I am building a social app on Google app engine using python, for which i am using Google+ api for user login and after login user can post and share.I need help in connecting one user profile to another so that user can see others post and follow them and also in displaying one's profile to another user. Like a user can browse public posts of all users, and if he clicks on creator of post, the link should open creator's profile with option of following him.I know to save user data in datastore and retrieve them.
Thanks.
You will probably want to use the Google+ Sign-In, which can get you some information to the social graph and then access to the Google+ API. This information includes the ID of people in the user's circles that they've permitted you to see, so you can use this information to build their social graph.
If you have more specific questions, you should probably update your question (or post a new one) that demonstrates the exact problems you're having with the code.
Related
I have a workspace in which I have many applications based on the same schema.
Every applications has his own login page at the moment.
I want to build another application responsible for the login of all the other applications.
The login will redirect the user to a main page that will show the links to the different modules (applications) based on the user type.
Note that only the ADMIN user can see the links to all the applications.
Different types of user will see only the links to the apps that they are authorized to access.
I read other related posts, I know I have to change the cookie name for all the app I want to share the authentication.
But my question is:
If I login successfully with a user different from the ADMIN, I am still able to access all the applications via URL, even if their link is not visible in my main page.
How can I prevent this?
Check out the use of authorisation schemes (see under Shared Components).
If you had an authorisation scheme per application you check on each page so that if the current user was authorised that application. Don't forget that each authorisation scheme would also allow users who have ADMIN access.
Hope this helps.
Just had another thought. Check out this post http://www.explorer-development.uk.com/securing-vulnerability-exploits-apex-part-2/ by Craig Sykes.
Activating Session State Protection and using Checksums would prevent a number of issues for you.
I integrated django-rest-auth and django-allauth for user registration/login using Facebook.
Now, I can authenticate (and I can create) the Facebook user and I can retrieve some basic informations like e-mail, first name, last name...
Now I need also to retrieve some profile images (last 3 user profile images) about the user at registration of it in my platform.
I'm confused because I can't use allauth to take also these informations from Facebook so, probably, I need to take it directly using Facebook GraphAPI (is correct this my solution?)
Is a good solution the integration of django_facebook?
The photo can be retrieved directly with the user UID and this URL:
http://graph.facebook.com/UID/picture?width=40&height=40
In function:
fb_uid = SocialAccount.objects.filter(user_id=self.user.id, provider='facebook')
if len(fb_uid):
return "http://graph.facebook.com/{}/picture?width=40&height=40".format(fb_uid[0].uid)
I'm not entire sure, but I think you will get access to the user's photos when you add "user_photos" to scope list in facebook configuration. Did you try it?
Here is a link to django allauth documentation: http://django-allauth.readthedocs.org/en/latest/providers.html#facebook
I am working on a django app. What i want to do is that in my app i want to allow people to add their facebook, twitter and google+ profile links but after only getting authenticated to these. I want my website should recognize a user if it gets login from facebook or twitter or g+ and redirects it to the user page with which these social media profile links are attached. I am trying it to do using python requests package. But i am not getting a way how can i do it. Should i get a oauth token from the site to store or should store the profile link of the user. I have implemented the social authentication mecanism using python-social-auth
Please suggest me.
A small example will be appreciated
Sounds to me like you want to extend the pipeline with a function to redirect users. You can use Social User to get at the auth used to log in.
I was just wondering if an app exists for Django that helps connecting all 3 social networks, imports basic info, profile picture, but most importantly pushes the post user makes to these three website accounts. I looked into django-social-auth but that just lets you register or login with these websites,not push posts.
django-allauth http://github.com/pennersr/django-allauth/ stores basic info for FB/G/Tw (and more), provides basic access to the profile picture, and stores the access tokens in the database.
Whatever you do with the access token is project specific and beyond allauth scope. For example, in order to post to the users wall you need:
The user's permission (you can do this by configuring the proper scope for the Facebook provider, search for SCOPE in the README.txt)
Once the user is logged in via FB, the access token is stored in allauth.socialaccount.models.SocialToken. Simply lookup the token for the user that is logged in.
Then, given the token use whatever method you like to post to the Facebook API on behalf of the user. E.g. https://github.com/pythonforfacebook/facebook-sdk
For some more background on the relation between a Django user and the Social* models, see:
How can I get the user's facebook id with django-allauth?
There are django apps that do what you need individually (Facebook example), but I'm not aware of one that works with multiple.
django-social-auth will get you half way there by obtaining the users information and permission to post to the social network on their behalf.
Once you have users authenticating via django-social-auth you'll have access to the users access token needed to post to respective network on their behalf.
From there, you're going to have to stitch together some additional python modules like the Facebook example above to do the actual posting.
Is it possible to get a User's Information from Google Profile using Django?
For example, i have an application which does user profiling and the user wants to update the information by his/her google profile.
I guess you should look here http://code.google.com/intl/pl-PL/apis/gdata/articles/python_client_lib.html since gdata provides access to all data stored in Google