tornado accepts OAuth1, 2 and OpenID, and from search in SO: OpenID is just to login, OAuth is to tell other service (for example Facebook): ok, come to my account, and use what i give you the permission to use.
so because of this, how to make a simple "hello world" print in my Facebook wall, because if this will work, then one will avoid using a pubsub in his application, and let Facebook display notification (since there is a great chance that a user have Facebook account).
NB: the example the ships with Tornado is to "how to see my notification from localhost"
here is how, you need this: Python-Facebook SDK and you add this to the facebook example, dont know if it is non blocking, but i see the self._on_stream which i think it's a callback, so it is non-blocking?
import facebook
class MainHandler(BaseHandler, tornado.auth.FacebookGraphMixin):
#tornado.web.authenticated
#tornado.web.asynchronous
def get(self):
self.facebook_request("/me/home", self._on_stream, access_token=self.current_user["access_token"])
a = self.current_user["access_token"]
print a # for debug
graph = facebook.GraphAPI(a)
graph.put_object("me", "feed", message="I am writing on my wall!")
NB: you can post a message only one time in 5 minutes
Related
I'm trying to connect my website's API and mobile app. I need to authenticate the user with google account but I don't know how to do it.
I created the backend with Django. And I set the endpoint as rest-auth/google/. On the restframework's page, it requires Access Token and Code but honestly I don't get how I can test if it actually works using actual google account.
I want to test from mobile app but I don't understand how and what I need to POST.
Anyone could give me tips?
I would recommend you to use a ready solution like "django-allauth".
If you want to do authentication yourself you might want to read Google's documentation about the topic:
https://developers.google.com/api-client-library/python/
In nutshell you create API credentials:
https://console.cloud.google.com/apis/credentials
Send a user to a link with specific parameters (api-credentials, scope, redirect link etc). Google client can help you to generate it.
A user will login in his account as he would normally do and will give your app permissions to use his information (or won't). After that he will be redirected to the link you specified with GET request with a code as a parameter (or error).
With help of Google client you can exchange the code on a token and then use that token to get information from his profile.
We are having a facebook App we have detected some abusive users so we want to stop them from logging into our app, Any thoughts? There are examples given but Fb docs say those api's are deprecated now
You could just detect them on your own and set a flag in your database. They will still be able to use Facebook Login, but they will not be able to do anything in your App if they are flagged.
Either way, i did some Google research and found out that it may be possible with a simple POST (or DELETE) request to the /app-id/banned endpoint:
BAN
https://graph.facebook.com/{app-id}/banned
POST parameters:
access_token (A simple App Access Token)
uid (comma separated list of user IDs)
UNBAN
https://graph.facebook.com/{app-id}/banned/{user-id}
DELETE request, only access_token as parameter
It is not really documented though, but easy to test.
I am writing a back-end in Django for a mobile app I am creating. I need to authenticate a user the first time they open the mobile app through SMS to verify it is a real person. What needs to happen is the following: user enters phone number in app, server then sends SMS message to user with authentication code, user then enters authentication code in app and server verifies that the code they entered in the app is the same one they received through SMS.
I need to use Twilio with my Django project. I just need to know what would be the best way to go about this? The front-end side of this (the mobile app) is not what I am asking about, I am asking about the code on the back-end that should be implemented. I am struggling to find up to date documentation for django-twilio integration that could do this.
Twilio evangelist and maintainer of django-twilio here.
What you're looking to build is something very easy to do, I can outline the steps for you here:
Create a Django model that stores a user's number and a generated passcode
When a new user is created, take their number and SMS them the code using the Twilio REST API
When they enter the passcode you sent them, cross reference it with the one stored in the database.
If the number is right: verify them, if not, tell them it is wrong and offer to send them an SMS again.
You can use django-passcode as an app in your project.
It exposes APIs to "register" a mobile number and "verify" through SMS based passcode. It uses mobile number and device id pair as unique. It also generates and returns a token for future authorization requests from mobile app. You can use Twilio or any other SMS api to send sms.
https://github.com/sgurminder/django-passcode
I appreciate your feedback for django-passcode
Disclaimer: I'm the maintainer of Django-phone-verify
What you're looking to accomplish is very easy with django-phone-verify app. It comes with Twilio already integrated and few endpoints which you can extend as per your use case.
This package aims at verifying if a phone number requested by a particular client belongs to them. It also takes care of ensuring that the same device provides the verification of passcode which intially requested a passcode to be sent, saving you a few hours of work.
This package also doesn't messes up with your current user model at all. You're free to use this package exactly for one thing: verifying phone numbers. Whether you do it for users, companies, etc. depends on your use-case.
It follows Unix philosphy of Do one thing; do it well
Installation
pip install django-phone-verify
Configuration
Add app to INSTALLED_APPS:
# In settings.py:
INSTALLED_APPS = [
...
'phone_verify',
]
Add settings in your settings.py file:
# Settings for phone_verify
PHONE_VERIFICATION = {
'BACKEND': 'phone_verify.backends.twilio.TwilioBackend',
'TWILIO_SANDBOX_TOKEN':'123456',
'OPTIONS': {
'SID': 'fake',
'SECRET': 'fake',
'FROM': '+14755292729'
},
'TOKEN_LENGTH': 6,
'MESSAGE': 'Welcome to {app}! Please use security code {otp} to proceed.',
'APP_NAME': 'Phone Verify',
'OTP_EXPIRATION_TIME': 3600 # In seconds only
}
Migrate the database:
python manage.py migrate
You get two endpoints (Check API docs), one for registration of phone number and other to verify the passcode. You may override verify endpoint to also create a user as described in the usage docs: https://github.com/CuriousLearner/django-phone-verify/blob/master/docs/usage.rst
Recently I was looking for any library or scheme to sign-in/sign-up users through sms (send sms code and then validate).
Short solution:
Create sms model to generate code for phone number
Send sms with code to client (for example, use twillio)
User got code. And send phone_number + code
Validate it. Response any useful information
Also:
You must to use async code or celery to send sms
Add sms lifetime (for example, 30 seconds)
Clean phone number to valid format
Get or create user by phone number
You may to use this library, for example:
https://github.com/a1k89/django-rest-sms-auth
This is confusing. So just to clarify:
REQ #1: To fetch basic stats for a URL, you send GET request to:
http://graph.facebook.com/?ids=http://some.com
(alternatively, FQL can be used to fetch stats for a URL, but that doesn't return the OpenGraph Object)
REQ #2: To fetch comments for a URL, you do a GET:
http://graph.facebook.com/comments/?ids=http://some.com
REQ #3: To fetch likes for a URL, you GET:
http://graph.facebook.com/likes/?ids=http://some.com
But how do you comment on / like a URL programmatically?
I guess, likes can be created using Open Graph API, right?
https://graph.facebook.com/me/og.likes?object=1234
where 1234 is the OpenGraph Object ID of an article (as returned by REQ #1).
But this requires an approval process, the like action has to be approved by Facebook.
Is there a better way to do this? Can I use for example the Graph API for all these things?
My goal:
Currently I'm using the Facebook like button and comments plugin to create likes and comments. But these use the JS SDK, which is huge, and they generate a lot of external requests. I wanna get rid of them and just send an AJAX request to my server, which would then asynchronously talk to Facebook, and it would post the Like / Comment.
Is this possible?
Thanks in advance!
I read through the Facebook docs briefly and I don't believe you can do this other than the way you indicated with authenticating.
You should also take a look at this thread: 'Like' a page using Facebook Graph API
You would need to authorize every single user before he would be able to like something, and you would need to go through a review process on Facebook. And i am pretty sure you would not get the required permissions approved just because you want to get rid of the JavaScript SDK overhead, to be honest.
The Social Plugins are asynchronously, so the overhead for downloading the SDK is irrelevant as it happens in the background and it is non-blocking.
I have an idea, to do this. You can use long term access token, Once you login you receive short term token. After receiving short term token you need to request your long term access token. Save that token in DB or file.
Then you can use Graph Api, to make requests. This will eliminate the need for access requirement every time you request api.
Just use access token you saved before.
Refer this documentation from Facebook for further clarity.
https://developers.facebook.com/docs/facebook-login/access-tokens
Happy Coding!
Atul Jindal
I try to add an event in my calendar by an installed application.
The problem: I didn't get the success-code to change for an access token.
My request seems like following:
accounts.google.com:80/o/oauth2/auth?scope=https:%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&client_id=73561***.apps.googleusercontent.com
If i send this request at the browser it works. Like the example.
But i wanted my application to do everything for me. That means, that the User only give his login dates and he is able to add as an example an event. Without giving the agreement. Well, if my application send the same request i get an answer: "moved temporarily". But i need the key (success code) from the title bar.
I should add, that i use c++ so i can't use the Google Api. Therefore, i use cURL to send my request.
Anyone able to help me?