I have a login button in my site, which opens facebook login in new window, ask user to login fetch neccesary informations and immediately logout that user and close that temporary window. Problems comes when next user again click login button new window open and it doesn't ask for login informations it by default assumes that previous user has already logged in...How do I override these facebook logins for different users?
Facebook has support for re-authentication: https://developers.facebook.com/docs/howtos/login/client-side-re-auth/
This forces the user to re-enter his password. However, at this point the user cannot decide to login as a different user.
Support for re-authentication has just been added to the master development branch of django-allauth:
https://github.com/pennersr/django-allauth/commit/8a8f9902b4c7a1f5d079d1422be2976b51e5b7b9
If you prefer to use 0.9.0 (which does not contain support for this yet) you can easily override the "facebook/fbconnect.html" template and pass along the auth_type parameter to the FB.login API call yourself.
Related
I have created an apex application and I have some end users which should log in to the application and use it, I realized that there is not any change password or reset password option for end users !!!
How can I add it to login page ??
I have done that based on this link, but the problem is when any username is not entered, it goes to the change password page and after presseing the change password button an internal error box appears !
https://apex-de.blogspot.com/2017/11/change-apexuser-password-for-end-users.html
That page in the blog does not mention a username. And it shouldn't because a user should only be able to set/change a password for himself. Usually there are 2 ways to change a password, both can be implemented together:
A form that is accessible to any user that is logged in. That way you're sure that the password is changed for the actual user.
A link on the home page that points to a public form in which the user can enter his email address that is linked to his account. When the form is submitted the user gets an email with a link that contains a unique code that is linked to his email and only valid for x minutes. The email verification is needed to ensure the user that wants to change the password is who he says he is. Clicking on the link allows the user change the password. At no point the password is displayed to the user or emailed to the user.
Both of those can be implemented in apex - the api to change a users password is APEX_UTIL.CHANGE_CURRENT_USER_PW as mentioned in the blog.
The reason that by default there is no password management is that the authentication scheme "Application Express users" is rarely used for production applications. Usually it's social sign in, LDAP, SSO or SAML and "Application Express users" is only there for development purposes.
I'm trying to understand what is the best way to work with facebook user login. In my app in profile section it's possible for user to sync with facebook, and store it (I'm storing facebook user id in application database), and use GraphApi with provided access token in app afterwards. At this point all is fine.
But when user back to app some time later, to run some GraphApi call he need new access token, and I do not see a way how to get that access token without running user through the same facebook authentication logic with that facebook confirmation dialog.
So the question is it possible to get access token having pre-stored user id without running user again through authentication??? It's a bit weird from user perspective to see all the time that facebook dialog after he already login with facebook and save that once. Also, if facebook require always to confirm login, it seems like from app perspective it does not make sense to store id at all (any way it's possible to get it with each login)???
Also, what if I do not want for users of my app to easily change linked facebook account, but with that facebook pop up, user each time can login through different account. Is that means I need on app side afterwards compare returned id with a stored id and alert user, that he can't change already synchronized facebook account to some other?
Is there a way to redirect to other page and automatically log into that page?
So it's like I make django webpage with login and create link to facebook. When user clicks to facebook link, it should automatically login to his facebook page. Of course, I will have his facebook username and password on db I used to create the website.
Is this possible? Basically, I am trying to create interface page on django with link to several different webpage and make user access to his page by simply logon to this interface page alone.
I suggest that you have a look at the Django-allauth, which is an Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication
It does most of the things you want, you can go through the documentation
https://django-allauth.readthedocs.io/en/latest/index.html
I am new to django i made a registration page and login page now i want a user registered to login to my website when a user is logged in i want to associate a session for user which only dies when he logs out or he closes the browser
now whenever the user loads the page even after a week if the browser is not closed he should be granted access.Now the django is storing sessions in its database but will i be able to authenticate the user as different users have different permissions.can someone suggest any resource for my requirement.
I found what i needed http://gavinballard.com/associating-django-users-sessions/ its by creating a custom model extending the default one.
I am implementing "login with facebook" feature using php sdk, i am able to grab user profile details. But after that user remains logged in. Suppose user is accessing my site and after using "login with facebook" features he leaves immediately, then next person sitting there can use(misuse) previous persons account.
1)How can i automatically logout user after fetching what i needed (I dont want to show user "facebook logout" button).
2) Is there any way i can only logout user from my app and not facebook logout ? (i mean if user is already using facebook in another tab then it should only logout users facebook session from my app.)
Assuming all the usual security measures are in place (session timeouts apply to FB logins, doesn't leak FB data across distinct PHP sessions, logging out of your site clears FB session data or moves to a login/front page with no FB access), websites with Facebook integration generally don't bother securing their FB integration on a per-request basis. It's the user's own fault if they leave a browser window open and logged into your website, there's not a lot you can or really should do about that kind of mistake.
All that being said, you can call getLogoutUrl and then redirect the user to that URL to log them user out of the current session, OR you can use the JavaScript SDK's FB.logout(). Both options are mentioned here.