I have a wordpress website that uses woocommerce memberships.
We somehow managed to map patreon users to woocommerce memberships so that they get all the perks via our own website.
I know it's possible to query the Youtube API endpoint members.list which would give us 1) the membership level and
2) the youtube channel id of each individual member
How can we then validate that a wordpress user is a youtube valid member?
With patreon the validation is by matching email address, but on youtube there's no access to the user email. I guess the user would have to set his youtube channel id in our website so we can later confirm it matches a valid membership.
The problem is that anyone can provide someone elses channel id to trick the system...
any ideas that would help with this much appreciated
If I were you I would generate a token for each user on your website, such that if they put this token in their channel description (ABOUT tab) then you can be sure that the given YouTube channel owns the given account on your website where he got his random token. You can get their channel description by using this reverse-engineered YouTube UI solution.
You can also think of other mechanisms such as requiring the user to post a comment on a video and checking using YouTube Data API v3 CommentThreads: list endpoint or post a message on a livestream and checking using YouTube Live Streaming API LiveChatMessages: list endpoint.
Note that depending on your token format, it may be useful to use an unusual pattern to put in their channel descriptions to avoid wrong authentication (a channel description containing unintentionally a token assigned to a user by your website). For instance if you assign an id (0, 1 and so on) to each user (or if you just use their usernames) just requiring this id to be in the channel description isn't very secure as anyone may put unintentionally someone else token. What you can do while still avoiding random token is to use a prefix. That way your website won't just look for 0, 1 and so on in their channel description but instead Your website: 0 or Your website: 1... Using a prefix keeps user-friendliness (Your website: Benjamin Loison looks better than 77ff716cfdd4e7ed) while being quite secure.
Related
I am currently using a linkedin API with r_lightprofile in my application.
Two months ago, I sent a request for access to r_fullprofile using the Partner Program form.
https://business.linkedin.com/marketing-solutions/contact-us
http://prntscr.com/opfnpd
I also sent a request to the Marketing Developer Platform, but the request is still pending (http://prntscr.com/opfvfx)
After all this, I got an email with a form to fill out information about the company.
But after filling out the form, I did not receive an answer that the company is suitable or not suitable for full access.
1) How long does it usually take to get access?
2) Does the linkedin API have support? Email, Live chat or something else?
3) Have I done everything for access? Maybe I missed something?
4) Does Linkedin send an email in case of failure?
It's been a long way for me too, I'll give you some random tips:
Make sure your app is connected to a LinkedIn company page and that the status is Verified. To do this, from the app dashboard, add to the Team members an administrator of the LinkedIn company page (as Admin member) and let him access the app dashboard. He should be able to see a Verify button to confirm the authenticity of the app.
The only support that was really helpful to me was Zendesk.
It's the first time that I used Telegram Bot and I'm looking for a way to create a membership channel, in particular:
I have a website where the users can subscribe a specific mebership level and this give access to a specific feature of the site. Actually I was able to create a bot and establish a communication with the site through the channel (where the bot is linked). In this way, each time that I publish an article on my Wordpress site the users of the Telegram Channel can see the article.
The problem
In this way, all the users of the cannel can see the article, I want show the message that contains the article only to the users which have subscribed a membership on my WordPress site. Is there a way to achieve this?
Adding a channel to your solution adds extra complexity. Suggested solution as your requirement:
Add telegram web login to your website. After that you will have access to those users to send them a message via your bot.
Send your messages only to whom have an active subscription.
This way you can also remind individual users in case of expiration of their subscription
I have a company domain google site and enabled google analytics account. Could somebody advice if it is possible to view same domain site visitors by name?
I want to track who of my colleagues visited my site and what is the frequency.
Thanks.
In order to connect a user in Google Analytics to a person, you'd need some sort of system to make the connection. This could be a login, a form, a url parameter, or something like that, where at a certain point you know who they actually are. At that point, you can assign them an ID (in a custom dimension) and make reports tracking their behavior.
It is worth noting (as above) that you can't store personal info in Google Analytics - so the ID would have to be non-identifying, like a GUID or random, numerical ID.
Some strategies for connecting website users to individuals include:
Email Marketing - Many email marketing companies allow you to pass a unique identifier in the URL of anything they click. You could then read this url parameter with javascript and assign it to a custom dimension in Google Analytics.
Login/SignUp - You might have some content behind a login-wall. For example, in order to download a document, you make the user fill out some personal information (like an email and their name), then email a link to the document to them. Once you have the user's information in your system (via the form submission), you can grab the user's ID from the submission.
Manual Parameter - Similar to the "Email" one, you could just email your colleagues a link to the website with a custom ID on each link. Just read that parameter from the URL with javascript and assign it to a custom dimension.
I am developing a website for our GTA Online Crew, basically a gaming community, my issue lies in verifying that they are the user they say they are when they register (For example if there username on social club is GTOFAN01, we want to ensure that person uses the same username on our site when they register).
As we want all website users to have the same names from social club (owned by Rockstar and I have no way to change anything on there end...) to our website to avoid confusion / posers / trolls etc.
I've had a few ideas but they all create a lot of manual work or I am not sure how to implement, but I have narrowed it down...
Let anyone register and then manually send them a confirmation code through social club to the account name they have said they are.
somehow find out who they are currently logged in as on social club, if this matches the name they supplied then let them in.
find someway to send a message to there social club message box
2 is by far the best, but I can figure out a way to achieve it... I cannot read cookies or session variables from another domain.
Any ideas?
There are several different ways of achieving "federated identity". I would recommend taking a look at OAuth and OpenId. Asp.net Identity has OAuth integration.
See also:
OpenID vs. OAuth
What's the difference between OpenID and OAuth?
The way I ended up going was generating a random qoute for the user to post on the social club (checking it didn't exist first), as the social club feed is public I can then check to see if the qoute was posted and by whom, if this matches who they told us they were then there registration is accepted.
Obviously this is not the greatest solution, but it works and as I've stated I have no control over the social club nor do they offer any way to authenticate a user.
The other befit to this method is it encourages use of the feed which we also wanted to do.
I am trying to build a spiritual website for one company and they are planning to embed some videos in their website.
And they are requesting me to make their videos private as they don't want the users to download them as they are collecting some amount for the classes and they would like to give those videos at a particular time on the website for the registered users.
If we go for live streaming it's costing much so we are planning to host it on the same website and remove them after a period of time.
So I would like to know what is the best way to do this?
Consider using a combination of PayPal Subscriptions and Forms Authentication. Use the PayPal IPN to get the users status (if they're paid up or not) and associate this with the transaction ID and user ID.
They will only get access to the video class page if they are authenticated. At that point, you can retrieve their subscription status from the DB and grant them access if they are paid up. If not, provide a friendly message and link to PayPal.
ASP.NET PayPal Subscriptions IPN [caveat: own blog]
How to set up a Paypal Subscription
You may have to use profiles to store extra information per user. If this is the case and you are using ASP.NET WAP (2.0+), then use the following info to set that up:
ASP.NET Profiles in Web Application Projects
Serving videos in a website can be done using either streaming or progressive download. The latter is technically similar to any other download, i.e. if users find the video's URL, they can download it.
You can write client-side code for hashing a one-time token to try and obfuscate the URL of the video file, but essentially committed users can hack their way into the download URL.
Your other option is to use DRM, which will allow you to restrict playing the file even if downloaded. But that might actually cost you more than streaming. (It will also provide better protection of your video, as streamed videos can also be saved on users' computers if they know how to).