I am using passport-facebook library with expressjs. My facebook app was in development mode, and my account has developer role. The below code declare 2 scopes user_posts and user_link. Everything working fine on localhost, I got full permissions as expected.
router.get(
`/auth/${loginType}`,
/* some middleware */
passport.authenticate(loginType, { scope: ['user_posts', 'user_link'] })
);
router.get(
`/auth/${loginType}/callback`,
passport.authenticate(loginType, {
failureRedirect: '/',
scope: ['user_posts', 'user_link'],
}),
/* some middleware */
);
But on public site (develop environment), I only have default public_profile permission
here is the pop up
What can be the cause of this?
Edited: Both environment using the same api key so there is no way i am using the wrong app
Nevermind, I left the domains textbox empty in the basic settings of the app and everything is good now. I dont know why there is no document about this
Related
I am deeply struggling to find the right flow. I have a rails app, registered on Microsft App portal (with Id, Pwd and Scopes). To be be as simple as possible : I need to have access through my app to all emails (only read) of a company. It is a server app, which processes informations during the night.
What I understood and tried :
Get a login link for the administrator of the company :
https://login.microsoftonline.com/{TENANT_ID}/oauth2/authorize?client_id={MY_APP_ID}&response_type=code&redirect_uri=MY_APP_ADDRESS&response_mode=query&prompt=admin_consent
In callback, I do get a code in params. From that code, I get a token with a POST request, specifying :
client_id: MY_APP_ID,
grant_type: "authorization_code",
code: MY_RECEIVED_CODE,
redirect_uri: MY_APP_ADDRESS,
client_secret: MY_CLIENT_SECRET,
resource: "https://graph.microsoft.com/"
From that I get a Token. A simple request to get messages works well for the administrator mailbox (the one who validated the access) ; 'Access is denied' when I try for any other person from the organization.
Last point. Scopes defined in Microsoft App portal : Group.Read.All and Mail.Read (both for apps or delegated services)
What is the right way to get that done ? Thanks !
add the query parameter prompt=admin_consent to the authorization request, that way the admin will consent on behalf of the entire organization and not just for his/herself.
I'm building a ASP.NET (4.6) WebApi project and I'm using ASP.NET Identity to authenticate with Facebook, Google and Microsoft to my API. I have managed to authenticate with Google and Microsoft, but not with Facebook.
I'm using Visual Studio 2015
The problem is that I get access denied every time I authenticate. The scenario goes like this:
I make an API call to localhost:2975/api/Account/ExternalLogins?returnUrl=%2F&generateState=true through my browser.
I receive a link to my API for every external provider my API support. In the Facebook case I got localhost:2975/api/Account/ExternalLogin?provider=Facebook&response_type=token&client_id=self&redirect_uri=http%3A%2F%2Flocalhost%3A2975%2F&state=99...01
I go to that link with my browser, and gets redirected to the Facebook login page.
I authenticate to Facebook, and a dialog window appears and asks permission for the requested information about me.
I accept and gets redirected back to my API with the error "access_denied". localhost:2975/api/Account/ExternalLogin gets called.
I haven't figured out where the problem comes from, whether its some permission setting in my Facebook app, the Facebook user I log in with, or if the problem lies in the ASP.NET Identity template.
Regarding Facebook I have created a test app of my app, as well as pushed it as a live app. I can find the app on my Facebook profile, and I've removed it several times. My Facebook profile has the administrator role of the app. I have created test users, as well as added a friend of mine as developer/tester of the app. The problem remains. I read somewhere that there should be a pending request for the app that I should accept, but I haven't found any.
Regarding the ASP.NET Identity template the error is received very early in the process:
AccountController.cs:
public async Task<IHttpActionResult> GetExternalLogin(string provider, string error = null)
{
if (error != null)
{
// This is where the API comes in step 5 above
return Redirect(Url.Content("~/") + "#error=" + Uri.EscapeDataString(error));
}
if (!User.Identity.IsAuthenticated)
{
// This is where the API comes in step 2 above before it redirects me to Facebook login
return new ChallengeResult(provider, this);
}
ExternalLoginData externalLogin = ExternalLoginData.FromIdentity(User.Identity as ClaimsIdentity);
// Untouched logic
// ....
}
When I use Google Chromes Network tool I can see that I gets redirected to this link:
facebook.com/login.php?skip_api_login=1&api_key=XXX&signed_next=1&next=https%3A%2F%2Fwww.facebook.com%2Fv2.6%2Fdialog%2Foauth%3Fredirect_uri%3Dhttp%253A%252F%252Flocalhost%253A2975%252Fsignin-facebook%26state%3D...%26scope%3Demail%252Cpublic_profile%26response_type%3Dcode%26client_id%3D...%26ret%3Dlogin%26logger_id%3D...&cancel_url=http%3A%2F%2Flocalhost%3A2975%2Fsignin-facebook%3Ferror%3Daccess_denied%26error_code%3D200%26error_description%3DPermissions%2Berror%26error_reason%3Duser_denied%26state%3D...%23_%3D_&display=page&locale=sv_SE&logger_id=...
There is a cancel url with predefined error: "access_denied", error code: 200, reason: "user_denied", so maybe the "access_denied" error I receive isn't very accurate?
Other relevant code I can come up with is in Startup.Auth.cs (I never get to the OnAuthenticated part though):
var facebookOptions = new FacebookAuthenticationOptions()
{
AppId = "XXX",
AppSecret = "XXX",
Scope = { "email", "public_profile" }
};
facebookOptions.Provider = new FacebookAuthenticationProvider()
{
OnAuthenticated = (context) =>
{
context.Identity.AddClaim(new Claim("urn:facebook:access_token", context.AccessToken, ClaimValueTypes.String, "Facebook"));
context.Identity.AddClaim(new Claim("urn:facebook:email", context.Email, ClaimValueTypes.Email, "Facebook"));
return Task.FromResult(0);
}
};
app.UseFacebookAuthentication(facebookOptions);
It feels like I've tried everything. Any ideas on how to solve this?
Thanks in advance!
Update NuGet packages solved my issue.
From this post in the line
context.Identity.AddClaim(new Claim("urn:facebook:email", context.Email, ClaimValueTypes.Email, "Facebook"));
the context.Email is null.
try to update the nuget package which Microsoft.Owin.Security,Microsoft.Owin.Security.Facebook and so on
Those who were unable to resolve the issue by just updating nuget packages, it might help.
Our Web App was working fine with External Login, what was happening before was our app redirected the users to Facebook or Google for authentication and returned the relevant details from their account. But then this issue arises in which the redirect url contains an error with a value Access_Denied. which is not descriptive at all so you need to manually find the errors.
After a lot of debugging and nuget updates I was still unable to resolve the issue and then it turned out the solution was the IP whitelisting for the server as our IT team and few developers changed the the server settings or migrated the website to new server which obviously had a different IP. Hence, I added the IP address in Facebook dev console to whitelist the address and it worked like a charm.
Whereas, Google authentication was fixed without whitelisting anything, just updating the nuget packages did the job.
Using this link facebook-phonegap-cordova-without-plugin I create an phonegap Facebook app. In that app application when I am login that application it working fine. It give me facebook friendlist, birthday, friend links and its allow to me to post on Facebook wall me and my friends Facebook wall. but when I logout and logging into another user then it allow me to login but its gives me that message The User hasn’t authorized the application to perform this action. And when I try to post some thing then it gives me that error This does not let testing post to Facebook your public profile is you name, profile and other public info
I am using
latest cordova build
In developer.facebook my application name is Testing
I am using API v1.0
following code is to share the post
function share() {
openFB.api({
method: 'POST',
path: '/me/feed',
params: {
message: 'Testing Facebook APIs',
},
success: function() {
alert('the item was posted on Facebook');
},
error: errorHandler});
}
Please remember its working fine for me but when I logging using another user then it gives me error.
Have you tried this while logging out the first user :
Revoke permissions :
openFB.revokePermissions(
function() {
},
errorHandler );
If it's working for you only then check if your app is in developer mode or not.
Go to your app facebook dashboard.
App review tab.
Check and turn on to make your app public.
Hope it helps with your question.
I'm using the javascript client library to try to get a list of users in a domain, but I'm getting a 404 not found in the response.
gapi.client.load('admin', 'directory_v1', function() {
var request = gapi.client.directory.users.list({ domain: "mydomain.com"});
request.execute(function(resp) {
console.log(resp);
});
});
I have a load function before this that gets the userinfo and that works fine, it's just the directory api I can't get working. I added the admin.directory.user scope, and I have the proper client id and api key. I enabled the Admin SDK in the Services tab of my project. The account that the project was created in has all administrator privileges except super admin. Is there some extra step you have to take to use admin sdk apis? What am I missing?
Any help would be appreciated.
You need to grant Oauth access for ClientId in admin console.
Security -> Advanced settings -> Manage Oauth client access
And then add your client ID and the scope needed.
I am successfully using Django Social Auth to login users with Facebook. I'm trying to implement Google OAuth2. I have taken all the steps I know of to integrate it, but I'm getting an AuthCanceled at /complete/google-oauth2/ exception even when I click Allow access. Here's what I did to integrate it:
Went to the Google API console, registered my application and got my Client ID and Client Secret.
I added the correct return url http://mysite/complete/google-oauth2, before I did that I got "unauthorized redirect url" from Google.
In my settings.py I have
GOOGLE_OAUTH2_CLIENT_ID = '*****'
GOOGLE_OAUTH2_CLIENT_SECRET = '*****'
AUTHENTICATION_BACKENDS = (
'social_auth.backends.google.GoogleOAuth2Backend',
'social_auth.backends.facebook.FacebookBackend',
'django.contrib.auth.backends.ModelBackend',
)
I guess I have the other relevant settings right, as Facebook login works, and I'm able to show the window, view my app name in the Google authorization window, etc.
Whan am I doing wrong? How can I fix/debug that AuthCancelled exception?
The problem appears to be caused by a strange Google behavior: when I initially created my client ID, google gave me this client ID: 193271111225.apps.googleusercontent.com. After a conversation with the library author, he told me that his ids were much longer, so I created a new client ID with the exact same settings. The new ID generated was 193271111225-cvltnldi4hh5lmo784v2ir451b3rij7e.apps.googleusercontent.com and with it, it worked. Both IDs look the same in the console, but only the latter works.
Use SocialAuthExceptionMiddleware middleware for proper handling social_auth exception
MIDDLEWARE_CLASSES = (
...,
'social_auth.middleware.SocialAuthExceptionMiddleware'
)
I also faced the same error when I tried the social-auth-app-django library for social authentication.
And I was receiving the following error.
AuthCanceled at /social-auth/complete/google-oauth2/
Two silly mistakes lead to this error.
Not defining the redirect Authorized redirect URIs in the Client ID for the Web application.(set it to http://localhost:8000/social-auth/complete/google-oauth2/)
The spelling mistake for SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET
So if you are receiving the same error, make sure you define the redirect authorize URIs and check your spelling.