I have a problem with a website I'm currently working on.
I have added a Tweet box to my page for the user to tweet about the current article. If the user submits from the Tweet box and is not currently logged in or is not connected with my site, he/she gets a popup from twitter asking for username/password and/or if he/she accepts the connection with my site.
If the user accepts the popup is closed and all is good, if the user declines the window is just closed and the tweet remains a dream of what could have been.
So far so good, But! My site is mainly aimed at smartphones (in particular iPhone), and if the user adds my site to the home screen (which I recommend) then the twitter popup fills the whole app window. This I can understand, and everything works out if the user accepts.
If, on the other hand the user declines, there is no window for the button to close so noting happens. My webapp is running fullscreen and standalone so doesn’t even have a back button. So if the user doesn’t accept the twitter connect, he/she basically needs to restart the app to get avay from the “popup”.
So (finally ;) ) my question is this; is there a twitter page that performs the connect authentication that is not required to be in a popup? A page that basically sends you back to the callback url on both accept and cancel? Or is there a different approach that I have over looked?
Looking forward to some helpful tips!
EDIT
I was suggested The standard OAuth flow and Web intents, the problem is that the app needs to be client code/javascript only. This makes The standard OAuth flow impossible because it sends application secrets over http/https wich makes me put the secrets in the javascript ( I might be somewhat of a hobbyist programmer but there are limits ;) ).
Web intent pages don't have a cancel/back button so I'm still stuck if the user dont want to connect and is running my app in stanalone mode.
I guess I should have included this in the original post, thanks anyway for the suggestions.
The standard OAuth flow for Twitter does not require a popup. You can instead redirect the current window. You will then have to process the the form submit yourself and post the status through your server.
You might also checkout Web Intents. The user posts the tweet from a mobile optimized twitter.com page.
Related
I am implementing PayPal payment system through smart buttons in a PWA app. The problem I am facing is that, by default in a PWA the address bar is hidden, so when the payment dialog for PayPal open it seems as if it's a dialog of the app itself. This is worrying because it doesn't give the user assurance that they're using PayPal's system and that their account is secure.
If I do the same thing through the browser, then the payment window opens in a separate tab with the URL being show.
How can I make it so that the similar behaviour is replicated on the app, or is there a way to show the address bar when the payment dialog is opened?
Screenshot of the dialog
I can't answer about showing an address bar in PWA, but if the goal is to make Smart Buttons open a new tab or redirect, the solution is: don't use Smart Buttons.
Instead, integrate two routes on your server, one for 'Set Up Transaction' and one for 'Capture Transaction', documented here: https://developer.paypal.com/docs/checkout/reference/server-integration/
The first call will return an approval_url that you can simply redirect to (or open a full browser for), rather than using Smart Button JS.
After approval at PayPal in this new window/tab/browser you opened, the return will be to the return_url you specified at Set Up time, which can be a deeplink.
The return should then present an order review/confirmation page (unless you wish to skip this, for which you should specify an application_context object with user_action: 'PAY_NOW' so the user is clicking on the right verbiage for what you're going to be doing.)
Then on this return -- using the provided query string information -- run that second 'Capture Transaction' call. If the response happens to be INSTRUMENT_DECLINED, simply reopen the original approval_url since this situation is recoverable (some details on the situation here, though that demo and Handle Funding Failures guide are for Smart Buttons, but the concept is the same). If the response is success or any other error, proceed accordingly.
I am trying to figure out if it is possible to click on a button on the Amazon website from outside of the website.
For Example: At the bottom of every product review is a "Helpful" button. If a review was helpful, the reader/shopper can click this button to let the reviewer (and Amazon) know that the review was helpful. (It's basically a "Like" button).
What I'm trying to accomplish:
I want to post my reviews on my own website/blog and still obtain "Likes" without asking readers to click a link to a product page, then search for my review, then click the button.
You probably won't be able to do what you have in mind.
JavaScript can generally access information on another domain except if specifically configured in the origin website through CORS. Unless you own amazon.com, you won't be able to configure amazon's CORS headers to make them accessible to some JS running on your website.
You can however, from your website front-end, make a request to your website back-end that would be able to access amazon's data just like your browser does. Using a browser emulator like Puppeteer, you'll be able to launch an amazon page and programmatically retrieve infos, click on things and do other stuff.
However, the page that Puppeteer will be able to spin up will include credentials (cookies, localstorage content, auth token, etc) provided by your server, so Puppeteer will not see the same amazon.com your user sees on his browser, unless your user agrees to give you its amazon credentials, and at this point I'm pretty sure no user would do that, and that would not be authorized by amazon's terms of services.
TL;DR even if what you have in mind is not impossible, it would weeks for your and your team to code a system that would potentially allow you to do that, and that's provided the law is on your side, which is probably not the case.
I am building a facebook canvas application and want users, when they visit "apps.facebook.com/myApp", to be presented with the appropriate login dialogue immediately instead of showing my canvas page without having been logged in. With all the different login flows, I am confused!
Using javascript, how do I do this? Do I set the default canvas page to be a page with a script with a redirect url in it?
You should not immediately present them with the login dialog, it is best practice to show some intro screen with information about your app first. Else there is only a small authorization information and no use will really know what the app is about. Then let the user click on a "Login/Use/Start/..." button to present the authorization popup with the FB.login function of the JavaScript SDK:
https://developers.facebook.com/docs/reference/javascript/FB.login/
If you really want to require user authorization right at the beginning, user the PHP SDK:
https://github.com/facebook/facebook-php-sdk
See "$facebook->getLoginUrl()" - just redirect to the resulting URL if the user is not logged in.
Got a very strange issue, never seen it before. Basically in the admin section of our website, a user attempts to edit something by clicking a button.
This button attempts to call a webservice (via jquery, which the page will then use to show an edit form in shadowbox).
However the user informs me that instead of the form popping up as usual it is blank for a few seconds. Then this pops up:
Any ideas? The webservice is in the admin section, which requires the user to be in a role (which the user is, otherwise they would never get to the point of being able to click the edit button).
This is normal if your web service is located on a different machine as your web server.
If the two machines are on the same domain, then the browser will attempt to use the default network credentials that has been cached.
This dialog will also pop up if the default credentials used to access the web server (which could be anonymous) does not have access to the resource (folder) where the web service is running. The pop up gives the user an opportunity to enter another set of credentials.
I've been banging my head against a wall with this one for way too long now.
I have a page outside facebook, with a like-button. Because it should be on a public computer, we also need a visible logout-button. When "like" is clicked, the user is prompted for login credentials. If those are ok, the like-event goes through ok. The user then should be able to log out. Which doesn't work.
The like button is now an -element. When clicked, it creates an edge.create-event that I can catch nicely.
For Logout button, i've tried 2 options.
First one:
<fb:login-button autologoutlink="true"></fb:login-button>
problem with this is, the link stays as "login" even after the user has logged in through the like-link, even after page refresh.
and a plain button, that triggers
FB.logout(function(response) {
cout(response);
});
This returns an error "FB.logout() called without a session." this seems to be because the user hasn't authorized the application. So the application has no rights. Both logout-options work fine IF the user has authorized the application. Problem is, this is only asked when the "login"-button is clicked. In this use case it wouldn't make sense for the user to first login and then click like.
Any ideas how to get the logout to work without getting the app authorization from the user?
Or how to make "like"-button in a way that it will ask for the app authorization?
I don't think it is possible.
You can check if somebody is currently logged in to facebook but not your up, that's about the most you can do. If a user is not authorized your app then you can't do anything with their login session (or data).
I don't think you should worry about public computers though, it is facebook's problem after all, not yours. If a user checks "remember me" on a public computer during login then they most likely won't click your logout button either.