While we've been waiting for feedback from the appexchange security review process for fluxgain Like we've been busy putting together new ways to allow people to easily chatter like web pages. The fluxgain Like button currently allows people to chatter like a web page from within the web page itself (to see it in action click on the orange button to the right of the page in the share section), but what if the page doesn't have a fluxgain Like button on it?

Using a browser bookmarklet a bookmark can be created that allows the current web page to be chatter liked using fluxgain Like. The nice thing about bookmarklets is that they work in all the major web browsers.

To set it up drag the following link to your browser “Bookmarks Bar”, “Favourites Bar” or “Bookmarks Toolbar” section.

Update 30/04/13 - based on feedback from the appexchange security review process the bookmarklet now opens a new window instead of using the current window

fluxgain Like

For more detailed set up notes look at Add fluxgain Like bookmarklet.

Once in place you can click the bookmarklet in your browser “Bookmarks Bar”, “Favourites Bar” or “Bookmarks Toolbar” section when you are on a page you wish to fluxgain Like.

To see it in action play the YouTube video below.

Update 05/06/2013 - for iPhone/iPad/iPod users copy/paste the following text directly into your bookmark on your device

About Mark Sivill

Mark Sivill has written 14 blogs on fluxgain.

Looking for interesting projects to undertake within IT. Currently focused around cloud technologies such as salesforce and Heroku.

  • http://saqibali.net/ Saqib Ali

    hey guys,

    this looks cool. but the bookmarklet is asking permission to access my chatter feed. Is it secure?


  • http://twitter.com/fluxgain fluxgain

    Hi Saqib,

    We built the fluxgain Like Lite app to be secure given it accesses salesforce and that organisations are sensitive of their data.

    The bookmarklet works with (invokes) the fluxgain Like Lite app which is the thing asking for access to chatter using OAuth ( http://blogs.developerforce.com/developer-relations/2011/03/digging-deeper-into-oauth-20-at-salesforcecom.html ).

    In order for the fluxgain Like app to work it needs to add chatter feeds, add chatter comments, add chatter likes, and get chatter like counts from salesforce so access needs to be granted by the salesforce user using the OAuth mechanism you mentioned. Facebook uses this OAuth mechanism for its like button as well ( https://developers.facebook.com/docs/reference/dialogs/oauth/ ). fluxgain Like Lite does not ask to access other Salesforce data such as accounts or contacts for example.

    The fluxgain Like Lite is currently going through the appexchange security review, once salesforce are happy with the apps security it will be publicly listed on the appexchange.

    Security that we have built into fluxgain Like includes -

    a) All fluxgain Like web pages served over HTTPS
    b) All communication with Salesforce is over HTTPS
    c) More restrictive use of OAuth than the Salesforce defaults, so no access to Salesforce data (accounts,opportunities,contacts,etc), no access to refresh token so the app cannot access salesforce at any time it chooses.
    e) The use of cryptographic nonces to stop replay attacks ( http://en.wikipedia.org/wiki/Cryptographic_nonce )
    d) Optionally a connected app ( http://fluxgain.com/like/install/whitelist/ ) can be installed into your salesforce org (dependent on Salesforce edition) to specify which user profiles can use fluxgain Like Lite

    Hope this helps......

    • http://saqibali.net/ Saqib Ali

      Thanks for the explanation. Is the bookmarlet storing any information outside of salesforce e.g. fluxagain servers?

      • http://twitter.com/fluxgain fluxgain

        The fluxgain Like Lite app which sits behind the bookmarklet does store some information on the fluxgain servers.

        At a high level you can think of the app as a cache for chatter feed items and like counts generated by the bookmarklet or fluxgain Like button. So for example the liked url and chatter feed item id are stored. We don't store the text within the chatter feed item or chatter comment on the fluxgain servers.

        In addition to this we need to determine which chatter feed items and likes count belongs to which organisation and user, so we also store some user and organisation information as well.

        As mentioned in the previous response the fluxgain servers can't access salesforce objects such as the accounts or contacts through the OAuth and “Connected app” setup, so no salesforce object data is stored.

        • http://saqibali.net/ Saqib Ali

          where are the fluxgain servers hosted? amazon? what is the timeline for the appexchange security assessment?

          • http://twitter.com/fluxgain fluxgain

            Correct the fluxgain servers are at amazon.

            Regarding the appexchange security assessment we are in salesforce hands so cannot give you a definite date. We have been in the queue / process for 6 weeks, however we did get an update last week that it should be within 2 weeks and I have seen some penetration testing going on last week. So all being well and no requirements for us to do any rework hopefully it should be available on the appexchange in the next week or two, however as I mentioned before we are in salesforce hands.

            In the meantime you can always try the fluxgain Like Lite app against a salesforce developer org to see it in action.

          • http://saqibali.net/ Saqib Ali

            Yup, I will try in the dev instance.

            Another question: Can you please make the bookmarklet such that if you highlight some text on a webpage that you are executing the bookmarklet on, it adds that highlighted text into the chatter post?

          • http://twitter.com/fluxgain fluxgain

            Thank you for the suggestion.

            Currently fluxgain Like Lite which the bookmarklet calls does not support comments being passed in, so the bookmarklet won't be able to do this currently.

            Its sounds like something we may look at later on once we've got through our other changes.

            Whats your use case here? Would you be using fluxgain Like alot during the day, hence time saved using the bookmarklet? Is it just you with the use case or would other people you are working with have the same use case?

            Please feel free to contact us via email if you have specific things you would like to cover - http://fluxgain.com/contact/

          • http://saqibali.net/ Saqib Ali

            The immediate use case will probably be embedding the Chatter Like button in non-salesforce assets. But I would like to explore what else is possible.

          • http://twitter.com/fluxgain fluxgain

            Cool, please let us know what you embed the fluxgain Like button into we've done WordPress and Microsoft Dynamics so far. Please check out the editions page http://fluxgain.com/like/editions/ for usage limits.

          • http://saqibali.net/ Saqib Ali

            Another security relation question: Would it be possible for the Chatter Like button to store data in out Amazon instance?

          • http://twitter.com/fluxgain fluxgain

            So the product "fluxgain Like Lite" does not do this today, in the "fluxgain Like Plus" version we are working on we plan to store the data back in salesforce in a more consumable form (effectively duplicating data stored in the fluxgain servers). So this data could be extracted from salesforce using standard salesforce integration methods. There are no plans today to provide alternative data stores. Whats the use case?

          • http://saqibali.net/ Saqib Ali

            we would like to store the data in our amazon / salesforce instance due to security considerations. we typically don't store data in share amazon instances......

          • http://twitter.com/fluxgain fluxgain

            So the fluxgain servers are sitting on Heroku ( https://www.heroku.com/ ) which in turn are sitting on Amazon. We choose Heroku to host the app as they are also owned by salesforce, so we "effectively" have salesforce managing the technology stack.

  • Stephane Croisier

    Hi, I am trying to copy-paste th full javascript in my iPhone Safari as a new bookmark but once done and when launching this new bookmark from a web page, the bookmarklet is not fired and no other tab is launched. Any idea why? Same mechanism works fine with Evernote for example. Thx

    • fluxgain

      I think if you copy-paste directly on the iPhone the javascript gets encoded which stops it from working correctly.

      Try creating the bookmarklet in Safari on your PC/Mac first then sync your bookmarks over to the iPhone, I just tried this and a new tab is launched.

      • fluxgain

        Ultimately you end up with the following javascript for the bookmarklet on your iPhone with the sync method, note '{' and '}' has been automatically replaced with %7B and %7D.


        Worth having a quick look at http://static.chrisbray.com/bookmarklets/ which talks about adding bookmarklets on the iPad and iPhone

    • fluxgain

      On further investigation it looks like WordPress formats single/double quotes in a certain way which caused problems when doing copy-paste on the iPhone, as the javascript contained several single quotes.

      I've disabled this feature in WordPress so quotes now appear the way they are typed. For more details around what wordpress does see http://www.noobcube.com/quick-tips/wordpress-quick-tips/wordpress-stop-changing-my-quotes-/

      I've also updated the blog post so people can do a "select all" in the textarea then copy it for the bookmark.

      • Stephane Croisier

        Thx a lot. It now works perfectly fine. Much easier than sync with PC/Mac