I want to play private videos of you tube in my app via UIWebView. Requirement is user should not be asked user name and password for playing that video. So I have done Google authentication in my code, and getting auth token. I need to send that auth token to UIWebView so that it can play that private video without asking user about the user name and password (as we have made channel on you tube and we have user name and password). If any body have solution please provide. Thanks
Related
A user can create an account in my App only with his work email.
Example: john#xyzcompany.com
After he creates an account, he can link multiple social media accounts to his profile.
Example: john#gmail.com, john2#gmail.com
I'm using MEAN stack to develop the App.
When a user logs in to my app, I'm creating a JWT token to authorize all his future requests to the server.
When it comes to Social Media accounts Integrations, After successful authentication I'm able to receive the accessTokens from these Social Media to the backend callback URL. I need to link the tokens to the right user. Is there anyway I can pass my JWT token along with the callback URL to identify which user has made the request, because I cannot identify the user based on the email in his Social Media Account?
I was able to solve this using socket.io. But I feel it is unnecessary to use sockets for simple authentication.
Is there any other approach to solve it? I have researched online, few of them suggested using passport. I don't fully understand how passport works, I just feel it is just a middleware to authenticate API requests from users, which I'm doing anyway using a custom function.
Could someone explain whether it is possible to pass JWT in callback URLs using passport strategies?
What is the right approach to handle such authentications in a MEAN stack app? I'm stuck with this issue since the past week, really looking forward for a good solution.
I have encountered this type of situation in one of the large scale applications I have been working for and the approach we used to handle it was to store the jwtToken in redis and then retrieve it back with the help of user cookies. Let me explain it in more detail -
Send a new Cookie for the user when the user opens the login page. The cookie should contain some unique id or code against which we will save the JWT token,. Eg: res.cookie('jwtIdentifier', newid())
Now, when the user logs in, generate the JWT token and save it to your redis against the cookie jwtIdentifier's value. Eg: redisHelper.set(req.cookies.jwtIdentifier, JWTTOKEN)
At last, when the login is successful and the user is redirected back to your app, you can retrieve your JWT token again for the corresponding user using the cookie. Eg: redisHelper.get(req.cookies.jwtIdentifier) This will give you back the JWT token that you can then use across your application for that specific user.
Hope it's clear, let me know if you have any questions with this implementation ;)
You might try using client side facebook authentication as described here
https://theinfogrid.com/tech/developers/angular/facebook-login-angular-rest-api/
in this case in angular app you have facebook token alongside your app token and you can send them to your backend to identify the current user.
on backend part you eill call facebook to get profile data from accessToken and then store user profile id and depending on your business you might need also to store the access token
I have a web app where people can log in through Twitter and by doing so authenticate the app to tweet on their behalf, I want to do this.
But the problem is that I cannot find any endpoints in the twitter API that would facilitate this,
I'm able to tweet from my own app using the Twitter npm package but I can't find a parameter to pass something like a user ID to tweet from a different twitter account using my App.
Do you maybe need the OAUTH token and secret to do this?
The solution is to have people sign in on your web page and get their tokenSecret and token from the login, put those in the place where the access_token_key and access_token_secret usually go when tweeting and send a regular statuses/update/ POST request.
How can I get user data from Spotify without login?
YouTube Data API, you can get user public data information if you know the Channel ID.
Is i possible to do it in the same way?
I have tried the following link with UserID but it requires authentication.
https://api.spotify.com/v1/users/{user_id}/playlists
Maybe you should check documents below
Spotify documents
hope helps
If you want to fetch user's public playlists you need to authenticate the request.
The authentication is based on OAuth 2.0 and there are several ways to obtain a token. On of them, the Client Credentials flow doesn't involve a login form and you only need your client_id and client_secret to obtain a token.
I am working on a REST API backend service for an app that uses both email and facebook login. Lets just pretend this app is a todo list app and a user can sign in and add notes which they could later view on may different devices.
The "Login with email" is pretty simple, the app would make a request to:
URL: /v1/login
Params: email, password
Then the serivce returns an access token if all this information is correct so we know the identity of the user creating, updating or deleting a note/list item.
Now for the facebook side. I've seen several differnet answers all over StackOverflow and Facebook's documentation. Some people say, just pass in the id and login the user with the matching id. This would mean calling the login function from the Facebook SDK and just keeping that id to send in a request.
URL: /v1/login/facebook
Params: id
That would work but seems highly unsecure. Anyone could get someone else's Facebook id and just send a request to the server. Facebook's documentation mentions also using the account email. We'll what if the user ever changes their email on Facebook, they could never login to this app again. Another hint of security would be passing in the token from Facebook every time. Since those tokens can change or expire, there really wouldn't be a way login past the expiration date.
The final method I know of would be passing in the app secret:
URL: /v1/login/facebook
Params: id, secret
This seems by far the most secure, if you are using https to connect to the server. The downside to this method is, what if the Facebook secret token is ever reset? I mean you could always make a call to the server to request and check if token was reset and if so pass back the new one. But then if anyone had access to the endpoint to check out of date tokens, it could give them the new secret token.
I know we are dealing with the internet here and there will always be security flaws and there isn't a perfect way to do this. But what is the best way?
Try to send facebook_token for that user.
URL: /v1/login/facebook
Params: facebook_token
and service side make a service call to facebook graph api to get information about that user using facebook_token.
get the facebook id from that response and use it to provide data to that user.
I have created a Facebook application and have an application ID and application secret. Now I want to provide the user with a simple UI in which he/she will fill in the Facebook user name and password. On the proceed button click, how do get his/her authentication token?
So in future I will use the saved token to get particular user information.
Take this Open ID
Check the Answer here this will help you.
The procedure for token set you need to store it via local cookie over client's browser.
That's the step-by-step simple stuff to create this kind of application
Hope this will help you