I'm trying to use react-facebook-login to authenticate users, but I need to access the user's email. This should be doable via the scope parameter, but it doesn't work. There are multiple issues about this subject on Github going back years that haven't been addressed.
My question is - is there a way to modify/override this package to accommodate this (it appears the scope parameter is simply not added to the popup url), since it looks good otherwise? I have no idea how to patch or override node modules.
Alternatively, what is the absolute easiest way to implement this - is getting dirty with the Javascript SDK the only way, or are there better packages?
<FacebookLogin
appId="myappid"
autoLoad={true}
onClick={componentClicked}
callback={responseFacebook}
scope="public_profile,name,email"
/>
The Package has no issue your app does, you need permission to access such information, while in development you can get the the information's just fine but be aware in a recent change in facebook graph api now in order to access user email you must ask for email Advanced Access you can do that by going to your app dashboard
https://developers.facebook.com/apps/appId
in the left panel click App Review and select Permission And Futures there search for email and click Get Advanced Access Clear your browser cache and you good to go
I'm using this package instead which works as intended:
https://github.com/seeden/react-facebook
Related
As you know Salesforce is enforcing Enhanced Domains. I found from Salesforce help that:
Custom components in your org must be evaluated in order to check
whether they use domain name/static URLs
Some embedded content stored in Salesforce might no longer appear
Third-party applications can lose access to your data
Single sign-on integrations can fail
However, I'm struggling with finding out which particular Salesforce elements/configurations should be checked in order to detect potential gaps? Do you know which areas exactly can be affected and shall be evaluated (like Apex Codes, Email Templates and so on)? Is there any guide on that?
Your biggest concern should be inbound integrations. Things that log in over REST/SOAP API, get response with session id back, ignore the "url to use for all subsequent requests" and just use hardcoded url, whether it's prod or sandbox.
Look at this guy, he's victim of either enhanced domain or "disable api versions < 30" thing: The requested resource no longer exists with rest PHP. Look at these guys, they had hardcoded url: how to solve python code error (TooManyRedirects: Exceeded 30 redirects), Salesforce API via postman error INVALID_SESSION_ID.
As for stuff inside Salesforce itself - best would be to download whole project with sfdx and run a text search for your domain name (and site/community name if you have these). Email templates that use merge fields for forgot password etc should be fine, merge fields with record link should be fine... But if you manually craft email body in apex - might be a problem. A lot depends how creative the developer was. If you find getsalesforcebaseurl().toexternalform() it should still work. If it's hardcoded / read from custom setting / custom label / custom metadata it might be more fun.
If you have external apps that display pieces of salesforce (embedded live chat? some iframe with FAQ? CMS Connect) - the domain change might mean they need to be updated, both in terms of updating url and changing security rules (CSP for example)
Context:
We're using Publift (an ad bidding platform) for advertisement on our site.
We would like to have the ad display/hide upon user subscription status (paid / non-paid)
Problem:
We tried to load/unload the ad script conditionally and it works in most cases. Even though, when we load it, a few external scripts (loaded by Publift) will add anonymous listeners to the DOM, and we have no way to get rid of it. After that, user comes into the paid mode, the listener still exists and show the ad unintendedly.
Anyone experience with with similar ad platform and figure out better approach? Appreciate it with any of your help!
I have two projects where both of them use same firebase project. My problem is I want forgot password in both of the projects and both of them should point to different url in the respective project. Any help will be appreciated.
What I have achieved?
I have done forgot password for the first project and I get a email with link, for the second project I want email with different link (I am getting same link).
Any help will be appreciated.
There is only one password reset template per Firebase project, so you can't use the built-in template password reset flow to send different emails to different users in a single project. This usually isn't a problem, as the apps in a Firebase project are meant to be part of a single logical application.
If your use-case must use a single Firebase project, have a look at implementing a custom email handler, which is the page that the email links to.
If that is not enough, you can take control of the complete password reset flow yourself. This gives you full control of the emails that are sent, but does mean that you also have to arrange how to send that email and all actions from it yourself. For the actual password change, you'd then typically use the Admin SDK to update the user profile in a trusted environment.
I want to create a google app that will let you add a file from a cloud service as an attachment to an email. From reading the google documentations it seems like you can't do anything while the user is creating an email, but the attachments.me app is able to do it. When composing an email, their app will pop up a button next to the regular attachment app letting you select an attachment from the cloud. I am new to working with google apps and I do not understand how attachments.me is able to do this. If anyone has an idea as to how this is possible please let me know, thanks.
To add features to the GMail UI you'd probably have to implement this as a Chrome extension (and/or Firefox or IE extension to support those browsers). In fact, this is apparently how attachments.me does it.
What the extension does is load when you go to gmail.com, identify a place in the UI where it wants to add its button(s), and inject them using JavaScript. You may then want to use JavaScript again to do something like add a link to the text of the email before it gets sent to the media you want to attach from the cloud, or intercept the "Send" button to tell your server to send the message with the cloud attachment included (assuming the user has authorized your server to send as them -- this can have serious security implications)
Beware, modifying complex web app UIs like GMail's using a Chrome extension can be very difficult; GMail may make changes that break your UI or functionality, and they may do it whenever they want, or only to a subset of users, so you'll have to constantly keep up with these changes to fix bugs. All in all I don't recommend it as a way of adding attachments to emails.
I'm looking at ways to secure the admin section of my (cakephp powered) Facebook application. To avoid duplicating functionality, I thought it'd be neat to allow access to people who have been flagged as developers in the app settings.
The question could then be: How do I determine whether a user of my Facebook application is a developer?
Alternatively: How do I obtain an array of developer user IDs for my Facebook app?
I tried looking for your answer myself, and the only thing I found that you could possibly do is to make a group private and invite-only to developers and then use the fb:if-is-group-member tag. http://wiki.developers.facebook.com/index.php/Fb:if-is-group-member
OK, so I found out how to do it by myself. Props to Samuel for giving me the idea.
Basically, the way to do it is to run an FQL query that establishes whether a user is an admin of the applications page (page_admin).
SELECT uid FROM page_admin WHERE uid = 286302657 AND page_id = 31290624157
In the PHP client, this returns an array for developers and an empty string for anyone else.
I decided to use the FQL rather than the API call because it is possible to preload the FQL to reduce calls to the Facebook servers.
Hope this is useful to somebody.