I would like to know if there is any option for other business ("customer") to add my messenger app ("bot") to their page without any manual intervention.
The current process is:
customer wants to add my bot.
customer add my as admin to his page - Manual.
I accept the invitation - Manual.
I connect the bot to the page + generate token - Manual (I succeed to automate it once I became admin).
Any advise regarding step 3?
Or there is other flow that I should do?
Thanks!
You should use FB Login and request the pages_messaging and manage_pages scopes. Once the user logs in, they will grant the scopes to your app and you will be able to generate the Page tokens. This also removes the need for you to be an Admin on the Page, which many customers tend not to like to grant.
Related
I am trying to implement the clickwrap process and am using the php SDK.
When going through Auth via the Authorization Code Grant method and as part of the process it is asking for a login before completing the process. I've used my dev account details however why is this step needed as we are already passing through various keys/id?
Is this specific to the development environment or will this also happen in prod?
What will be presented to the end-user who does not have a Docusign Account?
I understand the 'obtain user consent' and can work that into the workflow but this is confusing.
I have worked through the Quickstart app as well and that has the same process. Have I misunderstood something?
If you want a page on your application to include a DocuSign clickwrap agreement, then you do not need to use the Click api. (It really should be named the Click Management API.)
What you do: follow the instructions for adding a clickwrap agreement shown in the Click User Guide.
The Click Q & A page is also helpful.
The "Click API" is only needed if you want to programmatically look up the Click agreements, modify the Click configuration, etc.
If you're just building an app that would ask for user to agree to a clickwrap using DocuSign Click, you won't need the end-user to authenticate.
I suggest you look at https://myclickwrap.sampleapps.docusign.com/myclickwrap/ and the code in GitHub.
Your app needs the creds to make API calls, but you could use JWT for example with one-time consent and your APP will not make these API calls on behalf of anyone, but just for the one user that the account uses.
All of this is the same in the developer env or production.
I've followed one of the provided samples to add TOTP multi factor authentication supported by a phone app:
https://github.com/azure-ad-b2c/samples/tree/master/policies/custom-mfa-totp
I'm therefore able to offer users the ability to enter a TOTP code:
One of the things I'm considering is ensuring users still have access to their accounts if something goes wrong during the TOTP MFA process which we're using by default. I'd therefore like to be able to add an extra link to this page to send users through an alternative MFA route without successfully completing this one in case they encounter issues: "send a code via email instead".
As far as I can tell, the B2C screens expect users to only go forward through clicking continue. The best alternative instead of a link I can think of is a checkbox which sets a boolean claim to enable an email MFA OrchestrationStep. I find this a little less user-friendly than a simple link though as it adds an unnecessary extra click.
Ideal user flow:
Login --> Display TOTP MFA screen --> Enter MFA code OR click link to go to email MFA screen
Any help's appreciated!
This sample demonstrates how to use a display control to provide multiple options (Email or MFA) for a user to continue:
https://github.com/azure-ad-b2c/samples/tree/master/policies/pwd-reset-via-email-or-phone
You could use the same idea here, except instead of invoking the MFA technical profiles as part of the samples display control, you can invoke the call to the REST API technical profile to verify the code.
You will need to use some CSS/JS to make the page look nice so users can toggle what option they want to use.
I am trying the Azure ADB2C based on articles and videos. Followed the steps and I have configured the properties for user flows as well. When I click on the Run user flow, it opens up the sign up sign dialog, I add a user with the details. Once the user is added, it goes to my reply url https://jwt.ms.
Based on the url in the browser, I felt it should have worked. But for some reason, the boxes are shown empty.
The url that I see is...
https://jwt.ms/?code=eyJraWQiOiJjcGltY29yZV8wOTI1MjAxNSIsInZlciI6IjEuMCIsInppcCI6IkRlZmxhdGUiLCJzZXIiOiIxLjAifQ..EiDn2BjcA8xTRac1.2pNAFLdcbOupozfuKIC8T9VXmL4zz8iEisf6PsNyxDYzVJcl2vfwwrtMpqJvsC-xeSPyrHUgVpdblKiVfILllrOsWj7MJbTX0QNlzPEAItTGoRow3A2F4FWBR7Y28PQcxeZwa05SMpKhoNutdmnRq-usM7VMc0eYXjJ2JXTSc1piwYf14Na5We9arijagkmVvHFBDLDnjaVBUixEF5_dTGWAjnwAXRIII-plBZBoFZCZ2XtdSLu5LYWSJXBxuA5lqDaVN3OHLOP92VZkNRgB97UPIO3aSe9s44XEEGe5COpTWhzxoOXy53ydnCG8xZwYFKA_J54hGdKLGZrE-BYOW0sU7Dcevq1iwaBqJ3K3CwM6s9o6zCwsAf2pUlAuXYfwk8kA9SKi0fmNiUsSskWhUgiJTPSlqq_woWPGgX3JZpiHTDNbOCA5VUgToEYmDgReOb4M-MeCSCcKWb315vP3UPgzE1LpRet1AFMGqcNznUd8jkP39uaRdLDDP5VAZy7pmeN-GPQJYCcyfdJCRJc1yPoiRYM4SdBUecQTioRkZ95l0y1ANZ3yYSB6eAV_B83KL4EdSIM.e3NVLoGCNXgfloDFbzZimg
Could some one help me understand why the token is not being shown in the browser?
Please Note: The user is created with No issues. its just the reply of token that I see as issue.
Found the cause of the issue.
I had to enable the Implicit grant for both Access tokens and ID Tokens for the app I created.
Right now the ProfileEdit.xml file that comes with active-directory-b2c-custom-policy-starterpack asks the user to sign in before actually letting them get to the Edit Profile page.
The use case I'm trying to accomplish is a little bit different. The user is already signed in to the app and there's a button Edit Profile that when clicked will take the user to the Edit Profile page. That is, there should be no Sign in again.
My app allows the user to sign in using: Facebook and Local Account Signin. The custom ProfileEdit B2C policy should know which one the user used to login and just redirect the user to the ProfileEdit policy directly.
I tried messing up with the ProfileEdit Technical Profile but the mods I did didn't work.
Can anyone more experienced with Azure B2C custom policies let me know how to achieve this?
This is normal, imagine someone got to the profile edit link and bookmarked it. Then logged out. Then launched profile edit -> you need them to login, otherwise things break.
So this is actually working perfectly already, just that you will get Single Sign On, such that once you have used the Sign In journey, the Profile Edit journey will skip the sign in step.
You can test it like this:
1. Open a new browser, and use the sign in journey, login and complete.
2. Open a new tab, and paste the Profile Edit link, remove the prompt=login query parameter.
3. Execute the link, you are taken straight to modifying your profile page, rather than seeing a sign in page.
I need to have the following workflow:
Third-party company registers new admin user for Office365 (I can't control this process).
Then pass credentials of this user to us and we configuring it (add domains, additional users etc).
I need to automate this process and this should be done by background task. So, after registration we catch this event and add message to queue and then our Azure Functions add domains, register new users etc.
But for calling Microsoft Graph admin have to accept permissions manually (go to web page and accept). Without this action token is not valid. And it breaks our automate process :(
Any way to accept it without going to web page and logging by admin for accepting?
From how you describe this process it seems like what you really need is to create an application that uses Application Only permissions that your customer grants consent too. There should be no need for them to manually create an admin user and give you credentials for this user.
And to specifically answer your question, I do not believe there is anyway to automate the user consent process via an API call. That would defeat the purpose of user consent.