I have a public-facing web app that will be in a kiosk-like environment. The app requires users to log in with Facebook in order to interact with the app. I am not requiring users to register or to sign up for the site, but rather just log in so the app will have access to their basic info.
This works perfectly, but the issue is when a user logs out and the app is ready for the next user to log in, the previous user's email address is in the OAUTH form.
Is there any way to keep this from being persistant?
EDIT:
To log in, users are being redirected to the Facebook OAuth Dialog page. Once the user logs in it redirects back to the app. It's not really "authenticating" for the app, I am just using Javascript to show the app content once the Facebook JS API detects that a user is logged-in.
Edit
some reason I cannot log in with my account "kevinj". Anyway, I should have been more specific in regard to the setting of this app. It is an iPad web app and the tablet device will be handed out to users for interaction and gathering data.
I have "fixed" this issue by forcing FB to use the desktop browser based OAUTH dialog instead of the Touch version. This allows the user to un-check the "keep me logged in" option and clear out their info after log out.
Thanks for the suggestions and input. I wish I could close this question out but can't log in to my account.
Sine you are on a Kiosk-like environment, I suppose you have access to the browser's options?
If that's the case then I think turning of form history will do the trick. (Firefox example)
Have you tried adding "autocomplete="off"" to the HTML field?
Related
I followed the tutorial to Build JavaScript single-page apps with Microsoft Graph, and use it for my real project.
With this tutorial, I could able to create the web app for login user and create a calendar event. The problem is the session is always quickly expired as soon as I refresh so that I have to login again and again. Is there any way I can keep user still login after refresh browser. I wish it just like the google calendar id here that can keep user signed in even after fresh browser. Thanks.
Use localStorage to store the logged in user details. On refresh or the first visit to your site, first check to see if the details are available in local storage. If they are available, then log in the user automatically. Otherwise request the user to login and save the details in local storage.
I have a simple web app where users can login via Facebook to CRUD objects (and show them on a map).
I successfully implemented the login and logout functions using the full example code from Facebook documentation, but the user doesn't stay logged in.
When I log in, I'm able to display the my Facebook Surname and Name, but when I refresh or go to the next page of my app, the Facebook API tells me that I'm not connected (anymore) and thus I have to reconnect.
The same happens with the full example code. On page refresh: you have to login again.
Am I missing something here ?
That was pretty dumb but my browser (chrome) was blocking cookies from facebook.com on my website, so I couldn't stay logged.
Resolved the problem by authorizing facebook.com cookies on my website.
I am following authentications steps for AMS as described here:
http://azure.microsoft.com/en-us/documentation/articles/mobile-services-html-how-to-use-client-library/#caching
From Kendo UI mobile app (Javascript)
I can log in using Google as an authentication provider using client.login("google"), execute authenticated AMS custom API calls
and also doing client.Logout() via button, that seems to successfully disconnect me from AMS
On subsequent client.login(), however, I do not get the Google account login window. It is seemingly stored in a cookie and the user is logged in automatically, thus not giving me a chance to log in as another user.
I was wondering what additional actions besides client.Logout() I must do to initiate the Google login screen on the next session after the user decided to logout. I do not want to force the user out of his Google account, as this would be impolite, just log him out of my application.
I know this question is old, but since it is not answered and I found it out recently I decided to post the answer here.
When you go to google.com you can add another account (top right icon). After that you can choose after each logout which account you want to use for your application to login. And you can even add other accounts to log in.
I'm building a phonegap app in which I need to link to facebook, instagram and twitter. I need to allow users to login to each of these with their credentials and return an access token which I will be saving on the device using local storage. I can login the users perfectly fine when working on an actual site (which is a test site I have setup). The way it works is I have to redirect the user to a login page for each brand where they can login. This I can do fine from a phonegap app, but the issue is that each of them require a redirect url which I must supply for them to basically send the access token to once the user logs in. On the internet this works perfect, but I need to redirect url to somehow point back to the mobile device it originated from. I can do this using a proxy but I don't want to employ the use of a server as this comes with way to much overhead. So all that to actually ask my question:
How the heck do I redirect the user back to the mobile app after they have successfully logged in? I'm hoping this is something very simple that I'm missing, but I'm just not seeing it. :/
This is oAuth authentication which logs the user in and then tells the user's browser to go to the second URL. Typically, if you write an iOS app, you can always open it by doing something like this: ://. it should also be able to ready parameters passed this way.
For example: open safari on your iPhone and put "Skype://" as the address and it should open your skype app if you have it installed.
Try setting the return URL similar to what I mention above and see if that works.
I'm building a Facebook app and I have noticed that when attempting to get the login status of the user using their Javascript API, I sometimes get the error:
"Refused to display document because display forbidden by X-Frame-Options."
I've been able to reproduce this every time I hit the "check login status" page of the app only while using Facebook as a page, rather than my user account. This is easy enough to avoid now that I know this causes the problem, but obviously my users may not know this.
Is there a way to determine whether or not the user is using Facebook as a Page or not? Since that seems to pretty much ruin my entire app.
I had this problem too, fixed it with:
The app was redirecting the user to a login screen from Facebook (auth dialog box), while the user was already logged in.
So I changed the code to redirect either to the success page if logged in, or to the dialog box if not logged in.
This is a problem when facebook redirects to your app from a web browser and then you redirect to the facebook authorization sign in. You have to make sure that the form replaces the page and does not load into the facebook canvas as it does not like it.
So you have to do a clean redirect like so -this is node example
res.send("<script> top.location.href='"+ "https://www.facebook.com/dialog/oauth?
client_id=*********&redirect_uri=http://apps.facebook.com/myapp" + "'</script>");
Look at this facebook dev page and its in step 3
https://developers.facebook.com/docs/howtos/login/server-side-login/
Does not seem to be a problem with mobile apps just desktop
Does this javascript work?
document.write(isFacebookPage()?"YES, I'm in a Facebook Page!":"No, not a Facebook Page");
function isFacebookPage(){
return (document.location.href.indexOf('/pages/')>0);
}