How to share app id with an extension? - google-chrome-extension

Is there a way to programmatically find app's id based on a name or some other criteria?
I have an extension that needs to exchange some data with an app. However, in order to send a message to the app I need to know the app's id. How can I get the id without any end user involvement?
I think I could hard-code the app's id into the extension but I'm not sure if this is the best option. In order to do that, I would always have to publish the app first, find its id, hard-code it into the extension, and then publish the extension.
Would this work? Are there better options to accomplish the above?
Thanks.

There is a way, but it's too heavy to be justified in a regular extension: chrome.management API. To be able to find out your app's ID with it, you'd have to make sure that the app be already installed by the user before the extension makes a query. In addition, such a permission may be hard to slip by more savvy users.
Hardcoding is your best option. The good news is, your app's ID will be fixed after the initial upload and will never change with subsequent uploads.

Related

Spring Data Rest Frontend deep linking

So i have been struggling with this one question some time now:
How to handle details Page or deep linking on the Frontend.
So, say, we got a paged collection endpoint with user entities in it and a React App consuming the endpoint.
The flow would be, user authenticates, gets collections, clicks on an item and is either:
Redirected to a new Url say: webapp.com/users/userid
A modal opens with the user details.
Say we got a scenario were two people working with the webapp, Person 1 wants to share a link with Person 2. Person 2 should do some updates on a specific user, which is identified by the link.
The link should be something like : https://www.webapp.com/users/{slug or id}
With Option 2 this functionality is not mappable.
With Option 1 we got to expose the ids in the response to identify the resource, which may work, but we would still need to hardcode the url, as the findById method is not exported as a Uri Template.
So, my Solution would be to add a slug for the resources, implement a search method by the slug, and then get the user, if found, by its self-link.
Sounds like a good solution for me, but on the other hand, I would have to add an extra frontend id(the slug here) which would need to be also unique, to the database model.
So how do you guys handle a problem like this, or is there anybody using spring data rest in this way or in production mode where you have the handle situations like this?
Should mention that this isn’t a primary problem with spring data rest but rather with hateoas itself.
thanks in advance
Florian
You don't need to hardcode URL template. Spring data rest will generate links for each resource.
You can refer to it from front end by some format like: {your_user_object}._links.self.href

Must a freelancer keep API Client IDs active for former employers?

I'm a newb with Google OAuth and am trying to understand the different business/application models and which API credential types go with my particular situation.
I am creating a Chrome extension for someone for their own private use which accesses their Google Sheets docs using their personal Sheets account. So, I will not own the code or extension once I deliver it to them and end the contract. So, I do not want to have to maintain any authorization/API ID's or credentials after I deliver the extension and its source code. But, obviously, the extension must continue to work for them indefinitely.
The only way I can see how to accomplish this is to instruct the employer (who has no developer or development skills) on how to create the OAuth Client ID with their own Google API developer console. Then, they can enter the client ID and other codes if necessary into the extension config screen so the extension can use this information for authorizing API calls. This seems like a huge hassle for someone who just wants to buy an extension to do something simple.
Am I missing something? Is there an easier way?
P.S. I know this question doesn't follow the proper format for SO, but this is the only place Google has provided for asking API OAuth 2.0 questions.

API to get the list of all search providers/engines?

I am developing an Opera extension. At some moment it allows the user to perform search. Now I use chrome.tabs.update with { url: `https://google.com/search?q=${encodeURIComponent(query)}`}. This is not user friendly. The better approach is to maintain a user-editable list of URLs like https://google.com/search?q= or https://ca.search.yahoo.com/search?p= in the extension's options page and allow the user to choose between them, but I really don't want to reinvent the wheel.
Chromium-based browsers all have user-configurable search engines/providers, and I want to allow the user to choose between them or just use the default. To make that possible, I basically need two API functions:
a function to get the list of all configured search engines;
a function to get the default engine.
I didn't find anything similar to my problem in the API docs.
BTW, Opera also has an undocumented chrome.search function (Chromium has none), but it always searches via Google regardless of the user's default search engine setting.
Thanks.
PS. If there is a more appropriate place to ask this question, please tell me.
I didn't find anything similar to my problem in the API docs.
Because there isn't one, unfortunately.
There is a relevant old feature request with no real activity.

Create app-bound playlist on Spotify

Is it possible to create an app-bound playlist?
It's possible to create a playlist for a user, but how will I know which one that is when they move away from my app?
Ideally, I would only need to be able to create/edit 1 playlist.
Edit: Have found this http://developer.spotify.com/technologies/apps/guidelines/integration/#appsthatcreateplaylisturi:s
But if anyone has great ideas, I'm still open!
As you've found out yourself, you can't create a playlist in a user's library that's somehow linked to your application using the Spotify Apps API.
I thought it'd be a good idea to also quote the relevant part of the Integration Guidelines that you've linked to:
If you want to generate and save the user’s personal playlists in the
app, you should not keep playlist information only saved within the
app. Playlist information should instead be handled by utilizing user
playlists, so that the user can access playlists as usual. They
shouldn’t have to go to the app to access a certain playlist that they
have created.
Suggestion:
I think there's several ways to do what you want to do though.
One way could be to let a user create a new playlist using your application and save it to the user's library, and at the same time save the playlist URI to your own back end. As you've noted, playlist URIs are obfuscated (e.g. they look like spotify:user:#:playlist:783BHaT7Xb8K5VyYstxsj3 instead of spotify:user:thelinmichael:playlist:783BHaT7Xb8K5VyYstxsj3, the username is replaced by # for the currently logged in user, and #xxx.. for other users). You could still save the last part of the URI, which I believe is unique for every playlist. Using a hashmap to map that part of the playlist URI to properties you want to keep track of would let you do quick lookups of a user's playlists to see if they are associated to your app. You could iterate though the user's library to gather all obfuscated URIs, and send them to your backend in a single HTTP request. The response from your server could be the index of the library playlists that matched the playlist on your backend, along with the properties you've mapped to it. Again, this was just a suggestion and possibly not the best way forward but I hope it gave you some ideas. :-)

with Symfony sfDoctrineGuardPlugin, users can open a page which actually they cannot by changing url

I am using Symfony 1.4, sfDoctrineGuardPlugin.
On my backend app, users can reach a page which they cannot actually by changing url manually. Is there any way to stop it?
Lets say, every author can just reach their own data normally. But if they change id on url they can edit which article they want. I searched on the internet but cannot find any solution for it? Do you know a way?
Thanks a lot.
By just hiding things that doesn't belong to a particular author you can't protect them from being edited or deleted.
Overload executeEdit/executeUpdate/executeDelete actions in your backend modules to avoid unauthorized management.
Something like:
public function executeEdit(sfWebRequest $request) {
...
$this->forward404Unless($this->article->belongsTo($me));
...
}
In addition, you can check for proper credentials. It's useful when you want to some user groups to access some special content, or content of another users.
Hope that helps.
you have to make a relation between article and authors. I presume there is already one, so the best approach is to override doSelect method in ArticlePeer to check with Author. Just add a criteria to select articles belongs to the current user.

Resources