I am trying to create a website that checks if the current logged-in user is subscribed to a specific youtube channel. This is meant to restrict the user if they haven't yet. Is something like this even possible?
You would need the user to login via google identity services to be able to access data like that via the api. The api gives you access to the channels the user is subscribed to if the user allows this
Related
I would like to create a webservice capable of automatically sending messages in Microsoft Teams. I tried authenticating as an application, but currently Microsoft does not support granting application permissions to send messages in Teams, so the only choice here is to authenticate using a service account with real credentials (Unless there is another way?). This method only specifies using user interaction to log in as a user.
I would like to use a service account teamchatbot#domain.com to authenticate with Microsoft Graph in order to send messages on Microsoft Teams. (similar to this but since I'm not accessing a resource it is a little different.) Is there a way I can silently obtain an access token on behalf of the service account in order to send messages?
It seems that you have a misunderstanding.
Your scene is actually the same as this post.
You should use Resource Owner Password Credentials to call Microsoft Graph API to send messages.
Based on permissions, you need the Group.ReadWrite.All delegated permission. So you need to add this permission into your Azure AD app firstly.
Don't forget to click on "Grant admin consent for {your tenant}" after you add this permission.
Then you can get an access token like this:
You can see that https://graph.microsoft.com/Group.ReadWrite.All has been included in the response.
Now you could use this access token to call POST /teams/{id}/channels/{id}/messages.
There are a few other ways I can think of.
1) One is that you can create a Bot using the Microsoft Bot Framework, and once that bot is installed to the particular team, it can send "pro-active" messages (i.e. not a message in response to a user's message, but rather whenever you need).
Essentially, when you bot is added to the team, you get access to a specific event in your bot (OnMembersAdded for a general bot, and there's now a new event just for Teams). See more on this in my answer on Detect bot application open event. In this event, you get the information you need for later, which you can store in a database or wherever, and then create the message as if it's your bot posting to the channel. You can see more on that at Programmatically sending a message to a bot in Microsoft Teams.
This option above is a lot of work, but useful if there's other functionality you want from a bot (e.g. the ability to receive messages from the users)
2) Another, and even more simple way, is to create an incoming webhook directly to the channel. Here's a post on doing this using PowerShell, so you can do that for simple testing and extrapolate from there for Node.
Of course, things like Flow (Power Automate) are an option too, but you're already writing code so one of the above is probably easier.
Hope that helps
I want to send web push notifications to registered users, are there any best practices on how to implement the cases when multiple users have access to the same device and one should not see the message of another user.
Thanks in advance.
A web push notification subscription is tied to the browser, not the device.
What you need to do is, map this id with your registered user when he logs in from a particular browser. Also, you need to remove the subscription id mapping with any other users in the system.
In the case of multiple users using the same browser, the above logic will make sure that at a time, a particular browser subscription id is linked only to a single user.
And when you want to send a notification to a registered user, you can retrieve all push subscription IDs linked to this user in your database, and trigger notifications to those subscription IDs.
And don't forget to unmap a subscription id when the user logs out from a browser. Otherwise, he will continue to receive all notifications even if he has logged out.
I am trying to implement a Bot which can get all the Direct Message Channels, all the workspace Users and send Direct Messages to them.
If I work with my development workspace everything works as expected but when I try with my company workspace, my Bot is only capable to retrieve the Direct Message Channel it is belonging to.
Any idea on how to fix by production Bot.
You can't. Due to the security architecture of Slack one can only see the messages of channels he is part of. Its the same even for the "super admin" of a Slack team (the primary owner). Bots and apps inherit that right from the user who installed it (= authed the access token).
The reason it works on your development Slack, is that your user has probably created all private channels on Slack, and/or is the same that authed the access token your app uses.
Thanks to Slack support I got my answer:
The OAuth Token issued is specific to the user who has installed your app and represents the permission(s) to perform actions on behalf of the user. More detailed information here - https://api.slack.com/docs/oauth.
The token can only perform the same actions as the user who installed the app i.e If the user can’t view or post in the channel, they can’t grant permission to something they do not have.
I have an application where users can login using Facebook. I have the user's auth token which is valid for 30 days. I am using Passport. At the moment, I am requiring the absolute minimum amount of permissions (email-only) so that my auth app doesn't need to get verified.
Now... I need to write a chatbot that will occasionally write to users who are authenticated. So, the bot needs to initiate the conversation. It's actually notifications that the users are actively interested in.
Given that I know how to write the chatbot itself, I was wondering... is doing so even possible?
If it's NOT possible, is it possible to "link" however initiates a chat with my bot with one of the logged in users by comparing their Facebook user ID? (I am afraid not, since the Facebook user ID seems to be scoped to the app!)
1) In order to reliably send messages to the user, unprompted by user interaction, you will need Subscription Messaging permissions from FB, which is currently in a restrictive beta.
Subscription Messaging is limited to non-advertisment messages from apps in News, Personal Tracker, and Productivity categories. If your bot fits into one of these categories, you can potentially get the permissions to do what you want.
If it does not, you can still send notifications to users, but will need to elicit their response (button press, text response) each time to earn another message outside of the 24hr limit imposed on Standard Messaging. These messages can be promotional.
2) To get the page scoped id of a user when you have their user id for another app or page use the ID Matching API.
You must create a FB Business account (if you do not already have one) and associate your apps and pages with the business, follow the guide in the ID Matching API Docs.
To get all page scoped id's for pages owned by your Business account, when you have a user's app id (from FB login, as an example) you will make the following request to the Graph API:
GET /{user-id}/ids_for_pages
?access_token=[app_access_token]
&appsecret_proof=[appsecret_proof]
You will receive a response that looks something like this, containing the page scoped id of the specified user for each page your business account owns:
"data": [
{
"id": "12345123", // The psid for the user for that page
"page": {
"category": "Musician",
"link": "https://www.facebook.com/Johns-Next-Great-Thing-380374449010653/",
"name": "John's Next Great Thing",
"id": "380374449010653"
}
}
]
The facebook chat api is a power tool. From a purely technically point of view, it definitely does more than its predecessor of private messages in the Graph API.
This brings up a question of where Facebook is drawing the line of abuse of its chat api.
So here's how I'm planning to use the Facebook chat api for my app.
The app is an event planning app that lets users invite their friends to an event. Other than sending SMS, and emails to notify the guests, the most reliable way is to send invitations through the list of facebook friends. And let's face it, sometimes you may not have the person's phone number in your contact book, and you definitely don't remember most of their emails, so facebook is your only source for reaching them.
So I need a solution to send invitations to the guests. Here are my requirements and conditions:
The guest is a facebook friend of the user
There's no way of obtaining the guest's email (unless the user enters it) or phone number (ie. sms is not an option)
Each guest must receive a link that is unique to him/her
No one else should be able to obtain this link (ie. the message shouldn't be seen publicly)
It must not require the user's interaction to send these invitations (imagine having the user confirm a facebook post 10 times for the 10 facebook friends he's inviting). The invitation must be sent automatically.
Here's the obstacle. Facebook had revoked the functionality to send private message recently (I was able to have my facebook friends send me private messages via an app just over a month ago, not anymore). However, I discover that I could do so using Facebook Chat API.
This seems to be a grey area, my app is using the chat api for the sole purpose of helping the users notify their friends of their event invitation. There's no intention of abuse (such as mass messaging everyone of the user's friends with a link to my APP/website). Is Facebook going to hunt me down and revoke my App's privilege to use Facebook's API?
Can anyone shed some light on whether my intended usage of the API is an abuse or is it legitimate? If it is not legitimate, what are your suggestions.
I'd recommend using core functionality wherever possible here. For example, you could utilise the Facebook 'Event' object and the Graph API to create invite-only events and to invite individual friends of your app's users. This would deliver the same functionality without the need for nonce-based invite URLs and possible misuse of the Chat API. Take a look at https://developers.facebook.com/docs/reference/api/event/#invited for details.