I want to create a dating app where the app user would search for matches based on gender, age, and current city, even if those matches are not friends. I'm assuming that there's no way to search all the app users without providing a UID;is there?
Would I need to store those variables in my DB, and then use each UID to get its respective profile info?
Yes, you can only get the app users from the authorized user, but not just all of them. And for a dating app profile, all users might want to have their own profile stored in the database, with additional info (not available in Facebook). But be careful with privacy, whenever you store any personal data, let the user review and edit it first.
Related
This is the my web-app "User Settings" page.
I have simplified it to a minimum to better highlight the problem.
To authenticate users I use Auth0, I wanted to use the sub claim user_id to identify the users inside my MySQL database for update and retrieve user's info. Unfortunately the user_id is different for each provider, for example, if the same user with the same e-mail logs-in via Auth0 he gets a user_id if he does it via google he gets another one.
I thought about using email to link logged user to his info.
The problem is in my API. Before the change it was "localhost: 8080 / api / users /: id"
each time it created a new id and in any case it was impossible to recover the data of the single user. Now that I have replaced "id" with "email" my API has also changed in "localhost: 8080 / api / users /: johnsmith#xxx.com".
Before:
After:
In a few words, the request url on the client side has also changed.
I would like to make sure that the GET and PUT requests are made based on the e-mail of the logged user without going to modify the whole back-end.
Sounds like something is wrong with how you authenticate users. If you have multiple ways to authenticate a user, those methods need to be in a one to many relation with the user. For example each user has a list of auth-methods, and whenever an authentication is made you check your table of authentication methods and find the one user it maps to.
Im not sure if you are doing this yourself or if the framework you are using is handling that, but it sounds like you need to change the model to allow many Auth methods for a single account.
Also you could use email, but that is also an "old" way of uniquely identifying users almost every single person has multiple active email accounts nowadays, so you should also have a one-to-many relation for users to emails. What if the user has different email accounts for their Facebook and Google accounts?
See account linking here: https://auth0.com/docs/users/user-account-linking
It is dangerous to trust that the external providers are truthful about what email belongs to who. What if I open a new account using someone else's email on one of the providers? Then I can log into that users account in your application, which is a pretty big security risk.
Does anyone know if it is possible to create a login in XPages / Domino, where one can create their own users who are not on the Domino server.
I need to create a database that has users connected to a customer.
Customer further orders that they want to see. There can be several hundred customers eventually.
The reason I want to create a separate database for users is that users will have different rights and fields than those found in Lotus names.nsf
You could use a separate NAB and add it via Domino's Directory Assistance to the server.
This allows you to create the external users from the other company in this NAB only and won't affect your companies names.nsf.
The external users would have their own company hierarchy, something like
*/Acme/US
f.e.
Mary Jane/Acme/US
The can login with the default Domino mechanism (including the password change mechanism etc). And you can use the other features of Domino like Groups, ACLs etc.
The users would log on to your site with their email adress, that's why there is no be problems with "doubled users" (Hans Mueller/Acme/US and Hans Mueller/YourCompany/US).
The DA must only run on the Webserver that the external users should access. You don't have to replicate it all around in your infrastructure.
EDIT:
You can create user documents in this external NAB without any problems. I prefer a self-registration with a email validation mechanism (to prevent the use of an internal email adress, f.e. of Hans.Mueller#YourCompany.com).
The users can choose their own password. All you have to do is to create a new Person document in the NAB and do a Compute with Form (this sets the HTTP password).
If a user wants to change the password, you can use the ?ChangePassword functionality. And if a user forgets his password, an agent creates a new one in the person document and sends it via mail to the user email address.
I have my _users database secured, so a user can only access their own information. However, I'd like other users to be able to retrieve certain public information such as email addresses, real names, and phone numbers. What's the best way I can go about accomplishing this?
You can store the info in the _local database, e.g. _local/userinfo.json. Of course you need to know the url of the other users.
Is there any personal identifying information linked to this number?
Are user_id's specific to my app or does a user have the same user_id across all app engine apps?
user_id is basically same across all GAE apps, and it might be possible to get other user info using user = User(_user_id = 'user_id'), so I'd recommend to avoid using user id's in URLs and other client-visible information.
I am working on an iphone app which uses instagram API..and I would like to know the following things..Is it possible to get data from instagram without user logging?If so, what type of data would be retrieved from it?Is it possible to access data of a specified user?Or is it only possible using social networking sites like facebook,tumblr etc?
thanks
Yes, with a valid client id, you can fetch user information for a specific user id. Information available includes name, bio, website, and profile picture. You can also return multiple users' data using the search endpoint.
Take a look at the User Endpoints documented here: http://instagr.am/developer/endpoints/users/
I also suggest reading Do you need to authenticate? section here: http://instagr.am/developer/authentication/
NOTE: by providing a client id instead of a valid user token, you are counting against your own application's 5000 calls per-hour limit. If you plan on having a large user page, you would need to authenticate each user to avoid this limit.