What I want to do is use the LinkedIn API to access a arbitrary user profile, get the image (if there is a public one) and use that image. If a user is authenticated, I can get their image using:
https://api.linkedin.com/v1/people/~:(picture-url)?format=json
But I cannot figure out what to replace the tilda (~) with to find an arbitrary user (i.e. using an email address). If I simply put in the email address, it won't find the user.
Is it possible to get info from an arbitrary user profile (assuming that it is public)?
Thanks,
Scott
It is not possible getting an arbitrary user informations by using LinkedIn API. The user must authenticate the application by his or her username and password.
However, this answer gives a working example how to access a profile by url. I suppose that adding picture-url will work.
Related
What I want
I have a list of people with all their personal information (name, first name, date of birth, email, etc.). I created an account for each of these people using their email/phone + a password I generated for them.
I want to send to each of these people an email/SMS with a link allowing them, once clicked :
to be directly connected on our website, without having to type a password or using a third party as Google/Facebook/etc.
and I want the link not to expire after the first use. The user must be able to click on it several times and be connected to our website each time.
What I tried
This is what I tried so far, unsuccessfully :
Passwordless Auth with email link: using both backend and frontend. Doesn't fit my needs because the signin link works only once by design.
Create a custom token with Firebase: as I understood, the token will expire 3600 seconds after creation, which is not useful for me.
Implement anonymous auth: it still need the user to type email+password at some point if you want to convert the anonymous account to a permanent account (because I don't want to use Google/Facebook/etc auth). Plus, it will need consequent changes in all my website code to work.
At this point I realized that Firebase doesn't have a solution that fits my needs. I started to fiddled around as best I could.
The idea
It works as the following:
First I create an account for the user in Firebase + a unique document in a collection in Firestore. That document contains 3 fields: magic_token, email, password.
Then, I create a link to our website with a unique token as a parameter in it. I store the token as magic_token in the document I described above. I send the link to the user.
The user clicks on the link, get redirected to my website. In the front, I detect the presence of the token in the parameters of the URL, I retrieve the document in Firestore with the corresponding token.
Using the email and password stored in this document I call: signInWithEmailAndPassword() to login the user.
PROS:
it fits my needs.
it is easy to implement
CONS:
the user password is visible in Firestore.
it's not very secure.
The question
Is there a proper way to implement a Magic Link that fit my needs? If not, how can I improve my own custom token authentication ?
I'm trying to password protect a page that contains confidential information.
Upon clicking a link, user will be shown a pop-up dialog to enter password.
If successful, redirect user to page. Otherwise, display "Wrong password".
The thing is, this can be easily overcome if user just copies the URL and add "/exec#ConfidentialPage" to the end of the URL.
Any suggestions?
If at all possible I would highly discourage implementing your own authentication system and instead rely on Google login to secure your data. See https://developers.google.com/appmaker/security/secure-your-app. My short recommendation is to:
Create a google group which contains the users you want to access the
data.
Create a role in App Maker which contains that group
Restrict access to both your data and your view to members of that role.
This is much more secure than a password based approach as #1 It's implemented by Google (implementing your own auth correctly is hard) and #2 You have a list of everyone who has access to your data in the form of the Google group.
I have 2 different websites
-> webgrants.com
->calgrants.com can be accessed directly or from webgrants
there is link provided for calgrants.com in Webgrants.com
so how can i validate the credentials of user when they click on the link provided. how can i do this .urgent please
There might be better ways to do it, but off the top of my head you can do this:
Assuming they have access to the same(or a common) database you create a table of userId and ticket.
Whenever a user wants a redirection to other website, you create a random value(ticket) and assign that value to the user and store this pair into the database.
You add this ticket to address of the other website, as a parameter. Other website checks the table for that 'ticket' and authenticates the user.
There are some question on the StackOverflow about facebook & email, but after reading them I still have a problem with retrieving users emails.
Our app implemented on Flex and uses REST API. And previously it used notifications.sendEmail.
App has publish_stream and email permissions (checked with users.hasAppPermission).
I tried users.getInfo for get proxied_email address.
But this function does not return email address of the friend..
Then I performed the following test using Graph API and web browser:
Opened the following link for authorization with extended permissions:
https://graph.facebook.com/oauth/authorize?client_id=[app_id]&scope=publish_stream,offline_access,email&redirect_uri=http://www.facebook.com/connect/login_success.html
It returned code for retrieving access_token
Oppened the following link for retrieving access_token
graph.facebook.com/oauth/access_token?client_id=[app_id]&client_secret=[secret]&code=[code]&redirect_uri=http://www.facebook.com/connect/login_success.html
It returned access_token. And now I can use GraphAPI.
Tested with my account
graph.facebook.com/me?access_token=[token]
Ok. It returned my emal.
Tested with my friend
graph.facebook.com/[friend_id]?access_token=[token]
And here is no email field!
So my questions are
Where did I go wrong?
Is it possible to get friend's email via Facebook API (GraphAPI or REST API)?
Thanks.
Email permission gives access to your email only.
If you look at the extended permissions page it says:
Likewise, to protect the privacy of users who have not explicitly authorized your application, your application will only be able to access the basic profile information about a user's friends, like their names and profile pictures. If your application needs to access other data about a user's friends to enable social functionality, you will need to request some of the special friends permissions listed below.
And if you look at the table below, it says "not available" for email permission for friends.
there ought to be some way else how does JanRain does it?
http://www.janrain.com/products/engage/invite-friends
I think that getting friends' email ids is not permitted by Facebook; at least, that's what my research tells me.
#helloworld: Who told you that janrain gets users' friends' email ids?
Only with the extended permission you can specify via the scope attribute, when obtaining the access token
Example:
https://graph.facebook.com/oauth/authorize?
client_id=...&
redirect_uri=http://www.example.com/callback&
scope=email
We have a website with a section restricted to members only. They log in and can view the website.
Some of the information is stored on another server. We want that information to ONLY be accessible to those who have logged into the main website.
What would be the best way to link the two sites, without making members log in again? Seems like there must be some way to send an encrypted username and password along with the URL in the hyperlink.
Any ideas? Thank you in advance.
Fred G.
I think you are looking for some "Single Sign On" solution.
You can add the session ID as a GET parameter to the URL (eg suffix it with ?SESSIONID=<long ID here>, then have the second site validate the session (check that it's logged in, check that the logged in user has access to the resource they're requesting) in a shared database.