JavaScript Facebook Fan Gate without Permissions - javascript

I'm in the process of building a fan gate using facebook's javascript sdk. I'd like to determine if the user has "liked" my page so I can display / hide content. Currently, if I use the javascript sdk, the user is prompted with permissions which is what I'd like to avoid.
Has anyone successfully achieved this in javascript? I'm able to do this without issue in PHP but unfortunately, we are not able to use php in our current project.

This is not possible on the client side. Facebook sends an HTTP POST request and you need to process the signed_request post variable which requires server code to access.

If you are doing it in a Facebook tab, you can use the PHP SDK and read the signed request:
$request = $facebook->getSignedRequest();
$isFan = $request['page']['liked'];
If you are not in a tab, there is no reliable way of checking "like" status without permissions.

Related

Get exchange calendar events in javascript webapp?

I find the documentation provided by microsoft confusing(Link).
How can I for example get an authentication token and where can I download the javascript libraries? I couldn't find any information on this.
Basically I want to know how to get the calendar of an user in my javascript webapp.
I did try sending an request to
"https://outlook.office365.com/api/v1.0/me/calendarview?startDateTime="+begin+"&endDateTime="+end"
This shows me an authentication popup but after submitting the correct username/mail and password, it doesn't do anything. There is no response back.
To get an access token, you need to use the OAuth2 Authorization Code Grant flow. https://dev.outlook.com/RestGettingStarted walks through the process. Basically you need to register your app to get a client ID and secret, then use those to go through the process.

nest PIN-based authentication and PIN extraction

Background on the Application:
Embedded system that will connect to nest-api as a client to retrieve required data. This embedded system can connect to a wifi network and provides a web interface through which user can carry out authentication.
For authentication, currently the user is directed to
https://home.nest.com/login/oauth2...
and user can carry out the authorization procedure and get an 8-char PIN.
The user is then asked to input this PIN in a text box and submit it to the embedded web server which then requests the access_token (using C platform).
There are two questions related to this issue:
1) Is there a way to carry out request for access_token also from the client browser, and only return the access_token back to the embedded system? Any Javascript code that can request access_token after user inputs the PIN and submits?
2) The second issue is related to lack of automation. The user needs to type the PIN back in the web interface. Is there a way to extract the PIN from the website automatically using some script. For example, open the /login/oauth2 page embedded within another page and run a script on the main page to keep scanning the embedded page until the PIN becomes available (i.e. the user logs in and grants permissions). As soon as it becomes available, it can be copied and returned back to device web and access_token requested automatically.
I understand that this type of automation can be achieved by web-based authentication, but from my understanding that would require a proxy server for redirect URI. The idea is to make the device self-sufficient without a need for maintaining another server.
Yes, see the control-jquery sample code for an example of how to work with OAuth tokens in JavaScript
Nest allows you to use addresses that start with http://localhost or https:// as the OAuth Redirect URI. You can either run a web server locally, or monitor the WebView for a redirect URI pattern of your choice and parse the results.

Automatic login to website, which is using ASP.NET

I'm need to automatically perform the login at: http://gsc.klub-modul.dk/. After I am logged in, I need to able to fetch pages from this domain, which requires me to be logged in. As far as I have gathered, the site is using ASP.NET to interact with the server. I am open to all suggestions. I'm looking for a script to do this, as I am still new to this.
What you are trying to do is botting (Automated access of site or online game),so follow these steps,
Generic steps
Monitor the HTTP request being made by the browser (I use
Fiddler,you might also find browser built-in network tool(press F12) handy)
You need to look for cookies especially.
In short you should be able to make same HTTPRequest on each event
(by event I mean first time page request ,page submit for login and
etc)
Use python for botting
use these libraries Mecanize / twill /scrapy / Beautiful Soup
Tutorials to get started
http://docs.python-guide.org/en/latest/scenarios/scrape/
http://www.pythonforbeginners.com/python-on-the-web/web-scraping-with-beautifulsoup/
http://arunrocks.com/easy-practical-web-scraping-in-python/
https://classic.scraperwiki.com/docs/python/python_intro_tutorial/
Stackoverflow links
Scraping sites that require login with Python
Scrape a web page that requires they give you a session cookie first
Fake a cookie to scrape a site in python
Python Scraping Web with Session Cookie
My Advice
I think if you haven't made a web scraper (web-bot or bot-tool) before than you should start with small things like fetching a specific information from a page which doesn't require login then move on to more complex scenarios
As usual Asp.Net uses cookies for session, authorization needs. So basically you just need to make POST request to login page with Login, Password parameters, then you need to obtain cookies from response, and then make new requests for needed pages with these cookies.
By default these cookies are named ASP.NET_SessionId and ASPXAUTH
I have worked on a similar problem but used a generic approach. I used greasemonkey addon in firefox to login on a game and save data on different db. Later I found out that I could've wrote a addon myself (mozilla ref)
Both of these technique will rely on javascript only.(example of a login script of fb in greasemonkey)
The website was on asp.net too! You just need to receive the cookies and login from javascript code. Jsoup is another approach to parse data and login.

Check if user Likes Page with JS API?

I know this has been asked a bunch of times, but I have only seen serverside solutions.
I'm running an iframe app that is embedded into a page as a tab. I want be test to see if the page is liked or not without prompting the user for anything.
Is there a way to do this with just JavaScript? The platoform we are building on is ASPX and I dont really have the option of going serverside.
Its not available because you need to inspect the http post parameter called signed_request and this isn't available on the client side. If the user has authenticated with your app and given you permissions to read their likes/interests, then you could then check with javascript api but I'm guessing you wouldn't want to make them approve your app just for this.

Chrome extension / web app session control

I am creating a chrome extension, rather a chrome webapp. This application just contains the html, js, image and css files. The application connects to a server to fetch data. I chose to do this as it would reduce the amount of files downloaded by the user. Using Backbone.js I have an MVC architecture in my application. Thus the application just sends json.
Now having said this, I need a session management. I plan to use Google authentication as the organization has Google Apps. I need a method that once the user has logged in using google auth the server get the user name every time the application makes a request.
Is it a good idea to add the user name in request header, if possible. Or should I use cookies? Can any one tell me how I could go about using cookies in this case?
This might be a late response but I want to present a more elegant solution to you given that the user has cookies enabled in their browser.
First read my answer on another question.
Now that you can send cross origin xhr from your content scripts all you need to do is store all your authentication and session management at server only. That is right, you just need to display whether the user is logged in or not and a logout button at client based on server response.
Just follow these steps.
At client Whenever user accesses your chrome web app, blindly make XmlHttpRequests to your server without worrying about authentication, just keep a tab on response from server which I describe below.
At server whenever you receive a request check for valid sessions or session cookie. If session is valid send proper response, if not send error, 401 or any other response to communicate to your client that session is not valid. It is better if you send an error code like 401 since then you can put a generic script at client to inform them that they are not logged in.
At Client If response from server is proper, display it, else display login link to your website.
IMPORTANT: Display logout button if user is logged in.
Check out my implementation of this in my extension
For help using Google authentication in your app take a look at Google's OAuth tutorial which comes with all you need (took me no time to set it up using this).
As for session management. The implementation of OAuth used by Google stores the tokens in localStorage. Also, as briefly mentioned in the extensions overview we are expected to use localStorage to store data. Thus, I suggest you store the users name here as it will be accessible throughout the app's lifetime (until it is uninstalled). However, you may need to manage the name stored here and consider what should happen when users log in and out. That said; I'm not sure if sessionStorage would be a better option as I've never used it before, let alone in an extension.
Note
localStorage and its counterparts only store strings so I suggest using a wrapper which uses JSON to parse and stringify to get and set your values respectively.

Categories

Resources