I'm working on a web application which is mostly based of Facebook
Graph API. I hold some user's data - actually , the possible
public data available - such as profile picture, name and id. I
wondered how I'll be able to get a direct link to a user cover picture
of a user only by using his id? and I already got the User ID.
This is the code that I used to get the profile picture & it worked-
<img src="https://graph.facebook.com/{{user.id}}/picture?type=large" style="float:left;"/>
Now I want to get cover picture.
Thanks in advance.
To get the cover picture of a user, make this call-
\GET http://graph.facebook.com/{user-id}?fields=cover
You'll get the image url in source key of the JSON response:
{
cover: {
id: "111222333",
offset_y: 55,
source: "https://scontent-a.xx.fbcdn.net/.....jpg" // that's the cover photo url
},
id: "111222"
}
Related
I'm actually using this React library (https://www.npmjs.com/package/react-google-login) to authenticate with Google.
As for the basic profile and email scopes, this works fine. On my client app on Google Cloud Platform, I've correctly enabled the People API (https://developers.google.com/people) and added the correct scope to the scope list, in React (https://www.googleapis.com/auth/user.phonenumbers.read). I've also ensured that my phone number on my Google Profile was made public even if I don't know if that could matter. After doing all this, the consent screen is working fine asking me to allow the app to access my phone number.
However after login, I can only see the data linked to profile and email scopes. In the library I can see that they made some object properties as shown in the code below inside the library itself :
function handleSigninSuccess(res) {
/*
offer renamed response keys to names that match use
*/
const basicProfile = res.getBasicProfile()
const authResponse = res.getAuthResponse(true)
res.googleId = basicProfile.getId()
res.tokenObj = authResponse
res.tokenId = authResponse.id_token
res.accessToken = authResponse.access_token
res.profileObj = {
googleId: basicProfile.getId(),
imageUrl: basicProfile.getImageUrl(),
email: basicProfile.getEmail(),
name: basicProfile.getName(),
givenName: basicProfile.getGivenName(),
familyName: basicProfile.getFamilyName()
}
onSuccess(res)
}
\
So the problem is that I don't know if I even receive the phone data or if I just can't read it because I don't know how to call the phone data inside the response, in terms of variables name in React. Anyone has an idea ?
The library you're using seems to be using Google Identity which does not include a method to obtain the user's phone number, just their basic profile.
You can get the user's phone number with the people api but this is not in the scope of this library. You'd have to make your own method to get the the authenticated user profile with the phoneNumbers field. Enabling the people api and requesting authorization are just the first steps.
https://developers.google.com/people/api/rest/v1/people/get
I want to implement URL for search specific data in my base using filterByFormula
below are my link and I got an error and how to resolve that
my url:
api.airtable.com/v0/APPID/Stories?filterByFormula=(FIND(“Car (in robot form) will offer a hug when I am stressed out”,{User want}) &api_key=MYKEY
Error :
{
"error": {
"type": "INVALID_FILTER_BY_FORMULA",
"message": "The formula for filtering records is invalid: Invalid formula. Please check your formula text."
}
}
I tried using postman, please help me.
While querying filtered data from Airtable via API, you don't have to use FIND keyword. You can filter data with simple Airtable formula like structure. For example,
{Email} = 'johnwick#neverdie.com'
Above filter retrieve all the records from the table whose Email is simply johnwick#neverdie.com
To limit number of records retrieve by API maxRecord parameter is available for that. For more info about various parameters please refer my answer here AirTable API Find record by email or official Airtable API Documentation
In your case
API url would be structured like,
api.airtable.com/v0/APPID/Stories?filterByFormula=Car+(in+robot+form)+will+offer+a+hug+when+I+am+stressed+out%3D%22User+want%22&api_key=MYKEY
For more info about Airtable API encoding, check this https://codepen.io/airtable/full/rLKkYB?baseId=app1C5TVoophmmr8M&tableId=tblvILr4aSAYI98oa
Hope this helps!
I'm currently working on revising the registration procedure of our recruitment ATS, made with AngularJS and Meteor, and I need to verify the new user's email during the registration procedure.
The logic would go as followed:
1- User fills in a form on the 'get-started' page and when clicking on 'sumbit', the ATS sends a verification email(I'll be using 'sendVerificationEmail' from Meteor)
2- After the user clicks on the link from the email, they'll get redirected to the 'register' page where additional information is required and the registration procedure is concluded.
As mentioned above, I'm planning to use 'sendVerificationEmail' to verify the user but I also want to use it to send back the userID.
From what I read on the Meteor API, I can pass extra data to the token with 'extraTokenData'
Accounts.sendVerificationEmail(userId, [email], [extraTokenData])
Now how do I declare the 'extraTokenData' object?
Could I do it like this: Accounts.sendVerificationEmail(userId, "", { _id: userId })
And how do I retrieve the 'userId' with 'Accounts.onEmailVerificationLink'?
your help will be greatly appreciated.
The email and the extra tokens are optionals, but if you want to send them send it as a string.
If you want to send the extra token but no emails you can try using Accounts.sendVerificationEmail(userId, undefined, "extra token") or if it doesn't work you can request the user's deatil user Meteor.user(). then call user.emails[0].address.
To retrieve information you have to get user by token and all data are there on user document under services.password.reset field. Look here how Accounts.generateResetToken is implemented https://github.com/meteor/meteor/blob/1e7e56eec8414093cd0c1c70750b894069fc972a/packages/accounts-password/password_server.js#L609.
I'm actually creating my first app using meteor, in particular using angular 2. I've experience with Angular 1 and 2, so based on it. I've some points of concern...
Let's imagine this scenario...My data stored on MongoDb:
Collection: clients
{
name : "Happy client",
password : "Something non encrypted",
fullCrediCardNumber : "0000 0000 0000 0000"
}
Now, on my meteor client folder, I've this struncture...
collection clients.ts (server folder)
export var Clients = new Mongo.Collection('clients');
component client.ts (not server folder)
import {Clients} from '../collections/clients.ts';
class MyClients {
clients: Array<Object>;
constructor(zone: NgZone) {
this.clients = Clients.find();
}
}
..and for last: the html page to render it, but just display the name of the clients:
<li *ngFor="#item of clients">
{{client.name}}
</li>
Ok so far. but my concern is: In angular 1 & 2 applications the component or controller or directive runs on the client side, not server side.
I set my html just to show the name of the client. but since it's ah html rendering, probably with some skill is pretty easy to inject some code into the HTML render on angular to display all my fields.
Or could be easy to go to the console and type some commands to display the entire object from the database collection.
So, my question is: How safe meteor is in this sense ? Does my concerns correct ? Is meteor capable to protect my data , protect the name of the collections ? I know that I can specify on the find() to not bring me those sensitive data, but since the find() could be running not on the server side, it could be easy to modify it on the fly, no ?
Anyway...I will appreciate explanations about how meteor is safe (or not) in this sense.
ty !
You can protect data by simply not publishing any sensitive data on the server side.
Meteor.publish("my-clients", function () {
return Clients.find({
contractorId: this.userId // Publish only the current user's clients
}, {
name: 1, // Publish only the fields you want the browser to know of
phoneNumber: 1
});
});
This example only publishes the name and address fields of the currently logged in user's clients, but not their password or fullCreditCardNumber.
Another good example is the Meteor.users collection. On the server it contains all user data, login credentials, profiles etc. for all users. But it's also accessible on the client side. Meteor does two important things to protect this very sensitive collection:
By default it only publishes one document: the user that's logged in. If you type Meteor.users.find().fetch() into the browser console, you'll only see the currently logged in user's data, and there's no way on the client side to get the entire MongoDB users collection. The correct way to do this is to restrict the amount of published documents in your Meteor.publish function. See my example above, or 10.9 in the Meteor publish and subscribe tutorial.
Not the entire user document gets published. For example OAuth login credentials and password hashes aren't, you won't find them in the client-side collection. You can always choose which part of a document gets published, a simple way to do that is using MongoDB projections, like in the example above.
I am using iOS 6 Social framework for accessing user's Facebook data. I am trying to get likes of the current user within my app using ACAccount and SLRequest. I have a valid Facebook account reference of type ACAccount named facebook, and I'm trying to get user's likes this way:
SLRequest *req = [SLRequest requestForServiceType:SLServiceTypeFacebook requestMethod:SLRequestMethodGET URL:url parameters:nil];
req.account = facebook;
[req performRequestWithHandler:^(NSData *responseData, NSHTTPURLResponse *urlResponse, NSError *error) {
//my handler code.
}
where url is #"https://graph.facebook.com/me/likes?fields=name"; In my handler, I'm getting this response:
{
error = {
code = 2500;
message = "An active access token must be used to query information about the current user.";
type = OAuthException;
};
}
Shouldn't access tokens be handled by the framework? I've found a similar post Querying Facebook user data through new iOS6 social framework but it doesn't make sense to hard-code an access token parameter into the URL, as logically the access token/login checking should be handled automatically by the framework. In all examples that I've seen around no one plays with an access token manually:
http://damir.me/posts/facebook-authentication-in-ios-6
iOS 6 Facebook posting procedure ends up with "remote_app_id does not match stored id" error
etc.
I am using the iOS6-only approach with the built in Social framework, and I'm not using the Facebook SDK. Am I missing something?
Thanks,
Can.
You need to keep a strong reference to the ACAccountStore that the account comes from. If the store gets deallocated, it looks like it causes this problem.
Try running on an actual device instead of a simulator. This worked for me.
Ensure that your bundle id is input into your Facebook app's configuration. You might have a different bundle id for your dev/debug build.