If I use native FB login on an iPhone, the returned AccessToken doesn't seem to have an expiration date, unlike the one I get using browser based (non-native) login. Is this by design? The reason I ask is that the Parse.com API requires a valid expiration date. For now, I just use today's date plus three years.
It does have that within the AccessToken class. See this example of usage in the Google login portion of the chat tutorial although it's applicable for Facebook too.
Related
I am building a form in react and I wanted to send it to my email when the user clicked the submit button.
I was looking at Microsoft Graph API for sending the email (https://learn.microsoft.com/en-us/graph/api/user-sendmail?view=graph-rest-1.0&tabs=javascript), but checking it, seems that it needs a temporary token, so I can't use it as I would need to be changing the token every hour or so.
So, I'm basicaly trying to find an API like the Gmail but for office 365 accounts (https://developers.google.com/gmail/api/guides/sending), as we can create a gcp project and use the keys that it generates for us, instead of using a token like the MS Graph API
Generaly I would use a route in my API, but this site is static, so I do not have any API (neither serverlets, cloud functions or other stuff like it).
Is there any away to send an email through a Microsoft API from my web client in react, using only a token specific to the domain? Or is there a better away to acomplish this same result?
I highly recommend using https://formsubmit.co/. It's free and I personally use it in many projects. Works flawlessly with many features like email templating, captcha, reply_to, etc.
No backend knowledge is required. Can set it up in like 1 minute.
One option would be to authenticate on behalf of the user.
You can also have a small proxy API, dedicated for the purpose of allowing the users to send an email.
I am building a react site where users can purchase a "day", "weekly" or "monthly" pass for the content on the page. I only want to allow them access for a day if they purchase a day pass. Same for weekly and monthly. I am using JWT to keep users logged in. I have no idea how to create the functionality to verify if they should still have access or not. Would love some help. I am also using redux if that helps.
You need to start thinking about Authentication and Authorization separately. Your JWTs are (hopefully) performing the Authentication duty. The "limited access" you're asking about are the concern of Authorization. In other words: now that you know who this user is, what are they allowed to do?
You need to map your JWTs to some form of internal user id, and then determine if they can or cannot access the requested resource/endpoint/etc.
For example, you might allow all users to GET from /jobs to view the listing of job postings, but if they try to POST to /apply for a job, you verify that they are a "premium" user, with time remaining on their paid subscription.
I am working on an app using NativeScript and am using Microsoft OAuth2 to authenticate the user, send emails and access SharePoint with it. My problem is that the authentication token I get expires after 1 hour so the user has to login again over and over. A temporary solution I am using is refresh_token which lasts longer (I believe 14 days by default and up to 90 days) but still that is not what I would like. My ideal solution would be an option to stay signed in but it does not seem to exist at this moment.
I have read this page https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-token-session-sso and am not sure how to extend the lifetime of my token. If I can extend it at least for a year or six months, that would be great but I don't know how to do it.
My app is not registered in Azure but in apps.dev.microsoft.com and I have looked in the manifest but haven't found anything I could write to change the token type or its lifetime.
For a calendar app, I want to sync users calendars (events) to my database. For now, I need title, start, end, recurrence and reminders/alerts. I am thinking, I will get these information from app and store it to a database. To make things easy (implementing recurrence maybe hard), I thought of using a hidden Google Calendar account on the server as a database.
Server will use a "hidden" Google Calendar account
App (iOS) will get calendar information from user's iCal via EventKit
Passes server this information which is saved to Google Calendar
So 1 user calendar becomes 1 hidden google calendar
But I think I might encounter some problems with API limits?
I might need to re-authenticate to refresh the access token? Is there a token I do not have to refresh?
Is the limit on the number of calendar I can have 10,000? What if I need more? Isit even possible? Or is it 10,000 for "a short period of time".
Is this possible? Or is the only option a self build system.
The quota for the Google calendar API is Queries per day 1,000,000 if you go over that you can always request additional quota as far as I know it doesn't cost anything to extend your quota.
Once you have authentication to a user Google calendar account you will receive a refresh token. The refresh token can be used to gain a new access token when ever you need to access it. Refresh tokens don't expire unless a user removes your access.
I need to integrate PayPal with my client AngularJS app, where the app visitors can donate specific amounts of money based on various causes, but not sure where to start? My client requested that visitors can select cause, amount to be donated, then get routed to Paypal to enter their details, process payment then finally routed back to the app for (thank you page) which should receive payment confirmation as parameter.
I've skimmed through the PayPal developers API and can see that there are a lot of options / features offered but not sure really where to start and which is the best approach to accomplish my client needs? Shall I use REST API? or will simple button integration do the job? What if I need to add causes selected to Paypal checkout page? Can I do this using the API? Thanks
If you don't have some specific reason to use REST I would recommend just going with the Classic API, specifically Express Checkout. It's much more mature and provides a lot more freedom to integrate with different options and customization.
With Express Checkout you'll be using the following calls.
SetExpressCheckout
GetExpressCheckoutDetails
DoExpressCheckoutPayment
You'll call SEC and that will return a token. Then you'll redirect the user to PayPal with that token appended to the URL. The user signs in and approves the payment, and they're returned to a URL that you supply in the SEC request.
At that URL you can call GECD to obtain all the details about the buyer. This allows you to tae their address and apply any shipping or tax rules you need to so that you can present a final review before the user would approve the payment, which is when you trigger DECP to finalize the transaction.
There are various options with that flow. For example, GECD is optional, and depending on your flow you may or may not need a final review, so you could skip straight to DECP and display nothing but a final receipt page when the user gets back to your site if you want to.
If you happen to be using PHP my class library for PayPal will make all of this very simple for you.