Is it possible to get Facebook Profile Picture and user friends using Azure Mobile services Claims or any other way?
On the azure backend as shown below,
User picture is missing there if it is not public profile. It looks
like public profile is only link to facebook profile
I set user_friends but when I request identites with the code below,
i see 9 claims (name, surname, fullname, gender, profile etc.) but I
dont get any friends information.
Code I am using is simply
identities = await App.Client.InvokeApiAsync<List<AppServiceIdentity>>("/.auth/me");
According to the documentation, it should return what i set in the backend as dictionary of claims type and value.
I am able to achieve this using simple http request as below
var requestUrl = $"https://graph.facebook.com/v2.11/me/friends?fields=id,picture.width(72).height(72),name&access_token=" + accessToken;
But i want a general solution using azure backend if possible?
AFAIK, your could only retrieve the basic profile (name, picture, email,etc.) from the current authenticated user. Per my understanding, if you hope your mobile app backend would handle the requests against the Graph API of facebook stead of retrieving the access token and send request in your mobile client, you could create a custom Web API and use the following code to get the access token and send request in your mobile backend:
// Get the credentials for the logged-in user.
var credentials =
await this.User
.GetAppServiceIdentityAsync<FacebookCredentials>(this.Request);
if (credentials.Provider == "Facebook")
{
// Create a query string with the Facebook access token.
var requestUrl = $"https://graph.facebook.com/v2.11/me/friends?fields=id,picture.width(72).height(72),name&access_token=" + credentials.AccessToken;
// Create an HttpClient request.
var client = new System.Net.Http.HttpClient();
// Request the current user info from Facebook.
var resp = await client.GetAsync(requestUrl);
resp.EnsureSuccessStatusCode();
// Do something here with the Facebook user information.
var fbInfo = await resp.Content.ReadAsStringAsync();
}
For your mobile client, you could leverage InvokeApiAsync to call the related custom Web API provided by your mobile backend. More details, you could refer to How to: Work with authentication and Custom HTTP Endpoints.
Related
I am a student working on a web app that allows users to upload videos to their youtube channel. It is working great, but I would like the users to be able to revoke that access if they want to.
For now, I am only deleting the user's access token from the database, but the app is still showing in the user's Google "Apps with access to your account" page... Is there a way to revoke that access without the user having to manually go to that page and click on the "Remove access" button?
Here is an example of manual access removal. I would simply like to have such a "remove access" button in my web app that would do the same. Is there a way?
Thanks for your help!
Take the access token you have for the user and just send a request to the revoke endpoint. It will remove the users access to your app.
curl -d -X -POST --header "Content-type:application/x-www-form-urlencoded" \
https://oauth2.googleapis.com/revoke?token={token}
Assuming you are using the Google api .net client library there should be a revoke method already
UserCredential cred = await GoogleWebAuthorizationBroker.AuthorizeAsync(
Helper.GetClientSecretStream(), new string[] { "email" },
"user", default, new NullDataStore());
Assert.NotNull(cred);
var accessToken = await cred.GetAccessTokenForRequestAsync();
using (var f = new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer
{
ClientSecretsStream = Helper.GetClientSecretStream()
}))
{
// Succeeds if no exception is thrown.
await f.RevokeTokenAsync("a-user", accessToken, default);
// Cannot verify revocation, as it takes in indeterminate duration to propagate.
}
I'm developing a .Net Core 3.1 API that will connect to Microsoft Graph to update photos of company employees.
However, I searched in several places and didn't find any code or method that could help me change a user's photo without me being logged in with that user's account.
Is there any way I can change the photo of a user with Microsoft Graph without me being logged in with the same?
Remembering that my user is the administrator of Azure AD and my application has "User.ReadWrite.All" released.
Firstly, what you need is this api, and as you can see it provides the application permission so that you can use client credential flow to generate access token and use it to call the api. Client credential flow makes users don't need to sign in and generate access token, then it can meet your requirement.
Here's the detail, you can generate token by this request, pls not you need to set User.ReadWrite.All application permission for you azure ad app:
and you can call the api with the token like this:
If you found your token can't work correctly, maybe you can try to add Group.ReadWrite.All application permission to your azure ad app too, as this is a known issue mentioned in the api document.
And maybe what you need is code snippet, then you can use graph sdk to call ms graph api:
var scopes = new[] { "https://graph.microsoft.com/.default" };
var tenantId = "your_tenant_name.onmicrosoft.com";
var clientId = "azure_ad_app_client_id";
var clientSecret = "client_secret_for_the_azuread_app";
var clientSecretCredential = new ClientSecretCredential(
tenantId, clientId, clientSecret);
var graphClient = new GraphServiceClient(clientSecretCredential, scopes);
using var stream = new System.IO.MemoryStream(Encoding.UTF8.GetBytes(#"Binary data for the image"));
await graphClient.Users["user_id_which_you_wanna_change_photo_for"].Photo.Content
.Request()
.PutAsync(stream);
I'm trying to get a refresh token set up in my Xamarin.Forms app using AAD B2C. I've got everything set up but run into issues when calling LoginAsync on my MobileServiceClient. All of the docs and examples I can find show to update my LoginAsync method to this:
var user = await App.MobileServiceClient.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory,
new Dictionary<string, string>() { { "response_type", "code id_token" } });
Except that the MobileServiceClient does not take a Dictionary<string, string> for the second parameter. It takes a JObject. Here's what my current code looks like:
var authResult = await App.AuthenticationClient.AcquireTokenAsync(Constants.Scopes, "", UiOptions.SelectAccount, string.Empty, null, Constants.Authority, Constants.Policy);
var payload = new JObject();
payload["access_token"] = authResult.Token;
var user = await App.MobileServiceClient.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory, payload);
I can not find an example use the JObject anywhere.
It is as simple as adding payload["response_type"] = "code id_token"; to my payload?
AFAIK, Mobile Apps support two authentication flows (client-managed flow and server-managed flow).
Client-managed authentication
Your app can independently contact the identity provider and then provide the returned token during login with your backend. This client flow enables you to provide a single sign-on experience for users or to retrieve additional user data from the identity provider.
After you retrieved the token, then you would login with your azure mobile backend by passing the token into a JObject instance as follows:
JObject payload = new JObject();
payload["access_token"] = ar.AccessToken;
var user = await client.LoginAsync(MobileServiceAuthenticationProvider.WindowsAzureActiveDirectory, payload);
For more details about other identity providers via client-flow authentication, you could refer to Client-managed authentication.
Server-managed authentication
Your app directly contacts your mobile backend, then your azure mobile backend contacts the identity provider and provide you with the logged user.
For Xamarin.Forms UWP app, you could login as follows:
For Xamarin.Forms IOS app, you could login as follows:
For more details about server-managed authentication in Xamarin.Forms, you could refer to Add authentication to your Xamarin Forms app.
UPDATE:
I have checked that if you call MobileServiceClient.LoginAsync in PCL, you could not see any extensions for LoginAsync. As you could see, there are many extension LoginAsync methods in the Microsoft.WindowsAzure.Mobile.Ext.dll for each platform. You need to define the IAuthenticate interface and implement it in each of your app (uwp, android, ios, etc.), for more details you could refer to here.
I am trying to authenticate a user with Azure Mobile Services from within a ASP.NET Web Form (.aspx.cs).
I have provisioned my Mobile Service to authenticate with Facebook using the steps described here: http://azure.microsoft.com/en-us/documentation/articles/mobile-services-windows-store-dotnet-get-started-users/.
This tutorial, however, describes authenticating in a XAML app where popups can appear, but I need to Log the user in within a postback of the web form, where showing a popup is impossible.
According to the docs I can do this by using the LoginAsync() function, like this":
MobileServiceClient client = MyAppsMobileClient.getClient(); //this handles setting the app ID and url
MobileServiceUser user = client.LoginAsync("facebook","");
Now, my problem is the second argument of this function. According to the docs, this is of type JObject, and apparently it is a JSON object I obtain from facebook when I first log in. Now, I can make a simple Login form for the user to enter his facebook ID and password, but I still don't know how to obtain the JObject I need to log in to Mobile Services. Do I need to delve into the Facebook APIs? Is this done using Ajax? Any examples, guides or tutorials on this would be welcome.
You can create a jObject from the data received from Facebook like this:
var token = JObject.FromObject(new
{
access_token = "YOUR TOKEN HERE"
});
This sample was taken from this SO thread:
Azure Mobile Service LoginAsync with Facebook Token is Unauthorized
And here you can read how to obtain an access token from Facebook using JavaScript:
Obtaining an Access Token
Suppose, for the sake of argument, that I already have a facebook access token for a user of my application. In that case, I don't really need to go through Firebase's whole auth.login("facebook") process, I really just want a trusted server to make sure this is a real access token (e.g. by making a GET request to "https://graph.facebook.com/me" with it) and then to set the Firebase user ID appropriately. Can Firebase do this?
Firebase Simple Login was recently updated to support logging in with an existing Facebook access token.
This means that you can integrate directly with then native Facebook JS SDK in your application, and then pass that Facebook access token to Firebase Simple Login (skipping a second pop-up) via:
var ref = new Firebase(...);
var auth = new FirebaseSimpleLogin(ref, function(error, user) { ... });
auth.login('facebook', { access_token: '<ACCESS_TOKEN>' });
See the access_token option on https://www.firebase.com/docs/security/simple-login-facebook.html for more information.