I seem to be unable to find neither relevant scope, nor API call to do that. The best matching one only returns user ID, not the real name. It also does not tell if user has verified Bio.
Related
For my application I need to retrieve a channel's ID, which can be done using a channel's username via channels().list(..., forUsername=username, ...).
The issue I have is that a channel's username is not as obvious as you would think. For example, talkSPORT's channel's username is actually talkSPORTMagazine. The only way I have been able to extract this is from their main page's URL.
talkSPORTMagazine
talkSPORT
However, a channel's main page's URL does not reliably include their username: sometimes it does, sometimes it includes their ID, or sometimes nothing at all.
If I don't use a channel's actual username then I cannot extract their channelID, something I need to request videos.
Is there a way I can reliably find a channel's username?
The answer to your question is unfortunately negative: there's no reliable way to find a channel's user name.
That's because user names are a legacy feature of the API v3: not every channel has one attached and no channel is required to have one attached. (See this official statement from Google staff from 2013-07-11.)
I warmly recommend to make your app such that it not rely on user names identifying channels; do arrange your app logic (both internal and external) such that to base it on channel IDs.
For what concerns channel URLs using user names, please follow this answer of mine: How to find the forUsername parameter for a specific channel.
We have implemented IdSrv4 on top of AspNetCore Identity and we use ADFS as external IdP. From ADFS we wan´t to get the users AD-groups, upn and som other claims. The claims will be used both inside our IdSrv4 implementation, but will also be sent to our API-resources as part of the access token.
The current situation in our IdSrv4 implementation:
ADFS has been configured so that it emits the claims that we want and in our IdSrv4 implementation those claims are received as expected in the "ExternalLoginCallback" method of the AccountController.
IProfileService has been implemented in order to fill the "IssuedClaims" list with claims.
BUT, I haven't managed to build the connection between those to steps. What is the preferred way to preserve the claims received in "ExternalLoginCallback" and put them into the generated access_token in the IProfileService class?
Right now I have managed to get it working by saving the token using the method "UpdateExternalAuthenticationTokensAsync", which will save the token in the database. Then in the profile service I fetch the token and read the claims into the emitted token.
But this doesn't feel right and while searching for the proper way I´ve seen examples use the class IdentityServerUser that has "AdditionalClaims" property, but I can't find a way to plug that type into the event flow.
Also, when configuring the external IdP you have these "ClaimActions" that can be mapped, but I don't understand what they are.
Finally, I assume that the database tables "IdentityClaims" and "ClientClaims" with corresponding entities should be used for this purpose but I can´t figure out how. Or should they be saved in the "AspNetUserClaims" table to save the actual claim type/values and not only claim mappings?
So basically, there must be a best practice for this scenario that seem to avoid me and I would be greatful if someone could share it.
The main issue in my problem was that the problems I first encountered with persisting the Claims in the AspNetIdentity-Db led me to a wild goose chase.
Returning to this after a week or so made me give this another shot. Turns out that the DI injected "_userManager" wasn't "connected" to the current DI injected "_signInManager". If someone has an explanation for this, please share!
What did work was to use the "_signInManager.UserManager" to update Claims on the user. This properly stores the Claims in the "AspNetUserClaims" table, and can then be retrieved in the profile service.
UPDATE 1:
Of course there was a logical answer to that as well. A user manager is created by default even if you don't call "AddUserManager" on your identity setup during startup. BUT, in my case I have extended the IdentityUser class and now by doing it like this it all works as excpected (where "UserIdentity" is my derived class):
.AddIdentity<TUserIdentity, TUserIdentityRole>(options =>
{
options.User.RequireUniqueEmail = true;
})
.AddEntityFrameworkStores<TIdentityDbContext>()
.AddSignInManager<SignInManager<UserIdentity>>()
.AddUserManager<UserManager<UserIdentity>>()
.AddDefaultTokenProviders();
how to add middleware/intercepter for every request in on dialogflow webhook server while using Action-on-google library and working with dialogflow application,
the purpose is i want to authenticate on every request that key is still valid or not, and also i want to check if that user is already managing a group then get all members of group and put in /userEntity,
now i'm doing this in wellcome intent, so when user say talk to xyz app in wellcome intent i check in database if user is managing a group then get all members of that specific group and put in user entity,
but this logic become trash when user directly say a command such as if user don't say talk to my xyz app and instead he says ask my xyz app john wink is present or not then app is unable to recognize this name, note that i cannot user system name entity because in my case these are not english names
for now i have restricted direct commands with context combination but it is not good e.g: user cannot say direct command unless WELCOME_DONE context which is context out of wellcome intent
The "direct command" you mention (ask my xyz app john wink is present or not) is what we call an "action invocation phrase". Since you're depending on a user entity in order to extract a name from the action phrase, you'll only be able to do this successfully if another intent has recently been matched, since the user entities you add are only available for 30 minutes.
One way around this might be the following. We are going to do something clever to run the user query through Dialogflow a second time, after adding the user entity.
In the intent that handles your "action invocation", use #sys.any (which is essentially a wildcard entity) to capture the name. Enable the webhook for this intent.
Create another intent with User says examples that match the expected "action phrase", similar to the first intent, but don't add it to your "Additional triggering intents". Enable the webhook for this intent.
Create a function in your webhook that handles the intent from Step 1.
In this function, look up the user and their group and add the members via /userEntity.
Now that the user entity has been created, call the Dialogflow /query API with whatever the user said.
Since the user entity has now been created, the intent created in Step 2 will be matched, so the /query API response will contain the name from the entity you created in Step 4.
Use the name to generate whatever response you wanted to generate.
When I link an account with a third party they send an access token as well as the user's username.
Alexa automatically saves the access token and gives it with each request. How can I get it to save the username as well?
This is intentionally not supported in order to protect the user's privacy. That is a good thing.
Alexa does provide a userID with each call. This id is specific to each user, and the same every time they use your skill. It doesn't give you any personal information, but it does allow you to save information for each user to your own database. You can associate that user's data with the userId and recall it every time they use your skill.
So for example, you can ask the user for a name, save it to your database keyed by the userId, and recall it at a later date using the userId.
Search on "alexa user information" for more info, for example this post.
Just encode the user name and/or any other information to the token itself.
For example you can use JSON Web Token - https://jwt.io/ - wich is an RFC 7519
It is intended exactly for the use case when you you don't want to make an additional request(s) just to retrieve some rarely changing info.
Regards caching/refreshing you can issue token for limited amount of time (an hour?).
Here's the problem I am trying to solve (I'm 100% sure I'm asking the "right" question) in my node.js / angularJS web application:
Authenticated members of the app can "invite" anyone with an email address.
Invitees can register using google (OAth 2.0) or with their email address and password.
In either scenario, it's possible that the invitee chooses to register with an email address (either a google one or one they type in) that differs from the email to which the invitation was sent.
I want to associate the two emails, and am having trouble figuring out how to do so.
My current approach:
The URL in the invitation email includes a unique parameter which references the email of the recipient. When that link is followed, I store that parameter using an angular service - the same that I use for storing the user once they are authenticated.
The problem (or at least one of them):
When I call the google authentication and it, subsequently returns the user to my site via the callbackUrl, my angular service instance no longer has a reference to the initial invitee's email, which I assume is expected since I the user left the angular application and then returned. Thus, I can't compare it to the email returned by the google authentication and, if they are different, prompt the user, join them, whatever.
What is the best way to toss that reference I take from the link that first took the user to the site to the other side of the OAuth process?
Or, is there a different approach entirely I should consider?
You would be able to pass a state parameter in your oath request. Google then returns the same parameter back with the oath response:
https://developers.google.com/accounts/docs/OAuth2UserAgent -> paramater: state