Using django-allauth with linkedin however can't get full profile details from profile of the user.
in the settings file
SOCIALACCOUNT_PROVIDERS = {
'stackexchange': { 'SITE': 'stackoverflow' },
'linkedin':{'SCOPE': ['r_basicprofile', 'r_emailaddress']}
}
and on the account I check extra_data and get
{u'firstName': u'Samuel', u'lastName': u'Muiruri', u'pictureUrls': {u'_total': 1, u'values': [u'https://media.licdn.com/mpr/mprx/0_C1AR7HY-6mvzKOYWkCPzody-62WvzgOW5_7nWd8yaZHnlyuFFiKcIigGyxn']}, u'pictureUrl': u'https://media.licdn.com/mpr/mprx/0_dCvykIHSymsQZ-MUdbc_kWwSpuuw4-4UI5TikeHriWZsFnfR5k5KoHyO-G2vUzJBHTBCwfVnu3gN', u'emailAddress': u'muiruri.samuel#gmail.com', u'publicProfileUrl': u'https://www.linkedin.com/in/samuel-muiruri-a5235532', u'id': u'_xLBtzYkuK'}
on linkedin dev oauth page I've selected email and r_basicprofile
UPDATE
The available options for linked in oauth 2
and given rights when login in via linkedin
If on the linkedin page you’ve only given your app access to r_basicprofile you can’t get r_fullprofile. To give your app access to the full profile, give it access to r_fullprofile on the linked in oauth page.
From the LinkedIn docs
All REST API calls require certain permissions to be granted from the LinkedIn member before they can be made. This system ensures that members are made aware of what an application could possibly access or do on their behalf before approving it.
The permissions that members are asked to grant are determined based on the permissions you tell your application to ask for during the OAuth 2.0 authentication process. They can be specified within the LinkedIn application configuration itself, or they can be explicitly requested using the scope argument during the authorization step of the OAuth 2.0 process.
Related
Following the documentation, registered an application with Accounts in any organizational directory. The Tenant where the application resides is in "Default Directory" and has only one user, tiagomartinsperes#gmail.com. Also, the app has user assignment (as pointed out here) set to No
After, created another Tenant (different directory) and invited the external user me#tiagoperes.eu. That's the user I'm getting troubles logging into the previously created app.
Then, enable the OAuth2 support using social_core.backends.azuread.AzureADOAuth2 (from here).
As I try to authenticate now, it works well with tiagomartinsperes#gmail.com but with me#tiagoperes.eu gives the following error
Selected user account does not exist in tenant 'Default Directory' and cannot access the application 'a9a22676-8a1c-4297-95d3-8cd89553220e' in that tenant. The account needs to be added as an external user in the tenant first. Please use a different account.
The problem is the URL the user is redirected to. According to the docs, multi-tenant applications should redirect to https://login.microsoftonline.com/organizations.
As we see in the Python Social Auth AzureADOAuth2 class, the BASE_URL is
BASE_URL = "https://{authority_host}/{tenant_id}"
Since authority_host = "https://login.microsoftonline.com/" and tenant_id="common", we'd get the wrong url.
Changing that and signing in with the same user and now I get a request to add the permissions
Reported that issue here too.
Our app uses google Oauth for app user to sign in. We only request 3 basic scopes: profile, email and openid. We didn't request contact scope. But when user sign it, it ask user to allow this app to see and download contacts. Any help?
My application use facebook authentication to ask the user permissions to manage his ads. i use the following scope:'public_profile,ads_management,ads_management'
but in the login window it shows only public profile which will an invalid access token for the ads management.
have a look at this answer https://stackoverflow.com/a/25901780/5410373
the ads_management extended permission is only granted to whitelisted apps. So if the Graph endpoint you're hitting requires that permission then you'll have to get your app approved. Check out the getting started overview https://developers.facebook.com/docs/reference/ads-api/overview
and this answer : https://stackoverflow.com/a/24753070/5410373
All permissions except
public_profile
user_friends
email
require a review of your app by Facebook before you can use them publically. See https://developers.facebook.com/docs/apps/review/login#do-you-need-review
I am studying WSO2 API Manager. In the OAuth authorization code/implicit flow, after the user enter a valid credential in the login page. The user will be redirected to consent page like this.
When user click Approve, access token will be issued with all valid requested OAuth scopes. However in OAuth flow, application can request access to multiple scopes. Is it possible to configure/customize WSO2 API Manager consent page to present the user with the list of request scopes and allow user to choose which scope will be allowed (like Facebook) ? If it is possible please guide me to where I should look further.
Yes we do have identified this as valid requirement and created JIRA to fix this issue in upcoming identity server release. Once identity components release with this feature API Manager can use it and next API Manager release will have that. Once we have that feature you can do following changes in authentication endpoint app and get user consent for scopes.
/repository/deployment/server/webapps/ directory. You'll see the exploded directory authenticationendpoint. Then users can edit web.xml file in authenticationendpoint/WEB-INF directory and displayScopes parameter to true and save the file.
<context-param>
<param-name>displayScopes</param-name>
<param-value>true</param-value>
</context-param>
Once the change is done, you'll see an entry in the carbon log similar to Reloaded Context with name: /authenticationendpoint after a couple of seconds. The scopes will be displayed in the consent page afterwards.
Public JIRA to display scope description in oauth/oidc consent page
Thanks
sanjeewa
I really surprise when use http://www.friend.ly site. I'm login Facebook and after go to http://www.friend.ly. I'm surprise because I don't confirm extended permission but this site can get email, address... Any ideas?
My Information
Information get from friend.ly site
They are using the Facebook Registration Plugin which basically renders an iframe from Facebook's server. Due to cross-domain browser restrictions, they can't actually access any of that data until you submit the form by clicking the register button.
If you read the section on the Graph API documentation about authorization you'll see that if they're using an OAuth 2.0 access token then they can retrieve any information that you have publicly available without your authorization. You can see the examples below.
The Graph API as such allows you to easily access all public information about an object. For example, https://graph.facebook.com/btaylor (Bret Taylor) returns all the public information about Bret. For example a user's first name, last name and profile picture are publicly available.
To get additional information about a user, you must first get their permission. At a high level, you need to get an access token for the Facebook user. After you obtain the access token for the user, you can perform authorized requests on behalf of that user by including the access token in your Graph API requests:
https://graph.facebook.com/220439?access_token=...
For example https://graph.facebook.com/btaylor?access_token=... (Bret Taylor) returns additional information about Bret Taylor.
The Graph API uses OAuth 2.0 for authorization. Please read the authentication guide which provides details of Facebook's OAuth 2.0 implementation, how to request permissions from a user and obtain an access token.
Getting an access token for a user with no extended permissions allows you to access the information that the user has made available to everyone on Facebook. If you need specific information about a user, like their email address or work history, you must ask for the specific extended permissions. The reference documentation for each Graph API object contains details about the permissions you need to access each connection and property on that object.
This quote is from the facebook documentation located here:
https://developers.facebook.com/docs/reference/api/