detail here(Step One: Direct your user to our authorization URL).
Then I saw this press release from a company called Celtra who says they can pull the the most recent images off any Instagram feed and put them in an Ad. I checked it out and somehow they are pulling the images of other companies without this authorization page I am encountering. Basically without page scrapping I don't know how to do this with Instagrams API, and I realize scraping violates Instagrams terms of service. Does anyone have this functionality, where I can pull down images from Instagram and not take a user to an authentication page working legally as I am assuming Celtra is doing? Guidance or documentation on how to achieve this would be ideal.
Instagram recently added an endpoint that will allow you to any instagram account's photos without oauth or needing access_token, you can specify client_id and make API call to get photos.
Just register for an app account at here and add the client_id to this endpoint and make call:
https://api.instagram.com/v1/users/3/media/recent/?client_id=YOUR-CLIENT_ID
You only need access_token to get users' likes, follower feed and to like/comment/follow.
update: you need to have access_token with the new API changes, cannot
access API with just client_id anymore
To do this simply, you could authenticate your app from a dummy profile or your own personal profile and then use the access_token to request the feeds of any account. Then, when an end user goes to use your product, instead of authenticating them, you can just pull content from the Instagram API using your access_token.
I have some questions about facebook pages and their access tokens.
Right now i am trying to build a mobile app for my band and i want to have a function in it that allows users to either take a picture or choose from the phone gallery and upload it to our fanpage on Facebook.
What i have understand when reading about this is that i can make an fb app and set the extended permission to manage_pages and then get the page access token from the page that i am admin for.
Well, every user of the mobile app wont be admin over our fanpage......
So i wonder if there is some way to get the fanpage access token and let user upload pics to our fanpage.
OR if you have any other way of doing it let me know.
I am building with appcelerator Titanium so i use javascript.
If you have an answer for this please explain like i am 6 years old.