How does Google Search access my Facebook connections? - facebook-graph-api

When I am logged into my Google account and I search anything on Google,
these days if it is a blog or a profile, Google shows the name of the owner. and also tells me if I am connected to that person.
I can understand if Its a blogger blog where the author might be having a Google+ account which I am connected to.
But under my Facebook friends account in Google search results.
It reads "You are connected to XYZ on Facebook" on hovering over is name.
Is it because I told Google Plus about my other profile links, ie Twitter and Facebook ?
I don't think connections are accessible under Graph API without any access token and I don't remember giving Google any such permissions.

It is likely due to your logged in facebook session. If this is active, it will show up on websites allowing you to comment on certain things, from the random website, straight onto facebook. Or like it, etc etc.
Google is most likely just using your logged in session.
If you dont like such features (I personally hate facebook apps on websites ), you can block them using script blocking addons for your browser.
I.e. https://addons.mozilla.org/en-US/firefox/addon/noscript/

The Google dashboard at https://www.google.com/dashboard list what Google knows about you, under the section "Me on the Web" I believe you can adjust what twitter/Facebook profiles are linked to you Google account. I don't have any so I'm not %100 sure but a good place to check.

Related

Google Oauth2.0 Unpublished Test App accepts users not in test user list

I use google Ouath2.0 with passport.js in my Next.js/Node.js web-app. Registering and logging in works as expected. However, anyone with a google account is able to register, regardless of being in the test users list. The app is unpublished, and so only test users registered by me in the Oauth Consent screen should be able to register and login.
Does anyone know how to fix this? As far as I have understood it, login when not registered as a test user should simply fail. I have seen this asked elsewhere with no answers, and I am not able to contact google as that requires a paid support level.
I had a quick look at this and observed the same (incorrect) behavior; I too was unable to restrict authenticated users to the list of test users:
Created Apps Script Web app (for a quick win)
Associated a Cloud Platform project with it
Enabled Gmail API in the project and added one of its "restricted" scopes
Added one Google account to test users
I was able to login using the test user and any other Gmail account regardless of whether I included a Gmail restricted scope.
One thing I observed but am unable to explain is that I was not presented with the app's (project's) OAuth Consent Screen. Each time I logged in (incognito), I was prompted by the standard Google login screen only. I expected to be prompted by the OAuth Consent Screen before accessing the app. This likely explains why identities aren't being limited to the test users but I'm unsure why I'm not seeing the consent screen.
Even without Google paid support, you may file issues like this using Google's public issue tracker and these will be seen by Google Engineering.
I recommend you file under "Cloud Platform > Security & Identity" and let someone within Google triage:
https://issuetracker.google.com/issues/new?component=187167&template=1162765

Trying to get "read_insights" approval from Facebook

I have a webservice which will allow a Facebook user to create an account and create reports/charts of their Facebook Page insights. I am having a problem getting through the FB approval process.
I have my website working. Using my own account, I am able to sign up on my service and pull in all of my Facebook "Pages". And even report page insights on them (e.g. Fans by Country). I suspect I am able to do this since I am an "Admin" (see screen shot below):
When Facebook did a review, it appears they used an account that did not have associated "Pages". They successfully created an account, but they state they were not able to select a profile from within my service (you pick an FB page and then can report on different Page metrics). But this is working for me.
I see there is an area where I can create "Test Users":
And for this Test User I signed in and created a Page for it. It is my understanding these are not "Real FB Accounts". But only used for the approval process. Anyways, should I be providing FB the name of the "Test" account? And they would use this during the approval process?
Facebook's review team is also testing with these "Test Users", as you mentioned correctly those are not real Facebook accounts, rather some dummy users in an isolated system.
From my experience I would recommend you to address this problem to the Facebook developer group on Facebook itself. There are some reviewers from Facebook around who help you very quickly.
Here you go: https://www.facebook.com/groups/fbdevelopers/

Retrieve user data from Google Analytics based on the __utma cookie

I am trying to find out how active are the users of my web page after registration, based on what was the source/landing page of their first visit. I would rather not try to track users myself - I am already employing Google Analytics on my web page and I know it uses the __utma cookie to tell one user from another. I can see summarized landing pages/sources in my Analytics reports but would need to have this data per specific user in the time of their sign up.
Essentially, when the user signs up with my web page I would like to retrieve their landing page and source from Google Analytics and store it in my application's database along with user's name, password, activity etc. This way I could check later, for example whether users who came from Google were more prone to buying premium service that those who came from Facebook etc.
I checked the Google Analytics API reference but it doesn't seem to provide getters for this specific data. I've been looking in up in Google and in Stack Overflow for a while.
This seems like a pretty useful functionality, which many websites should need. What am I missing? Maybe I should seek for a solution that doesn't involve GA? Or switch to a different analytics? Or track user's landing pages with cookies myself?

Facebook integration... Where to start?

I recently put a django project of mine into its beta stages and would really like to integrate more with social media, particularly facebook.
Now there are so many facebook integrations out there... I don't know where to start but, I'll tell you what I am after.
My sites publishes content with photos and also user related data (which site doesn't)
on each individual page I already have a facebook like button that basically has the absolute url of that page
so for instance:
http://my-site.com/url-1
http://my-site.com/url-345345
http://my-site.com/url-456456456
When a user likes this particular url I would like them to become a Fan on my facebook site/page as well.
I also added the FB opengraph tool which is a bit more informative once a user likes it. But it still does not publish any statistics to my page.
Can someone give me a bit of an understanding on what the best option is for this type of integration?
As a security option for the user, Facebook has never allowed third party access to "become a fan."
If you want to record locally when someone presses the "Like" button, you'll have to implement it locally (copy the presentation, and query Facebook yourself), so you can intercept the event. I've done that; it's not too hard.
I suggest you review the Connect Terms of Service to see what it is you're allowed to do: http://developers.facebook.com/policy/

Google account authorization for users accessing google docs

I am pulling list of docs in coldfusion via google docs API. I want users to click on the link and get signed in automatically in google docs, with my username and password. Google should not ask user name and password from them.
I tried out this example http://cfgoogle.riaforge.org/
Till now I am able to pull up list of documents I have on my google docs account.
But I want anyone to click those link and get automatically signed in as me. And able to access my documents. Is it possible?
I would guess that accessing the documents as you is not possible via the end-user's browser. Google will set a cookie on your computer identifying your session. This allows you access to documents, mail, etc. whatever is linked in your account. For them to be able to access the documents using your account, they would have to be logged in as you. You can't do that directly from your application, because you can only write cookies for your domain (oversimplification, but basically....)
There may, however, be a workaround.
One option would be to use the API to automatically share the document with the user. That is, they provide their Google ID (not password) and you share with their account. This is probably what I would try.
Alternately, you could proxy requests for documents, although this opens up a whole 'nother can of worms.