Verfiy user is who they say they are on an external website - asp.net

I am developing a website for our GTA Online Crew, basically a gaming community, my issue lies in verifying that they are the user they say they are when they register (For example if there username on social club is GTOFAN01, we want to ensure that person uses the same username on our site when they register).
As we want all website users to have the same names from social club (owned by Rockstar and I have no way to change anything on there end...) to our website to avoid confusion / posers / trolls etc.
I've had a few ideas but they all create a lot of manual work or I am not sure how to implement, but I have narrowed it down...
Let anyone register and then manually send them a confirmation code through social club to the account name they have said they are.
somehow find out who they are currently logged in as on social club, if this matches the name they supplied then let them in.
find someway to send a message to there social club message box
2 is by far the best, but I can figure out a way to achieve it... I cannot read cookies or session variables from another domain.
Any ideas?

There are several different ways of achieving "federated identity". I would recommend taking a look at OAuth and OpenId. Asp.net Identity has OAuth integration.
See also:
OpenID vs. OAuth
What's the difference between OpenID and OAuth?

The way I ended up going was generating a random qoute for the user to post on the social club (checking it didn't exist first), as the social club feed is public I can then check to see if the qoute was posted and by whom, if this matches who they told us they were then there registration is accepted.
Obviously this is not the greatest solution, but it works and as I've stated I have no control over the social club nor do they offer any way to authenticate a user.
The other befit to this method is it encourages use of the feed which we also wanted to do.

Related

Is there any way to automatically access my education record on LinkedIn?

I want to create a webpage where users can access their education records from LinkedIn (which are then plotted on a timeline).
Using OAuth, I was only able to access my Name and Profile picture. It seems like LinkedIn heavily restricts access, even if users give their explicit consent. I don't see any way to request the scopes needed to request the education section of my profile. A similar experience is also outlined in this medium article:
The frustrations of dealing with the LinkedIn API
Alternatively, people have suggested using Selenium to scrape the public profiles of users. However, LinkedIn has taken up multiple legal fights against scrapers, so obviously they are not ok with it.
Considering that I want to build a service that benefits LinkedIn users and that I only want to access information of users that give their explicit consent to do so, it seems odd to me that this should not be possible on LinkedIn. Is there any way of doing this in 2023? I know similar questions have been asked before, but LinkedIn changed their policy quite a few times as far as I'm aware and previous questions date back many years.

Can I form a direct URL to a particular Google account for which Gmail is disabled?

This existing question https://webapps.stackexchange.com/questions/18959/can-i-form-a-direct-url-to-a-particular-gmail-account is close to what I need, except that I don't want to go into Gmail since email is disabled for the institutional account I am using. I want to log into some Google App - ideally Google Classroom, second choice Google Drive - but I'll take any alternative to Gmail if it shows it can be done (sorry I don't have a full list of enabled Apps for my institutional account).
This suggestion from Eivind Eklund works when Gmail is available
https://accounts.google.com/ServiceLogin?service=mail&passive=true&Email=example#domain.com&continue=https://mail.google.com/mail/u/example#domain.com/
by which I mean it gets me into my Gmail with my personal account, and with my institutional account I get "We are sorry, but you do not have access to Email. Please contact your Organisation Administrator for access."
So, is there a URL that I can pre-populate with an account to get into a service other than Gmail? I thought perhaps if I changed service=mail to service=drive, and Email= to Account= then it might work, but this produces "The requested URL was not found on this server. That’s all we know." I could be guessing all day - I can find no documentation of what the alternative parameters might be. Can it be done?
D'oh! My colleague suggested "well let's give service=classroom a try". We then went into a particular class and copied the query string, so we can now generate direct URLs for each student (who likely won't know their ID) per class
https://accounts.google.com/ServiceLogin?service=classroom&passive=true&Email=MY_INSTITUTIONAL_ID&continue=https://classroom.google.com/c/Mzk3MTAzNzk2MDVa

How to connect Facebook, Twitter & Google accounts in Java (Spring MVC)

I'm going through the features of social auth (http://code.google.com/p/socialauth/) & wondering if this is the best thing for my requirement. Please guide.
My web application currently has it's own login mechanism(native). But I'm planning to do the following:
Login through Facebook(F), Twitter(T) and Google(G) options
After login (either through F,T,G or native login), I want to give user the option of selecting F friends, T followers or G contacts (in a textbox with autosuggest facility)
So my doubt is: (social auth says that "..currently Facebook, Twitter and LinkedIn do not provide email addresses. UPDATE: Hotmail has stopped providing email addresses.")
So although I'll have a list of followers, friends or contacts will I be able to notify them once my user selects and submits his form?
Will it be through F,T or G respectively(through status updates, tweets or email?)
Moreover, I've one more scenario:
E.g. the user has logged in using Facebook. Now I want the user to be able to link her Twitter and Google account too. Can socialauth provide that?
If yes, how would I handle multiple profile objects of the same user?
Please guide or suggest any other library.
My application is in Spring MVC.
Or shall I use Spring Social?
Since your application uses Spring-MVC you should try Spring Social. It would be best for your application.
You can also use socialauth library. It also has spring version to connect with FB, twitter and others provider. Link for the same is as given below:-
http://code.google.com/p/socialauth/
Spring Social is best option for your requirement and in can be easily integrated with
There are 2 proven ways which can be used for this
Using Spring-security-oauth2
Using Spring Social
However, if you are using just Spring Social based on the facebook example, provided on the Spring Website then be mindful of these issues
It doesn't work for more than 1 user
Spring-social doesn't support Google either.
It is also difficult to change the redirect flow unless you override the methods
But the good thing is there are workarounds to fix them and they are quite simple.
Here is how to fix FB one user per application problem
For connecting/authenticating with Google
For Changing the default redirect flow
The Complete tutorial with step by step instructions can be found here
Having explored both oauth2 and Spring Social. I would suggest Spring-social as its lot more simpler and custom built for social logins only.

Set privacy when publishing an action

Have anyone heard Facebook say anything about adding the possibility to specify the privacy when publishing an action? I wonder if it's something they plan for the near future or if it will take longer time for them to implement.
Background
The "App activity privacy" let's the user set who should be able to see actions published by the app. I would like my app to set the privacy for each and every action the app publishes, just as an app can do for wall posts by specifying the "privacy" field.
Edit 2012-05-24
I attended Facebook Developer Garage in Stockholm yesterday and had the opportunity to ask what Facebook's plan is. The answer was that Facebook did think a lot about adding flexible privacy settings, but decided that they want it as simple as possible for the user. They want to let the user decide the privacy settings for everything the app publishes once and the users can currently do this when they add the app. You never know when Facebook change their minds but currently they don't have a plan for decent privacy settings.
Facebook have now added the "privacy" parameter when publishing actions.
See https://developers.facebook.com/docs/opengraph/actions/
Case closed.
Edit: As Angel García Olloqui pointed out, the privacy field can only have the values ALL_FRIENDS or SELF. Pretty useless for now.
Edit: I added a more complete answer to the question.
Access token generates corresponding to your all permissions which appear on the first startup of the application. Then by using that access token app enables to get some information from user

Google Chat in ASP.NET application

I want to provide chat facility to my website visitors. This should be same as google chat (person to person communication). Are there any free tools available to integrate in the website? Or is there any way that we can use Google Chat's API and can integrate in our website?
Pls help me.
You can embed google chat into your web page, instructions here
I think a reasonable approach would involve opening an iframe that talks to a dynamic page. The dynamic page would be auto-refreshed by two or more clients and continously post to/read from a table that stores the ID of the session, timestamp, user name(or IP), and message for the chats. The ID of the session would correspond to the dynamic page ID and bob's your uncle.
I'm sure there are various implementations floating around, but I'd want to control this on my own. No user accounts required if you set it up correctly, thought finding other users may be an issue without accounts.
There are a lot of good embeddable chat widgets you can insert into a page fairly easily that do all the work for you.
I've tried out a few of the ones listed in the link above (mostly MeeboMe and Geesee) and don't have any major complaints. With that many choices you should be able to find one that meets your needs. Most don't even require a login.

Resources