My scenario:
I have an application within which users keep their own journals. For some of the journal records, i want to enable them to post to their facebook timeline.
It was rather straightforward with an old api (obtaining token and posting) but with a new Sharing Product, it seems impossible because its intended to use ograph data and backlink from facebook post to the page within the app but since the journal post itself is for logged user only, i don't see a way how could it work.
So, the question is:
How to enable users to share (actually, "replicate" is more accurate word) content from their authorization protected area within my application to their facebook timeline?
PS.
I am aware of solutions like: Auto post (user behalf) on facebook but that's an old api.
You can not create new content like this any more in any automated way, you can only let your users share links.
But you can point the Share button to any URL you like (parameter href), it does not have to be that of the current page.
Facebook will follow whatever you have set as og:url or canonical, so that would have to be the version without authorization then.
That would also be the URL that users clicking on the link in that post would be redirected to.
Related
I have a little bit of problem with the authentication on Sitecore website. Basically there is a button on the navbar, and when user clicks on the button, it redirects the same user to Salesforce to log in (Implementation of SSO). Basically I am using Salesforce as a identity provider and Sitecore Website as a service provider. Now I have a question? When user is logged, how can I get the ID of that user.
Do users in Sitecore User Manager have the same ID as the users in Salesforce, or I can just get a email to identify the user?
P.S: Sorry if this is a really stupid question, but I am a begineer when it comes to making Sitecore websites and the SAML SSO. Thank you in advance
Stop with the Sitecore and Salesforce for a second, you'll need to cover some basics and click through the login process manually before you automate it.
You probably are using a "connected app" in Salesforce that includes OAuth2 config (consumer key also known as client id; a secret; a list of scopes telling what this app is allowed to do on behalf of this SF user; a list of allowed urls that can login using this consumer key and secret. Etc.) It might even have something about Canvas Apps at bottom of the page.
Next would be - who's logging in. A core Salesforce user or do you have Partner Community, Customer Community (recently rebranded to "Digital Experiences").
Open incognito window and go to https://openidconnect.herokuapp.com/
For login host leave as is if you have production user or test.salesforce.com if you go from sandbox (you can also use branded urls, mycompany--dev.my.salesforce.com etc). If you have a community user you'll have to change the url to whatever is the community base url, like https://dev-mycompany.cs123.force.com/mycommunity
Don't change anything else, click next, next, next. This will take you through OAuth2 "web server flow" (one of many ways to log in). You type the username/password to SF screen and go back to that herokuapp with "authorisation code". The app has few minutes to swap that code for actual final "access token" and couple other pieces of info. Final step in this wizard calls OpenId "userinfo" - returning some info about the user that logged in. That's where you could pull the email if needed (and if there are extra fields you'd like SF to return in this process that's configurable too)
Close that browser window. Check the "connected app" in SF. Open new incognito window, do same thing but this time put your url, consumer key and secret (you might have to edit the app in SF first to allow callbacks to https://openidconnect.herokuapp.com/callback).
So now you should have rough idea about whole login process. Your sitecore app probably does same thing, receives authorisation code and exchanges it for final token. At that point you have valid SF session ID you could use to call that "userinfo", run queries (if the app allowes API access, check the "scopes") etc.
I doubt the Sitecore developer created it all by hand, you probably have some Spring stuff like spring.security.oauth2.client... My Java days are long gone but if you get better at manual click-click-click through the flow you should be able to follow existing code?
It's a big topic and there are other ways to do it (other OAuth flows, sending info about the current user when you have external page embedded in SF as iframe, you'd need to read about "canvas apps")... but that's best guess based on info you provided. You might want to check some trailhead courses too like https://trailhead.salesforce.com/content/learn/projects/build-a-connected-app-for-api-integration/implement-the-oauth-20-web-server-authentication-flow
https://developer.salesforce.com/docs/atlas.en-us.api_rest.meta/api_rest/intro_oauth_and_connected_apps.htm
https://developer.salesforce.com/docs/atlas.en-us.api_streaming.meta/api_streaming/code_sample_auth_oauth.htm (Java but very hand-crafted raw HTTP, probably that Spring security is better)
I have a cakePHP community. User are able to signup and login. I like to create a survey using SurveyMonkey.
Therefor I create the survey and make it available to my members using the direct URL. In my member database I have to save the information "did completed the survey = yes/no".
Is there any way to identify the user filling in the survey and write this information into the database?
SurveyMonkey has an API https://developer.surveymonkey.com/ , that let you collect info from your survey (completedf or not).
This is the only way i think, (if it s not include in your website).
I know that you can simply do this with Examinare Survey Tool. What you do first is that you use the API inside Examinare to add a recipient for all the users in the survey base.
Use the PHP Wrapper library in their developer site.
Loop it through and use the https://developer.examinare.com/php-wrapper-library/ and use the example code.
If you let people register with same email more than 1 time then save the ContactID into your database on the recipient.
Then to not create an email invite you use this : markrecipientstosurvey
The surveyID is available inside the Examinare account.
When you done this script part then make it as a cronjob for instance inside the crontab -e
I would run it every 30 minutes or 1 per hour.
Next part you create a page for the survey redirect where you use the function: listsurveysbyuser
to get the survey version and url
(there is a special link for the mobile user that even works for the normal mobile phone NOT only smartphones)
Now you just redirect them to the survey. If you want them to return to your site after then you use the redirect_url parameter that is added to the url or use the redirect inside your account. Ask support about that if you need :) They are fast... Never had to wait more than a couple of minutes.
When the person return then just check if they are marked as complete with the same api call: listsurveysbyuser
Looks much but it is very easy to implement and if you have any problems then just ask the support at support#examinare.com I have asked alot and never had them to say that it can not be done. Really nice!
EDIT:
I see that they just released a tutorial much better than my example:
https://developer.examinare.com/how-to-use-surveys-in-cakephp-with-very-little-development/
One option:
Use unique Custom Variables in the URL that is visited by each member of the community
For example, https://www.surveymonkey.com/s/your_survey?userid=$my_user_id
Note that you can create weblink or email collectors with the API (endpoints: create_flow or create_collector).
Then track the responses using the get_respondent_list or get_responses endpoints of the API.
Note: Please confirm with the Survey Monkey API team that the custom variables can be read via the API.
Another option:
Use the email collector (create_flow) API endpoint and send it to your members' email addresses.
I am new to Facebook development.
Is it possible to have a website login with Facebook + a non-FB database?
Specifically I would like my users to access Facebook information similar to Sociogram (http://coenraets.org/blog/2013/02/sociogram-a-sample-application-exploring-the-facebook-sdk-and-the-graph-api/) which I have gotten working with my own website app, but also tie in additional user information that Facebook does not keep - so that my users only have to have one login.
Any info on where to start researching would be helpful.
As you are talking about having your own database, i can guide you like this.
Use facebook javascript login to get premissions from user and save them to your database in which you may have other details to be added later for your website purpose
When you save details once from first login, you dont need to save them on next login. So Write code so that on first login check your database for user existance and if not then add him to database.
And in that database you can add extra field that facebook wont save like his height for example.
For this to happen you must have server side scripting knowledge to store the details to database. If you need further more details, i am here to answer.
I am exposing a page with a standardcontroller="account" to a force.com site facing the public. This page displays account specific data to the clients. Now when a customer logs in to my website I want him to have access to his account's data and only his account data. Here is the problem; the url for a page with a standardcontroller has a Id field, such as "https//www.myforcesite.force.com/AccountViewPage?Id=a82347dod". If a user changes a few keys on the Id, it is very easy for him to access other people's account page and bypass the login process. How can I prevent that.
I opened a ticket with salesforce but they told me its working as intended. I don't think a vulnerability to a trivial brute force attack should be intended so I want to know if there are any fixes?
Create one StandardController extension and check if the logged user in your website has the permission to view that account.
http://www.salesforce.com/us/developer/docs/pages/Content/apex_pages_standardcontroller.htm
What you are looking for is URL rewriting for force.com site.
For example, let's say that you have a blog site. Without URL rewriting, a blog entry's URL might look like this: http://myblog.force.com/posts?id=003D000000Q0PcN
With URL rewriting, your users can access blog posts by date and
title, say, instead of by record ID. The URL for one of your New
Year's Eve posts might be:
http://myblog.force.com/posts/2009/12/31/auld-lang-syne
I am working on a chrome bookmarking extension with google app engine as the backend. I am the only user now but I thought that if in the future there are other users the url needs to include the user name for the extension to interact with the backend. So I was thinking to change
http://ting-1.appspot.com/useradminpage
to
http://ting-1.appspot.com/user_name/useradminpage
where "user_name" is the gmail user id.
But I looked at twitter url and I see that they have
http://twitter.com/#!/user_name/
What is the purpose of "#!"? Is my scheme good enough in this case?
The # in a URL signifies the 'fragment identifier'. Historically this has been used to identify a part of a document identified by an 'anchor' tag, but recently webapp developers have begun to use it to pass information about the page state to Javascript code running in the page. This is used because it's possible for Javascript code to modify the fragment of the current page without causing the page to reload - meaning it can update as you browse through the webapp, and go right back to where you were when you reload the page.
The fragment is not sent to the server when the browser loads a page, so Twitter's server just sees a request for twitter.com; it's up to the Javascript code in the page to examine the fragment and determine what to do after that.
In your particular case, assuming you're using the App Engine User service to authenticate users, you have a number of options for how to distinguish users in your URLs:
Use their email address. In theory this can change, and users may not want their address in a URL they will share. If the URLs are private, this is more or less a moot point.
Use their user_id. This is opaque and reveals no useful information about the user, so it's safe, but it's also meaningless and hard to remember.
Let users pick a nickname for their URLs, like Facebook and other services do, on a first-in, first-served basis.