I am building a Wordpress website where there will be users who are clients and users who are specialists in a specific area that can be hired for a service by the clients. The owner wants the clients and specialists to be able to live chat with each other, there is no interest in having the users talk with the owner or a bot like you see with many sites using Facebook Messenger. Can the Facebook Messenger API handle this user to user messaging? They will be logged into the site using the Facebook login and their accounts are linked to their Facebook account. Or is there another tool that could handle this that I may not have thought of?
There is no official way to act on user's behave. But here is a workaround: https://github.com/Schmavery/facebook-chat-api
This API is the only way to automate chat functionalities on a user account. We do this by emulating the browser. This means doing the exact same GET/POST requests and tricking Facebook into thinking we're accessing the website normally. Because we're doing it this way, this API won't work with an auth token but requires the credentials of a Facebook account.
Related
What is the difference between using Google OAuth and signing in users at the frontend of the application, and signing in users at the backend side of the application?
Example: Signing in users and getting the ID and a auth object in React or letting Node/Express handle everything, the prosess, redirecting and store it in a database.
Is there any advantages for one or the other methods, which are most common and are there any "rules"?
What is the difference between using Google OAuth and signing in users
at the frontend of the application, and signing in users at the
backend side of the application?
So to clarify to everyone reading this, signing in users at the backend side of the application is another way of saying OAuth for servers and signing in users at the frontend of the application is OAuth for JavaScript browser applications such as React.
Signing in users via OAuth for servers and browsers results in a 'token' that a server/browser can use to make requests on behalf of the user. We are asking the user to provide us access to their information via an outside service provider such as an email address, identification of some sort and it will be inside that token as well as some possible permissions that allow us to take actions on behalf of that user.
Is there any advantages for one or the other methods, which are most
common and are there any "rules"?
Server-side OAuth is usually used when we have an app that needs to access user data when they are not logged in. So if you are attempting to build an application that needs to access the users email every ten minutes and possibly delete emails on the users' behalf, you would want to be able to access their email account every 10 minutes regardless of whether they are logged into our application. So for this use case we want to make use of Oauth for server.
Otherwise, if we are not trying to do anything on behalf of the user except sign them into our app, then we can just go with OAuth for browser.
Those two things are very different. Without knowing the specifics of what you're trying to accomplish, you should know as a general rule that front-end-only authentication and authorization leaves you extremely vulnerable.
If someone knows JavaScript well, or is using editing plugins, or any of a million different things, they can bypass much front-end authorization. Or they could just watch to see what calls your app makes to the back end, then simulate those calls from something like Postman, bypassing your web front end entirely.
If you're not securing your backend, you're not secure. Typically systems do both.
It is just a different ways of registering users to our website.
Signing in users at the frontend using OAuth can be very handy as it enables our users to not go through our boring forms in our website. Using OAuth is just one click away from registering users in our website. Beneficial to both the clients and developer.We are provided with the general information about clients by the provider(google,facebook) just clicking on one button.
Signing in users at the backend side is the traditional way of registering our clients. Here we force our client to fill the forms in our website(which may be painfull if it is a long form) and all the filled data is stored in our database.
So they are both different ways to register clients to our websites. Both are used very often. It depends on usecase and needs. Oauth can be used if you want to attract more clients by registering them just by one click.
I want to add popular social authentication mechanisms to my website, I looked at the passport library (https://www.npmjs.com/package/passport) but i want to achieve the client side authentication with a popup rather redirecting to the google/ facebook.
I see discuss does the similar thing on their iframe embedding.
is there any library available in market to do this or i need to do this manually myself?
For authentication via client-side without much effort you may use Firebase(Google's BaaS), it allows you to handle social authentication(Facebook, Google, Twitter, Github, etc...), you can handle user sessions, check if the user is currently logged or not, log the user out, and get social user data, such as profile picture, email, and other types of information based on the permissions that you asked for.
You might want to take a look at the docs:
https://firebase.google.com/docs/
Or check their own series of video tutorials:
https://www.youtube.com/watch?v=-OKrloDzGpU (this tutorial is about Auth on the web)
I build hybrid application with HTML5 base and I need to recognise my user.
i want to use with the social network account (Facebook, Linked-in, Google+), I want to use with HTML5, If the user want to login to my application I want show him page with a number of social networks similar the login process in "stackoverflowsite".
I found a number of solutions like openID. that allowing to user to login with existing account its social networks
I understand that openID is server side but for now i don't have a server it all local on the device.
What is the best way to do this?
Any suggestions...
Thanks for help
I want users to be able to register on my mobile (web based) app and login using their Facebook account. Is this possible using the JavaScript API?
The user can login using Facebook, and the userID and auth code of that user can be sent to my server to create the account, but I see a security flaw because then anyone could then log in as anyone by sending a userID and their own auth code. So can user accounts not be done with the JavaScript API and only with a server side API?
All Facebook requests are also signed with a secret key that belongs to the app you've registered to handle Facebook sign-ups on your website, so you can use that to verify it comes from Facebook and not someone else.
This is also outlined in the registration documentation
Strictly speaking, it is not possible for the Facebook SDKs to explicitly create a new user. However, when you implement a 'Login with Facebook' button (see here for JS and here for PHP), Facebook's OAuth dialog appears, which will prompt the user to log in (if they are not already) or to sign up with Facebook, thereby creating a new account, albeit not under your control.
I'm developing a standalone website application that makes use of Facebook Connect and the new Javascript SDK that was released in June.
I've been trying to get friend invites working. I'm able to send an invite using a request dialog (http://developers.facebook.com/docs/reference/dialogs/requests/), but the URL that the user clicks through to when they accept the invite is the internal Facebook app page (http://apps.facebook.com/APP_ID/?request_ids=REQUEST_ID&ref=notif), not my site URL.
Is there any way to fix this so invites work with FB Connected web applications?
It seems this was possible with previous versions of the SDK.
I have seen some posts recommending a redirect from the canvas page, but I have also read that this can lead to the application being suspended by Facebook:
http://forum.developers.facebook.net/viewtopic.php?pid=343257#p343257
Many thanks for assistance on this matter.
I would never expect Facebook to lead me to an external URL by accepting an invite via the request system - especially when most invites/requests tend to be spam.
Have you thought of distributing your invites via the Facebook Message system or sending them via email instead?
This would make the whole process a lot less misleading to a user.