I have seen couple of apps like LikeHero and LikeBoost which makes users to exchange likes for instagram. If you try to login, it doesnt authenticates via Instagram. They ask your username and password and bypass the API. How do they do it ?
Could anyone please enlighten me on this.
Thanks,
They are collecting username and password and automating login and other tasks on android phones.
Related
I am looking to implement a passwordless solution for a mobile app currently in production. The aim is to make the login process smoother for the users by removing the use of a password. Since the app is mobile only and that the phone number of the users is already used as a username I feel like a solution using Twilio to generate an OTP (one-time-password) to login is a good alternative.
Nonetheless today when a user logs in, the authentication token has no expiration date (he stay logged in forever). I would like to know if using an OTP to generate such unlimited (or very long lasting) auth token would be considered as a security issue. Is there some best practice to take into consideration like refresh tokens or other ...
To be clear my question is:
Is using OTP with SMS considered as a good practice to stay always logged in to an app ? And do you see any flaw in my reasoning ?
Thank you !
Look https://bere.al/en , Bereal use this system to auth users.
We have probleme when you change/lose you sim card.
But I don't see any security problem.
I am not this guy but I experience the same thing here. Also, there is this question but the author there uses a different flow, so I don't really know if it fits.
In short, I implemented the flow invite-via-email. I could generate the invitation link and the user could click on the link to sign up.
However, after signing up, the user is redirected to the main login page again. The user has to type the credentials again to sign in.
How can I implement auto signing after the user sign up with the invite-via-email flow?
There is a comment on that GitHub thread about id_token_hint something but I honestly do not get it. Many thanks.
If it helps, my setup is Azure Static Webapp with Svelte for frontend and Azure Functions for the backend.
Are you saving the access token from the first login? You might not be, forcing you to log in again. Also, do you have SSO enabled? This may help you if not. Please let me know and I can help you further.
Best,
James
I am coding my app/website to work with Instagram, along with Twitter and Facebook. I saw that a video screencast is required to show:
Please make sure that the video clearly shows how your application works, including any Instagram login experience and the usage of every permission you are requesting.
Does this mean it needs to have an Instagram login? We only offer login with Facebook, Twitter, or email accounts.
Thanks!
The Instagram API requires authentication - specifically requests made on behalf of a user. Authenticated requests require an access_token. These tokens are unique to a user and should be stored securely."
https://www.instagram.com/developer/authentication/
I don't think you can make any Instagram API calls without supporting Instagram login.
I just downloaded the libspotify and was looking at the examples and learning more about it. I want to know does the current version of the libspotify support oauth? I have tried searching but didnt find anything so I'm asking here in case I'm missing an important link. My client says that instead of username and password for signing in to spotify they will give me a oauth token (taken from facebook I think) and through that I should be able to sign in. Please guide, thank you.
Unfortunately, your client is mistaken.
libspotify logs into the Spotify service using either Spotify or Facebook username/password credentials, and nothing else. You cannot log into Spotify with a Facebook OAuth token.
It's worth noting at this point - never save these details yourself - libspotify can remember them for you in its secure store.
I have a web site and every client has his own account. When clients create new articles, titles should go to their own twitter accounts.
The question is how to make it in background? I can ask user for twitter login/password - and save this data in my database. But the problem is with security: password will be stored unencrypted.
Does twitter have better way to organize this flow?
thank you
p.s.
to make it clear - background sending is must - as some clients use API to access my services
OAuth is the solution to your problem. OAuth is supported by Twitter.
By using OAuth, each of your users may authorize you to post tweets on their behalf. You will get a token for each user. You must store this token in your database, but you will not need the end users username or password.