Cross domain authentication... How? - javascript

I'm working on a web application where users will create accounts. Then clients will be about to have a section on their site for users to login with my sites login credentials. However... I don't want the clients site to be able to see or handle their login credentials. I am wanting to do cross domain authentication just like facebook connect does.
I have done research and it looks like I will need to create a javascript library that users will need to add into their site. Inside that javascript file I will need to create an iframe that will connect to my main site. From there a cookie will need to be placed then checked.
Does anyone know of well written tutorials on how to do this or could you explain in detail on what all will need to be done?
EDIT:
How would the storing and reading of cookies work. Anyone have examples?

The simplest way would be a plain iframe. Twitter does it a lot. If your have to communicate with the parent site for some reason, try building an API with the postMessage function.

Related

Share info in Whatsapp via web link

I've been trying for a while build some method to share information from my web page via the Whatsapp application.
I actually found an easy method to do it using this code:
Share via Whatsapp
And it works great, but i still don't find how to know if the user really shared the information, or just got back to the web page.
Is there a way to make this work?
Thanks.
It doesn't seem like you can. What's app doesn't seem to have an API much less analytics or webhooks.
The only way you could potentially do this would be to have it launch an iframe and inject javascript to track their interactions. This won't work because of cross domain security measures (think of the nasty things you could do if you weren't well intentioned). The iframe would need to be on the same domain as yours.

What is best way to retrieve cookie/session contents from third party website?

CONTEXT
I am building a web app which analyzes information on a user's site. I plan to do this by asking the user to add a JS snippet to their <head> which creates cookies that collect information about each visitor to that site.
PROBLEM
I would like to then send information that is held in this cookie back to my web app. I realize normally cookies cannot be accessed by anything other than code on the same domain, so I'm hoping that the JS snippet will read the content of that cookie and pass it back to my app - is this possible? What would be the best way to do it?
This is the basic pattern that's used by google analytics and most other website analysis tools as well as advertising modules. Your snippet, running on your user's site, can read/write cookies there. It can also make ajax calls to your own web service to communicate any data it gathers, including cookie contents. Your "app" doesn't run on your user's site, only the snippet (and any code it drags into the site).

Oauth2 custom implementation

I am working on a site that will allow users to create an account. Then website developers will be able to integrate that authentication system into their site and allow users to login with my sites login credentials. I am wanting to do it similar to the way facebook connect, Google, twitter, Microsoft works.
I have researched alot about this and discovered "Oauth2" which I think is what I need. But I'm not sure about how to use it anyhow. I have downloaded two libraries of oauth2 (Php(server) and Javascript(client)) but don't know where to start.
I simply want functionality where developers create a button which when clicked will send a request to my server and get the user's (who is currently logged in $_session) information from my server database and send it back to the third-party(the developers) client page.
Problem is Its not possible to send session data from server.com to client.net using simple Ajax requests. So I thought oauth2 might be problem to my solution.
So what is it can anyone help me out?
I have already read few of tutorials on oauth2 and nothing suits my needs. So it would be great if someone can show a little working example.

Authenticating to the Google Analytics Core Reporting API for One Account

I want to display the number of times a video has been viewed using the core reporting API via Javascript. However, the API is designed with OAuth, for building applications and not just logging into my account to get the event count.
Is there a way to login for just my account via Javascript?
Thanks,
Matthew.
I think what you are looking for is a Service account. To my knowledge you cant use a Service account with JavaScript due to security issues with the key file.
What you could try and do is to authenticate the script once using normal Oauth2 then save the refresh token to the file and hard code that into your script and send that. But I wouldn't recommend it as then anyone that checks your script will also be able to access it. So basically you have the same security issues you had with using a Service account.
As you can see doing what you are trying to do with JavaScript isn't really going to work. As you can see this is something I have also tried unsuccessfully in the past to do. I recommend you try and do this with some kind of server sided scripting language, like PHP.

Grabbing facebook feed in website

I develop mobile websites for my clients. This particular client would like some facebook wall activity to be displayed on the website. I have looked into the facebook graph api and am getting confused on authentication.
I need the blah in https://graphs.facebook.com/clientsfacebookid/feed?access_token=blah
in order to grab the info i want. I read about authentication and all of that but it doesn't seem to serve my purposes.. For example a lot of the stuff I read about getting a token is related to creating apps and stuff - which is not what I'm trying to do. A lot of ways to authenticate redirect users to log in or grant access to the information but this also doesn't seem like it fits my scenario.
Should I just talk to my client and get them to send me an access code or set up some stream so I can grab an updated access code anytime I need it OR is there some built in functionality in the API that I could benefit from using.
Any thoughts?
P.S. I am trying to implement this via an ajax call in javascript.
Thanks!
What you'll need to do is create a Facebook App and have your client add this to their page. You can then get an OAuth token for this app and use it to query the client's feed. See the Facebook documentation for authenticating as an app for details.
It's actually far simpler if you just want to grab the data from the page. Create an App, but you don't need to add it to the actual page. You can generate an App Access Token by following the instruction on the Facebook Developer Website.
Then, all you need to do is call the Graph API with the generated access_token. E.g.:
https://graph.facebook.com/{page_id}/feed?access_token={app_access_token}
You can then use the data returned by Facebook to display selected posts from the page.
The Page Admin doesn't need to add the app to the page, and this method can be used to scrape any published page. The posts on Pages is public anyway, you just need an access_token to access the page.
If you want a simple way to learn and have an example of a working model try out fourgefeed.com its a simple framework with a simple to implement example kinda like jquery.

Categories