If anyone know if the Linkedin Rest api picture-url for user is permanent or it is temporary? Samething goes for the userid, it feels that userid is totally different when I do a request in my mobile application and when I do a request via the linked in rest api tool.
The picture URL is relative the the image that is currently being used. If a member changes their picture, so will the URL.
The member id is linked to your specific application. Different applications will return a different id for a member.
Related
I have two web application sharing one firebase (auth, db etc), it all works well, but i when users want to do a reset password, the email i can see in the Password reset template allows me to change it but i don't want to be hard specific on the url, given the password request might come from either application, is there a way to let firebase know which link to use or possibly set it from the code ?
It is not possible to change it to a fully customized URL(like mywebapp1.com), the reason for that is that it won't be possible to check if the modified URL is a valid one.
You have 2 options:
You can get a custom domain like authApp.com and follow these steps on the documentation so you can have a more personalized experience for both apps.
You can create dedicated emails based on the app (the URL will stay the same) using action links , this will show a nice layer of customization to your emails based on the specific web app being used.
I have successfully created a dynamic link via Firebase using their API as listed here: https://firebase.google.com/docs/dynamic-links/rest#creating-a-short-dynamic-link. I was wondering what the lifespan of one these "generated-on-the-fly" dynamic links were?
Dynamic Links have no time-to-live, and don't expire.
You can archive a link from the Firebase console, but that merely hides it and doesn't expire the existing link.
This reads like a XY problem though. Since dynamic links carry no authentication/authorization information, they are valid indefinitely. If any authentication is required to see the contents that the link target, you'd implement that in your app after requiring the user to authentication/authorize after the link is resolved.
If the link target has become invalid in your app, you'll want to set up a redirect in your app - so that users who have the old link end up in a useful location too. This is essentially the same that you'd do with links on a web site: instead of letting the web server show a 404 page, it's better to set up redirects to the new location of the relevant content.
I am new to ajax, In my website, I am calling Ajax, it will pass parameter and it will retrieve records from database based on parameter.
But I can see the complete url link on Inspect Element's network tab like below
Employee.aspx?userid=45
I check this stack overflow link. I didn't get clear idea about it.
In some website they mention we can you Token,Authenticate the user,use cookies. But I don't understand how to use those things on my ajax code
The answer for this is not fixed it based on which approach you follow. The stack overflow link you provided pointing out the same thing about the link issue which you have right now. Any ways following are some possible approaches you can follow in order to prevent your URL visibility to end users
1. Make use of unique keys/alias/ids
In order to prevent your table's primary key to be directly revealed to the end user from the devtools you can have a user key column in your user table which have some random 4-6 digit unique code per user so to identify each of them and use these keys to communicate through URL or service calls instead of primary key itself. Same can be applied to any tables. Some people prefer username alias used in the URLs like employee name "John Marshal" can have URL like Employee.aspx?username=john-marshal
2. Token based on authentication or Cookies
This is where some learning is required. The basic idea behind it is the service which is called based on the URL will only be served to the authentic user which have the token or the cookie already present at the user's end. So in that way the call won't reveal any data it will simply return "403 Forbidden" or "401 Unauthorized" HTTP responses. And such URL will only exist on the pages which are accessible by authentic user. It means until and unless the user is logged in they can't get data from such URLs.
Still there are many ways to achieve this but these are all approaches which can be considered; you totally can't secure the requested URL its the approach which can.
Hope it helps
I am using facebook on my website to send requests. (like a multi friend selector)
I am using the a basic method in fb documentation as
https://www.facebook.com/dialog/apprequests?app_id=APP_ID&message=Facebook%20Dialogs%20are%20so%20easy!&redirect_uri=http://localhost/mysite/newpage.aspx
It works and sends requests and I get the id'd of the users requests are sent to.
Now, How do I get their email address ?
I would like to store both facebook id and email addresses of all the people requests are sent to.
In fact, it would be of great help if I can get some basic details like email, first and last name, facebook profile picture etc., for all those ids.
I am using asp.net. Please try to answer in that.
That's simply not possible - there's no way the Facebook Graph API would expose Email-addresses of friends! (you can of course access the email-address of the current user when authorizing with the "email"-extended permission).
As for the other basic details - yeah, firstname, lastname & profile picture are publicly available, just query https://graph.facebook.com/USERID?fields=first_name,last_name,picture. You should consider using Batch-Requests if you want to query lots of different persons in one go.
I develop an ASP.NET website. It will contain text articles and some of them will contain pictures from my facebook account above and beyond the text. Note that I'm going to use only the public albums from my account.
So I created a sql table and binded the articles, the albums and the photos (in fact the IDs of all of them). I already used facebook api sdk and it was a great library.
Obviously any visitor of my website (even he doesn't have a facebook account) mignt be able to see the articles and the pictures withount visiting facebook and without authentication via facebook oAuth to access them.
Well here are the questions:
1) How do I get the photos a public album contains by album id and user id without authentication? (I don't know, maybe I should use the other parameters than album id and user id)
2) How do I get the properties (name, id, etc) of a public album?
With out an access token there's very little you can get from the graph api.
Just try yourself by directing your browser to: http://graph.facebook.com/YOU_USER_ID.
You can also check the fields/connections tables in the User object documentation, where it says "No access_token required" in the Permissions column (3rd) you can get with out a token.
If you want to get other data of yourself and serve it publicly on your site you have two options:
Use the server-side authentication flow, get a long lived access token (60 days), save that and use it for the following 60 days to get your data from facebook.
Then, when it gets expired go through the authentication process again.
It will just be you who needs to go through it, not your users, and only once every 60 days.
Log in yourself, authenticate against your app, get all the data and persist it on your db, then just present that to your users.
You'll need to update things every once in a while.
Edit
The server side authentication flow guide has an example written in php.
It's a simple example which does not cover all scenarios but it's a good start.
I have implemented this in python and java but it's not something that can easily be shared since it spans across multiple requests and states, and so I'll just describe the flow I think that you should use:
Inside facebook you go to your canvas app
Facebook will make a POST into an iframe with your canvas url
In the post data you will get a signed request, decode it and check if it has an access token, if so check when it expires. If all is good save that token and the auth process is over, otherwise:
Redirect the user to the oAuth dialog along with your redirect url and permissions that you require.
After you allow your own app you will be redirected to your "recirect_uri" with the code parameter (in the querystring).
Exchange the code for an access token against the facebook servers and save the token.
You can then redirect yourself to the canvas app or just stop there.
That should do it for a long lived access token which you can then use for 60 days.
As for persisting your fb data on your own db, it's a pretty trivial operation to save data on a db, and it all depends on what data you want to save, how you need to encode/use it (json, xml, plain text).
For example, let's say you want the display your own photos, then after you get the token (as described above) just query from your server for your photos by issues an http request to: https://graph.facebook.com/me/photos?access_token=XXXXXX.
You should get a json encoded result, iterate over that and save each picture as a record on your db.
To retrieve list of user's albums you need to issue next GET request to Graph API:
https://graph.facebook.com/me/albums?access_token=...
And to retrieve list of photos:
https://graph.facebook.com/ALBUM_ID?access_token=...
But you cannot read user's albums (and photos) without authentication and requesting user_photos permission.
According to album documentation:
To read an Album you need
Any valid access token if it is public and belongs to a Page
The user_photos permission if it belongs to a User
The friend_photos permission if it belongs to a User's friend
So generally you have only two options to achieve the result you want:
Use Facebook Page to store all the Albums/Photos you want to display on site
Read 'em using Application access_token.
This will allow you to completely bypass authentication flow at all.
Use your personal account to store Albums/Photos
Authorize application (client-side/server-side) and grant user_photos permissions
Extend access_token for your user and store it
Use your personal access_token to access your Albums/Photos