So I want to get users email address with my server-side code.(I can get it on client side) My apps scope is set to:
"scopes":["public_profile","email"]}
What I'm able to-do at the moment is verify that the users token is valid. But I'd like to request the email as well - just to make sure on server side, that i can log the person in to my website.
I use this address to verify the token belongs to my app:
https://graph.facebook.com/debug_token?input_token=%REPLACE%&access_token=%REPLACE%
How should my request look like if I'd like to next ask for users email on server side?
Appears another option (once/if you know the token belongs to your app) is:
https://graph.facebook.com/me&access_token=USER_ACCESS_TOKEN
by default it only returns id, if you want more, ex email:
https://graph.facebook.com/me?fields=email&access_token=USER_ACCESS_TOKEN
which returns both id and email.
One solution is:
https://graph.facebook.com/v2.1/<user_id>?access_token=<your_app_access_token>
will return:
{
"id": "<id>",
"email": "mihkel\u0040gmail.ee",
"first_name": "Mihkel",
"gender": "male",
"last_name": "Lastname",
"link": "https://www.facebook.com/app_scoped_user_id/<id>/",
"locale": "en_US",
"name": "Mihkel Lastname"
}
if you need only email you can set fields=email parameter :)
You need USER ACCESS TOKEN to get user mail Id,
you can the access token from the response of API call
response.authResponse.accessToken;
Related
I created a Sign Up test in postman and linked it to my website Sign Up endpoint.
However, because Postman uses this test to actually create a user, I can only use it once. (If I want this test to work again, I need to change the email and name of the created user.)
I wonder is there a way to make this test work repeatedly?
Sign up endpoint is
http://localhost:8000/auth/users/
user test data:
{
"email": "newuser#gmail.com",
"name": "newuser",
"password": "testuser12345",
"re_password": "testuser12345"
}
{
"email": "{{$randomEmail}}",
"name": "{{$randomFirstName}}",
"password": "testuser12345",
"re_password": "testuser12345"
}
You can use postman dynamic variable,
https://learning.postman.com/docs/writing-scripts/script-references/variables-list/
I have been successful in creating a new Account User from following this tutorial: https://forge.autodesk.com/en/docs/bim360/v1/reference/http/users-POST/#example, and have used the PATCH method to set their status to active on Postman.
I would like to set their role and access_level but I am having trouble doing so. I have followed the link below to try and perform this function, but it requires the user to already be a BIM 360 Project Admin for it to work.
https://forge.autodesk.com/en/docs/bim360/v1/reference/http/projects-project_id-users-user_id-PATCH/
I also tried following the next link below to add a User to a project, but I am getting errors that I am unsure how to fix.
https://forge.autodesk.com/en/docs/bim360/v1/reference/http/projects-project_id-users-import-POST/
URI: https://developer.api.autodesk.com/hq/v2/accounts/:account_id/projects/:project_id/users/import
Method: PATCH
Authorization: *******************************************
Content-Type: application/json
x-user-id: {{user_id}}
Body:
{
"email": "john.smith#mail.com",
"services": {
"document_management": {
"access_level": "account_admin"
}
},
"company_id": ************************************,
"industry_roles": [
************************************
]
}
(The id for industry_role is IT).
Error:
{
"code": 1004,
"message": "this user doesn't exist."
}
I am unsure how I am getting this error since the User Id used for x-user-id is the same user_id associated with the email given in the request body. Is there a way to fix this or another method I can use?
The x-user-id header is not for specifying the user to import but rather:
x-user-id
string
In a two-legged authentication context, the app has access to all users specified by the administrator in the SaaS integrations UI. By providing this header, the API call will be limited to act on behalf of only the user specified.
Remove this field if that's not what you intended.
Verify the user id and email match each other via /GET users and /GET users:userid.
And be sure to provide either the user's email or the user ID and don't provide them both:
Note that you need to specify either an email, or a user_id. However, you cannot specify both.
See doc here
Via the cognito admin API how do I set a users password? When a user is created I can set a temporary password, I need to be able to do this to an existing user.
The newest version of the cognito api adds an action AdminSetUserPassword which has a request syntax like the following
{
"Password": "string",
"Permanent": boolean,
"Username": "string",
"UserPoolId": "string"
}
and will allow you to set a permanent or temporary password for a given user.
EDIT-2: The newest version of cognito API now supports AdminSetUserPassword.
You can't set a users password, the only thing you can do is use AdminResetUserPassword.
EDIT: You can call ForgotPassword too. But as the name suggests this is supposed to be called by a user, not an admin.
The latest of the Cognito API gives us AdminSetUserPassword which has a body of this kind
{
"Password": "string",
"Permanent": boolean,
"Username": "string",
"UserPoolId": "string"
}
using this you can set a password for a user considering yourself as an admin. You can get the UserPoolId from the Cognito user pools home page.
Headers goes as this :
X-Amz-Target: AWSCognitoIdentityProviderService.AdminSetUserPassword
Content-Type: application/x-amz-json-1.1
If you face any errors, kindly refer to this page for available headers: Making API Requests
I can successfully connect via CURL using the example posted in their documentation here:
http://getblimp.github.io/django-rest-framework-jwt/#usage
The problem comes from trying to use Postman. I set the authorization to Basic and put in my username/password and I get a 400 response with the following json:
{
"username": [
"This field is required."
],
"password": [
"This field is required."
]
}
I'm not sure if I'm missing something obvious.
Instead of passing the username and password as part of the header send it as data in the body instead. Here's an example of doing this with jQuery: http://jpadilla.com/post/73791304724/auth-with-json-web-tokens
Taking from the example the data you pass in the body should look like this:
{ username: "admin", password: "abc123"}
I'm building REST API.
I have following structure
GET /user/{id} - get
POST /users - Create user
PUT /users/{id} - Update user
DELETE /users/{id} - Delete user
The problem is following. As I got from many tutorials/articles - it is bad practice to use action in URL. But what to do with such actions like:
check email (is unique)
recover user by email
?
Assume user registration. User submits form ( POST /users ) and I need to check if email is unique. Do I need to do it in same api method and return validation errors as response body?
Or do I need to create something like
POST /users/email
And what about user recovering by email? Where do I need to do it? Because recover is verb
POST /users/recover
I'm not sure, that I'm doing it right and I can't find correct explanation for that situation.
Validating the e-mail and registering the user
If you want, you can have an endpoint to check whether an e-mail is already registered or not. It's up to your requirements. So, you can have something as following and then send the e-mail which will be validated in the request payload:
POST /users/email/validation
{
"email": "mail#example.com"
}
The endpoint above can be invoke, for example, when the user completes the e-mail field of your account registration form.
However, do not forget checking if the e-mail is already registered when creating a user:
POST /users
{
"firstName": "John",
"lastName": "Doe",
"email": "mail#example.com",
"password": "123456"
}
If an e-mail is already registered, you could consider returning a 409 Conflict status code and a payload that includes enough information for a user to recognize the source of the conflict.
Recovering the password
I'm unsure if this is your requirement, because of this I posted a comment asking for clarification. I presume you are trying to recover the password of a user, assuming the user has no more access to their account.
If so, you could have an endpoint as following and then send the e-mail of the user in the request payload:
POST /users/password/recovery
{
"email": "mail#example.com"
}
Then your server can send a link with a token to the e-mail specified in the payload. Only send the e-mail if the e-mail specified in the payload is registered in your application, of course.
The link should take the user to a page where they will enter the new password and, when submitting, an endpoint to replace the password of the user will be invoked, sending the token and the new password to the server:
PUT /users/password?token=SomeValueGoesHere
{
"password": "654321"
}