2

What is the intended way to get the list of friends (server side) when the same application is used to authentication with the Google Identity Toolkit?

With the Facebook graph API it is possible to get the list of friends: https://graph.facebook.com/v2.3/me/friends

  • An access token is needed
  • The permission user_friends is needed

Can I get the access token from the GitKit somehow?

  • Or a second login with the Facebook-Graph-Api is needed on the client side

The user_friends permission is not asked when logging in with GitKit

  • Is there a way to extend the permissions for login?

Probably similar questions will occur when I try to get the google+ friends using the same application.

A social Login without using any social "feature" does not really make sense for me and I hope there is a way to achieve that with the Gitkit.

Hollerweger
  • 975
  • 1
  • 13
  • 32

2 Answers2

1

For a Javascipt solution I have now edited gitkit.js to support OAuth scope like in Gitkit v2: https://github.com/Hollerweger/Gitkit-Javascipt-Enhancements

Sample Config:

idpConfig: {
    facebook: {
        scopes: [
            "public_profile",
            "user_friends",
            "email"
        ]
    },
    google: {
        scopes: [
        "https://www.googleapis.com/auth/userinfo.email+https://www.googleapis.com/auth/plus.login"
        ]
    }
}

The Google+ scope isn't needed as it's the default one. Only tested with google+ and facebook login.

The name of the idpConfig childs must be in the first 45 chars of the IDPs authentication url to work.

Hollerweger
  • 975
  • 1
  • 13
  • 32
0

To add extra permissions to the Identity Toolkit login on Android, add the identitytoolkit.extra_scopes metadata to the manifest. It would look something like:

<meta-data
    android:name="identitytoolkit.extra_scopes"
    android:value="Google: g_scope1; Facebook: f_scope1 f_scope2; Yahoo: y_scope1"/>

Once login is complete, the Facebook SDK will be initialized with the proper token, so you can retrieve the Access Token via AccessToken.getCurrentAccessToken(). Because Facebook tokens are portable, you can send the one retrieved from your application to the backend and use it with the graph API.

dsalama
  • 242
  • 1
  • 6
  • Can you confirm that this is working on the v3 version of the Gitkit? Because in Javascript the scope code from v2 is not working anymore for me: https://developers.google.com/identity/toolkit/web/v2/advanced – Hollerweger Jun 24 '15 at 02:36
  • And probably I can get the access token with verifyAssertion on the server side. I will implement this methode and test it. https://developers.google.com/identity/toolkit/web/reference/relyingparty/verifyAssertion – Hollerweger Jun 24 '15 at 02:43
  • I don't believe the scope code is currently working for Javascript but should work for Android. And verifyAssertion is meant for validating OAuth tokens - it will not simply return one to you. – dsalama Jun 24 '15 at 02:52
  • From the v2 Advanced Guide: "How to get the "Access token": After the user approves and your callback receives the response from the IdP, you can call the verifyAssertion API with the parameter returnOauthToken set to true. This will return an access token oauthAccessToken and an expiration time oauthExpireIn in the response from verifyAssertion API call." – Hollerweger Jun 24 '15 at 12:52
  • I have now edited gitkit.js to support OAuth scope like in Gitkit v2: github.com/Hollerweger/Gitkit-Javascipt-Enhancements – Hollerweger Jun 25 '15 at 00:32