I have a bunch of data in a table from users who authorized the app on my site, but the data is corrupted, I have users with profile id registered and users without this information, users with only part of the data, without names, etc.
I need to update theses data, and get the profile id for all of them, so how do I retrieve again the data from Facebook for all theses users?
There is no way to get a list of users who authorized your App, which is what you would need. You can only get the ID (or any data) the next time they visit your App. Except you have stored an Extended Access Token that is still valid, but i guess that´s not the case.
Related
Im Preplanning for project where users have multiple accounts each same as like instagram users with multiple accounts. I need to select any of the account after login token received from JWT. and when i calling api my views should display data based on the particular account.
My question is,
1.How to store the choice of the user in backend after login?
2.If i store using sessions then is that data will be private to the particular user or if i login with other user on the same tab, same session data from previous user is still visible to this user also right?
Please help on this. Thanks in advance.
I'm trying to understand what is the best way to work with facebook user login. In my app in profile section it's possible for user to sync with facebook, and store it (I'm storing facebook user id in application database), and use GraphApi with provided access token in app afterwards. At this point all is fine.
But when user back to app some time later, to run some GraphApi call he need new access token, and I do not see a way how to get that access token without running user through the same facebook authentication logic with that facebook confirmation dialog.
So the question is it possible to get access token having pre-stored user id without running user again through authentication??? It's a bit weird from user perspective to see all the time that facebook dialog after he already login with facebook and save that once. Also, if facebook require always to confirm login, it seems like from app perspective it does not make sense to store id at all (any way it's possible to get it with each login)???
Also, what if I do not want for users of my app to easily change linked facebook account, but with that facebook pop up, user each time can login through different account. Is that means I need on app side afterwards compare returned id with a stored id and alert user, that he can't change already synchronized facebook account to some other?
I'm using the Graph API, but I can't figure out how to get a logged-in users ID address.
The intro to Graph states "The Graph API can provide access to all of the basic account registration data you would typically request in a sign-up form for your site, including name, email address, profile picture, and birthday" but to access them i need user_ID so how could i get it ?
https://developers.facebook.com/tools/explorer/?method=GET&path=me%3Ffields%3Did%2Cname&version=v3.0
You need to have a token from the user, check out the given link. You can see what informations you can access if you give permission to your own profile.
This ID is unique to each app and cannot be used across different apps.
I am working on SPA AngularJS application which allows users to collaborate on projects and stores history of edits for each user. The requirement is to allow unauthenticated users to manipulate data too. Once the user registers, I need to associate her history of edits with the newly created account. The backend is Django.
What is the best option to track actions of anonymous users?
I can create “anonymous” user at the firs visit, issue JWT, store it in the browser and use to track all the user’s activity. Later on when registering user, just update her profile.
The drawback is that there is a potential to get a lot of orphaned users that need to be periodically cleaned up.
This is similar to https://github.com/danfairs/django-lazysignup, but adapted to work with https://github.com/GetBlimp/django-rest-framework-jwt.
Use JWT or cookie to track user session. Allow using session identifier instead of user key to track user’s activity. When creating real user update all references to the session with user’s pk.
Anything else?
From my experience go for solution 1. The orphan user is often not a problem because from business plan point of view it's user and the more is better.
Also having only a notion of user is really simpler. They are users who haven't fully completed their profile that's all.
I have a web application that I would like to add single sign on capability using user's Facebook or Google+/Google App account.
I have a USERS table that stores users login information. All users are required to have a record in this table no matter if they signed up using FB or Google+.
I am trying to figure out the information that I need to store in the database in order to link USERS table records to FB or Google information.
Facebook documentation states:
the app should store the token in a database along with the user_id
to identify it.
So should I create a table called SSO_LOOKUP with following columns:
USER_ID // user's id that links to my USER table
PROVIDER_ID // user's FB or Google account id
PROVIDER_TYPE // indicates if it is Google, FB, Twitter, etc.
ACCESS_TOKEN
For SSO login definitely you need to have your user_id and some basic details which allow you to connect to FB or google
provider: "it will be either FB or Google or anything in future"
token: "This token we receive from FB and Google. In case of FB it
expires after 3 months or so where as it does not expire for google
as per my knowledge"
token_expired:" As In FB token expires after a time so you can have
this flag in place if you need to refresh it after that duration"
user_id: "This is your User id:
uniqueid: "This is the Unique ID which you will get from FB and Google.
That helps to identify your user in FB/Google"
These are the minimum fields you can add and these will even help you to scale your app. In the sense if you want to pull or push data from google and FB at that time Access_token and unique_id will help you.
Also incase you want to see some publish source then you can see some of the code on github e.g.
django-social-auth
For some details you can refer google documentation and Google OAuth2
Hope this will help.
Technically speaking all you really need to store is the Refresh Token and some kind of flag type identifier that tells you if its a Facebook or Google Refresh Token. Then you can query the API for what ever information you need. Storing the User Id would be a good idea becouse if they logout then reauth you will still know who it is even though the refresh token has changed. anything else is kind of over kill really as you will be getting that information back from the API anyway when you make your calls.
You could if you want store there Name and most recent picture that might be nice to display before you have fetched there information. Then update any changes to your data after you access the API for the first time. But its basically up to you how you want to design things, and what kind of application we are talking about here.