Facebook User Feed Subscriptions - javascript

I have what I'm sure will be a very easy question, I'm just confused.
I have successfully got my server subscribed, for real time user/feed but simply am not getting any updates.
I have logged myself in using the FB.login JavaScript SDK, using the scope "user_about_me,user_status,read_stream" - so I expected to see updates for my user, but not getting anything at all.
The app is in "Development Mode", so, can anyone confirm that since I have got a { success: true }, that the reason is simply because of this? Or perhaps I need to put it under review from Facebook?
Thanks.

Woo, it's fixed now!
On my research, I had come across this post:
How to subscribe to real-time updates for a Facebook page's wall
Not realizing that I can use the USER_ID in place of the PAGE_ID. Following the Real Time Subscription documentation, I thought that by using the APP_ID, that it would allow to make one subscription for all users that grant the application its scope.
On to the next hurdle...

Related

Google oauth session lost after page reload (javascript)

I recently moved from the deprecated gapi.auth2 to the new Google Identity Services, using the javascript client library, and noticed a big difference: if someone signs in, and then reloads the page, the session is lost, and has to sign in again, every time the page is loaded. This was not the case with the deprecated library.
The problem can be easily reproduced with the Calendar API example.
Is there any configuration option to keep the session persistent? Or do I need to store the access tokens somehow? I could not find anything relevant in the official docs.
UPDATE:
The migration guide states the following:
Previously, Google Sign-In helped you to manage user signed-in status using:
Callback handlers for Monitoring the user's session state.
Listeners for events and changes to signed-in status for a user's Google Account.
You are responsible for managing sign-in state and user sessions to your web app.
However there's absolutely no information on what needs to be done.
UPDATE 2
To be more specific, the actual issue is not making the session persistent. Managing the sign in state and user session is something I can solve.
The real problem is the access token used to call the Google APIs.
As mentioned in the comments, the access tokens are 1) short lived 2) are not stored anywhere, so even if not expired, they do not persist between page reloads.
Google provides the requestAccessToken method for this, however even if I specify prompt: '', it opens the sign-in popup. If I also specify the hint option with the signed in user's email address, than the popup opens, displays a loading animation briefly, and closes without user interaction. I could live with this, however this only works if triggered by a user interaction, otherwise the browser blocks the popup window, meaning that I cannot renew the token without user interaction, e.g. on page load. Any tips to solve this?
I faced all the same issues you described in your question.
In order to help:
Google 3P Authorization JavaScript Library: in this link we can check all the methods the new library has (it does not refresh token, etc..)
This doc says the library won't control the cookies to keep the state anymore.
Solution
Firstly I need to thanks #Sam O'Riil answer.
As Sam described: "you can somehow save access token and use it to speed-up things after page reload."
Given the the Google's exampe, we should call initTokenClient in order to configure the Google Auth and the requestAccessToken to popup the auth:
tokenClient = google.accounts.oauth2.initTokenClient({
client_id: 'YOUR_CLIENT_ID',
scope: 'https://www.googleapis.com/auth/calendar.readonly',
prompt: 'consent',
callback: tokenCallback
});
tokenClient.requestAccessToken({prompt: ''})
In your tokenCallback you can save the credentials you get somehow, e.g.:
const tokenCallback(credentials) => {
// save here the credentials using localStorage or cookies or whatever you want to.
}
Finally, when you restart/reload your application and you initialize the gapi.server again, you only need to get the credentials again and set token to gapi, like:
gapi.load('client', function() {
gapi.client.init({}).then(function() {
let credentials = // get your credentials from where you saved it
credentials = JSON.parse(credentials); // parse it if you got it as string
gapi.client.setToken(credentials);
... continue you app ...
}).catch(function(err) {
// do catch...
});
});
Doing it, your application will work after the reload. I know it could not be the best solution, but seeing what you have and the library offers, I think that's you can do.
p.s.: the token expires after 1 hour and there is no refresh token (using the implicit flow) so, you will have to ask the user to sign-in again.

Should Token created when the user registers or login?

I have an API created by one of my team :),
And he made an endpoints "Register/Login"
his thought
When user create a user we save his data and the endpoint response it " without generating a Token"
so i can't navigate him to other screens cuz I make a request based on his Token,
So he wants me to navigate user after register to the login screen then Login endpoint will response the Token
But I think it's not a nice way and not improve UX.
So what you think we do?
generate Token in the register or log in?
The way I see this:
Solution 1:
You have him change the register API so that returns a token for you and you keep doing whatever you do with it.
Solution 2:
By registering, I'm assuming they type in a username/email, some personal details and a password!? So you have all the data to log the user in after registration. Upon successful registration, use the same username/email and password from memory (do not store them in browser storage) and call the login api to get the token (you only redirect after you've gotten the token) - so UX doesn't suffer here.
P.S. Instead of "fighting" one another over who's solution is better, try to work together in a solution. This is clearly an "I told you so" attempt - hence why I gave you two solution where both sides can do the work. Both of you can implement a solution without affecting UX, it's a matter of who's more stubborn :P

How to implement remember me in angularjs, using authToken?

I am finding difficulty in implementing the functionality for "remember me" in angularjs. I have gone through couple of blogs on stackoverflow but didn't get the solution.
Let us say I have 3 username and password stored in database.
[{username:1, password:1}, {username:2, password:2}, {username:3, password:3}]
Now every time when the user logs in, the server side is returning a token. Based on this token I want to implement my remember me functionality.
Below is the code I wrote for storing the username and password in cookies in my service.
if (rememberLogin) {
$cookieStore.put("userName", login);
$cookieStore.put("password", password);
}
And here is the code I am initializing on login page load
function init() {
if ($cookieStore.get("userName")!==undefined && $cookieStore.get("password")!==undefined){
self.emailAddress=$cookieStore.get("userName");
self.password=$cookieStore.get("password");
}
}
With this approach I am just able to remember only one user, but not others, and also I know that storing passwords in cookies is not safe .
Kindly help me or suggest me some good quality of code to implement this.
Any help is appreciated.
Thanks
As $cookieStore is deprecated, try to move to $cookies:
$cookies.putObject('key', value);
$cookies.getObject('key');
$cookies.remove('key');
And of course - storing a password in the cookie is a thing you have to avoid even in your school or private projects. Learn how to use Sessions and PHPSESSID cookie
As far as remember me functionality is concerned you can login from one user at a time at one login attempt,there is no chance any second user is logged in while first user is already in the session(browser session).You can store as much information of users as you want in your cookie unless you are not deleting the previous user's cookie.A simple scenario would be first user logged in and these details you save in browser cookie, another user cannot log in from that browser until the first logged out. Also every website does that,2 different users cannot log from one browser.It is quite unclear what you want to achieve.
As I understand your problem is you are not clearing the previous cookie after 1st user logged out or you restart your server.Try
$cookies.remove("userInfo")

Google Javascript Client library OAUTH asks for Offline Access permission, though it was never requested

My application interacts with Google with Javascript only. It asks for user profile access, email access and contacts management permissions.
Upon loading a page, the application checks if the user has already granted those permissions and obtains an access token if he had.
Here is some sample code:
var GoogleContacts = {
...
checkAuth: function(){
gapi.auth.authorize({
client_id: googleKeys.clientId,
scope: googleKeys.scopes,
immediate: true
},
jQuery.proxy(this.handleAuthResult, this)
);
},
askAuth: function(){
gapi.auth.authorize({
client_id: googleKeys.clientId,
scope: googleKeys.scopes,
immediate: false
},
jQuery.proxy(this.handleAuthResult, this)
);
}
...
}
....
function handleGoogleApiLoad(){
gapi.client.setApiKey(googleKeys.apiKey);
gapi.auth.init(function(){console.info('popup api ready')});
setTimeout(function(){GoogleContacts.checkAuth();}, 300);
}
....
$('#emailButton').click(function() {
if(!accessToken)
GoogleContacts.askAuth();
...
});
Now, if user comes for the first time, he is asked the correct permissions when he pressed the "Send email" button. When user reloads a page, the seamless permissions check returns failure and when user hits a "send email" button, we open the Google authorization popup again, and it now asks for Offline Access permission.
This seems incorrect as the JS api has no actual use for offline access.
Looks like this problem started after Google released the incremental auth feature: http://googleplusplatform.blogspot.co.il/2013/12/google-sign-in-improvements11.html
Is this a bug that will soon be fixed, or should we change the code somehow to not confuse our users with weird permission requests?
Update:
I have tried to use the plus api and gapi.auth.signIn() method but with the same result.
Apparently, this problem is scope-dependant, as when I use only the login scope, everything works as expected, but adding the Google Contacts access scope https:||www.google.com/m8/feeds/ always leads to the Offline Access request when entering page second time. Here is a fiddle to confirm this: http://jsfiddle.net/hjLM6/6/
This must be a bug and I really would like Google to deal with it soon, as it scares users away.
The immediate:false parameter in your askAuth method is the cause. The post that Abraham mentions explains the background.
The gapi.auth.authorize() method should generally be avoided in most cases now that the gapi.auth.signIn() method is available to handle programatic initiation of the authorization flow and also you should make use of the dynamic callbacks. The information on monitoring a user's session state explains how and when to get your sign-in callback function to fire and how you can use the values within the auth result object to determine if they've previously authorized your app, signed in (or out) of your app, or signed in (or out) of google.
Your checkAuth and askAuth functions would effectively be combined to check the status of the auth result object and act accordingly. Your email button click event would trigger instead gapi.auth.signIn() with the necessary parameters and scopes for your app.
I just had exactly the same issue with drive.readonly scope, for what it's worth the way I worked around it is by always calling authorize with immediate = false. This isn't that bad because when you do this for an already authorized user, Google will open the popup for a fraction of a second but then will immediately close it (apparently making use of the chance to open the popup in the browser event handler in case the user does need to authorize).
Curiously, for localhost server where I previously used immediate = true, I continue to see requests for offline access - but on the production server I haven't seen seen them so far, fingers crossed.

Facebook Feed Dialog: Post not showing up on friend's wall even though I get a response id

I am creating an app on facebook and I am trying to post to a friend's wall. I'm using the facebook javascript SDK and the FB.ui method to do this. In short here is my code:
function test() {
var obj = {
method: 'feed',
to: '######'
};
function callback(response) {
alert(response['post_id']);
}
FB.ui(obj, callback);
}
Note that I made this code very simple for testing purposes.
When I run it, a facebook feed dialog opens correctly and at the top says "Post Story to friendsname's Wall". I type in a message and press Share. My alert pops up with a response['post_id'] number. Because there is a response['post_id'] the story should've been posted successfully right? However when I navigate to the friend's wall there is no story. I've tried this multiple times in slightly different ways and haven't been able to get it to work. If I remove the 'to' parameter and simply post to my own wall it -does- work. So for some reason, posting to a friend's wall breaks it?
I know it's a rather broad question but I was wondering if anybody had any ideas why this doesn't work. Thanks
I suspect the problem may be because your application is in sandbox mode - https://developers.facebook.com/docs/ApplicationSecurity/
When testing your apps, place them into Sandbox Mode. This hides your
app entirely from all users who you have not authorized in the
developer app to see the app, for the roles described below. Please
note that when your app is in Sandbox Mode, you cannot call any API
calls on behalf of users who cannot see your app.
Basically, if your application is in sandbox mode, nothing your application does can be seen by users who have not authorized your application or by users that have not been specifically listed in the "roles" within your applications settings.
Remove you application from sandbox mode or add some users to specific "roles" within your application.

Categories

Resources