I am implementing a social management tool.
LIKE there are 2 businesses BUSINESS_A and BUSINESS_B. Both of their Facebook pages are created using the same Facebook account (fb-page#xyz.com).
And the Facebook App I have created using fb-integration#xyz.com.
Now, I can not give fb-pages#xyz.com or fb-integration#xyz.com credentials to both businesses.
How can I generate an access key server side, without the user login as they are not the creator?
If I make their Email Id as admin on the page. Will that work?
Related
I want to develop a custom ASP.NET Web API which can be used to send out emails as a user using the Microsoft Graph API. I think this will be a Multi-tenant application. Below are few ideas I have and some questions:
I have a working ASP.NET MVC web application where different users can login using their unique credentials provided by us.
I have an "Email Setup" section in my web app. Every user will navigate to this section one-time and be redirected to the "https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={{client_id}}&response_type=code&redirect_uri={{redirect_uri}}&response_mode=query&scope=offline_access%20user.read%20mail.read&state=12345"
On the consent screen user will sign in using their Microsoft Office 365 credentials and provide consent to my app.
On providing consent, user will be redirected back to my web app and I will get Access token for the code returned and store the access token in a SQL database.
User navigates to a page to send email, fills in the To, Subject, Body, Attachments etc. and clicks on the "Send" button.
On send button, my ASP.NET web app will call our custom Web API to send the email. The API will have an endpoint that knows the user and will get appropriate access token from the SQL database to send email on that user's behalf.
Questions:
Do I need to register an Azure App with type "Multi-tenant" since I want to support users from different tenants?
What kind of scopes/permissions will be required in order to "Send Email" as the user?
Do I need Delegated/Application permissions on the Azure side?
How can I ensure that the email that is sent, also gets saved to that user's "Sent Items" folder on Outlook?
According to the sending email graph api, we can see it provides the Application api permission, that means you can create an azure ad application and assign the Mail.Send permission to this api and using client credential flow to generate access token to call this api, so it's not necessary to creating a multi-tenant azure ad application via this way.
And certainly, if you insist on auth code flow to generate access token to using delegate permission to call the api, you should creating a multi-tenant application so that users from different tenant can generate access token through this azure ad application.
We have a web application where we log users in with Google's auth2.
We also have crone jobs that are used to reply to certain emails through the gmail api.
Is the authorization for signing in and for gmail's api the same? If it is, how can we sign users out of the web app while still authorizing crone jobs?
If what you meant by signing is by using Google+ Sign-in, it says from this documentation:
Why use Google for authentication?
Providing OAuth 2.0 user authentication directly or using Google+
Sign-in reduces your development overhead. It also provides a trusted
and secure login system that's familiar to users, consistent across
devices, and removes the burden of users having to remember another
username and password.
Wherein Gmail uses the OAuth 2.0 protocol for authenticating a Google account and authorizing access to user data. This will be the same.
At a high level, all apps follow the same basic authorization pattern:
During development, register the application in the Google API Console.
When the app launches, request that the user grant access to data in their Google account.
If the user consents, your application requests and receives credentials to access the Gmail API.
Refresh the credentials (if necessary).
The difference is you will need to enable Gmail API for the credentials.
Here's the details for server-side authentication.
I activated Facebook sign-in with Azure's Mobile App Service, but the service asked to enter an ID and password.
Instagram or other famous application can login without entering the password as "Continue as a Name" if it is already logged in to FaceBook.
I would like to authenticate Facebook on Azure without entering ID or password, how can I do it?
For Server-managed authentication, your app would authenticate the user through a web view. I checked the server-flow in my Xamarin.Forms app, and found you need to enter the Facebook account info for logging. While browsing the mobile app via the browser, the login page would show "Continue as a Name" if I have already logged in to FaceBook (www.facebook.com).
Note: When using sever-flow, the page asking for Facebook account is under Facebook domain, Azure would not peek or save your Facebook account info.
I would like to authenticate Facebook on Azure without entering ID or password, how can I do it?
Based on your scenario, you need to leverage Client-managed authentication in your mobile app, and you need to install the Facebook app on the device for test. Additionally, you cannot install other apps on the iOS simulator and there may be restrictions on the Android Emulator. So, you generally need to test client flow for social providers on an actual device.
If you integrate the Facebook SDK, then your app will automatically switch to the Facebook app and ask you to approve the authentication request there. For how to integrate the Facebook SDK, you could refer to Facebook login for iOS and Facebook login for Android.
I have created a Web application that makes use of the Spotify Web API. Through the spotify Web API, I get the user's email (which they used to register their spotify account) after they authorize my app on their end. However, I don't store their emails in any database after they authorize. Is there a way I can retrieve the email list of all the users who authorized my app so far from my Spotify app interface?
I've read through every resource our there on the servicestack wiki, examples on github, forums and stackoverflow to figure out implementing facebook integration with a mobile app and servicestack backend. However, none of them have the answer or I'm missing something basic.
In our workflow, a user decides to Register on through the mobile app using Facebook:
We contact Facebook requesting permissions to the user's account
User grants permissions (let's not worry about denied for now)
We get a user access token and everything is good so far
Next, we want to access our ServiceStack backend (using the Facebook Auth Provider) to create an account and automatically log the user in the first time. The examples refer to the method where a web browser is used. What if I want to pass the user auth token from my mobile app to the server to fetch the user permissions and create an account if it doesn't exist and then log the user in?
The existing endpoint seems to work only for a browser app because it also does a redirect. We need a way to pass in the user auth token and log the user in (or create an account if it doesn't exist). Any idea how this can be accomplished?
To login via OAuth in Mobile Apps, you'd typically launch a browser control to have it redirect to the remote OAuth site where it gets the users permission and captures their credentials just as it would with a website.
If you're developing a Mobile App using Xamarin the TechStacksAuth shows an example on how you can use Xamarin.Auth control to authenticate with a ServiceStack back-end via OAuth.