The Feature is:
Instead of Entering his Data himself (Firstname,Lastname,Image,Company,Position,Email and co)
We want to use the Oauth2 Feature from Linkedin.
I implemented everything, with the scopes granted by the App.
But we only get following Scopes
r_emailaddress, r_liteprofile
But i read through the Documentation and in order to recive the "vanityName" or company other fields i need the r_fullprofile scope. But first of all I dont see them in the available Scopes in my application and I also tried to use them anyways but it did not work. Obviously :)
Maybe someone knows why its not possible.
Related
I set up a new app for "Signin with LinkedIn" but only got the following scopes
I tried to modify the scope to get r_basicprofile but could not find any way to do so. Even when I recreate one, it just does not allow me to choose the scopes.
When I try to force the scopes from the client, I get "unauthorized_scope_error".
How should I do?
Thanks
It seems you're looking to leverage the marketing APIs. See the documentation on getting access to these.
So I have an app where I have enabled google authentication in my firebase project. 25 people I know were authenticated. When I logged in the backend I saw atleast some 80 entries with some weird sounding email addresses which should not be there. I had to delete all the entries manually, known and unknown ones (didn't needed any after sucessful testing). Now that I want to go live, I am really concerned as to how unknown entires entered my firebase authentication records?
This has recently happened 'again' to another new app/project of mine. This time I disabled that unknown email address and took a screenshot (attached).
I really really need to know and understand how safe is data on firestore. If someone can manage to 'hack' the Authentication part and add thir email to Authenticated list of users they may also be able to penetrate the database somehow in future. Please help me in understanding what is happening?
While researching on this, I could only find this similar question but the answer was just not enough explanation for me.
Unknown user in my firebase user authentication (Flutter/firebase)
firebaser here
Since the configuration data for your project is embedded in the application that you send to your users, any user can take that configuration data and then start calling the API with it. This is not a security risk, as long as you secure access to the data within your project correctly for your requirements.
See Is it safe to expose Firebase apiKey to the public?
What it means to correctly secure access to your data is hard to answer, as it depends completely on your use-case.
For example: the content-owner only access security rules allow a user to enter data in the database, and then they can access the data they entered. With these rules there's no risk if anyone uses the API (and not your app) to do the same. The security rules will ensure they only can access data they're authorized for, no matter what the source is the API calls is.
It may be related to the pre-launch report.
https://support.google.com/googleplay/android-developer/answer/9842757?visit_id=637478112313064713-650300184&rd=1#signin
Step 1: Provide test account credentials if your app has a sign-in screen
If your app has a sign-in screen and you want the crawler to test the sign-in process or the content behind it, you need to provide account credentials. Note: You do not need to provide credentials if your app supports 'Sign in with Google', which enables the crawler to log in automatically.
So I guess it is safe.
The user willwhiteapple#gmail.com is the apple testing when your application is in the process of validation from apple before deploy to TestFlight .
I have a subscription Official Account and I'm trying to use the basic js sdk test.
I'm using the sample code at the bottom of this page.
It's supposed to work with very little manipulation, but I'm not sure what to do : for example I found in the code "YOUR-APPID-HERE", where I need to put my appID, but it's not specified anywhere. I could be missing other things like this, very basic setup I just don't know of. For example I don't know what to do with the .json files : access_token.json and jsapi_ticket.json.
Should I leave them blank of fill them with my info ? If so I know my OA token but I don't know how to find the ticket.
I'm getting {"errMsg":"config:invalid signature"} but I don't know how to apply most of those fixes.
What I've done so far:
Declared my domain in the official account settings
Uploaded the files on my server
In all.php, I've replaced the arguments in $jssdk = new JSSDK("YOUR-APP-ID", "YOUR-APP-SECRET"); with my appID and appSecret
I'm sorry my questions are a little fuzzy, I find it hard to go straight to the point and to give clear context at the same time.
TL;DR is I'd need someone who's made the demo work to tell me what the basics are, I'm sure a lot of people would benefit from it.
Thank you very much !
first let's try to clarify things out.
the access_token is provided by the wechatApi. It's the proof that you are logged in, with your official account. You can generate the access_token only with your appId and appSecret. Be aware that an access_token is valide only for 7200 secondes, so you need to have a function who renew this token before it expires.
access token doc
The jsapi_ticket gives you the access to Wechat JS API's endpoint.
You just need the access_token to generate it. It also need to be renewed quite often.
js ticket doc
The *.json provided in your exemple are used as a storage for access_token and js_ticket.
You can store the token and the expiring time so you can always renew them before it expires.
Note that the link you posted is not an official documentation. Very useful for an overview but you need to double check with this documentation
Also, wechat have now an official english doc
You can find more details for Oauth in here
What's the best way to set permissions on objects in Apigee BAAS entities, collections in such a way that Users can edit what they create, and others can read them? There might be a case for Admins to be able to edit everything as well.
I asked a similar question here Securing apigee baas that was more around securing the app id/secret which would be needed to make the call to update permissions, but I was wondering if there is any best practice around doing this sort of thing from a mobile application.
My initial thought would still be the service callout (not sure how Apigee-127 which was mentioned in the previous question would be any different to a service callout directly to the BAAS as to me 127 looks like I'm just writing my apis in Node.js rather than using the edge console), but I don't know if there is an easier way in terms of securing all entities, in specific collections ,created by specific users? I guess I could add a created by column which I could check from an app perspective, but this wouldn't stop someone from potentially hitting the BAAS directly and retrieving this info unless permissions are also set at an entity level requiring a user access token.
Is it possible to secure the BAAS in such a way that only calls from Edge can hit the BAAS url?
(Disclaimer: I have not tried this myself but here is a suggestion.)
API BaaS Automatically sets the path segment to the UUID of the currently authenticated user when $user is used. For example, if you sent a request with a valid access token for a user with UUID bd397ea1-a71c-3249-8a4c-62fd53c78ce7, the path /users/${user} would be interpreted as /users/bd397ea1-a71c-3249-8a4c-62fd53c78ce7, assigning the permission only to that user entity.
In this way, through your application, you can set permission for each user, and each object as soon as the objects are created from your application. Assuming you have the user authenticated, of course.
Ref: http://apigee.com/docs/api-baas/content/using-permissions
I am trying to write an application that uses facebook user's events as a possible data source and unfortunately I can log in and get an access token which I can use to get my picture and UID but when I try to access my events I get an empty array.
Does anyone know how I can go about doing this?
I am using Facebook's new Graph API but I must be doing something wrong, I tried using "perm" to get extra user permissions to access their "user_events" but that did not work at all. I am stumped any help would be greatly appreciated.
best regards!!
-ritec
When you do the authentication bit, you'll also need to request access to the user_events extended permission.
This question has a little more info from someone in a similar position as you.
Further instructions for prompting for extended permissions can be found in the Extended Permissions documentation.