I have an invite friends button, that creates a facebook request to the friends you select through facebook's javascript UI mechanism. The invitees can then click "Accept" and they'll be redirected to my facebook canvas app.
From there I want them to be redirected to my website but automatically logged in with their facebook credentials as if they clicked my Facebook Connect button and logged in that way. How can I do this? I guess somehow the same cookie FB Connect creates will need to be created? My website will need to be given some kind of access_token like FB Connect returns so I can verify who the user is on my system (or create a new one).
Or is this not possible and the user will have to be simply redirected back to my website and then login through Facebook Connect even though they're already "logged in" to my facebook canvas app?
Once the user gets redirected to your Canvas App (iframe) you are in control!
So let's assume the following:
The friend clicks "Accept" and get redirected to Your Canvas App
You receive a signed_request, and check if a user_id presents (i.e he is already a website user)
if yes then just set your own login sessions (or whatever mechanism you use) and redirect else
Follow the standard authentication flow (whether it's client side or server side)
If the user clicks cancel then just redirect
if he authorizes your app then register user (insert to DB) and follow step #3
Related
I am using AD B2C custom policies with my own custom UI. For some purpose I'm adding some cookies. As the UI runs under B2C domain (eg: tenant.b2clogin.com) these custom cookies are created under this domain.I need to found a way to remove these customised cookies when we do the B2C logout. I know the B2C has a way to redirect to a logout URL, but, I'm not sure it will work because this URL is out of the B2C domain when the cookies are created. Do you have a suggestion about how to customise the logout to remove these custom cookies placed under B2C domain?
Currently we can not customize the sign out UI directly by using custom page layouts.
When you logout from your web app you should redirect to B2C's logout endpoint as described in the document.
When you want to sign the user out of the application, it isn't enough
to clear the application's cookies or otherwise end the session with
the user. Redirect the user to Azure AD B2C to sign out. If you fail
to do so, the user might be able to reauthenticate to your application
without entering their credentials again.
The logout endpoint can receive an optional post_logout_redirect_uri parameter in the query string, where you can specify another URL where your user will be finally redirected by B2C. That can be the address of any resource, e.g. you homepage or your own page showing a "You successfully logged out of our service" message to the user.
post_logout_redirect_uri - The URL that the user should be redirected
to after successful sign out. If it isn't included, Azure AD B2C shows
the user a generic message.
I'm trying to use Federation from a User Pool. Note, I am not talking about Federated Identity Pool a different concept.
Is there a SignIn API for federated users or is just a hosted UI
Does the app "have to" open a browser on a Sign In URL that looks like https://XXXXXX.au=th.XXXXX.amazoncognito.com/login?response_type=code&client_id=XXXXXXXXX&redirect_uri=XXXXXXX? Can the end-user can stay inside the app, similar to how Google SignIn API on Android works (it pops up a small Google sign in UI, user clicks on their name, you're immediately back inside the app with a token.
How do I launch a browser on that Sign In URL?
How can my app be called back when the user has finished signing in?
Specifically how does my mobile app receive the token from the browser?
Is there a SignIn API for federated users or is just a hosted UI?
As far as I can tell you have to use the hosted UI when you federate a user pool to social IdPs.
How do I launch a browser on that Sign In URL?
This depends on the language and platform obviously, on Android with Xamarin you can use Xamarin.Auth.Presenters.OAuthLoginPresenter.Login() to launch a native browser Chrome at a URL specified by the OAuth2Authenticator you pass in. That OAuth2Authenticator does more than just craft the URL it gives Chrome, its stateful so when you get an answer back in the form of a code or token, you can then call methods on that object to proceed.
How can my app be called back when the user has finished signing in?
Specifically how can the browser redirecting a URL actually redirect you back inside the app. That's done via something called, Deep Links & App Links, here's that concept explained on Android.
Postman now has support for Oauth2.0. The nice thing is that if necessary, Postman will display a pop-up login modal for authentication if the Auth URL redirects to a login screen.
My question: is it possible to display this same modal for a request via a script? I would like to replicate the same Oauth flow via a script (instead of having to generate an access token via the button).
Thanks!
Yes, You can get this done. Instead of having a button create a modal dialog using javascript and get username and password from the dialog and poss them to the oauth request to get the token. I believe you are using password credentials grant where you need to send username and password while making a request.
In a Sitecore integrated azure ad B2C application, while registering through Facebook, once the user is signed up in the application using a Facebook identity provider, the user is redirecting to the page where the user details are are displayed which are retrieved from the Facebook identity. But, the problem here is if the user refreshes the page or clicking on browser back button, then the "Bad request" screen is displaying.
The error message is showing like "{"status":"400","message":"Missing required element [Given Name]"}".
When you press browser back button from any idp, an authentication failed response is sent to the b2c application.
Are you using Owin middleware? If yes, you need to catch the exception in your 'AuthenticationFailed' event and handle it properly. Something like below.
if (notification.Exception.Message == "server_error")
{
// the error message might be different based on the IDP, facebook returns server_error as reponse message
notification.Response.Redirect("/");
}
Here at my company, we started using Ping Federate as our Identity provider, this is linked with the AD for user info and so on.
The login works via the OAuth page, and this works great, I can login, do things, then when my access_tokenexpires this get's refreshed and I can continue without the user even noticing it.
But now I got the request of one of the users if he could switch logins.
but this isn't possible, because when I click login, the popup of PingFederate that get's fired doesn't asks for the credentials, it just continues and uses the last credentials.
However when i clean my cookies and I login it asks for the credentials again, but I can't ask the users to clear all it's cookies whenever he wants to switch users.
I tried clearing the cookies of the PingFederate Domain when I logout, but no luck:
me.$cookies.remove('PF', {domain: 'federation.xxx.com'});
any body else has an idea what I can do to make this work?
You should be able to use PingFederate's logout features to achieve what you're after.
If you're using just the HTML Form Adapter to log in users, then you can configure a logout path in your adapter instance that you can ask users to go to to logout. See "Logout Path" here: https://support.pingidentity.com/s/document-item?bundleId=pingfederate-93&topicId=ttq1564003023121.html
Alternatively you could enable single logout (SLO) which will trigger a logout at all adapters or other authentication sources the user may have logged in to. For more details, see:
https://support.pingidentity.com/s/document-item?bundleId=pingfederate-93&topicId=php1564002958041.html
https://support.pingidentity.com/s/document-item?bundleId=pingfederate-93&topicId=pqn1564002990312.html