What is the purpose of using app Id and app secret in facebook?
which algorithm is used for generating that secret key?
Facebook app Id, app secret key will be generated automatically when you register a Facebook App successfully. Therefor, they used to identify your Facebook app and when you need the app to authenticate using Oauth.
Related
I'm using google Recaptcha v2.0 for my application.
This is a multitenancy app in which we create a subdomain for each tenants:
tenant1.myapp.com
tenant2.myapp.com
tenant3.myapp.com
Until now, we are registering manually each subdomain in the Google Recaptcha Admin.
I wonder if in terms of security if could be enough (and safe) to just register the main domain:
app.com
"if you specify the API key pair to yoursite.com, the following table shows whether or not reCAPTCHA will work for the domain and its subdomain variations"
I was able to create a project to connect an app to google data, for a specific account (followed Google People API)
But now I would like that each customer log in hisself to his account and manage his data.
I can' t create project in the Google API Console for each customer, my app needs to read auth from each user who will use my app and "auto" create auth to read google contact data of the logged user.
Is possible?
Could you suggest me articles about how to do?
It sounds like you are trying to do exactly what OAuth 2.0 (see the page you linked to) gives you: authenticating users. This differs from using an API key, which is only authorizing your project and has nothing to do with a user's credentials.
OAuth 2.0 combines a Client ID (associated with your Google Developers Console project) and a user's login (specific to the user who is accessing your app/site) to give you an authorization token. This token will let your app act on behalf of that user when calling that API. Just make sure to request the necessary scopes as part of the OAuth 2.0 authorization prompt given to the user.
How to give this prompt varies by environment, but many common options are listed on that link.
Note that you always use the same Client ID, so you only need one Google Developers Console project, but you are given a unique token specific to that user's login when they authorize your app, so this lets you act as any user which grants your app access to their account.
We're trying to implement a Docusign integration for a multi-tenant cloud application (i.e. https://company1.app.com, https://company2.app.com, etc...).
The goal is to allow the tenant admin (our customer) to upload envelopes containing document templates for users to sign when they first login. Each tenant admin will have their own Docusign account/envelopes.
We've implemented a solution for this; however, it requires each tenant admin to create a separate Integration key and go through the process of promoting it to a live account. This is not scalable for us and some of our tenant admins are not tech people, so they have trouble setting this up.
Is there a way to implement the Docusign integration using a single Integration key (our key), but still have tenant admins login with their own Docusign account and upload their own envelopes?
I think you are building a Docusign User Application. You should use the OAuth2 auth flows instead of creating separate Integrator key for each tentant.
A user application is a client that authenticates every end user with DocuSign. These applications are typically web services, mobile applications, or desktop programs that authenticate individual users on the DocuSign platform. Once authenticated, users give consent for the application to display, send, or sign envelopes from their account. For user applications the OAuth2 auth flows are recommended.
A key issue that you may be missing is that your Integration Key works with any account. It is associated with your account just to manage it.
So as CodingDawg says, each of your customers can use your app by logging in with their own user credentials for their own account.
I am asked by my company to do a Proof-Of-Concept for our document management using Box. We have an enterprise account.
What I did is I added an app in my account - to get my api keys ("client_id" and "client_secret").
Then after this Using the Box Api for .net4.0, I manage to connect my MVC app with our box account using OAuth2.
I can now view files and folders as well as uploading files.
Now my problem is I need to restrict the files that can be viewed by the user logged.
I noticed that when changing the email that is use to log-in (we're using SSO)
The user info doesn't change.
I am using GetCurrentUserInformationAsync() method of the BoxApi V2.
Is it possible to perform user management using API?
(P.S. I am not the admin of our enterprise account)
Thanks
To change the email, you will be require the admin rights. First you need to create the email alias for that account and then you can replace the primary email address with your alias.
I have been trying to follow the Quickstart: Run a Drive app in JavaScript sample in order to use Google Drive API and SDK. I went through the authentication and set up the Client ID and API key etc. I had assumed that the token can be created without the user being logged in to a Google Account, since the client has the Client ID that is connected to a Project on Google Developer Console. Am I missing something here?
Can a user use the JavaScript based Google Drive app without logging in to a Google Account?
no. From your question, it sounds like you've interpreted client ID as referring to the user. Client ID refers to the app. So separately, Google needs to confirm the user has given his permission, and that requires authentication, ie login