I'm making an app and I plan to have some cloud happening with it, but I do not want to create a user data base and have the users need to remember their username and password.
Since it will be distributed through the chrome app store it's basically guaranteed that the user will have a google account. All I want to do is:
Get the user's email through the google account stuff. If I get it through there, well then their email is all the authentication I need to get that user's data.
If I end up putting the application on something other than chrome browser, I'll just have the user use their email to request a validation link, and then I'll send them a validation code for that account, they put the validation code into the application, it takes that as a verified user, so that's secure and easy as well.
EDIT: I'm looking into this. So far I have:
OAuth 2
Google API
But I have a problem that I don't know what to set as my javascript origins in the Google API and there isn't too much info on this abroad. If anyone can tell me what javascript origins I need to set for a chrome extension to access google api it would be a great help.
PS: Thanks for down vote, this is why I love resorting to stack exchange.
Hmmm, I think the only reason this was voted down is the fact that this question may be been asked somewhere on the site already (but I'll help you and give give a 1up).
So what you are wanting to use the Google OpenID. You will have to register your application with Google so they can provide OAuth2 tokens for you application. I have not done this with Google but with other services and it is pretty easy, just search around.
In terms of obtaining OAuth2 for your application in the chrome extension - this can be a pain since the extension is sandboxed and Google's example uses OAuth not OAuth2.
Here is solution I host on GitHub for this - I also use this in my extension GitHub Repositories:
https://github.com/jjNford/oauth2-chrome-extension
Hope this helps in some way. Don't get discourages with StackOverflow, it is a great resource with many great contributors.
Good luck!
I had to up vote you too as I'm tracking down a related issue so here is what I've found that may help.
According to these directions - http://code.google.com/p/google-api-javascript-client/wiki/Authentication - "In the "Authorized JavaScript Origins" box, enter the protocol and domain for your site." This should be the protocol (http:// or https://) followed by any optional subdomain followed by your domain name and no trailing slash. Nothing after the domain name.
This prevents certain kind of security attacks, see: http://en.wikipedia.org/wiki/Same_origin_policy.
There are some related questions here that I found that may help:
Problems with Google Picker API and selecting Google Drive items and google apis console 'Javascript origins'.
Now with all of that said, I am still trying to track down what values to put in there for one of my sites hosted as a Google Site, as none of the obvious values are working for me. So there may be some subtlety there that I have missed in this explanation.
Related
I'd like to automatize some processes that are not yet available through API(Google Classroom), like posting comments on announcements, seeing private comments on my work and so on. I have trouble accessing my account. I'd like the app to be able to run on a server. I'm currently working with node.js, but if there is an easier approach I'll gladly accept it (free if it's possible). Can you give me an example of how it's done because currently, I am struggling to find every button that needs to be clicked on?
Unfortunately, there are no methods right now to accomplish that. You can leave a feature request on Google Issue Tracker describing what methods you would like to use. Google engineers will study your case and, if applicable, they will develop the requested methods.
You could use something like Selenium with your language of choice (Javascript in this case) to automate the browser clicks.
This is however, not the best of ideas... To make Selenium log into your account you will need to hardcode your password somewhere.
Google services use Oauth for authentication, take a look at the Classroom API Getting-started for instructions on how to work with Google Classroom API.
I'm currently trying to place the docusign console onto my website. My current method is using an iFrame but I'm wondering if that is secure and the optimal way of doing it. I was also wondering if the docusignAPI has a solution to that implemented already because I couldn't find one after playing around on the website with various code sources.
Preferably, users would be able to go to some part of the website, view the contract or document they need to sign on the website without having the leave the website. This includes viewing the document on the website as well such as using an iFrame allows.
Using iframes to host DocuSign embedded signing is not a good idea for a few reasons.
Typically to have a good experience it is recommended to use a large window.
Security Concerns. The users of your app wouldn't be able to see the DocuSign URL as well as the green check to know they're using a secure website which should make them feel more confident about using your integration.
So, apparently I need to provide a Privacy Policy URL for my Instagram application.
The only reason I'm using this application, is for a website I built for a client of mine. The client wanted an automatic integration for her Instagram, so I went through the whole Instagram API hassle.
Now, the website is ready for production, so I wanted to get my app out of sandbox mode, but it looks like I need this Privacy Policy URL.
What's the best way to go about this?
Put a Privacy Policy page up on their website (really any website you can link to) and use that link. It can be a static HTML page, as long as you can link to it.
Instagram won't let you take an application like this out of Sandbox, btw. Your use case is not an approved use case. From Instagram's Developer Documentation under Invalid Use Cases:
One-off Projects. If you are an agency building websites or other integrations, note that we don't grant permissions to clients created for one-off projects. If you are interested in building a product, platform, or widget that will be used as a service across multiple projects, then you may submit a single client_id that you can use across multiple projects.
You can (probably) still achieve the outcome you're looking for but you will need to go back to the drawing board and rethink your application's use case before getting out of the Sandbox. I know some developers who really just don't understand (or care to understand) the policies and never make it out of Sandbox. It's a shame because they can read the technical portions of the documentation so easily but just can't/don't read/understand the more critical parts (like the Invalid Use Cases section).
Recently Instagram changed their API's policy, which means you can no longer like/follow/unfollow using their API unless you are approved by Instagram to do so.
I own the website http://instapromobiz.com which uses JavaScript and PhP to automate likes/follows/unfollows using Instagram's API. This was doing great until Instagram made this update and I can no longer perform these actions.
My question is, is there any way to perform these actions without using Instagram's API? Sites like http://instagress.com are still working so there must be another way to perform these actions without using their API.
Does anybody have any suggestions that might point me in the right direction? Thanks in advance.
You should submit your app for review. They usually answer quickly.
Go to Manage Clients (https://www.instagram.com/developer/clients/manage/), then click on Edit button of your App. Your submission can be made over Permissions tab.
But, unfortunatelly, it's probably Instagram won't authorize an app that do like/ follow automatically. They want to ensure an authentic and consistent experience for the Instagram Community, so those actions should be manual. Good luck.
My iOS app needs to use Instagram API to load some images, user feedback based on geo location. I requested public_content permissions from Instagram team but got rejected with explanations below even though I filled out as much info as possible. Note I have my app in development only and website looks very minimal but some designs and lots of description was submitted for review.
How to resolve this issue of getting these basic permissions? I googled and I notice this is a common problem.
General issues: Invalid Use Case: The use case descrbied in your submission notes, screencast and website is not a valid use case that
we allow on our Platform. Please see our Permissions Review and valid
use cases description (https://www.instagram.com/developer/review/)
for more information.
public_content: This permission (public_content) does not support the use case you described in your submission notes, screencast and
website. Please review Login Permissions
(http://instagram.com/developer/authorization/) for a comprehensive
list of permissions and valid use cases.
Perhaps this helps. I have tried two times but our app was declined. I will write the submission text one more time. I also want to go more into detail as the new FAQ says that Instagram expects a very detailed submision.
Cheers, Christian
FAQ
My submission was rejected but it was a valid use case. What should I do?
A common reason for rejecting a submission is that we do not have enough information to make an assessment of your app. This can happen if your submission was too short, if it missed important information, if you did not provide a good screencast, your website is not working, etc. Before you submit for review again, make sure to provide a long and clear explanation of what your app does and how you use every permission. Make sure also to provide a video screencast and to follow all our Platform Policies.
What should I write in the submission?
The submission should be long enough for us to understand exactly what your app does and why you need the permissions you are asking for. If your submission is too short or does not explain all parts of your integration, then we may not be able to understand and approve your app. For example, your submission should explain what does your app or company do, which of the approved use cases your integration falls into, who will be using your app, how do your user authenticate with your app, how you use the API to power your integration, how does your product use the data acquired from Instagram, etc.
What should I show in the video screencast?
The video screencast is a very important part of a submission and cannot be omitted. Please make sure that the video clearly shows how your application works, including any Instagram login experience and the usage of every permission you are requesting. Since your app may still be in sandbox mode, you can use data from sandbox users to showcase the integration.
My company is working with multiple clients, should I submit one app per project?
No, we do not approve apps that are created for one-off projects (e.g. a hashtag campaign, an event, a website). You should use a single client_id across all your integrations.
Can I revoke a submission if I made a mistake?
You can't cancel a submission that is in progress. You will need to wait until the submission has been reviewed before you can start a new one.