I need help to get email from users in my website. I cannot change permissions in my OAuth dialog.
I tried to ask for email permission in the authenticated referral option and User & Friend Permissions but when I click on the preview current dialog, I only get the user basic information.
What am I doing wrong?
Thanks.
First off, what language are you using, or what framework? Are you passing your permissions as an array of comma-delimited items to the scope URL request parameter, when you are retrieving the oAuth 2.0 access token? It should look like like this:
https://www.facebook.com/dialog/oauth?client_id=1657658326532836257&redirect_uri=https://www.google.com/&response_type=token&scope=publish_stream+user_about_me+user_activities+user_birthday+user_checkins+user_educa
Which URL are you calling to retrieve the e-mail address? You should be able to just use:
https://graph.facebook.com/me
The JSON field name is simply email.
Related
In AWS Cognito, username is unique and cannot be changed, that's why I'm using it with an internal auto-generated ID. Most of Cognito API requests like adminGetUser only uses username as the user identifier.
And this is recommended by AWS:
If your application does not require a username, you do not need to ask users to provide one. Your app can create a unique username for users in the background. This is useful if, for example, you want users to register and sign in with an email address and password.
Everything is working nicely, but I've got problems with the Cognito Built-in Sign-in page:
This page is intended to be viewed by the end user, and it is displaying username, which I'm using as an internal ID 🤔
The Built-in Sign-in page can be customized but only CSS and logo, I cannot see any option to display preferred_username or email instead of username.
Is there a way? A workaround for my use case? Am I using Cognito the wrong way?
It's finally working with preferred_username
The only thing is that the really first time username is used instead of preferred_username 🤔
Probably an AWS bug
I am using facebook api 2.0 to allow users to use their Facebook profile data to fill up my custom form. (I don't want facebook's prefilled form). I am getting other information like first name, last name, email. But apparently Facebook api 2.0 has removed username from response object and I am unable to access it. I have observed that Response.link contains url of the person's profile and the portion after "www.facebook.com/" is identical to username. If we succeed in fetching link, we could get Username. But I am not sure this is true for all users. However when i try to access the link, I get link with app scoped id like this:
"www.facebook.com/app_scoped_user_id/XXXXXX/"
where last portion (XXXXXX) is some numerical id. Does anybody know how to access the link in the form of "https://www.facebook.com/username"?
Also, if we are not able to do that in 2.0 but we can in 1.0, then how to switch back to 1.0?
As https://developers.facebook.com/docs/apps/changelog#v2_0_api_versions is clearly stating
/me/username is no longer available
If your app is created after April 30th 2014, there's no way switching back to v1.0. If not, you can prepend /v1.0 to your request, but that will only work until April 30th, 2015.
If you only require current authorized user's username(or any other authorized user for your app), then it's possible.
First step, you call /v2.0/me?fields=third_party_id endpoint . You have to use authorized User Access Token (Authorized with basic scope, i.e. public_profile permission enough).
Or alternative way, you can use App Access Token instead. Of course you can't use me connection anymore, you have to explicitly to put User ID. For example, 12345678 shown on the folowing screenshot:
Second step, use App Access Token (User Access Token is not allow here) to call following FQL query:
SELECT username FROM standard_user_info WHERE third_party_id =
'example12345abcdef'
In which "example12345abcdef" is the third_party_id example you get from the first step.
p/s: please note that the user/app access token on first step must use the same app on second step. It's because third_party_id is tied to app.
Cheers :)
Note that username is optional on Facebook. By default a Facebook profile doesn't have a username
In any Facebook API response, you'll get the username, only if the user has set his username under his Facebook settings.
If you just need to show the user his name why not use the "name" field? It contains their first and last name both. I have changed my app to use name instead of "username".
I am trying to find out if a user has an #facebook.com email for messaging but can not see where to request that I do request perms for their regular email and can get that, but can't see where to get their #facebook.com email. It's not included in https://graph.facebook.com/me/ and since there's no guarantee that they have set one up I can't assume that it's based on their username
If a user has a facebook.com email address it will be their {username}#facebook.com. However, just because a user has a username setup, doesn't mean there's a corresponding email for it. I've had a username since Facebook landrushed them, and just the other day I setup an email for it. There's no way to tell if they've set it up. Your best bet is to ask the user for an email address that your app can use.
Just go to your privacy settings and from there act as you are editing you email address then there is a Facebook email button setup there.
According to the documentation I must remove an apprequest when a user has accepted it. There is however a problem with this.
When I accept an apprequest, I will be redirected to my app. But in the url parameters only the apprequestid(s) are included. The userId of the current user is unavailable.
My app doesn't require authentication so I can't access the current users data.
How do I remove the apprequest for this user when I don't have acces to the userdata or accesstoken as described here:
The old method of the apprequest allowed me to extract the userid from the requestid. This is not possible anymore.
you have to have authentication to "tamper" with user data - that includes app invitations.
However with an App Access Token you might be able to delete the post without authenticating your user (you'll still have to aquire their UID - possibly from the signed_request . You can read at this link about app login and how to retrieve the correct access token.
I'm writing a web app that will use twitter as its primary log on method. I've written code which gets the oauth token back from Twitter. My plan is now to
Find the entry in my Users table for the twitter username retrieved using the token, or create the entry if necessary
Update the Users.TwitterOAuthToken column with the new OAuth token
Create a permanent cookie with a random guid on the site and insert a record into my UserCookies table matching Cookie to User
when a request comes in I will look for the browser cookie id in the UserCookies table, then use that to figure out the user, and make twitter requests on their behalf
Write the oauth token into some pages as a js variable so that javascript can make requests on behalf of the user
If the user clears his/her cookies the user will have to log in again to twitter
Is this the correct process? Have I created any massive security holes?
Sounds good.
However, I suggest not using the Twitter User Name as the primary index for the User table. As Twitter user names can be changed. I learned this the hard way.
You should be fine using the Twitter User ID (big int) as the primary index as it doesn't change if the user changes their user name.
As for the token its self, you are a-okay with storing it for future use. In fact, you are encouraged to do so.
Could you not just save the oauth_token as cookies instead of the GUID and do the user based lookup on the oauth_token or is that bad practice?