How do I fetch the email of my friend programmatically in my facebook application? Does facebook provide this functionality?
The answer is no, Facebook does not provide this functionality. Facebook tries to protect the privacy of its users, and therefore user email addresses are explicitly not available.
The only way to email a user is to prompt them to grant you extended email permissions via a Facebook prompt. If they grant you the permission, you can then use the notifications.sendEmail API method, or query the user table for the proxied_email field, and send them an email via Facebook's Email Proxy system.
edit: This changed with the newer Graph API's permissions system. Users now have the option to use the proxymail address, but it appears to reveal the true e-mail by default.
Facebook's API calls do not reveal users' e-mail addresses, ever.
Even when a user specifically grants you permission to e-mail them, it's a proxied e-mail address that doesn't reveal their true address - something like apps+###########.#########.#######################proxymail.facebook.com.
See http://wiki.developers.facebook.com/index.php/Proxied_Email for details.
I don't think you can do this via FQL.
As an academic exercise you might need to use CURL and then have a CAPTCHA-parsing service
see also:
http://www.25hoursaday.com/weblog/2007/08/21/FacebookTheSocialGraphRoachMotel.aspx
and
http://weblogs.mozillazine.org/gerv/archives/2007/09/facebook_imagetoemail.html
of course Christopher Finke's plug-in:
http://www.chrisfinke.com/2007/09/11/convert-facebook-e-mail-images-to-actual-e-mail-links/
The functionality is available,the new facebook ios sdk has extended permissions where u can declare the Permissions to grant access while logging in by the user, when access granted we can access their Email ID,
like this,i have fetched ,
_permissions = [[NSArray arrayWithObjects:
#"publish_stream",#"email", #"offline_access",nil] retain];
NSString *emailUsr = [result objectForKey:#"email"];
Now you can get the Facebook User Email.
Related
I'm using FirebaseAuthentication.net and FirebaseDatabase.net NuGet package in my WPF app. But I had been facing some problems.
I already created some users by using CreateUserWithEmailAndPasswordAsync(email, password) function and verified. At first time login (by using SignInWithEmailAndPasswordAsync function), It's Work but IsEmailVerified field always returns false. Then the next login always gives me a "Wrong password" exception although the password is correct.
Here is the screenshot when I click on the link in the verification email: https://i.stack.imgur.com/NZhvy.png
Update: Solved, After 1day on google, I edit the library myself, change the base URL of REST API for function SendVerifyEmail to https://identitytoolkit.googleapis.com/v1/accounts:sendOobCode?key={0}.
Wow, It's work
It seems that even though the user is created, the email address is not verified yet. Which means the registration is successful but the email is not yet verified.
in order to enable Email link sign-in for your Firebase project,
To sign in users by email link, you must first enable the Email provider and Email link sign-in method for your Firebase project:
In the Firebase console, open the Auth section.
On the Sign in method tab, enable the Email/Password provider. Note that email/password sign-in must be enabled to use email link sign-in.
In the same section, enable Email link (passwordless sign-in) sign-in method.
Click Save.
then
To initiate the authentication flow, present the user with an interface that prompts the user to provide their email address and then call sendSignInLinkToEmail to request that Firebase send the authentication link to the user's email.
Reference
How do I create a user using Microsoft graph? For I am having issues with regards to permission failures during a save.
I do have few questions in mind.
Where will the user be created by calling create user API in graph ? Is it in Azure AD or somewhere else ?
I tried calling create user api by passing json and required headers, below is the error I get
Where exactly do I need to set the permission, I have already added permissions in the Application Registration Portal
But when API is executed it shows that I don't have enough permission.
FYI, I have registered the app using the same email id that I am using to test the APIs here https://developer.microsoft.com/en-us/graph/graph-explorer#
If I am not the admin, where exactly do I need to set or request for it ?
In order to create a User via Microsoft Graph, you need to request either Directory.ReadWrite.All or Directory.AccessAsUser.All permission.
Important: Directory.ReadWrite.All and Directory.AccessAsUser.All both require Admin Consent before you can use them. If you're using Graph Explorer then the URI you need to provide your tenant Admin will be generated for you. If you're doing this in your own application, you'll need to construct an Admin Consent URI yourself. You can find more details on this at v2 Endpoint & Admin Consent.
Once you have the proper permissions configured (and consented), you'll want to POST the following JSON body/payload to https://graph.microsoft.com/v1.0/users:
{
"accountEnabled": true,
"displayName": "displayName-value",
"mailNickname": "mailNickname-value",
"userPrincipalName": "upn-value#tenant-name.onmicrosoft.com",
"passwordProfile" : {
"forceChangePasswordNextSignIn": true,
"password": "password-value"
}
}
This will create a user with a temporary password. The user will be asked to set a new password as after as they authenticate for the first time.
Where will the user be created by calling create user API in graph ?
Is it in Azure AD or somewhere else ?
Yes, the user created is in the Azure AD.
I tried calling create user api by passing json and required headers,
below is the error I get
For your error, have you added the request body like the following, and this required admin:
Where exactly do I need to set the permission, I have already added
permissions in the Application Registration Portal
The required permissions to create application:
For the details, please read here.
In the documentation of IdentityServer4 it says:
[...] Consent is used to allow an end user to grant a client access to
resources (identity or API). This is typically only necessary for
third-party clients [...]
Does this mean an api can get access to claims the user did not consent to for the client the user logged into?
TL;DR
If I login to my mvc-client giving consent to permit Your email address, I get what I expect:
Secure-View of the mvc-client lists all claims from the identity token including the email address
Calling API using user token also shows email address as expected
But if I login and on consent screen tick off the permission for Your email address:
Secure-View of the mvc-client lists all claims from the identity token but not the email address (as expected)
But calling API using user token now also shows email address which I did not expect, or is this normal behavior?
Example-Configuration
I have this example (derived from the QuickStart Example 5):
mvc-client is from the sample
email-Scope is listed in Scope-definition of that client's OpenIdConnectOptions
AllowedScopes of that client include IdentityServerConstants.StandardScopes.Email
and the api api1 accessible by the mvc-client has IdentityServerConstants.StandardScopes.Email added to it inside UserClaims
I am using a custom profile service, but this should not be relevant to the question (just checked, the mentioned QuickStart example behaves the same way if configured like the steps described above)
I am answering this myself, but not yet accepting, since I am not 100% sure.
Yes, this is expected behavior, I think I just mixed up the different token types.
The api in my case is called using user token which effectively means access token.
From my understanding identity resources mentioned in the quoted documentation part does not apply to the access token (user identity is modeled by the identity token), so the behavior should be expected.
I am trying to authenticate my app using google oauth. I want to allow only a particular set of people having a specific "#eg.com" to be able to obtain access.
I tried including the
hd="eg.com"
in my url.
But it is accepting even "#gmail.com" or "#company.com" domains.
Is there a way to do this, so that users like "users#eg.com" only gain access tokens and stuff?
Edit:
I am using a webview in my app to perform the authorization
You can (and should!) validate your id_token with a call to the google api. Call https://www.googleapis.com/oauth2/v3/tokeninfo?id_token=XYZ123 and check the various fields of the response. If you request the "profile" permission you will also get the email field. You can then check this email against your domain, and deny the access if it does not fit.
For detailed documentation see:
https://developers.google.com/identity/sign-in/web/backend-auth#calling-the-tokeninfo-endpoint
i think you will have to implement that in your application
just don't store the tokens and show some error message if the domain part is not the one allowed.
you can get the domain part in c# using
string s = "users#eg.com";
string[] words = s.Split('#');
words[0] would be users and words[1] would be eg.com
Alternatively you can use MailAddress
I have a web site from where I fire a mail to members in my offices
This mail have a yes no button.
on click of yes/no button I call a web service, my yes no link looks somewhat like this
yes
Now users i.e. my office staff will login their system open their outlook find this mail and then click it.
After they click, takevotingOpt method in my web service will be called. In this method I want to know, from which user this call has came.
so that I can maintain record in database like xyz user has voted yes/no
say for e.g. their are two members in my organisation A and B
A's windows loginId is "AaLoginId" and
B's windows loginId is "BbLoginId"
both A and B receives the mail with the above mentioned link in it. when A click the yes/no link my web method should give me A's login Id i.e "AaLoginId". After I get this I make an entry in my database as A has voted yes.
I have tried below thing in my web service to get the user name but of no use please help.
tried this things to get windows login username.
//string userName = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
//Uri uri = new Uri("http://tempuri.org/");
//ICredentials credentials = CredentialCache.DefaultCredentials;
//NetworkCredential credential = credentials.GetCredential(uri, "Ntlm");
////userName = credential.UserName;
//userName = User.Identity.Name;
//userName= System.Threading.Thread.CurrentPrincipal.Identity.Name;
//userName = Context.Request.ServerVariables["LOGON_USER"].ToString();
//userName = HttpContext.Current.User.Identity.Name.ToString();
I went to authentication in my inetmgr and enabled windows authentication for my hosted web service now it does what I want (userName = User.Identity.Name;) but it opens a browser window and ask for windows userid and password I dont want that It should pick up without login window.
Please help or suggest any other approach to achieve this.
You need to turn on windows authentication for the webservice and in IIS, then you should be able to look at Request object to get the user
Use Environment.UserName
Here's the MSDN docs.
http://msdn.microsoft.com/en-us/library/system.environment.username.aspx
Edit - To retrieve all users logged into the current system, check out this Question/Answer - Logoff interactive users in Windows from a service
It shows a way to use WMI and through system DLLs to retrieve a list of logged in users on the current system (which may or may not include service accounts, I haven't tried it myself).
Edit - Using Integrated Security would work for what you're trying to achieve, but can be a bit tricky to setup in large corporations. To get rid of the login prompt, Internet Explorer auto-authenticates to sites in the "Intranet Zone", but does not auto-authenticate to sites in the "Internet Zone". Make sure your web service URL is Intranet based, i.e. http://myserver/ and not Internet based i.e http://myserver.mycorp.com/, unless the user's are within the same domain. If they are not, have the users add "*.mycorp.com" to the Intranet Zone. FireFox has a similar configuration, where specific sites must be "trusted" in order to auto-authenticate.