I'm looking at this answer and I don't know how to use it with express. lets say at route /fbtest I want to show info on a fb user. the answer suggest that i make a request to https://graph.facebook.com/USER_NAME_OR_ID?access_token=ACCESS_TOKEN and I would get the information on the user. I have a client ID and a client secret how do I get the access token?
app.get("/fbtest", function(req, res){
make request to fb
set var to the returned data
res.end(the var)
})
through out the fb documentation I see something like GET /me/{namespace}:{action-type}/{object-type} I really want to use something like that for something I need. should I really type in the letters "me" or the username?
I was googling and I see this link that my help but I don't understand the examples like FB.api('4', function (res) { what is 4?
To get the access token, you need to follow oAuth. You need to send the user to Facebook and ask for permission. If the user permits those actions, s/he will be redirected back to your web site with access token.
/me/ would work for the logged in user. It's equivalent to the username or user ID for the logged in user.
Related
I can’t seem to find anything about changing actual user settings with the twitter api. I see ways to change the account “name”, but that is not the same as the username.
There is no API method for doing this. A user will need to use the Twitter website or app settings in order to change screen (user) name.
This is the my web-app "User Settings" page.
I have simplified it to a minimum to better highlight the problem.
To authenticate users I use Auth0, I wanted to use the sub claim user_id to identify the users inside my MySQL database for update and retrieve user's info. Unfortunately the user_id is different for each provider, for example, if the same user with the same e-mail logs-in via Auth0 he gets a user_id if he does it via google he gets another one.
I thought about using email to link logged user to his info.
The problem is in my API. Before the change it was "localhost: 8080 / api / users /: id"
each time it created a new id and in any case it was impossible to recover the data of the single user. Now that I have replaced "id" with "email" my API has also changed in "localhost: 8080 / api / users /: johnsmith#xxx.com".
Before:
After:
In a few words, the request url on the client side has also changed.
I would like to make sure that the GET and PUT requests are made based on the e-mail of the logged user without going to modify the whole back-end.
Sounds like something is wrong with how you authenticate users. If you have multiple ways to authenticate a user, those methods need to be in a one to many relation with the user. For example each user has a list of auth-methods, and whenever an authentication is made you check your table of authentication methods and find the one user it maps to.
Im not sure if you are doing this yourself or if the framework you are using is handling that, but it sounds like you need to change the model to allow many Auth methods for a single account.
Also you could use email, but that is also an "old" way of uniquely identifying users almost every single person has multiple active email accounts nowadays, so you should also have a one-to-many relation for users to emails. What if the user has different email accounts for their Facebook and Google accounts?
See account linking here: https://auth0.com/docs/users/user-account-linking
It is dangerous to trust that the external providers are truthful about what email belongs to who. What if I open a new account using someone else's email on one of the providers? Then I can log into that users account in your application, which is a pretty big security risk.
So I want to get a user's feeds (or lets say user's posts); based on this documentation I'm calling the following endpoint:
https://graph.facebook.com/{USER_ID}/feed?access_token={MY_ACCESS_TOKEN}
https://graph.facebook.com/{USER_ID}/posts?access_token={MY_ACCESS_TOKEN}
But this is giving me an empty data array; although there are public posts by the user! Am I doing something wrong? Should the user give the permission to my app?
Although the following end point works (which shows user general info), but that's not what I want; I want just a user's posts
https://graph.facebook.com/{USER_ID}?access_token={MY_ACCESS_TOKEN}
Thanks
You have to use facebook login and request permissions from the user to access their posts : "user_posts". This document covers how to request permissions with faceboook login. Once you are granted the user_posts permission, you can use the access token you obtained from the user in your call to get the users feed.
Let me start by saying I really like Deployd. I want to use it in production, but I want to incorporate OAuth and social logins, so I installed the dpd-passport module. It works great, except for two little (big) problems:
When a user signs in via an OAuth provider (e.g. Facebook, Twitter, Github) a new user record is created...but if the same user clears their cookies or uses a different browser to log in, a new user record is created.
If I do something clever (read: hacky) and assign users with social logins an ID based on the socialAccount and socialAccountId (something unique but constant for each social account), someone could use the standard method of user creation to spoof a user by making a POST request to the /users endpoint if they knew that user's socialAccount and socialAccountId.
My question is: How can I A) prevent #1 from occurring, or B) disable the standard method of user creation without also preventing OAuth user creation?
Has anyone ever successfully used Deployd and dpd-passport in production? If so, I want to speak with you...
Thanks in advance!
First of all, I think you haven't added the custom fields per the docs.
https://www.npmjs.com/package/dpd-passport#requirements
I hadn't either, and observed the new user feature (because it couldn't lookup the response from the auth service to find the user from before). Adding these fields fixed it.
Also, there is a google group here:
https://groups.google.com/forum/#!forum/deployd-users
Hope that helps.
I was playing with the loginWithExternalService methods under Accounts and I was sad to find that while you could create new users with one of these services or log in those who already had credentials, there was no way of allowing currently logged in users to augment their methods of authentication so that they could log in with any of the services they have authenticated through. Is there a way of dumping information like a user's FB profile or a user's Twitter url into their existing, currently logged in account? I tried customizing accounts-base but this.userId returns null within it so I cannot do updates to the currently logged in user there.
There should probably be a better API for this, but at the moment (Meteor 0.5.2) the following server code will create a user associated with an Facebook ID.
var newlyCreatedUserId = Accounts.updateOrCreateUserFromExternalService(
'facebook',
{id: FACEBOOK_ID},
{additionalFieldOnUserDocumented: 'foo'}).id
If you dig into the implementation of Accounts.updateOrCreateUserFromExternalService you can see how to add these fields to an existing user.