I want to provide a simple piece of Javascript (or an iframe, I guess) that allows 3rd parties to embed functionality from my site in theirs. The user of said widget will be authenticated on our site already - so basically the Facebook Like button, or Facebook Connect, are the closest examples I could find.
Since Facebook has a few different buttons I'm struggling to understand exactly what they're doing though. Is there a succinct (and technical - I'm a developer and want to build my own widget) explanation somewhere? I'm particularly focused on the security issues involved.
Here is a brief explanation of the facebook 'like' button and here is a tutorial on how to build a web widget. Finally here is a discussion on the security of web widgets.
I believe the Like button is using cookies to obtain your FB user information, that with additional attributes are then sent to a service endpoint.
As for security measures, an obvious would be to allow requests only from websites with given access keys.
Related
I am looking for a way to show Facebook engagement on from our website on our Facebook page. IE, when someone likes/shares etc. a page on the website, that that activity be reflected by our Facebook page in some way.
I was planning on using the graph API calls to do page updates, but the permissions are granted to users, not to the app itself, meaning this would only be possible for existing administrators, defeating the whole purpose (Perhaps a bit obvious in hindsight).
Is there a good, clean way of posting page likes/shares of our web pages to our Facebook page feed?
Notes:
I'm working in PHP and/or client side JS
A high volume of posts drowning our regular content is not likely at the moment, however, advice about how to manage such a beast in the long run might be helpful
If I understood correctly and want to share content from Facebook into your Website, the behavior you mention used to exist via the Activity Feed or Recommendations Feed. However, it has been deprecated since Graph API version 2.3.
If what you want is to update comments from people in your Website to your FB Page, you could implement something in your backend which listens to content uploaded and uses your Page Access Token to create custom stories using your user's data. As you mention, it won't happen in the name of people, but you could be creative and make the text narrate what people did on your website. Maybe even use OpenGraph for this.
Really wracking my brains about how to do this but i basically dont even know where to start.
Basically twitter has functionality that allows a link to open a twitter box that a user can populate and then post directly onto a chosen twitter feed:
https://about.twitter.com/resources/buttons#mention
Its super simple, all it requires is changing the URL parameters of the target link.
Im trying to do something similar with facebook. Ideally a link clicked on my site would open a facebook page with a prompt for user to type their comment and login to post to the 3rd party wall. I definitely do not want to be handling any FB authentication on my end as i imagine this would be far beyond my rather novice coding abilities.
An alternative would be to capture the comment with a text box on my end and then pass this through to facebook to write onto the wall.
Ive trawled the net and stack exchange looking for solutions but most seem to be geared to putting a comment on the users wall rather than a 3rd party.
Honestly im not super active on any social media anyway so my knowledge of how they function is quite limited. If anyone could give me a steer and some possible solutions (or alternatively just out and out that it is impossible) that would be fantastic.
You can use the Facebook JavaScript SDK, and invoke the feed dialog using that.
The feed dialog has a to parameter into which you can fill the Facebook ID of the profile that you would like the user to post to. However, the profile who's ID you fill in there must have authorized the same app as the one that you initialized the SDK for. That means this approach is likely impractical.
In any event, here's a piece of example code.
If you would like to use graph API to post to a profile's timeline (using the profile-ID/feed POST endpoint), you'll have to implement Facebook Login as well. However, since Graph API v2.0 is mandatory for all apps now, you can only find those profile IDs of people who have also authorized the same app.
This is probably even less practical for you, given that you don't want to implement Facebook login.
As far as I can see, these are your only options to achieve what you are looking for at this time.
I'm trying to create a webpage that can incorporate LinkedIn info's (profile,people,company, etc...).
The things that it can/would do are the following:
When the user enters a name that is registered in LinkedIn, he gets the following
*Name, Company, Email
*List of LinkedIn messages that are waiting for reply
The same process goes on everytime the user adds a profile, I'm planning to use the Profile API of LinkedIn to get the Name, Company and Email but I can't find a working example to be my basis.
As for the 2nd one I still don't know how to get the LinkedIn messages.
Here's my Layout and expected result.
How can I achieved this? Opinions and Suggestions are highly appreciated tnx
This is far to broad a question for me to invest the necessary time in to figure the answers (multiple) for you, but do let me give you some hints. First of all, from my experience with the linkedin API not all the data you wish to access is available (do double check this though, I used the API quite awhile back and stuff might have changed in the meantime). As this data is not available through the API the only alternative would be to somehow bypass the cross domain policy, which in conclusion would require the user to install a chrome extension/firefox plugin which will function as a proxy for your application or even 'better', make you entire application a browser plugin based web app. Not that I am a fan of those whatsoever but if you application is meant in any way whatsoever as a linkedin (dedicated) plugin (probably as part of a greater service you're developing) then it might make most sense.
The whole system you are describing is very long winded and requires a large amount of development time. Alot of the data is not accessible directly or indirectly too. You cannot get email address's out from the API as a security feature (bots could just harvest emails for marketing campaigns).
First of all, you will need to make an application that allows for oAuth2 connections with the linkedin API service. People will log onto your website, click to join their linkedin account with your website and your website will receive back an access token to do the calls.
You will then need to build the queries which will access the data you require. The linkedin API documentation (http://developer.linkedin.com/) isn't greatly indepth but it gives you a good understand and points you where you need to go. There are also a couple of pre-done php API's around such as https://code.google.com/p/simple-linkedinphp/.
I have worked with many API's from twitters, facebooks and LinkedIn's and they all require a lot of back-end work to make sure that they are secure and get the correct data.
It would take me hours to go through exactly how to do it and has taken me many hours to get a solid implementation in place and working with all the different calls available.
If you have minimal coding knowledge, it would be best to go to an external company with a large amount of resources and knowledge in the field who can do it for you. Otherwise it may take many months to get a working prototype.
I am using Disqus Comments with JavaScript Embed Code and PHP Single Sign-On on a webpage of mine. I want to make it so that users who are not logged in can only view comments, but not actually comment. So how can I embed view-only disqus comments? Thanks!
I really need to do this in a programmatic way, via PHP if possible. So if $readonly is true, the comments need to be view only. If it is false, the comment box needs to be enabled. Unfortunately there really isn't anything else I can do. Bounty Started.
When I refer to logging in, I am implying logging in on my own website, not on Disqus.
You can disable guest commenting in the Disqus Admin -> Settings page
When its turned on, comments can be read but a login via Disqus, Google, Facebook or Twitter is required to leave a comment.
Let me know if this is what you wanted.
I originally put this forward as a comment, but I think it's as close to an answer as you might get.
Turn on pre-moderation (Disqus admin > Settings > General page)
Then use Disqus whitelisting to automatically approve all of your own website users.
Use the Disqus API (e.g. via PHP) to automatically post your site users to the Disqus whitelist. See Disqus whitelist API add.
Users could still log in via Disqus to try to comment, but those comments won't appear on your site - they'll go into the moderation queue where you can ignore/delete them without them becoming public.
You could also add a message above the Disqus comment area telling people the rules of your site so they don't make the mistake of using the Disqus sign in option.
The problem is. Every DOM-manipulation (e.g. triggered by an php script) is outwitable through modern browser's web page inspectors.
That's why I think, you have to implement your own comment system or have a look at the given API features of disqus.
I have a 'little' problem.
I am working on a project for school in Ruby on Rails: a platform where people can share things with eachother. I recently started working on widgets which people can place on their website.
In the widget you see this 'thing' and how much it is shared. But now when someone loads the widget I want to check if he is logged in on my website and then show him which friends of him/her also shared that thing. I've Been thinking and trying a few hours now but haven't figured something out yet.
I have tried to use the Facebook SDK but could not get it to work because this is domain limited. Altough Facebook would not have been the best option I think because then it is only available for people who have their Facebook account linked to their account on my website.
Probably I have to create something by my own. But I have no clue how to do it right now. I hope someone can point me in the right direction.
If A and b are on the same domain as a subdomains you can use cookies to store authentication token and in that case that will work.
If not, you can use OAuth for example http://en.wikipedia.org/wiki/OAuth.
Ruby has a bunch of gems to support that. Devise has OAuth integration as well as authlogic.
Twitter uses that widely.
Also there are CAS and WebAUTH those do quite the same.
You can list both domains (A and B) on application settings under Basic section in App Domain field. This will allow you to use Facebook JS-SDK on both sites with same application id.
You should understand that this will allow both sites to access personal info of your users and this should be done only if you have control on those sites since you are responsible for application who uses JS-SDK