Access user location on facebook app (React.JS) - javascript

I am building a products review app with react for a certain company. They require the user's location(country) to show suitable products to review in case users open the app on their own.
So, I only found getLocale() in instant games SDK and it's impossible for me to know the user's country through this function, only language is available. I tried react-facebook-login but there doesn't seem to be a permission that gives you location(country) either. I only found one named 'user_location'. However, I couldn't find it on the permissions to request list on facebook dashboard. I also read that I cannot use any third party library that gives me access to user's information outside facebook's sdk.
Any thoughts on how to go through this?
Thank you.

Related

React Native Firebase Analytics get User Country

Problem
I want to get the user's current country in React Native to find out if they're in the EU so I can display a GDPR consent form to collect personal data for advertising purposes.
I don't want to have to ask the user to allow location services as my app doesn't need to have their current location.
I have React Native Firebase installed in my app and I noticed that Analytics will tell me the users country in my console.
Does anyone know how I can access the user's country via React Native Firebase Analytics in my JS code?
If anyone has a better way to get the user's country I'm open to that as well!
Thanks in advance!
Google Analytics for Firebase automatically derives the location of the user from a number of data points, mostly from the IP address from which they connect. There is no API to get that information from Analytics.
Most applications that need this information use a similar IP-to-location lookup API to determine it, or inspect the phone settings for the user.

Get link to Facebook profile with passport.js

I am using passport.js to let users log in.
I am wondering if it's possible to create a link to their profile on their social media account?
For instance, when logging in using Facebook, I can get an ID, but the link https://www.facebook.com/profile.php?id=__ID__ doesn't work.
Maybe it's not possible at all since some Facebook users might have their Facebook profile hidden even though they use their account as login for other websites.
From what i know, this is not possible using passport at least.
The reason why the link doesn't work is that the ID returned by Facebook is always app specific so different apps would get different IDs for the same user. So you don't get the "official" ID of a user which you could use for building the URL.
However, the Facebook API returns a link to a users timeline which should be the one you are looking for (https://developers.facebook.com/docs/graph-api/reference/user/). But from what i see in the documentation of passport, this information is not returned. So if you want to get the link you need to work with the Facebook API directly.

Accessing private Google Drive data without OAuth2 redirection/copy and pasting

I'm making an open source Node module that will require access to each user's private Google Drive files. I've been trying to wrap my head around all of these different authentication types, and have come to a road block. From what I've gathered, there are two primary types of authentication
I, the library author, provide in my library the public and private keys necessary to authenticate each user with OAuth2. This means giving them a URL to go to to give my app permission to access their data, and have them copy and paste an access code back into their terminal. I was able to run through this tutorial and get it working, but this method seems dangerous, because of the keys I have to package with my library, and unnecessarily difficult.
Have the user go to the Google API console, get their own API key, and provide that to my library through some sort of configuration file. No URL redirection, no copying and pasting, just some private credentials that only they have access to.
2 sounds a lot better to me: This library has absolutely nothing to do with me once it's in the user's hands, so it feels incorrect to have them authenticate with me. But from what I can find, the only way to do this with Google's API is to create a Google Service account, download the JSON they give you, go through a flow similar to the top comment on this blog post, and then manually give the service account email access to my personal Google Drive files. This seems hacky, and a lot of work to gain access to my own private data. Is there a better way to go about this? It seems strange to me that this fairly standard flow in other APIs is only available in Google's API through service accounts, but maybe there is a way and I'm just not seeing it. I'm fairly new to authentication, so any help at all is appreciated. Thanks!
First off I want to say that you cant release your open source project with the client id and client secrete that you created on Google Developers console this is against googles terms of service.
1.Developer credentials (such as passwords, keys, and client IDs) are intended to be used by you and identify your API Client. You will keep
your credentials confidential and make reasonable efforts to prevent
and discourage other API Clients from using your credentials.
Developer credentials may not be embedded in open source projects.
My Answer on another question about exposing client id in open source projects.
Second you could instruct your users to use either Oauth2 or a service account or both its really up to you.
If the user will only be accessing their own data and wont need to access someone else's data then they can use a service account you will need to instruct them in how to share a folder on Google Drive with the service account. However from your side permissions can be tricky when they are uploaded the service account will own the file uploaded to the users google drive account you will need to have the service account add permissions for the user so the user will then also be able to access said file.
The easiest way to go will be Oauth2 when the code uploads files they are owned by the authenticated user so you wont have the same permissions issue you had with a service account.

Query regarding post comments using Facebook Javascript API

As per the Facebook Javascript API documentation, I need an APP Id to post comments on facebook wall. But when I log in to my Facebook account it always shows me “All Campaigns" page and I am not able to access “Apps” section to create new application and get APP Id which can be used in JavaScript API.
Can you please suggest how can I create an APP Id in my account and post comment on my facebook wall from external web pages using Facebook Javascript API.
You can view/create apps on Facebook for this purpose in the developers section. It sounds like you want to look at 'Build for Websites'. When you have made an app, it will appear in the apps section, where you can find your App ID and App Secret keys, as well as manage/edit the app.
I am not able to access “Apps” section to create new application
What exactly does „not being able” mean?
Is your account verified with Facebook (via text to mobile, credit card info)? That’s a basic requirement for becoming a developer on the FB platform.

The Javascript Datastore Problem

This might sound super crazy but I really want to know if this can be done.
Assume a multi-user site that gives users some tools to build web apps from the site itself (using only HTML/CSS/JS) and share them. Now, if each of the apps were to be assigned a datastore, say just a table for convenience, is it possible to make secure query/insert requests from the app to the backend to write to the assigned table.
Take an example - the app is a small game. The developer wants to record the scores of the users who play the game and wants to use his assigned datastore (see above) for it. Is it possible for the site to ensure that no other app/user can access this datastore? If so, how can it be done?
Edit: Please do note that there are three parties involved - the developer of the app who is a registered user, the app itself which has been granted the datastore and an app user (registered/unregistered) who is viewing the app.
I think this is the same as using any type of backend datastore for any web app. You could assign the user a unique ID (which they have to validate by logging in) and then manage access to the datastore through AJAX post backs.

Categories