I am creating a web app that allows users to user their own social network services (Instagram, facebook, spotify, etc.) and display the information like photos, posts, playlists from the SNS.
I know we need each users to authenticate their SNS account first to make the API accessible.
I have no experience with authentication, so I want to get some TIPs of how to do this.
My idea is to provide buttons called Authenticate for each SNS. When the user clicks this, I want to open a window for the user to login to their SNS and when the login is successful, it will give a list of whatever information that is related to the SNS (photos, playlists, etc.).
I want to know what I need to know to do this. I know that we need access tokens to access the user's API. Is there a way to use the access token that the user earns by authenticating his account to access the API?
Any advice will be great. Thanks.
Try firebase authentication. A lot of work is involved in what you want to do, and they have done much of this work for us...
Related
Problem
In our Teams app tab we want to show the profile image/photo of the current user.
Things we tried
The user is authenticated with Single Sign-on for tabs and we store some user information to track some progress in our app. It is not possible to fetch the profile image from the Microsoft Graph API with the token from the Single Sign-On process — the User.Read permission is missing.
The user profile image does not seem to be available in the Teams context from the Microsoft Teams Javascript SDK.
In SharePoint it is possible to show the profile image of the current user with a special URL: https://<tenant>.sharepoint.com/_layouts/15/userphoto.aspx?size=L&accountname=<upn>. This fails in Teams with an "no access" redirect if the user has not logged in into SharePoint.
Seemingly possible solutions
Extra authentication step to get the User.Read permission; not ideal, nobody is gonna press a extra button just so we can show a profile image.
Convince the Single Sign-on for tabs process to include User.Read; Adding the permission in all kinds of configuration did not change anything in the resulting token.
Use a custom OAuth2 flow, according to this blog post it is possible to setup in the Single Sign-On for bots process. The Teams SDK does not seem to have the same possiblility.
Somehow make sure a user is authenticated in SharePoint so we can use the magic profile image URL; does not seem very likely.
Is there a solution workaround and/or something that we did not try yet for this problem?
You won't be able to modify what the standard SSO does, unfortunately.
The easiest way to deal with this is to use the Microsoft Graph Toolkit, specifically the Person component. It's exactly built for this kind of scenario, and you have the user's AadObjectId from the Teams context.
It does require an Azure Application, but I think you can use the same app. It -will- prompt the user, by default, with a consent popup, but you can get around this, as always, with an admin consenting on behalf of the user.
I am completely lost, with even what to look at. However, I am creating my first react native application. In this app I wish to allow the user to authenticate with Google as well as Facebook.
My Issue is: User logs in using google auth. They then log out and re-authenticate with facebook. However they have already logged in before and under this second auth I wish them to connect back to the same account.
Could someone please help me, is there a way to do this, I am lost. I need direction on this so appreciate all/any help given.
Any further questions on this. I will do my best to answer. Thanks
I think this issue has more to do with persisting data and keeping duplicates out. When you do authentication you habe to store some kind of universal ID like the users email and Google/Facebook IDs. When a user logs in with whichever account you can identify them and match the correct profile.
Lets say the user has different emails with facebook and google, you might tell him after auth with google, that a User will be created newly on your app with the given data. At this point users can realize thats not what they expected, as they have already an account and retry with facebook.
I am struggling to determine if I should use only oAuth, develop a custom login, or both for my Angularjs site. What have others done/what were some of your reasons for the decisions you made?
I can see the benefits of oAuth only, and moving the storage of credentials off my app, but it comes with the risk of users not having a Google, FaceBook, Twitter, LinkedIn account.
From login perspective, you just need "credentials" of an unique user and this user can provide it to your service in any way. So it depends on more aspects such as: you want to publish something to existing accounts of user (Facebook, Google+...) or sync information between them and your service.
Well, this question is regarding the authentication system of an app in GAE. I've read several posts and found out the best way to manage the user authentication stuff is using the Google Accounts service. I've read several suggestion (here is one of them) but they don't really give a solution to the problem.
Here is what I want to do: I am going to use the Google Accounts service and I want to know if there is a way to change the login and create account page, so that I don not have to redirect the user to the Google Sign-in form, but rather redirect the user to my own login form and then forward those data to Google Servers. I would like to do the same exact thing with the register form. In conclusion I need that the user feels she is using the login of my application, but is really using the Google Accounts service.
Here is an example of something I want to do: This webpage uses Google Accounts Service, but the login form, is a custom form that then (I imagine) forwards the data to Google Servers and then logs the user in.
We would like to connect a salesforce user to another salesforce user in another org without any user intervention from a service.
We have tried SAML Bearer Flow (using Remote Access Application) to connect to salesforce to retreive Access Token for one of our product. We are referring to the follwoing article.
http://help.salesforce.com/help/doc/en/remoteaccess_oauth_SAML_bearer_flow.htm
As referred by the SF article for this flow, it uses a previous user authorization to connect and retreive Token. In case the user (for whom Token is requested) has not already authorized the App, SF takes you to the Authorization page first and app will get the access token once app is authorized. This is working fine too. However it has this painful step of users authorizing the app before we can use this flow for the product. It would be good and simplified if this step can be done once for an org and the article does mentions that either User or Admin can authorize the app. However I am not able to find how an Admin can authorize the remote access application.
Does anyone knows and can guide how can an Admin authorize an App or is thre any other way we can achieve our requirement. Any thoughts will be really appreciated.
OAuth1 and OAuth2 require user intervention by design. Anything you do to defeat this would be circumspect and not best practice. You could make it easy on the user, but you will always have the initial "Authorize this app" message.
If you are trying to make it easy for the user to login to either org, then you may want to consider a hub-and-spoke SSO solution. See this doc.
If you are trying to pass information between two Salesforce instances, then you may want to consider Salesforce2Salesforce, or outbound workflow. However, this is done at system context, not user context.
If you want to maintain user context and security, you should consider the new Salesforce Canvas API. Canvas allows you to call an outbound service, and pass credentials to the service so that it can communicate back. There is no reason the foreign service could not be a Salesforce instance.