I'm building a device that displays notifications to the user through an LCD. It connects to your computer through Bluetooth and connects to the web through a Java application which sends a request to a php script held on my server. This PHP script then uses a Facebook access token to read the users mail box and notifications to find unread counts and sends it to the device.
I was looking at Facebook's documentation on read_mailbox and manage_notifications permissions and found they had 'limited use'. They said,
This permission is granted to apps building a Facebook-branded client
on platforms where Facebook is not already available. For example,
Android and iOS apps will not be approved for this permission. In
addition, Web, Desktop and TV apps will not be granted this
permission.
See here for full documentation.
They say these permissions are only granted to Facebook-branded clients where Facebook is not already available however what exactly does this mean?
Related
I'm trying to build a plugin for a WordPress App, that uploads file to the users Google Drive space. I don't want the end user to create the Cloud Console Project. but rather just have him give consent so the plugin can access the needed data from his Google Drive account.
When I create OAuth 2.0 Client IDs in the Google Cloud Console (Web Application), Google asks for Authorized JavaScript origins and Authorized redirect URIs. Since the plugin will be portable and can be installed on different websites I can't define this.
How can this be solved that an OAuth2 Authentication by the user can be done, without knowing the URL where the app is running?
Thanks
You cant. Redirect uri must be configured properly, to point webserver the code authorization is running on.
You will need to instruct your users in how to create their own client.
Also as this is a WordPress application, you would need to share your client id and secret with the users. This is also against googles TOS.
possible workaround.
If you put up an authorization server on your own server. The users of your app could then login though that. A refresh token will be returned to their website running your app and stored locally. Your code could then run using the refresh token to access their data.
However you are then going to be responsible for verifying an app with google drive scopes.
I'm currently building a web application that works with the Gmail API. I'm waiting for approval from Google's security team to have a proper OAuth connection, but I noticed that users can pre-approve your application by searching within the API Controls settings by your App ID.
This setting is located in the Google Account via: Admin Panel > Security > API Controls > App Access Control.
I noticed that if a user does this before they try to connect your app it doesn't go against your 100 account limit within Google Developer Console while in beta.
My question is, could you have this as permanent solution to get around the Google OAuth application if Google never approves you? Of course, through this method the user is still giving permission, just curious if this has been done by anyone before.
Yes, this is allowed when all your users are Google Workspace users, and is listed under exceptions to verification requirements here: https://support.google.com/cloud/answer/9110914?hl=en. If your application is meant for a broad set of users, completing app verification is necessary.
Yes, this is allowed when all your users are Google Workspace users, and is listed under exceptions to verification requirements here: https://support.google.com/cloud/answer/9110914?hl=en. If your application is meant for a broad set of users, completing app verification is necessary.
Help
I am thinking of implementing a project using Alexa Skills Kit.
I couldn't figure out if its possible to open any random app in my mobile and get information from it and alexa to read that information for me.
For ex, is it possible to program alexa to open UBER in my cellphone and read to me how far is the driver ,How much is the fare etc ...?
You cannot open/launch a mobile App from an Alexa skill. The closest you could get would be triggering a push notification.
However, your sample use case is possible because Alexa can communicate with other APIs and this data is available through the Uber API. See https://developer.uber.com/docs/v1-requests-current
The user would need to perform the following steps to enable the feature (steps can be performed in either order):
When logged into your website/app, the user links their Uber account with an OAuth login, which allows your website to access the Uber API. (Access tokens must be stored on your website NOT in your phone App)
Enable your skill in the Alexa app/website and link to the user account on your website by logging into your website with OAuth.
Unfortunately, two OAuth steps are almost certainly required in this case, one to link Alexa to your website, and another to link your website to Uber, as per https://developer.amazon.com/public/solutions/alexa/alexa-skills-kit/docs/linking-an-alexa-user-with-a-user-in-your-system, noting this line: "Your service redirects the user to an Amazon-specific URL and passes along the state, access_token, and token_type in the URL fragment." (In theory, Uber could setup their OAuth process to allow directly linking your skill to their account, but they would need to specifically support it.)
Note that Uber has actually already enabled this type of functionality in their Uber Skill. See https://devblog.uber.com/alexa-your-uber-is-arriving-now/
Your skill would need to be integrated with an application on your phone. For example, the skill could update a database on a server that the phone application periodically polls.
We have an existing Android and iOS application that consumes REST API from our servers. The API provides a token to the authenticated users after they log in using their credentials (username, password combo.) from the mobile applications.
Now, we're planning to create a Google Glass application for the same. In this case, we'd like to use the existing REST API along with Glass also. The Glass app will be built natively using the GDK.
My concern is, how would the users be able to input credentials? Because, users may have signed up for the service using non-google accounts?
Many thanks in advance.
At the moment, there is no supported way for apps made with GDK Early Access to authenticate the user or provide a way to connect the Glass account to your auth system. The Glass team has indicated such methods are coming, however - the Strava Cycling app, for example, does this, and it is expected that a similar feature will become widely available as the GDK matures.
Strava Cycling appears to get its credentials at the time you setup the app through MyGlass. When you turn it on it redirects you to a website to log into Strava's service before completing the install.
I just gave a talk on this exact topic at Wearables DevCon. The solution I proposed is purely done through GDK. All the user has to do is sign into their Google Account on a phone/tablet/computer and enter a code that is shown on Glass.
Check out the slides here:
https://docs.google.com/presentation/d/1NepYwlKdEvLV0QH9ix2I8l-JY1kHjBR9AXKBNpgTI6g/edit
And the code here:
https://github.com/victorkp/GlassWebNotes
The latest Glass release (XE16) publishes the remote authentication API for apps distributed through MyGlass:
https://developers.google.com/glass/develop/gdk/authentication
I'm running a Django app, and I'd like to make a Chrome extension to allow users to post content. My users can sign in via Twitter, Facebook, and Google (via python-social-auth). I presently do not require accounts to have passwords, so there's no way to log in outside of the oAuth2 methods. How can I authenticate users in the Chrome extension to allow them to post?
The workflow would be something like this:
Install Chrome extension
Authenticate with my site, which has no password-based user accounts
Interact with my API (w/ authentication also via separate oAuth2 consumer, presumably)
I was able to read the user's session cookie from my site's domain and interact with my API w/o a problem.