We are submitting an Outlook add-in app to the Office Store. Our add-in has a "Help" link in it that points to our customer care / support site. However, our support site does require a log in...our customers need to log in to search knowledge base, log a support case, etc. We have no way around the fact that our support site requires log in...this is just how our support mechanism works. So, we are getting the following comment with our rejected submission: "The current Support URL in your add-in metadata, as submitted via the Seller Dashboard, requires authentication. Please use a Support URL that is publicly available."
Has anyone come across this? If we don't have a publicly available URL for our support site, that doesn't require login, what other options do we have?
The support link submitted with your add-in metadata, is the link that will appear on the Office Store on your add-in listing as the "Provider's Website".
This link does not have to be a link to your support site; but can be a link to your main website.
Hope this helps!
You can create a public facing support site with simple text stating that support is paid/requires credentials and provide a link to the protected URL. For all unpaid/free trial users, you can list an email address within the same text.
Related
As you know Salesforce is enforcing Enhanced Domains. I found from Salesforce help that:
Custom components in your org must be evaluated in order to check
whether they use domain name/static URLs
Some embedded content stored in Salesforce might no longer appear
Third-party applications can lose access to your data
Single sign-on integrations can fail
However, I'm struggling with finding out which particular Salesforce elements/configurations should be checked in order to detect potential gaps? Do you know which areas exactly can be affected and shall be evaluated (like Apex Codes, Email Templates and so on)? Is there any guide on that?
Your biggest concern should be inbound integrations. Things that log in over REST/SOAP API, get response with session id back, ignore the "url to use for all subsequent requests" and just use hardcoded url, whether it's prod or sandbox.
Look at this guy, he's victim of either enhanced domain or "disable api versions < 30" thing: The requested resource no longer exists with rest PHP. Look at these guys, they had hardcoded url: how to solve python code error (TooManyRedirects: Exceeded 30 redirects), Salesforce API via postman error INVALID_SESSION_ID.
As for stuff inside Salesforce itself - best would be to download whole project with sfdx and run a text search for your domain name (and site/community name if you have these). Email templates that use merge fields for forgot password etc should be fine, merge fields with record link should be fine... But if you manually craft email body in apex - might be a problem. A lot depends how creative the developer was. If you find getsalesforcebaseurl().toexternalform() it should still work. If it's hardcoded / read from custom setting / custom label / custom metadata it might be more fun.
If you have external apps that display pieces of salesforce (embedded live chat? some iframe with FAQ? CMS Connect) - the domain change might mean they need to be updated, both in terms of updating url and changing security rules (CSP for example)
I have been playing around with the Graph API to access the shared calendars and events within an organization.
I can successfully query my organization users and the calendar/events for any of those users. What I would like to do now is to generate a URL allowing you to jump to an outlook web session (eg - https://outlook.office365.com/calendar/) directly to a particular user's calendar (that you have access to).
I can see that Events have a 'WebLink' property that allows you to do this with a calendar event, but I can't find any documentation that indicates how you could jump to a calendar the same way.
I did find some old stuff implying that the old school OWA used to allow this but those url's don't look like they work anymore.
I also tried to pull apart the URL's provided when you 'share' you calendar with an external email address and it sends them a 'click here to add the calendar, or here to see a web view' etc email. That looked kind of promising because it actually DOES provide a direct link to a web version of the calendar; but it it includes a few fields in the URLthat I can't figure out (more than likely the external user auth) so I can't reverse engineer it to build one with the info I have available in the Graph API.
URL was of the form:
https://outlook.office365.com/owa/calendar/<userid>#<domain>/<52CharacterHex_ProbablyAHashedTokenForTheExternalUsersAuth>/<WindowsUserSID_ProbablyToRepresentTheExternalUserOrProxyAccessEntity>/reachcalendar.html
Anyone else got any ideas on how I can launch a web session of another uses calendar (that I have access to)? Ultimately what I am doing is creating a small management dashboard (using a summary built via Graph API data) that shows an overview of a collection of user's calendars but allows you to jump into the any individual user's full calendar if more info is required.
Publish to the web. follow this:
https://support.microsoft.com/en-us/office/share-your-calendar-in-outlook-on-the-web-7ecef8ae-139c-40d9-bae2-a23977ee58d5
basically
OWA -> Settings
Calendar -> Shared Calendars
Publish a Calendar -> copy HTML
What kind of permission do I need for the application that can read posts and comments from Facebook public pages.
I don't have a web or Mobile Application.
I want to run the code from my PC using restfb API.
Facebook have stopped my application from fetching this data - is it always mandatory to create an application and which asks user permission even for the public data ?
I don't need any personal Information, I only need posts and comments for general analysis
For development purposes or for extracting certain data you can generate a user access token using the Graph API Explorer (selecting itself as the Application). It will expire in 1 hour, but it's enough if you want to download for example about 10,000 comments and posts from some public page (you should use the limit parameter at 100 to optimize your restricted access). For future and official use of your application it needs the feature "Page Public Content Access" that can be obtained with the Facebook review process.
Your application needs the feature "Page Public Content Access". You have to submit your app to the Facebook review.
https://developers.facebook.com/docs/apps/review/feature#reference-PAGES_ACCESS
I was developed one mobile application using YouTube Data API. When I submit my app into App Store, I was getting the following review:
Guideline 5.2.2 - Legal
Your app contains various copyrighted movies or TV shows. The use of third-party copyrighted materials requires documented evidence of your right to use such content in your app.*
Your app and its contents should not infringe upon the rights of another party. In the event your app infringes another party’s rights, you are responsible for any liability to Apple because of a claim.
Next Steps
To resolve this issue, please provide documentary evidence of rights to use this content. Acceptable documentation includes a copy of your contract with the copyright holder or a letter from the copyright holder to your company, as COMPANY_NAME_HERE detailing your authorization. Please be sure to include dates, rights holders' names, your company's name, and relevant signatures. Once we have reviewed your documentation and confirmed its validity, we will proceed with the review of your app.
Alternatively, please remove the third-party content from your app and its metadata.
Can you please someone guide me, how to resolve the above issue.
I am currently using the Users API (this one here) with the Go language on my Google App Engine application. My users are getting the warning message when they first grant permissions that says "OpenID 2.0 for Google accounts is going away. Developers should migrate to OpenID Connect by April 20, 2015." But I can't find any warnings in the documentation for the Users API anywhere saying that anything will stop working, like I do all throughout other sections regarding OpenID 2.0 (here).
I am using very little of the Users API code, just to create the login urls like this:
url, _ := user.LoginURLFederated(c, return_url, "www.google.com/accounts/o8/id")
And to read the users' email addresses, like this:
u := user.Current(appengine.NewContext(r))
email := u.Email
Do I need to worry about migrating, or will the Users API handle everything without failing after April 20th?
Please read this information:
https://developers.google.com/identity/protocols/OpenID2Migration
https://developers.google.com/identity/protocols/OpenIDConnect
https://developers.google.com/identity/sign-in/auth-migration
You may also find this forum post helpful.
Apps that use user.LoginURLFederated in conjunction with Google Accounts will stop working. These apps need to follow the information in the first link above to migrate.
Apps can continue to use user.LoginURLFederated for use with various other third-party OpenID2 service providers.
So, it turns out that the answer is "YES!". Definitely stopped working. The older development versions of my website now take you to an error page when you try to sign in. Luckily I had moved away from the User package before the deadline to the much buggier Google Sign-In for Websites.