I'm building a phonegap app in which I need to link to facebook, instagram and twitter. I need to allow users to login to each of these with their credentials and return an access token which I will be saving on the device using local storage. I can login the users perfectly fine when working on an actual site (which is a test site I have setup). The way it works is I have to redirect the user to a login page for each brand where they can login. This I can do fine from a phonegap app, but the issue is that each of them require a redirect url which I must supply for them to basically send the access token to once the user logs in. On the internet this works perfect, but I need to redirect url to somehow point back to the mobile device it originated from. I can do this using a proxy but I don't want to employ the use of a server as this comes with way to much overhead. So all that to actually ask my question:
How the heck do I redirect the user back to the mobile app after they have successfully logged in? I'm hoping this is something very simple that I'm missing, but I'm just not seeing it. :/
This is oAuth authentication which logs the user in and then tells the user's browser to go to the second URL. Typically, if you write an iOS app, you can always open it by doing something like this: ://. it should also be able to ready parameters passed this way.
For example: open safari on your iPhone and put "Skype://" as the address and it should open your skype app if you have it installed.
Try setting the return URL similar to what I mention above and see if that works.
Related
I want to use the current logged in Windows AD account to authenticate with my web app. It's fine (desired, actually) to have the front end pass the authentication token (or whatever form that takes in AD) to the back end for validation with our SSO provider. But how do I get the AD information into the front end, so that it can be passed the back end? What does this info look like, how is it acquired, etc? I can't find any tutorials or guidance on the topic.
I know this is possible because I see it being done on other web apps, but I don't know how to do it myself and am having a very hard time finding a solution.
If you want seamless login (so the user doesn't have to type in their username/password) then you will want Windows Authentication. You can read about how it works here.
To make this work with Node.js Express you can use the NodeSSPI package. The documentation has examples on how to use it.
The browser will also have to trust your site before it will send credentials automatically. For IE and Chrome, that means adding the site to the list of Trusted Sites in the Internet Options. Firefox keeps its own list in the network.automatic-ntlm-auth.trusted-uris setting in about:config
Let me explain what's my plan.
Actually I write a website in HTML5 with Javascript.
This website do an ajax call to a c# RESTful service.
Both, the website and the service, are located on a windows server 2012 at the iis 8.
The website is located in an virtual directory of the default web site.
The service is added as an application to the server.
The server is running inside our intranet including AD.
I access the website by the url: http://example/Auth.
My goal is that the user didn't have to login manually, because it's already done at windows login.
This should be done by using windows authentication i guess, but when i activate it, i'm prompted to enter my credentials.
After entering them everything works fine. If they were correct i can use the website, otherwise i get 401 as expected.
First question: what do i have to do, to be logged in automatically if i'm a valid user of the AD?
Wheter logged in automatically or manually i'm not able to get the username of the logged in user and pass it to the service.
Second question: how to get the username and pass it to the server?
In my case it was finally quite simple to solve my problem.
All i had to do, was to add the domain to the url and get a full qualified url like: example.mydomain.com/Auth.
If i try toaccess this site now, there is no prompt shown and even the credentials get passed to auth following services etc.
I'm creating a firefoxOS application using jquery mobile and cordova.There is no api in cordova for integrating facebook and firefox applications.
I have created a app in facebook and since there is no platform for firefoxOS,I have selected "website" as my platform.The problem is that there is no url for my firefoxOS application(only index.html),that I can give as redirect url in app settings page of developer.facebook .And also the I have followed steps from this URL (//developers.facebook.com/docs/facebook-login/login-flow-for-web/v2.3) and its working fine in the browser as I'm able to login and share and get user details.
But when i copy/paste the code in my firefox project's index.html,the SDK does'nt seem to loading as none of the functionality is working.
Apart from the above trial,I have done the "login" flow manually by using this URL window.open("//www.facebook.com/dialog/oauth?client_id=APP_ID&response_type=token&redirect_uri=//MY_LOCALHOST/NAME/success.html").I'm able to access the current user's ACCESS_TOKEN from the success.html which is in server,but unable to access it in my index.html(as it is not hosted anywhere).I have tried to use localStorage,sessionStorage,cookies in success.html . I was wondering if there is any way of getting the current user's ACCESS_TOKEN after i have logged in.
I have used this URL https://graph.facebook.com/oauth/access_token?client_id=&redirect_uri=&client_secret=&code= (from //developers.facebook.com/docs/facebook-login/access-tokens) but it didnt help as I will be getting the access token which is redirected to success.html page which is in server.I need the ACCESS_TOKEN so as to pass as a parameter to this url https://graph.facebook.com/me?fields=id,name,email,picture&access_token=ACCESS_TOKEN in order to get the details of the user currently logged in .
But I'm able to share perfectly using this URL window.open("//www.facebook.com/dialog/feed?app_id=APP_ID&link="+encodeURIComponent(urlPost)+"&caption=&description="+encodeURIComponent(message)+"&redirect_uri=MY_LOCALHOST/NAME/success.html")with respect to the user logged even without the access_token (I dont know how its posting to the wall of the current user)
Is there any solution for the above problem? Thank you!!
I am following the dialog documentation to try to display dialog in a Windows 8 Store app (html5/javascript).
https://developers.facebook.com/docs/reference/dialogs/
In a Windows 8 Store app, we have to use iframe to display another web page. Here is an example of what I did:
<iframe src="https://www.facebook.com/dialog/feed?app_id=145634995501895&redirect_uri=http://www.facebook.com&show_error=true&display=iframe&access_token={access_token}"></iframe>
Since it is an iframe, I specify display=iframe and access_token={access_token}.
If you want to try it, please remember to change access_token.
I get the following errors:
API Error Code: 110
API Error Description: Invalid user id
Error Message: Missing user cookie (to validate session user)
I guess this may be caused by the fact that user has not login yet. In the documentation (https://developers.facebook.com/docs/reference/dialogs/), it said "If the user is not already logged in, Facebook will prompt them to login before showing the the Dialog you invoked." I am wondering how to prompt the user to login? Did I miss a parameter to prompt user to login? I looked through the parameters, I did not seem to find anything.
Appreciate your help.
I am seeing different behavior from you which I'll document here, even though it may not be "your answer".
I obtained my own access token, and when I use your IFRAME, I do see the attempt to redirect to Facebook.com to login; however, that's followed by a security error in the JavaScript console - including the following:
APPHOST9613: The app couldn’t navigate to
https://www.facebook.com/login.php?api_key=177388709024886&skip_api_login=1...
because of this error: FORBIDFRAMING.
A request to the login.php script generates a response with the X-FRAME-OPTIONS header to DENY. This would indeed prevent the login page from Facebook from appearing in the IFRAME within the app - hence FORBIDFRAMING.
There is some discussion on an MSDN Forum thread as well and it's slightly dated, but am not aware of any changes since then.
I have not tried Facebook logins directly with Window 8 applications using Windows Azure Mobile Services, but it may be something to try. Azure Mobile Services is VERY simple to set up, so you'll know very quickly whether or not there is still an issue within a HTML5/JS Windows Store app.
I have a public-facing web app that will be in a kiosk-like environment. The app requires users to log in with Facebook in order to interact with the app. I am not requiring users to register or to sign up for the site, but rather just log in so the app will have access to their basic info.
This works perfectly, but the issue is when a user logs out and the app is ready for the next user to log in, the previous user's email address is in the OAUTH form.
Is there any way to keep this from being persistant?
EDIT:
To log in, users are being redirected to the Facebook OAuth Dialog page. Once the user logs in it redirects back to the app. It's not really "authenticating" for the app, I am just using Javascript to show the app content once the Facebook JS API detects that a user is logged-in.
Edit
some reason I cannot log in with my account "kevinj". Anyway, I should have been more specific in regard to the setting of this app. It is an iPad web app and the tablet device will be handed out to users for interaction and gathering data.
I have "fixed" this issue by forcing FB to use the desktop browser based OAUTH dialog instead of the Touch version. This allows the user to un-check the "keep me logged in" option and clear out their info after log out.
Thanks for the suggestions and input. I wish I could close this question out but can't log in to my account.
Sine you are on a Kiosk-like environment, I suppose you have access to the browser's options?
If that's the case then I think turning of form history will do the trick. (Firefox example)
Have you tried adding "autocomplete="off"" to the HTML field?