I recently started using the instagram-API in python. I built successfully some programs, and then I searched a way to create an Instagram account through the api - but I couldn't find.
Is there a way to create an instargram account from the api (python), and then send the login details (user,pass) and the token, secret token to the user?
Thanks, and have a nice day.
Check out the documentation and you'll quickly discern that their API isn't designed to allow for third-party, programmatic user account creation.
The only way to create an account with Instagram is by downloading their iOS or Android app and following the account creation process that way.
From an end user perspective, what would be the use case for granting a third party application all the sensitive personal data required to create an Instagram account? Because an end user can only upload media to their account via the app, why wouldn't someone just want to sign up when they download the app?
Related
I am building a Python Daemon app to download files which are accessible to an individual O365 user via Graph API. I am trying to use ConfidentialClientApplication class in MSAL for authorization.
In my understanding - this expects “Application Permissions” (the API permission in Azure AD) and not “Delegated permissions” for which, admin has to consent Files.Read.All.
So the questions I have are:
Does this mean, my app will have access to all the files in the organization after the admin consent?
How do I limit access to a Daemon app to the files which only an individual user (my O365 user/UPN) has access to?
Should I be rather be using a different auth flow where a user consent be also part of the flow: such as on-behalf-of (or) interactive (or) username password?
Thanks!
Does this mean, my app will have access to all the files in the organization after the admin consent?
Yes, it is the downside of application permissions usually.
How do I limit access to a Daemon app to the files which only an individual user (my O365 user/UPN) has access to?
I'm pretty sure you can't limit a daemon app's OneDrive access. You can for example limit Exchange access for a daemon app.
Should I be rather be using a different auth flow where a user consent be also part of the flow: such as on-behalf-of (or) interactive (or) username password?
It would certainly allow you to limit the access to a specific user. In general I recommend that you do not use username+password (ROPC); it won't work any way if your account has e.g. MFA. The more secure approach would be that you need to initialize the daemon app once with Authorization Code flow. This gives your app a refresh token that it can then use to get an access token for the user when needed (and a new refresh token). Note it is possible for refresh tokens to expire, in which case the user needs to initialize the app again.
You can limit the Application (Admin approved) permissions to specific resources (at least for some resources - e.g. mailboxes, calendars, SharePoint sites, ...)
Using Application Access Policy
An example for using this to restrict mailbox access to one or more users is:
https://learn.microsoft.com/en-us/graph/auth-limit-mailbox-access#configure-applicationaccesspolicy
This approach isn't possible to set currently in the MSGraph Application definition. Your admin has to use Powershell to associate an Access Policy to an Application definition.
SharePoint sites restriction
For SharePoint sites, you can use the MS Graph Sites.Selected Application permission to have Admin approved access to specific SharePoint sites.
https://devblogs.microsoft.com/microsoft365dev/updates-on-controlling-app-specific-access-on-specific-sharepoint-sites-sites-selected/
I am developing an app using the Facebook Ads api. Initially it is just a Python script which downloads ads performance information from my client and stores it in a database, where it is combined with information from other sources in order to provide better reporting for them.
It is not a web app (yet). It is just a Python script, working for a single business user account (yet!).
The developer token clearly isn't enough because it limits access to 5 Ads Accounts. I would like to upgrade to basic account however the approval form requires things such as providing a video demo, website of the app, privacy policy, etc. The app doesn't have those because it is not intended for general use (yet!!).
It seems that only an app focused on other Facebook users can apply to a Basic access token.
Is this so?
How can I upgrade my access token if my app is just a Python script running on a server?
Thank you! :-)
Okay, so I just ended up filling the form and when asked for instructions of how to run the demo I explained that the app wasn't "demonstrable".
And the app tier was upgraded automatically.
Bear with me, a total novice at APIs. I'm trying to build a web-app that allows my colleagues within the same domain to view a list of all other users in the domain after logging in. I'm attempting to use Google Directory API. Think of a roster, or org chart of sorts. I plan on using Django and python to build this.
https://developers.google.com/admin-sdk/directory/
I've created an OAuth 2.0 client ID, but I don't know if I need a service account to actually access the list of users. Additionally, I don't manage this domain, do I need to have the administrator grant priledges to this service account?
If you create a service account, the account still has to "act" like a user on the domain, and that user has to have privileges to whatever scope you're using. If you can get the domain admin to give you access to list users, ask him/her for the readonly scope(to imply the impossibility of your app damaging the site)
When you create a service account you'll get a key that will authorize you to act as an account on the domain.
I don't think that you need a service account, but it's a little easier in my opinion.
If you don't manage that domain you cannot get a list of users.
You would need authorization for that service account to use the relevant scope(s). If you can't do it yourself and can't get it done by the administrator then this conversation is over :(
I am using Python on the Google App Engine. I have gotten sign-in with google to work to generate an OAuth token. Then, I can use that token to access the user's profile from datastore, but I can't seem to find anything on how to sign in with a username and password to generate an OAuth token. Is there a way to do this?
It looks like your question is 'How to I use my own username and password scheme to generate an OAuth token'. The short answer is that you can't, because Google OAuth only works with Google logins. The Google OAuth token is good for Google APIs, and there's no way to tell Google how to recognize your usernames for the purposes of authentication.
The longer answer is that you can use your own authentication scheme separately from Google sign-in if you want to give users that option. You could use any number of third party libraries to do this or roll your own. These users won't have access to Google's APIs that require authentication though (such as the Users API) so you'll have to devise a way to keep those user's data separate from each other, and use a service account or application default credentials to access any external Google APIs on behalf of those users.
This kind of question does seem to pop up sporadically on Stack Overflow which may provide some other suggestions for how to implement this.
My overall goal is to create a mobile and web app that allows for multiple identity providers (google, Facebook, email/password) and uses a google cloud endpoint (python) that preform a user authorization check. I am trying to figure out the best method of doing this.
Is it possible to use the google identity tool kit to preform the user authorization check within the endpoint that I want to secure? I cant seem to figure out how I would go about doing this. As far as I know I would not be able to call the endpoints.get_current_user() to validate the user as it will only work with google+ logins.
I am also open to other suggestions (not using identity tool kit)
Any help would be really appreciated
Thank you
You are correct that you cannot use the endpoints.get_current_user() method to validate an Identity Toolkit user.
To use Identity Toolkit with Cloud Endpoints, you should use the built in sessions to represent the user.
After Identity Toolkit authentication is complete at the client, you should send the ID token to a "login" endpoint, validate the token, then create a new session that you include on subsequent requests.