Oauth2 custom implementation - javascript

I am working on a site that will allow users to create an account. Then website developers will be able to integrate that authentication system into their site and allow users to login with my sites login credentials. I am wanting to do it similar to the way facebook connect, Google, twitter, Microsoft works.
I have researched alot about this and discovered "Oauth2" which I think is what I need. But I'm not sure about how to use it anyhow. I have downloaded two libraries of oauth2 (Php(server) and Javascript(client)) but don't know where to start.
I simply want functionality where developers create a button which when clicked will send a request to my server and get the user's (who is currently logged in $_session) information from my server database and send it back to the third-party(the developers) client page.
Problem is Its not possible to send session data from server.com to client.net using simple Ajax requests. So I thought oauth2 might be problem to my solution.
So what is it can anyone help me out?
I have already read few of tutorials on oauth2 and nothing suits my needs. So it would be great if someone can show a little working example.

Related

Sending Custom Emails via API (similar to twitter, or other user specific emails)

I am looking to send emails to users showing all of the new posts the people they follow had in the last week. I have the site looking as I want, is there a way to embed the html from a website into an email using an API?
Some examples of this are when Facebook sends you an email with all of the recent posts your friends have had, or when Asana sends each user an email with their outstanding tasks.
Anyone have a good idea on how to tackle this?
I have tried using mailchimp and a few competitors to see if I could just pass them the posts for each user but after talking to their support it doesn't seem possible
You could use EmailJS in order to do this, which is a service providing you an API to send eMails based on templates you can create using their UI. The bad side is that it adds Sent by EmailJS at the end of the mail if remember correctly.
Or you can build your own API with Express on NodeJS (or anyother langage: PHP, Python..) and use a library like nodemailer.
Hope it helps :) Good luck !

How to add multiple social logins to my webapp and do authentication on client side?

I want to add popular social authentication mechanisms to my website, I looked at the passport library (https://www.npmjs.com/package/passport) but i want to achieve the client side authentication with a popup rather redirecting to the google/ facebook.
I see discuss does the similar thing on their iframe embedding.
is there any library available in market to do this or i need to do this manually myself?
For authentication via client-side without much effort you may use Firebase(Google's BaaS), it allows you to handle social authentication(Facebook, Google, Twitter, Github, etc...), you can handle user sessions, check if the user is currently logged or not, log the user out, and get social user data, such as profile picture, email, and other types of information based on the permissions that you asked for.
You might want to take a look at the docs:
https://firebase.google.com/docs/
Or check their own series of video tutorials:
https://www.youtube.com/watch?v=-OKrloDzGpU (this tutorial is about Auth on the web)

Incorporate LinkedIn to a webpage

I'm trying to create a webpage that can incorporate LinkedIn info's (profile,people,company, etc...).
The things that it can/would do are the following:
When the user enters a name that is registered in LinkedIn, he gets the following
*Name, Company, Email
*List of LinkedIn messages that are waiting for reply
The same process goes on everytime the user adds a profile, I'm planning to use the Profile API of LinkedIn to get the Name, Company and Email but I can't find a working example to be my basis.
As for the 2nd one I still don't know how to get the LinkedIn messages.
Here's my Layout and expected result.
How can I achieved this? Opinions and Suggestions are highly appreciated tnx
This is far to broad a question for me to invest the necessary time in to figure the answers (multiple) for you, but do let me give you some hints. First of all, from my experience with the linkedin API not all the data you wish to access is available (do double check this though, I used the API quite awhile back and stuff might have changed in the meantime). As this data is not available through the API the only alternative would be to somehow bypass the cross domain policy, which in conclusion would require the user to install a chrome extension/firefox plugin which will function as a proxy for your application or even 'better', make you entire application a browser plugin based web app. Not that I am a fan of those whatsoever but if you application is meant in any way whatsoever as a linkedin (dedicated) plugin (probably as part of a greater service you're developing) then it might make most sense.
The whole system you are describing is very long winded and requires a large amount of development time. Alot of the data is not accessible directly or indirectly too. You cannot get email address's out from the API as a security feature (bots could just harvest emails for marketing campaigns).
First of all, you will need to make an application that allows for oAuth2 connections with the linkedin API service. People will log onto your website, click to join their linkedin account with your website and your website will receive back an access token to do the calls.
You will then need to build the queries which will access the data you require. The linkedin API documentation (http://developer.linkedin.com/) isn't greatly indepth but it gives you a good understand and points you where you need to go. There are also a couple of pre-done php API's around such as https://code.google.com/p/simple-linkedinphp/.
I have worked with many API's from twitters, facebooks and LinkedIn's and they all require a lot of back-end work to make sure that they are secure and get the correct data.
It would take me hours to go through exactly how to do it and has taken me many hours to get a solid implementation in place and working with all the different calls available.
If you have minimal coding knowledge, it would be best to go to an external company with a large amount of resources and knowledge in the field who can do it for you. Otherwise it may take many months to get a working prototype.

Sending friend invites from a Facebook Connected site using new Javascript SDK

I'm developing a standalone website application that makes use of Facebook Connect and the new Javascript SDK that was released in June.
I've been trying to get friend invites working. I'm able to send an invite using a request dialog (http://developers.facebook.com/docs/reference/dialogs/requests/), but the URL that the user clicks through to when they accept the invite is the internal Facebook app page (http://apps.facebook.com/APP_ID/?request_ids=REQUEST_ID&ref=notif), not my site URL.
Is there any way to fix this so invites work with FB Connected web applications?
It seems this was possible with previous versions of the SDK.
I have seen some posts recommending a redirect from the canvas page, but I have also read that this can lead to the application being suspended by Facebook:
http://forum.developers.facebook.net/viewtopic.php?pid=343257#p343257
Many thanks for assistance on this matter.
I would never expect Facebook to lead me to an external URL by accepting an invite via the request system - especially when most invites/requests tend to be spam.
Have you thought of distributing your invites via the Facebook Message system or sending them via email instead?
This would make the whole process a lot less misleading to a user.

Cross domain authentication... How?

I'm working on a web application where users will create accounts. Then clients will be about to have a section on their site for users to login with my sites login credentials. However... I don't want the clients site to be able to see or handle their login credentials. I am wanting to do cross domain authentication just like facebook connect does.
I have done research and it looks like I will need to create a javascript library that users will need to add into their site. Inside that javascript file I will need to create an iframe that will connect to my main site. From there a cookie will need to be placed then checked.
Does anyone know of well written tutorials on how to do this or could you explain in detail on what all will need to be done?
EDIT:
How would the storing and reading of cookies work. Anyone have examples?
The simplest way would be a plain iframe. Twitter does it a lot. If your have to communicate with the parent site for some reason, try building an API with the postMessage function.

Categories