Using Facebook graph api, can and should I cache profile picture? - node.js

I am using log in with facebook in my web app. Because of this I will always have the userid of the current user at facebook. I want to use the profile picture in my app, I can do this easily by:
<img src="http://graph.facebook.com/<%- accountId %>/picture?width=200&height=200">
This seems fine if I just display the picture at the current users dashboard, but what if I want other users to see each others pictures? Is it a good idea to always link each users images as above? It will in this case be a bounch of requests to facebook for each view of my app. Or should I download each users profile pic when they register and display it from my database? Am I allowed to do that? In this case, how do I save the picture into my mongoDB database via waterline (sails.js)?

Related

NodeJS App with waiting for the admin to accept

I'm trying to create a Full Stack App with the following requirements:
Have users that post photos
Have an admin that gets those photos and accepts/rejects the photo to be published
So, the user should be able to upload a photo, and, if the admin accepts, the photo should be rendered to the user screen. Otherwise, the user should get some kind of alert saying that the uploaded photo was rejected.
Do you guys know some kind of project where it was done so it can guide me? Or any advice on how to do it?
start with a register/login system first where the users will be given different roles ( admin and user). Then create an admin panel for the admin followed by a profile page for the user. Use a database to send the profile pictures to and display the data in the admin panel, where the admin has got the option to either reject or accept the data. if its accepted display the profile pic otherwise delete the data entry and send a message to the user who has uploaded the profile pic.

Changing Twitter Username with api

I can’t seem to find anything about changing actual user settings with the twitter api. I see ways to change the account “name”, but that is not the same as the username.
There is no API method for doing this. A user will need to use the Twitter website or app settings in order to change screen (user) name.

Does Instagram Graph API has sandbox mode?

The docs say (step 4):
In the App Review for Instagram section, click Add to Submission for each permission your App will need from its Users. instagram_basic is required. instagram_manage_comments, instagram_manage_insights, and instagram_content_publish are optional.
Scroll to the bottom of the page, and in the Current Submission sub-section, for each submission, click its View Notes link.
In the View Notes dialogue for each permission submission, provide a description for how you will use the data returned by any endpoints that require the permission, and a screencast showing how your app will use the data.
Once you've completed your notes for all of your permission submissions, click the Submit For Review button at the bottom of the page. Note that this is separate from your App Review, which you will do after testing.
After you've added both Facebook Login and Instagram API products to your app configuration, add Facebook Login to your app and record a screencast showing how you will use data returned by the Instagram API. This is similar to the Facebook Login screencast but with Instagram data, so the same guidelines apply.
Step 5:
Once you've been notified that your Instagram API product submission has been approved, you can use the Graph API Explorer to test your app.
With Facebook Login I can create an app that works in sandbox mode. Which lets me create a screencast. To be able to use Instagram Graph API (on a site) I need (from what I can gather):
Facebook Page linked to Instagram Business Account
an app icon
a privacy policy page
a site with working Facebook Login
description of how each permission is going to be used
screencast of... what exactly? of a site that is basically ready, but instead of fetching data from Instagram, it has them hardcoded in the code?
Or there is a sandbox mode after all?
UPD I've highlighted the important parts in the quotes above. Then:
5. Test Your App
Once you've been notified that your Instagram API product submission has been approved, you can use the Graph API Explorer to test your app.
Go to the Graph API Explorer...
The first call you will make is to the Graph API's /user/accounts edge...
Locate the Page that you connected to the Instagram Business Account and click its ID...
Next, [make /page?fields=instagram_business_account request].
This is where I get empty response in Graph API Explorer (only id field is returned), or:
200:- OAuthException:(#200) Access to this data is temporarily disabled for non-active apps or apps that have not recently accessed this data due to changes we are making to the Facebook Platform. https://developers.facebook.com/status/issues/205942813488872/
GET /...?fields=instagram_business_account HTTP/1.1
on my site. Which requests to Instagram Graph API can I make before passing reviews (Instagram App Review, and Facebook App Review)?
It looks like the documentation that Facebook provides is somewhat misleading. You can actually use Instagram Graph API via Graph API Explorer (or by sending GET requests from your code) in a very limited way accessing only your instagram business account BEFORE you get initial approval described in Step 4.
Steps:
Open Graph API Explorer.
First, you need to add extra permissions in the "Access Token" section. There is a "Add a Permission" drop down on the bottom of that section. Open that drop down and select: instagram_basic, manage_pages, business_management permissions. Depending on what you are trying to do, you may need other permissions as well (e.g. instagram_manage_comments, ads_management, manage_pages).
Once you selected the extra permissions, click on the "Get Access Token" button.
Now, you have access token with correct permissions and you should be able to execute instagram_business_account request. This will return the instagram id of your business account, which you can then use for other requests.
After going through these steps, I'm able to get media for my business account via Instagram Graph API, although I'm still trying to figure out why tags request returns empty list.
Go to your app dashboard from your developer account:
https://developers.facebook.com/apps/APP_ID/dashboad
Go to: Roles -> Test Users.
Edit one of the test users to change its password to what you want in order to know him.
Once done, logout from your personal account and connect with the "test user" account in https://facebook.com
Go to your app and click the facebook login with the scope "instagram_basic".
With the access_token that you get you are able to ask Graph API about the user's instagram business account.
Et voilà.
PS: You will not be able to use the Open Graph API tool from your test user. My advice is to test your app from Incognito mode so it will not interpose with your personal account.
UPDATE
Currently, access the instagram data from this way is disabled but this is the right way to access the data.
FB error message says:
(#200) Access to this data is temporarily disabled for non-active apps or apps that have not recently accessed this data due to changes we are making to the Facebook Platform. https://developers.facebook.com/status/issues/205942813488872/
You can get full functionality of Graph API if you login with the developer account, use that to create a video screencast of app functionality and submit
You will have to create a test application out of your real application, these applications are in sand box mode by default (developer mode) https://developers.facebook.com/docs/apps/test-apps/ You will be able to access any fb permission / feature with it, and develop a product with it. Once you are ready to review, in your submission of your real application link your test app in the process

Instagram API Access Token

I am building a website for a client and we want to have an instagram slide show scroll at the bottom. However it looks like they have a new API rule and are requiring access tokens which can only be acquired by logging into an account. I was wondering if this means to see the pictures, visitors to the site will be required to log into their own instagram account in order to view our clients pictures?
Nope... Log into your/client's account (receive access token). Search for photos you want and cache results. Display cached results for end user. That's it.

Adding Social Login to Shopify

I wish to add Social Login feature to a Shopify store that I am building. (I'm using the professional plan.)
I explored a few of the available social-login apps on the Shopify App Store. Upon studying closely as to how they actually work - I have come to the following understanding of the general scheme being followed by all of them.
The Shopify shop owner sets up a social app (e.g. Facebook app) with their store identity, but configures the Callback-URL/Redirect-URL to one supplied by the App author (i.e. pointing to their infrastructure).
Upon successful login by a shop customer on the social platform (via a link/button inserted on the shop login page), the request gets redirected to the App.
The App retrieves the user's email address from the their social profile (that they now have access to).
They then lookup their own database to see if this is an existing customer. If so they go directly to step 7 below.
If it's a new customer, they use Shopify API to create a new 'customer' on the target Shopify store. They set the customer up with a randomly generated password.
At the same time they also make an entry of this customer account (email + generated password) in their own database.
They then redirect the request back to the Shopify store's login page but this time with the customer's email address (retrieved from social platform) and their password (from the App's own database) included as part of the data that comes back to the users browser as part of loading the login page.
Then the App's javascript embedded on the shop login page uses the customer email address and password to programmatically submit the login form - thus establishing a valid customer session on the Shopify shop.
My questions are as follows:
Has someone else also looked closely in to this, and thus can validate if my above understanding is correct or not?
If it is correct - is this the only way to achieve social login on Shopify (without using Shopify Plus/Enterprise plan)?
I am trying to understand if this indeed is the only way, because I strongly feel that this method is not at all secure. And thus I'd rather not use this method; or if I just have to - then I'd rather write my own (private) app for this so that at least I am in control of the security of the app/database that holds sensitive users credentials.
Would appreciate any help/thoughts I can get with this, please.
If you are rolling your own you probably want to look at Multipass. It would be the thing to use if you can set up another web service that handles the trusted partner registration process.

Resources