How to let Facebook approve a permission that's intended to be private (e.g. CMS to FB pages integration through manage_pages permission) - hybridauth

We want to integrate our own CMS with our own social identities pages to automate the process of publishing our articles to Facebook and Twitter.
To do so we used a system based on PHP HybridAuth scripts.
For Twitter no problems.
Facebook now requires a specific review for each permission outside the basic ones.
We need the manage_pages permission to let the cms automatically manipulate our own pages.
Facebook requires a review with step to step instruction to simulate the functionality so they can approve it or not.
But how can I simulate something that's intended to be private and available only to our staff?
Do I need to mimic the flow in a public directory to just have the permission approved, or is there a better way to solve this issue?

Configure your config.php file to include the option "scope" => "manage_pages" in your facebook provider.
return
array(
/*...*/
"providers" => array (
"Facebook" => array (
"enabled" => true,
"keys" => array ( "id" => "xx", "secret" => "xx" ),
"trustForwarded" => false,
"scope" => "manage_pages"
),
/*...*/

Related

Linkedin fetch feeds through API

I am using API V1 API, I am able to post on feeds but unable to fetch my feeds.
I am using following laravel package : https://github.com/artesaos/laravel-linkedin
To fetch feeds:
$posts = LinkedIn::get('v2/activityFeeds?q=networkShares&count=2');
I am getting following error:
array:3 [▼
"serviceErrorCode" => 100
"message" => "Not enough permissions to access: GET-networkShares /activityFeeds"
"status" => 403
]
In App setting there is no such to give permissions. Below is the screenshot: https://www.awesomescreenshot.com/image/3644392/6f92b88a7d73be3545126b88d49234c6
for the use of the V2 you need to require a partnership with linkedin.
https://developer.linkedin.com/partner-programs
check the box of the permissions you need (you have to conduct some research into what you need).
PS: this can take up to 1+ months before the partnership is accepted

Laravel 5.3 Passport api routes are returning Unauthenticated error

I am new in Laravel Passport and I am able to get the the tokens from Laravel like below with Postman.
With this token, I tried to access my api route user-details
Route::group(['middleware'=>'auth:api'],function(){
Route::get('user-details','ApiController#getUsers');
});
Here I am getting
{
"error": "Unauthenticated."
}
Screenshot:
What is the issue actually ?
Since you didn't mention this step, I am guessing you might have missed this step.
'api' => [
'driver' => 'passport',
'provider' => 'users',
],
Read the documentation fully.
https://laravel.com/docs/5.5/passport

Laravel 5.3 + Passport: always unauthenticated error

I'm always receiving "Unauthenticated error" when using Passport in my current project. That's what I did the lasts 3 days:
Install and configure Passport (as docs says)
Request a token (password grant token) with Postman
Request a protected route (auth:api middleware) with the token
Get
`{ "error": "Unauthenticated." }`
Search and search and research
Get
`{ "error": "Unauthenticated." }`
Then, I've installed a fresh L5.3 and a fresh DB and works fine. Even with my current DB!
I've tried all the solutions that I found without success ...
Can anyone help me? Any idea would be appreciated.
Thanks.
I had the same problem as you and looked everywhere to find a solution.
It appeared to be Apache's fault in my case. Apache was deleting the header "Authorization: Bearer TOKEN_HERE" so the auth:api wouldn't work as expected (getting 401 unauthorized).
We ended up trying adding to our .htaccess:
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule .* - [e=HTTP_AUTHORIZATION:%1]
And it magically worked.
I really hope it helps, we spent a whole day trying many solutions, this is the one that worked for us.
Which grant_type have you used to generate this token?
Possible resolutions are as follows
1: If you are using client credentials to generate your access_token, you have to turn on client_credentials, middleware as follows.
1.1 Add to the routeMiddleware in \App\Http\Kernel.php
'client_credentials' => \Laravel\Passport\Http\Middleware\CheckClientCredentials::class,
1.2 Use 'client_credentials' middleware in your route too.
Route::group(['prefix' => 'v1','middleware' => 'client_credentials'], function () {
// Your routes here
});
2: For Grant Type Password
2.1 : Create a Password Grant Client
php artisan passport:client --password
2.2 : Request A token with following header fields
'grant_type' => 'password',
'client_id' => 'client-id',
'client_secret' => 'client-secret',
'username' => 'taylor#laravel.com',
'password' => 'my-password',
End point /oauth/token
The token you get now should give you access to your api.
My problem was an omision, I'm building a GraphQL api and in the middleware line at the configuration file "graphql.php" I put
'middleware' => ['auth'],
when the correct way is:
'middleware' => ['auth:api'],

When user signs out from SAML Service provider, it does not logs out user from the Salesforce Identity provider

I am doing SSO between Salesforce and Drupal using Salesforce as Identity provider and Drupal as Service provider using SimpleSAMLPHP. When user signs out from the Drupal web site, it is not getting logged out from the Salesforce.
To solve the issue, I used 'SingleLogoutService' as https://salescloud--OptusFull.cs13.my.salesforce.com/secur/logout.jsp in Drupal Service provider. But the issue here is that the log out process now ends up with Salesforce login page and I did not find a way to redirect it to the Drupal site. Is there any way to redirect user back to Drupal site.
Please find the metadata information from metadata/saml20-idp-remote.php
$metadata['https://salescloud--OptusFull.cs13.my.salesforce.com'] = array (
'entityid' => 'https://salescloud--OptusFull.cs13.my.salesforce.com',
'contacts' =>
array (
),
'metadata-set' => 'saml20-idp-remote',
'expire' => 1739182548,
'SingleSignOnService' =>
array (
0 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
'Location' => 'https://salescloud--OptusFull.cs13.my.salesforce.com/idp/endpoint/HttpPost',
),
1 =>
array (
'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
'Location' => 'https://salescloud--OptusFull.cs13.my.salesforce.com/idp/endpoint/HttpRedirect',
),
),
'SingleLogoutService' => 'https://salescloud--OptusFull.cs13.my.salesforce.com/secur/logout.jsp',
'ArtifactResolutionService' =>
array (
),
'keys' =>
array (
0 =>
array (
'encryption' => false,
'signing' => true,
'type' => 'X509Certificate',
'X509Certificate' => 'MIIErDCCA.....',
),
),
);
There's a setting in Salesforce that controls the page where the user lands after logout via the identity provider. The setting is under Security Controls > Single Sign-On Settings -> - Identity Provider Logout URL . This setting will only appear in your SF production org if you have My Domain turned on.
Salesforce does not support Single Logout Service
(Initiated or not in the IdP).
If you set as SingleLogoutService the Salesforce normal logout service, you will end at the Salesforce login page and not LogoutResponse will be sent to the SP(drupal). Also, if you directly Logout from Salesforce, no LogoutRequest will be sent to the SP(drupal).

Google plus insert activity on stream

Tough time inserting an activity to google plus stream. After referring google developers guide.
I found an example for java - https://developers.google.com/+/domains/posts/creating
Is there a similar example to execute the activites.insert query using google-api-ruby-client.
I followed following steps:
Define access to app via omniauth-google-oauth2
GOOGLE_CONSUMER_KEY = google_config['KEY']
GOOGLE_CONSUMER_SECRET = google_config['SECRET']
google_scope = "userinfo.email,
userinfo.profile,
plus.login,
plus.me,
plus.media.upload,
plus.profiles.read,
plus.stream.read,
plus.stream.write,
plus.circles.read,
plus.circles.write"
Rails.application.config.middleware.use OmniAuth::Builder do
provider :google_oauth2, GOOGLE_CONSUMER_KEY, GOOGLE_CONSUMER_SECRET,
{
name: 'google',
scope: google_scope,
prompt: 'consent'
}
end
Use the token and refresh token to execute api calls google-api-ruby-client. Am able to list the activities using "plus", but to insert an activity I should use plusDomains.
client = Google::APIClient.new(:application_name =>'Demo GooglePlus',:application_version => '1.0.0')
plus = client.discovered_api('plus')
plusd = client.discovered_api('plusDomain')
client_secrets = Google::APIClient::ClientSecrets.load
auth=client_secrets.to_authorization
auth.update_token!(access_token: 'aRandomToken', refresh_token: 'aRandomRefreshToken')
result = client.execute(:api_method => plus.activities.list,:parameters => {'collection' => 'public', 'userId' => 'me'}, :authorization => auth)
>> This works, returns the list of activities
Using plus Domain
result = client.execute(:api_method => plusd.activities.insert,:parameters => {'collection' => 'public', 'userId' => 'me'}, :authorization => auth)
>> Returns 403 Forbidden
Later I realized that google api requires domain wide delegaton to use the domains api(I think thats correct?)
https://developers.google.com/+/domains
https://developers.google.com/+/domains/getting-started#accessing_the_apis - Will the oauth used in Step 1 above would suffice ?
https://developers.google.com/+/domains/quickstart/python - Is there anything available in RUBY
I tried the service account setup also, created a business app and followed a service_account example
But still not luck.
Trying on terminal
curl -v -H "Content-Type: application/json" -H "Authorization: OAuth ya12.AqwqwwAS1212grcECQ3iVAlg" -d "{'object':{'content':'Test message'},'access':{'items':[{'type' : 'domain'}],'domainRestricted':true}}" -X POST https://www.googleapis.com/plus/v1domains/people/me/activities
Results in ->
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Forbidden"
}
],
"code": 403,
"message": "Forbidden"
}
}
May I get some help in inserting an activity on google plus user steam ?
Thanks!
Couple of things to verify first:
You are using a Google Apps domain. This API does not work for regular Google+ users.
You enabled the Google+ Domains API in the Google APIs Console where you created your client ID. It is easy to miss the Google+ Domains API and accidentally enable the Google+ API instead.
Your Google App domain must have Google+ enabled by the Administrator.
The user that you are acting on behalf of either through the standard OAuth flow or through domain-wide delegation has created a Google+ profile.
Next:
You cannot use the plus.login scope with the Domains API. I believe you also need to drop the userinfo.* scopes. See the full list of Google+ Domains API scopes.
Also, I believe your scopes are being defined incorrectly, I believe they need to use their full URIs:
google_scope = "https://www.googleapis.com/auth/plus.me,
https://www.googleapis.com/auth/plus.media.upload,
https://www.googleapis.com/auth/plus.profiles.read,
https://www.googleapis.com/auth/plus.stream.read,
https://www.googleapis.com/auth/plus.stream.write,
https://www.googleapis.com/auth/plus.circles.read,
https://www.googleapis.com/auth/plus.circles.write"

Resources