Facebook app review for API permissions still rejected - javascript

Our web application aims to allow our users to share photos with comments directly from our platform.
Since May 10, I have made several permission requests from Facebook for the following permissions:
pages_manages_posts
pages_show_list
instagram_content_publish
pages_reads_engagement
ads_management
instagram_basic
https://drive.google.com/file/d/1fv83sv8Z7EVmTEuNrIaVCpcYnHKY5H4A/view?usp=sharing
As and when requests some pass others not. In addition, our web application has not undergone any change since the first request, since everything has been working on our side from the beginning. And yet some permission seems to be released randomly as the different requests.
We only have the "instagram content publish" permission left, however as it always resulted in a refusal, we changed our Facebook developer account. Indeed, our new developer Facebook account has a company verification and we thought it would have more weight then.
However, on the first request on this other account, all permissions were denied, while there was only one left on the other application. And again, nothing had been touched on our web application.
We don't know what to do anymore because we can't get in touch with anyone.
Has anyone encountered the same problem? How to get in touch with an engineer / developer at Facebook?

Related

Is there a better way to access my Gmail account through nodemailer?

I have been accessing my gmail account through nodemailer for quiet a while now but there two issues with that:
If 'allow less secure apps' feature isnt used for a particular time it automatically gets disbled and emails are no longer sent and i have to enable it again everytime this happens.
Google says on their page that 'allow less secure apps' feature will be unavailable after May 30, 2022.
I want my website to use my gmail account to send emails to the customers. Is there a way i can get my node app registered with google or something so it is not marked as insecure.

How to use currently logged in Windows Active Directory user to login to a web app?

I want to use the current logged in Windows AD account to authenticate with my web app. It's fine (desired, actually) to have the front end pass the authentication token (or whatever form that takes in AD) to the back end for validation with our SSO provider. But how do I get the AD information into the front end, so that it can be passed the back end? What does this info look like, how is it acquired, etc? I can't find any tutorials or guidance on the topic.
I know this is possible because I see it being done on other web apps, but I don't know how to do it myself and am having a very hard time finding a solution.
If you want seamless login (so the user doesn't have to type in their username/password) then you will want Windows Authentication. You can read about how it works here.
To make this work with Node.js Express you can use the NodeSSPI package. The documentation has examples on how to use it.
The browser will also have to trust your site before it will send credentials automatically. For IE and Chrome, that means adding the site to the list of Trusted Sites in the Internet Options. Firefox keeps its own list in the network.automatic-ntlm-auth.trusted-uris setting in about:config

How to show privacy policy URL and terms of service URL inside the Google one-tap UI for new users?

A few days ago, I noticed googleyolo client library was showing this message:
An UI change targeting on 5/18/2018 will show relying party's privacy
policy URL and terms of service URL inside the one-tap UI for new
users. If enabled, SHOW_RP_TOS can be found in
GOOGLE_ONETAP_EXPERIMENTAL_FEATURES array. To try this feature, append
'?e=1723232' to googleyolo client library URL.
When using https://smartlock.google.com/client?e=1723232 as googleyolo client library URL, I see no change in the one-tap UI.
Is there anything else that needs to be done to show Terms of Service URL in one-tap UI?
This feature is available for all sites now. If you don't see the links in the UI, check the following:
ensure you have supplied a privacy policy and/or terms of service link in the Google Developer Console for the OAuth project / client ID that you using in the API requests (under "consent screen" in the credentials section). Refer to the Getting Started guide for background.
verify that the active Google Account(s) has not already granted access to name/email address info via previous usage of one-tap or Google Sign-In button. You can check and reset this at https://myaccount.google.com/permissions
Also note that if you have multiple active accounts, you will need to select one before the blue button and legal text are shown. Please leave a comment if you have trouble.
Sorry that experiment didn't work. We'll be rolling out the changes this week, so you'll be able to see them. If you want to see the change on your site before it is rolled out, there is a google group (https://groups.google.com/forum/#!forum/yolo-web-testers) you can join and you'll see the notice.

Office365 IMAP Access: User is Authenticated but not Connected

I'm building my own IMAP client using node-imap, and I'm testing it against accounts on office365.
Since it's under development, I tend to hammer on the IMAP server more that I would in production, but not necessarily what I would consider to be too much.
Occasionally, I start getting the IMAP response "BAD User is authenticated but not connected". This comes after the first command after a successful login.
This is not related to password changes as other similar articles indicate, as my passwords are not changing during this time.
When this happens, the account seems to get locked up for a period of time. I seem to be able to jiggle it free by disabling then re-enabling IMAP on the account via the office365 admin panel.
So it looks like there's a circuit breaker of some sort in the IMAP interface on office365. Microsoft documents a limit of 20 concurrent sessions. In my case I am only opening one session at a time, but I am then closing it and re-opening it again soon after (debugging), so if I am running afoul of a limitation, it's not documented anywhere i have read.
Microsoft support has been helpful but unable to help me root cause this.
In order to take this app to production, I need to know what causes this to happen.
Has anyone else had a similar experience with office365?
You may want to take a look at the Outlook REST APIs rather than IMAP. The REST APIs are the recommended development API for Office 365 and are much better suited for app development with features like webhook based notifications, and are constantly evolving with the new features and functionality in the service. They also don't have the session oriented nature that IMAP has that results in the kinds of problems you are hitting.
There is a NodeJS quickstart guide to O365 here: https://dev.outlook.com/RestGettingStarted/Tutorial/node
you need to perform 2 operations on exchange online using powershell
You need to create the service principal
New-ServicePrincipal -AppId {clientid} -ServiceId {enterprise application objectid} -Organization {tenantid}
you need to grant your service principal access to the mailbox,
If the principal does not have the access, you get "user not connected"
Add-MailboxPermission -Identity {email} -User -ServiceId {enterprise application objectid} -AccessRights FullAccess
See "Register service principals in Exchange" at
https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth
If you have already verified that your password is correct (by logging into your mailbox from the web) then the issue might be Exchange server keeping a list of all your active login sessions.
Try signing out from all other locations by clicking "sign out everywhere" on the account security page https://mysignins.microsoft.com/security-info and then retry signing in again.
Office365 will accept connections and successfully authenticate even when the user doesn't have permissions to access the server by IMAP, and this is the exact error it gives in that situation.
To resolve it, go into the Office365 panel, open the user, and ensure that the IMAP permission is checked.

How to execute some javascript when the user log out of google from another tab?

I have an appengine application that works with google logging system.
The services i propose are based on the user account and linked to it (for instance, saving the user's work on his account).
I noticed that it breaks my app when the user logout from a google service on another tab (for instance, gmail). When coming back to the tab of my website, things don't work anymore, the user is logged out here too.
I'd like to know when the user is logged out and execute some javascript code without having to do some polling on my application that will increase the appengine costs.
What solutions do i have for that ?
You can use the Channel API and open a channel that waits for a message when you get logged out.
However, Channel API calls are pretty expensive, so this could end up being more expensive.
The cheapest way to go would be to return a particular error code if you're logged out, and handle that error code across all your AJAX calls.
You cant without polling unless you write a browser extension that alerts your tab (hard and varies on browser brand).
The behaviour you see is expected. They log out of their google account, not the website.
You could also poll only when the user selects your tab instead of always.

Categories