I'm using official Facebook Android SDK to integrate Facebook to my application. When it comes to authorize, the SDK use a custom dialog with Webview in it, loading facebook login page for user to enter username & password, this sounds OK.
However, when reading javadoc for the method "authorize" in Facebook.java (in the SDK package), I found that "Note that User credentials could be handled natively using the OAuth 2.0 Username and Password Flow, but this is not supported by this SDK"
How can I achieve this ?
Thanks in advance
Hum, I have not used the Facebook SDK yet, but I already coded communications with webservices based on OAuth 2.0 for the credentials; so my answer will not deal with Facebook specifically but with OAuth 2.0.
What you need to communicate with an OAuth webservice is first to get a token, in order to get it you need to give to the webservice your private developer key & password & your clients password & login.
I think that it is exactly what your documentation is talking about.
Note that good webservices provide an already written wrapper in order to do not have each developper rewritting the same wrapper.
If you need a wrapper example, look at Soundcloud Official Wrapper on github.
Related
I'm integrating Fabrick SDK in an Android app which has also a Backend to interact with a REST API. This Backend API should be secured, and in the past in other projects (not Android apps) I used both Twitter and Facebook OAuth logins with a calback URL that redirects to my Backend. From there I generate a custom auth token that must be used from the client (in this case, my Android app) to interact with my own API.
The thing is that I've been trying to call a callback URL somehow using Fabric but I could not. I've read the documentation and...
https://dev.twitter.com/twitter-kit/android/configure1
"(...) Callback URL
Although Fabric will ignore the value of the callback URL, it must be set to a valid URL for the app to work with the SDK. (...)"
Does anyone know why is that? There exists any other Twitter API request call accessible from Fabric's Twitter kit to specify a callback URL instead of using the Twitter sign one? There must be a solution for that because most of the developers that uses Twitter for medium to complex software projects including authentication must deal with this kind of problem for sure, but I found nothing.
Regards,
Luis Cappa
Since very recently you have to add twittersdk:// to your app in apps.twitter.com if using Android - twitterkit.
See https://github.com/twitter/twitter-kit-android/issues/135#issuecomment-397395425
Background info https://twittercommunity.com/t/action-required-sign-in-with-twitter-users-must-whitelist-callback-urls/105342
Just list is as your site.
http://www.yourhomepage.com
Twitter supports multiple types of authentication, if it is a regular O-Auth Request, you can just use your site as a placeholder.
See here: https://twittercommunity.com/t/callback-url/398/14
Want to post some photos or link on user Facebook wall without using FBSDKShareDialog. I am already post with using the FBSDKSharePhoto And FBSDKShareDialog defult dialog from facebook. For that I do the below code.
If you don't want to use the dialogs (regardless of whether you invoke them using the SDK or your own code), you will have to resort to using Graph API.
In order to create posts using Graph API, you will have to POST to the /me/feed endpoint (docs), but that requires an access token.
In order to obtain an access token from Facebook, you need to implement Facebook login, and their Platform Policy section 7.2 says:
Native iOS and Android apps that implement Facebook Login must use our official SDKs for login.
So in the end, you might as well use their SDK after all, or risk your app getting blocked.
However, assuming you have an access token and you are using the SDK (but not the dialog - since that is what you are actually asking), you can use this docs section to learn about how you can make Graph API calls using the SDK.
Is there a way to implement oAuth flow without actually launching browser or even a webview on android?
What I want to show is a native Popup which asks user credentials and then supply it to oAuth provider.
Strictly speaking no, the main idea with OAuth is that you should never handle the user's credentials in any way.
But it depends on the provider. Twitter for example uses their own invention xAuth where you send the username and password in exchange for an access token. Twitter only allows this for applications that can motivate that need very well though.
So check with the API provider if it is possible in some way.
Recently i did some research regarding implement oAuth without using browser or webview. Nowadays some platform already has native way by using their SDK like google: https://developers.google.com/identity/sign-in/android/, linkedin : https://developer.linkedin.com/docs/android-sdk-auth#. You can search for other platform too.
Another chance i see is by using google "Firebase" : https://firebase.google.com/docs/auth/. Even though i am not yet really try to implement it, as my understanding we can create our own custom input on HTML and pass it to their Javascript oAuth SDK to do credential login transaction. Just my guess we can do it with android native interface too.
Any correction are very welcome. Thanks.
I followed the tutorial here: https://developers.facebook.com/docs/mobile/android/build/#enablesso
I am able to authenticate on the android side, but what I want to do is to use SSO or some sort of authentication using facebook [preferrably OAuth] to authenticate against my web application on GAE. I expect it to work something like this: blog.notdot.net/2010/05/Authenticating-against-App-Engine-from-an-Android-app
This is the sort of flow I expect:
The user starts my app, and is prompted with an option to authenticate to FB.
The FB app/web dialog opens and asks the user to confirm permissions to be given to my app.
Once that is done, FB provides me with a cookie [or something similar].
I use that cookie for subsequent requests to my web service, where I can get the username simply using:
user = oauth.get_current_user()
user.nickname()
Is anything like this possible? The problem I face is that while performing SSO, there is no place where I specify an OAuth end point. GAE provides OAuth endpoints [http://code.google.com/appengine/docs/python/oauth/overview.html], which I think I should be using. Any clue as to how I can proceed about this?
Any help is appreciated. Regards, rohan
You need to implement the server-side authentication flow: http://developers.facebook.com/docs/authentication/
I implemented it in Java: see the LeanEngine oss project. You could probably reuse the android client part: the login dialog.
i am developing app.its having post message on facebook and twitter.i searched on net and got many example but i confused with twitter.
if i am using oath authentication how should i provide login screens for clients.many example
what i found just they are using consumer and secret key where i need to pass uname,pword
can you pl suggest me its very urgent to me
Thanks in advance
Aswan
Twitter using oAuth at present, so whatever api's you will get, they will open the official twitter login page in webview, so you cannot use your own login page for that, twitter does not want's that........Hope it help's youGood luck.......
I've done this using a WebView (to hold the login UI which comes from twitter.com) and Signpost for the OAuth authentication. There's a good example here.
However, this turned out to be a less than brilliant mobile user experience - WebView login screens just suck - so I switched to using XAuth instead of OAuth, which you have to apply to Twitter for. The benefit of doing that is that you can have your own custom login UI, which isn't web-based. Unfortunately Signpost doesn't yet support XAuth so I also changed to using a stripped-down version of JTwitter.
If you are interested in using Singpost and Android's HttpURLConnection to obtain access token based on username and password you can have a look at my post. I was referring to Twitter XAuth so that's should be what you looking for. It works for me.
http://3citydev.blogspot.com/2013/05/how-to-obtain-xauth-access-token-using.html