Django and wordpress simultanous logout - javascript

I have this project in which user simultaneously login into Django as well as Wordpress accounts.
To achieve Simultanous logout, I used Javascript to delete the authentication cookie of Wordpress and thus automatically logging out the user. This works fine as long as user clicks on "logout" button. On clicking logout a Javascript function is called and wordpress cookie is deleted and thus making user logged out of Wordpress and user is logged out of Django by using normal Django functionality.
Now the problem occurs when user directly type the logout url "localhost:8000/logout" in address bar, this directly send request to Django server and without involving any JavaScript to delete the Wordpress cookie.
How to achieve Wordpress logout in this situation when user directly types the logout url of Django?
Note:- Wordpress and Django server are running on same host with different port.

Can you try with an one more browser,
For an example:
In an main browser you will log a Django project, an private browser (crtl+shift+p in an Firefox) you can use word press project.

Related

ADAL for Azure OAuth - redirect with POST

I've been using the Azure Active Directory Authentication Library for java
https://learn.microsoft.com/en-us/azure/active-directory/develop/active-directory-authentication-scenarios#web-application-to-web-api
I have the sample code working (Authenticating a user in my own WebApp using my company's AD Cloud instance)
There's one part I don't understand in the sequence:
The browser loads my application's landing page and user clicks "Sign in with Microsoft"
The browser makes a request to my server, which is redirected to the Microsoft Log In page (https://login.microsoftonline.com/MyTenantId/oauth2/authorize?client_id=...etc)
User logs into their Microsoft account
After processing the log on, the Microsoft server redirects the browser back to a secured uri on my server - as a POST request
How can they do a Redirect with POST? I thought a WebServer (i.e. a Spring webapp) couldn't do this ? Are they doing it client-side (i.e. Javascript?)
Your guess is correct.
They return a small HTML page that includes a form, which is auto-submitted with JavaScript. If you disable JavaScript, you will see it.

Dropbox redirect URI does not redirect for login, instead returns code of last user

I am using Dropbox Code API version 2 from NodeJS application. I am using OAuth 2.0 with code grant approach. It seems to behave randomly. The use case is as follows:
My server generates a redirect uri and sends to my client.
User clicks on redirect uri from client.
Application redirects to Dropbox URI. (User has already linked my app to their Dropbox. My app has full Dropbox permission.)
Dropbox asks to sign in with google or email. I used gmail.
Dropbox calls the registered callback with the code. I use the code to retrieve bearer token.
Problem: now i try to register another user and require a different code from Dropbox. The problem occurs in step 3. After
user clicks on step 3, Dropbox does not show the sign-in with
google or email page, instead, calls back application with the
same code as for user 1.
I'm using the same machine for testing this scenario and two different gmail addresses. My server runs on localhost. It was working before but stopped working without any intentional changes from me. I have tried debugging but I am not sure why this is happening, trying restarting client, server, even restarted my computer. But it doesn't show me the sign-in with google or email page.
My question is how does Dropbox know that it should show the sign-in page when the redirect link is clicked. I generated the redirect link using core API functions.
Maybe there is an error in my workflow, I am new to web development and have tried everything I know, any insight would be greatly appreciated.
Thanks!

Single Sign On Html Page with Restful Service

Let me explain what's my plan.
Actually I write a website in HTML5 with Javascript.
This website do an ajax call to a c# RESTful service.
Both, the website and the service, are located on a windows server 2012 at the iis 8.
The website is located in an virtual directory of the default web site.
The service is added as an application to the server.
The server is running inside our intranet including AD.
I access the website by the url: http://example/Auth.
My goal is that the user didn't have to login manually, because it's already done at windows login.
This should be done by using windows authentication i guess, but when i activate it, i'm prompted to enter my credentials.
After entering them everything works fine. If they were correct i can use the website, otherwise i get 401 as expected.
First question: what do i have to do, to be logged in automatically if i'm a valid user of the AD?
Wheter logged in automatically or manually i'm not able to get the username of the logged in user and pass it to the service.
Second question: how to get the username and pass it to the server?
In my case it was finally quite simple to solve my problem.
All i had to do, was to add the domain to the url and get a full qualified url like: example.mydomain.com/Auth.
If i try toaccess this site now, there is no prompt shown and even the credentials get passed to auth following services etc.

Facebook's PHP SDK with custom login page instead of redirecting?

Is it possible to create a custom login page to use with facebook's PHP/JavaScript SDK? I'm developing a web app and it doesn't seem very user-friendly to redirect the user to the facebook page to login. For example, once you hit login it doesn't even let the user know its loading, just sits there until it logs in.
I was wondering if it's possible to use ajax or cURL to log the user into facebook through a form within my app.
No this is not possible, you have to use Facebook's OAuth protocol.
Have you tried their javascript solution? This does not take the user away from the page, but instead opens a popup which is less of an intrusion on the page.
The facebook api is just for you to obtain access credentials from their system. I do not know and until then I never saw no way to get credentials and log into facebook without the facebook api.

Ruby on Rails: Devise Authentication with JavaScript

In my RoR project, the user could drag and drop a JavaScript link to the browser's bookmark manager/bar.
The JavaScript link calls another JavaScript file, say LoadUserData.js.
I'm using Devise for authentication.
My question is: when the user click the bookmark:
If the user has logged in, the user data will be loaded;
Otherwise, the bookmark will redirect the user to the login page.
How to implement it?
Peter

Categories