I want to implement similar API as twitter and what to know how it's implemented. I didn't read much about oAuth and didn't develop twitter app.
When user click on button it execute javascript that popup new window with twitter page and user click connect or authenticate an app. How processing is passed back to application and how application know that on twitter side execution is finished and user authorize the app?
You need to provide callback function/url of your application where twitter returns with access token after the twitter side execution is finished.
Related
Here is what I am trying to achieve - I want to take input from my users as some text and image and post it to a page created by me. The user using the mobile app , does not have any any access to that facebook page. I want to post to that page anonymously on behalf of the user. The page is created by me so I should have access to it. I am really confused what to look for. I have set up an app in facebook developer from the same account who is the creator of the page and I can login user's and have their access token.By the way, if it's relevant I am building a hybrid app and using cordova facebook native plugin
This is the API call you need, there are code examples for several languages: https://developers.facebook.com/docs/graph-api/reference/page/feed#publish
Take a look at the code for the JavaScript SDK, just use that API endpoint with the correct parameters in your cordova plugin.
You need to use a Page Token with the manage_pages and publish_pages permissions. More information about Tokens:
http://www.devils-heaven.com/facebook-access-tokens/
https://developers.facebook.com/docs/facebook-login/access-tokens/
I am wondering on how to implement user notifications just like facebook does on its site. At the moment I am calling a php script using angular timer which tells me if any notification is available in the database. Is there any technique that I can use to push notifications to angular code?
I have a scenario that I think should be fairly simple, yet I'm not finding a solution and wondering if someone can point me in the right direction.
The setup:
1) SharePoint online website (user must be authenticated to see page)
2) .NET MVC Web API service endpoint (user must be authenticated to get data from the service)
Both of these authenticate using the same Azure Active Directory. The Web API has been registered in Azure AD.
The problem:
I would like to put some javascript on a SharePoint Online page (not a Sharepoint Add-in, not an AngularJS SPA) that will make an AJAX call to the Web API using the logged in user's credentials without any kind of user prompt (since this is an ajax call, the user won't see the prompt anyway).
I've tried looking into the ADAL libraries, but all the JavaScript ones I can find require the use of Angular and require the user to authenticate a second time. I've found some documentation using OAuth 2.0, but (from what I can tell) require you to get the client to authorize the Sharepoint Online page to act on their behalf - which the user will not be able to consent to because it's an AJAX call and the consent page is not displayed in the browser (and it's still doing this despite having the app already approved by an administrator in Azure AD).
It seems to me the user shouldn't have to leave the SharePoint page and shouldn't have to enter their credentials a second time. I believe there should be some way that the log-in to SharePoint Online should also be able to be used as the log-in for our in-house app.
If someone could just point me in the correct direction, I would be very much appreciate it. Thanks in advance.
Normally, if we call the resource which protected by Azure AD, we need to authorize the app via OAuth 2.0.
Were you able to put a hidden iframe in the SharePoint online page? If it is possible, then we can use the Azure AD implicit flow get the token through iframe, and we can call the REST which protected by Azure AD via the token return by iframe. To enable the implicit flow, we need to download the application manifest from Azure portal and switch ‘oauth2AllowImplicitFlow’ to true.
And if you were only developing a single tenant which doesn’t require users to consent the app. Here is the HTML code request the token from a Iframe for your reference:
<iframe width="0" height="0" id="oauthHideIframe" src="https://login.microsoftonline.com/{tenantId}/oauth2/authorize?response_type=token&client_id={Client_Id}&redirect_uri={redirect_Url}&resource={your web api app url register on the protal}"> </iframe>
And to pass the token from iframe to the parent window, we can use the window.postmessage which allow the corss-orignal communication.
I'm currently creating an EmberJS application,
So obviously my front end is done in EmberJS, and I've decided to go with Go (Golang) as my API service.
I've gotten the back end authentication working using Steams OpenID service
The problem I'm currently facing is, my API runs on localhost:3000 and my front end runs on localhost:4200.
So how can I make a request to my API service which will require human intervention part way through (to be able to type in the username / password on steams website before redirecting back) from my client side.
Right now
localhost:3000/auth/login is to initiate the OpenID request which redirects to steams website
and then
localhost:3000/auth/return is the callback on returning from steams website
I need to be able to some how use this authentication from the client side via some how to be able to authenticate users, e.g.:
$.get("localhost:3000/auth/login").then(() => {
// How the hell am I supposed to login on steams website from here
});
any information would be great as this is really stumping me. If you'd like to see any code feel free to ask, I'm not sure what to provide as everything is working as intended, but I just can't figure out how to connect the API to the client and make OpenID work the way I need to. Thanks!
Side Note: I know some websites will have a popup which the authentication in there (like a twitter or facebook popup) and then refresh the main site after the authentication has been processed I don't know how I might achieve something like that.
I'm currently building a frontend client for my own Apigility API.
The API uses OAuth 2.0 Authentication which is working fine.
I want to create an AngularJS Landingpage to let the users authenticate by entering their credentials. Because the Client is created with JavaScript,
I shouldn't save the client_secret in the Client, correct?
I have read a lot of posts, but still haven't the right solution.
Is it correct to use the implicit grant type for this scenario?
This procedure is working, I'm being redirected to the authentication server,
after the client authorization and entering credentials, I get back to the client (authenticated).
But I don't want to get redirected to another authentication page.
Is it also possible to authenticate directly and secure on the angularJS frontend?
Thanks,
Simon
You should take a look at this post i made:
https://stackoverflow.com/a/42443878/2963703
It details how to do this using the Spotify API. Your page won't get redirected, instead a popup window will open in which the user authorizes themselves. Once they're authorized the window will close itself and in your main page you will have the access token you need.