I'm trying to get access to salesforce visual force page(no controller) using oauth token. I used the oauth token as session id and it is working fine, when i try to get access to other visual force page ( with controller) it is directing me to salesforce login page asking to enter username/pwd to get requested page.
Related
I am using ADFS 4.0 for authenticating into my mobile application using OpenId Connect / OAuth2 flow. Basically when I sign in to my application, my mobile appliaction opens a browser to start the flow. Whenever I sign out from the application, I need to fire the ADFS sign out page to clear the cookies and redirect back to the application.
The problem I have is that when I successfully authenticate through ADFS, I need to perform some user validation in my API for the user which sometimes can fail. If the validation fails, the session cookies stays in the mobile devices browser, so the user is not prompted for credentials anymore, so hes stuck in a loop where he cannot sign in to the application again. I really don't even need the session cookies stored into the mobile devices browser because I am using the access and refresh tokens to handle the flow after the authentication.
I have configurated my application as native application / Web API in ADFS. Is there any way I could disable the cookies to be saved in the mobile devices browser or is there any other approaches for this problem?
Are you using authorization code grant flow?
If yes, you can use prompt parameter in authorization request. As explaining in this document about prompt , with prompt=select_account, user will be forced to choose current signing account or choose to login in another account, or with prompt=login, user has to reauthentication...With those values of prompt, you will not be "stuck in a loop where he cannot sign in to the application again"
so I am trying to request an authorization code from smartsheet using postman.
I created a new app on my smartsheet with the following url:
app url: https://localhost:3000/
redirect url: https://localhost:3000/callback
so I tried to use the
GET https://app.smartsheet.com/b/authorize
and input my client id, scope, repsonse_type, and state in postman
the result says there is an error and it did not direct me to a page where I am able to allow authorization.
I am expecting something similar to what the website says (http://smartsheet-platform.github.io/api-docs/#access-levels). I am not sure which part I did was wrong, I am wrong home for this volunteer work hence I do not have an appropriate url. I don't know if it's my urls that are causing the problem or there's something else.
thank you guys in advance
If you are building out the Smartsheet OAuth flow you will need to have a hosted environment where you can have requests sent and be able to open a page in a browser to authenticate to the Smartsheet account and select the Allow button to confirm the access token should be created and returned to your application.
For development purposes you can use a service like ngrok to create a publicly available URL for your localhost which will allow you to send and receive the necessary data from Smartsheet in your development environment.
Authorization tokens cannot be generated from the API - you must do them from the website. From the API documentation:
Click the "Account" button in the upper-right corner of the Smartsheet screen, and then click "Personal Settings".
Click the "API Access" tab.
Click the "Generate new access token" button to obtain an access token.
We are using WSO2 IS 5.5.0. We are able to configure IWA using Federated Authentication (Kerberos). Users are able to login with their windows credentials.
Our application is accessible in INTRANET as well on INTERNET.
We have following requirement.
All the INTRANET users should be authenticated using IWA authentication whereas all INTERNET users should be presented with login page to enter their credentials.
Can you please let us know if this is possible through some configuration?
We tried steps concept in “Advanced Configuration” under “Local and Outbound Authentication Configuration” of Service Provider but not getting expected result.
First Steps in the sequence always gets executed whereas we want some kind of switch between step 1 and step 2.
We want all INTRANET users to follow the /iwa-kerberos authentication and want to display login page for INTERNET users.
We were able to achieve this in WSO IS 5.2.0 by having a switch in our login.jsp to redirect all the INTRANET users to following URL.
/commonauth?idp=LOCAL&authenticator= IWAAuthenticator&sessionDataKey=xxxxxxxxxxxx
In this approach we used to add only “BASIC” authenticator under Step 1 under “Advanced Configuration”
I would like to get basic user information from Facebook after the user has logged in.
I've looked at the documentation in How to: Work with authentication and under the "How to: Retrieve authenticated user information" section, it shows how to do it from the .NET backend code by using an HttpClient to make the call with the AccessToken:
var fbRequestUrl = "https://graph.facebook.com/me/feed?access_token="
+ credentials.AccessToken;
Since the mobile client has the accessToken that we get from MobileServices, can the client make the call directly to a Facebook endpoint, or does the client SDK provide us with any built-in functionality?
I've been following the Xamarin.Forms Sport project and the way they get the user information from Google is by hard-coding the Google endpoint and making a call to get the user info.
Note: Xamarin.Forms Sport uses Mobile Services, not Mobile App, so not sure if that makes any difference.
It sounds like you're doing the server-directed login: where you are making a call to your backend to do the login dance with Facebook. In this, your client application is making a GET call to .auth/login/facebook, which opens up a browser or the Web Authentication Broker where you enter your credentials. The end result is you will receive a Zumo access token (different from Facebook access token).
You cannot use the Zumo access token to access Facebook APIs by itself. In the "How To:" you linked, we show you how to use GetAppServiceIdentityAsync from the backend to get the Facebook access token. This is possible because you have stored your Facebook client ID via portal, which is available to the backend.
The advantage of doing auth like this was that you don't have to deploy your Facebook Client Id with your mobile apps. If you wanted to access the Facebook APIs from the client, though, you'll need to get the Facebook token to the client.
Few ways I can suggest:
Call .auth/me from your client. The response will give you a JSON object you can parse that should include the FB token associated with your Zumo token.
Write a custom API with [Authorize] attribute set that will perform GetAppServiceIdentityAsync and respond with the value of the facebook access token. You can then parse the response from your client. This is basically what .auth/me does, but you can write it to give back only your FB access token.
Use the Facebook .NET SDK http://facebooksdk.net/ to do client-directed login. You will get a Facebook token on your client, and then you can use our LoginAsync(Facebook, access_token) method to get a Zumo token so that your client can access both Facebook and your Mobile App backend. The disadvantage, as I mentioned before, is that you'll have to deploy your FB Client ID with your app.
I have a custom salesfoce webservice, but to access that webservice we need to login from salesforce enterprise wsdl. but i dont want to add that wsdl file. Is there any way to add login function on custom webservice or login with out that wsdl webservice???
Yes, see SOAP request to APEX webservice without requiring authentication.
go into the site detail page in setup, click Public Access Settings,
and then add the Apex Class there. This is effectively granting your
anonymous running user account (guest license) the ability to directly
access this class.
There are more detailed instructions at Public Web Services via Apex and Force.com Sites.
Note that your data exposed via this web service will no longer be secure.
As you mention, you need to authenticate, the login method is not included in the custom apex WSDL, you have lots of choices, depending on exactly what sort of app you're building.
Add either the enterprise or partner WSDL to your app and call login from there.
Use an interactive OAuth flow which will result in you getting an access token & instance Url, which you can then use with the apex WSDL.
Use a programamtic OAuth flow (username/password), again resulting in an access token * instance Url which you can then use with the apex WSDL.
if you have a web based app, you can create a custom link/tab in salesforce to pass you an existing serverUrl/sessionId info.
For the OAuth flows, you would pass the received access token in your apex requests as the sessionId (just like if you got it from login), and you would combine the host name from the instance URL with the path from the apex WSDL to set the endpoint URL of your stub.