• Join - It's Free
« Back to Project Discussions

Request for trusted application.

Started by Rian Wouters on Thursday, February 9, 2023
Problem with this page?

Participants:

Related Projects:

Showing all 14 posts

Hi,

I'd like to write some tools that make my life easier in Geni.

For example, I want to build a local headless automation that can put the profiles 700+ profiles I maintain to "deceased" automatically when they have a batism date before 1910.

I do not intend to run a webserver but only want to have local access throug node.js to my data so that I can iterate the profiles through the API.

I registered my application under App Id: 702

BTW, these tools will be available on github with an Apache license!

It's easy to make a desktop app, - but the question is how to access these profiles. Are they in a predefined list (like max family, added by or similar) or do you need to search (and risk altering other profiles managed by others)

Otherwise: if You install Smartcopy in Google Chrome browser you can configure the Maximum year to be private and maximum age you get a simple option to change all connected profiles matching the criteria when you visit a profile

As far as I know that will only work if you are a manager of the profile (maybe also as collaborator) or if the profile is public

Hi Private User, thanks a lot for answering!

Good point! I am not sure uf and how the API guards developers from accessing profiles from others. However, I think it is not relevant to my question.
If I want to do any real automation on my behalf as a Geni user, I can write a browser app for Geni and make it work. However it has at least 2 drawbacks:
1. I need to get involved with writing a frontend to my tools
2. I need to make sure I am manually loggied in all the time.
Similarly I can create a local, local-file-based or local server-based app.
That would work with the same drawbacks.

However, it will have the same access rights as a trusted app as far as I understand.
My only ask is to have programmatic access to the profiles I am normally allowed to edit manually if I am logged in to Geni, without the requirement to run it and login to it in a browser.
AFAIKS a trusted app, a very common mechanism, is currently the only way.

As to SmartCopy. I am sure it's a nice app that can do a lot for me. Allthough I happen to be in the position that my current laptop deniies access to the heroku server it is running on for securiry reasons, the problem I was mentioning was just an example.

There is a myriad of things I'd like to do programmatically and that do not require a User Interface that I cannot currently do with Geni. For example: custom reports, custom consistency checks, finding wrong patronyms and fixing them, finding missing fields, adding birth dates as the approximate (or just before the) date of baptism, and these are just the few ones I came accross in the one month I am using the platform.

Do you have an idea why the Geni backoffice is so paranoid about these trusted applications?
In the end, the user that would use such an app would still not to provide it's credentials and the authorization keys would still have limited lifetime.
That's no different from being logged in through a browser.

I think these are even people reusing the website tokens to circumvent these kind of issues.

Finally, even though I do not intend to write much frontend code, all the code I will write will be opensource, so the Geni organisation could freelly use it for their own good to bring up new features faster.

What do you think?

If implementing your own all you can as I said implement t it as a standalone desktop program (i.e. no need for a server) which, when connected have the same rights as yourself as a logged in user. When you connect you also get a timestamp telling how long time you access is valid (days). The app can check if you are one of the managers, and as I said: If it process the managed or added by me list you usually are safe.

I have an C# example on github, but it need to be updated a bit to work with the latest .Net windows versions. I have taken up again my work on a more advanced app called Desktop Tools for Geni, but doubt I ever are going to publish it, since it is an endless work...

About automating things: I can guarantee that any app will make fatal errors a human eye usually would avoid. There is always exceptions on patronyms and inheriting family names as an example. Never make changes that is not supported by sources.

I am interested to see how you login without getting a login screen and having all the permissions you need.

To make this very specific, I made this very simple node.js example which I believe is easy to follow if you have a bit of programming experience with the goal of executing a `profile/search` call on the api on behalf as myself as an authenticated user with the app I am creating, running on my local node server.

import axios from 'axios';
import { Agent } from 'https';

try {
const httpsAgent = new Agent({ rejectUnauthorized: false });

const oauth_api = axios.create({
baseURL: 'https://www.geni.com/platform/oauth/',
httpsAgent
});

const auth = await oauth_api.post('request_token', {
client_id: 'myclientid',
client_secret: 'mysecret',
username: 'myusername',
password: 'mypassword',
grant_type: 'password'
});

console.log(auth);

} catch (e) {
console.log(e)
console.log(e.message);
}

When I execute this I get "'This application is not authorized to use grant_type password"

However AFAIK the only way to get access to all the profiles I maintain on top of all public profiles and the ones with which I am cooperating. Basically the same as when I am logged into geni.com

I do get an access token and refresh token with grant_type client_credentials, however that does not give me access to my private profiles!

I am still working on my example, but if you want to implement a C# forms app using Visual Studio you simply create a window with a Form.WebBrowser element where you attach a DocumentCompleted event handler.

When clicking connect you simply execute this:

connectionBrowser.Navigate($"https://www.geni.com/platform/oauth/authorize?client_id={Uri.EscapeDataString(ApplicationKey)}&response_type=token&display=desktop");

In the

connectionBrowser_DocumentCompleted(object sender, WebBrowserDocumentCompletedEventArgs e)

function you simply looks for

if ((e.Url.AbsolutePath.EndsWith("/auth_success")
{

// And you will find the access_token and expires_in values in the URL, alternatively status and message
}

Alternatively: if (e.Url.AbsolutePath.EndsWith("/auth_failed"))

---

For requesting JSO data string for your own profile as an example:

using (WebClient request = new WebClient())
{

    request.Headers.Add("Authorization", $"Bearer {Uri.EscapeDataString(accessToken)}");

string myProfileJson = request.DownloadString("https://www.geni.com/api/profile"));
}

Private User with all due respect, but you are still missing the point.

I do not want to implement a browser app.
In addition, in your case you'll not get access to your private data, correct?

I want to implement a headless application that has access to all my private profiles.

Rian Wouters - Where did I say a Browser app?

I said a standalone windows program using C# windows .net forms, programmed with for example the free version of Visual Studio 2022. You should be up and running within a half hour if you are an experienced programmer. The logon does however have to use a built-in forms browser controller in a frame for the actual login and approving the apps access since you also might be asked for a security code, independent of what browser you are using on your PC since it is not involved. You get the same access to all data on Geni as you would do as a logged in user, i.e also private info you have access to. Actually you get access to more info than you can see in the browser.

Example, - your own profile: https://www.geni.com/api/profile?field_group=all

If using Google Chrome use the JSONVue extension to get a good view of JSON data.

Hmm, that general api link for your profile does not work anymore. It needs a profile ID now.

Try this one for Charlemagne to see how much info you get in a single request: https://www.geni.com/api/profile-1693836?field_group=all

Ah, now I get your point, you are using a browser controller in a frame for the actual user login.
That's exactly what you don't want if you want programatic access for tools and automation,
and that's where the trusted app concept is for.

I am only a system architect software these days, so it would probably take me 35 minutes to be up and running LOL ;-)

Anyhow, my conclusion still stands: for a standalone Javascrript app you need trusted app authorization, which Geni needs to enable for my app.

I doubt that anyone get trusted app authorization - that is for MyHeritage to present smartmatches and FTDNA to push DNA matches..

I really dont understand why you dont want a user interface.

I am in a similar situation. I do not have access to an "embedded browser" in my app, so I need to use the "trusted app" model (why? It seems a pain).

They say to "email them", but no email address is listed that I can find. So... how, exactly?

The only alternative I then have is to make use of a server for a callback URL, which raises the level of complexity quite a bit.

Showing all 14 posts

Create a free account or login to participate in this discussion

English (US)   eesti   Svenska   Español (España)   Français   עברית   Norsk (bokmål)   dansk   Nederlands   Deutsch   »
To enable the proper functioning and security of the website, we collect information via cookies as specified in our Cookie Policy. Geni does not use any third-party cookies.