I am working on an Ionic 6 app that uses Auth0 for authentication. We are using the embedded login strategy and auth0-js as the client library to talk with auth0.
I've reached to the point where everything works nice if I serve the app on an emulator via ionic serve. I can login and logout effortlessly, and authjs' logout method, which I'm calling as follows:
public logout() {
store.dispatch('endSession');
this.endSession();
this.webAuth.logout({
returnTo: process.env.VUE_APP_LOGOUT_CALLBACK,
clientID: clientId,
});
}
Does redirect me to http://localhost:3000/login as intended (that's the value of VUE_APP_LOGOUT_CALLBACK).
However, when I compile the app and launch it on a mobile phone (I'm using android studio) I have the following problem:
My current problem
After calling WebAuth.logout, the app stops and a browser tab pointing to localhost:3000/login tries to open as if it was a website I'm navigating to. But the behavior I want is for the app to return to the login page, of course.
Other users seem to have found the same issue:
https://community.auth0.com/t/logout-on-ionic-3/20222/9
https://community.auth0.com/t/impossible-to-redirect-user-after-logout-ionic-angular/82205
But no one really solved the issues in those threads. I had no luck finding more resources related to this.
What I've tried
I've tried changing the redirect route to capacitor://localhost/login, hoping it's a way to tell the ionic shell to navigate inside the context of the app, but it didn't work.
I've tried to avoid passing redirectTo as an option to WebAuth.logout(). This makes the method to redirect to the first URL set up on the Auth0 dashboard allowed logout URL, as far as I know.
I've played with a lot of different URL's as returnTo, like / or /login, but it didn't work as I expected and the browser always tries to open such URL as a new website, instead of navigating in the context of the running app.
What would be the ideal outcome
I'd like the app to return to /login, which is the first view the user encounters when they launch the app on the phone.
If that's not possible, maybe it would be possible to just get Auth0 to not redirect at all, so I can perform the redirect by myself and send the user back to the login page.
Maybe there's a way to tell my app not to ever redirect to the redirectUri, even if there's no way for auth0 to avoid trying to redirect the app to another page? Auth0-js docs don't suggest any way to avoid the redirect, but maybe there's a way via ionic config or javascript to make sure the app won't ever redirect to a certain URL.
Thanks for your time!
Related
I have implemented deeplink for my ionic v1 application and also implemented universal link for same. I also checked so many links to implement App store redirection functionality.
Most of the link suggest to implement javascript code which first check device and based on ios/adnroid/window it will redirect to particular store but let say I will create that javascript code look like below
const iOS = !!navigator.platform && /iPad|iPhone|iPod/.test(navigator.platform);
if (iOS) {
window.location.href = "temp://itunes.apple.com/us/app/...";
}
but where should I put this file so when user click on deeplink it should redirect to particular this file and redirect to App Store/Play Store?
Let say I want to give my deeplink to some other server for which i don't have any access then what?
is there any other param or attribute we can set like fallback url by which when app is not installed it will automatically going to that particular link?
Any answer would be great help.
Thanks.
Usually it works that way:
You place a link on the website where you want to advertise your app. That link has a click tracking domain that points to your server. e.g. click.example.com/....
Upon clicking, if the app is installed, Universal Links would ensure that the app is opened. This is done by iOS (only if you configured Universal Links correctly, see https://developer.apple.com/ios/universal-links/). If the app is not installed, a redirect is done to your click tracking domain. This is where your Javascript logics should apply, so basically you need to reply to the request with a 302 redirect to an HTML file that contains the redirection logics (as in the example above). In that server response you can handle any fallback URL you want to use.
By the way, to make Universal Links work, anyway you had to host the AASA file, so you probably already created a server, so you can use it for the case where the app is not installed.
We're hosting a PHP facebook canvas application (http://apps.facebook.com/myapp). One of the pages (http://apps.facebook.com/myapp/foobar) requires authentication from facebook so we can access some information about the user. This is achieved by using the PHP-SDK's $facebook->getLoginUrl() method to generate the url for authentication and works as expected.
We have since added the app to as a Tab (iFrame) to our Page (http://www.facebook.com/MyPage?sk=app_nnnnn). Now when we try to authenticate the user they are redirected to the app's url (http://apps.facebook.com/myapp/foobar) rather than having the /foobar page load in the Tab's iFrame as expected.
Is it possible to set the auth so that it doesn't bounce to the app's url but stays within the Tab using the PHP-SDK? If so, what is the workflow I should follow to achieve this?
I would simply add code to http://apps.facebook.com/myapp/foobar to check for authentication, and if it is, echo:
<script type="text/javascript">
top.location.href = 'http://www.facebook.com/MyPage?sk=whatever';
</script>
That should break out of the iframe and redirect you to where you want to go.
The way I have achieved this is to do the following:
On the /myapp/foobar page I check to see whether the user has been authenticated. If they haven't I set a session value and use the PHP-SDK's $facebook->getLoginUrl() to generate the auth url and send a response back containing just the javascript to redirect window.top.
Once they've authenticated they're redirected back to the main page. When this page loads it checks for the session value and, if set, removes it and issues a redirect header to /myapp/foobar.
It's a little convoluted but seems to be quite a stable solution.
Upon install of my app on a Facebook Page, I'd like to send the user to an URL with further instructions. I'm starting the installation with http://facebook.com/add.php?api_key=app_api_key&page=page_id, which installs but redirects the user to the Facebook Page itself. It seems like various forms of redirect were available at some point:
Post-authorize callback URL. I can no longer find that in App settings.
The next parameter for add.php. I can't seem to get this to work
I have seen some apps that do redirect upon install, so I believe this is possible. Maybe it's using an old Post-authorize setting that's no longer visible?
Any help or point would be greatly appreciated! I'm also not attached to using add.php, if there's a Facebook Connect method that does this I'd use that instead (I'm looking at profile.addtab though that doesn't seem to work either).
You can set the redirect URL in the app properties. You can no longer set it from the developer control panel in Facebook, but you can still set it using the REST api.
The list of app properties is here: http://developers.facebook.com/docs/appproperties/
To set the "post_authorize_redirect_url" you would use something like this:
https://api.facebook.com/method/admin.setAppProperties?
access_token=CURRENTTOKEN&
properties={'post_authorize_redirect_url':'http://mydomain.com/post_authorize_folder/'}
I am not completely clear on this, but I believe the url needs to point to a folder, terminated with "/" rather than a specific file.
The callback gets two parameters:
installed = 1 (true)
fb_page_id = the page id when your app was installed
First page that Canvas is point to should have
< script type='text/javascript'>top.location.href = 'REDIRECT-URL';< /script>
So when your app is opened it will automaticaly redirect to REDIRECT-URL
I'm not sure that you can avoid opening of application canvas page after installing application.
I'm using the Facebook SDK on a .net 4 MVC 2.0 website. I've managed to get everything set up ok as per the sample app and I can go to my facebook app page and see my page. However when going to the About page I've been asked to allow my application to access my details, which I did, then the page just redirects to my Index page. If I click on the About tab and debug the application the About Action never gets called, it's always the Index Method.
Here's the About Method on the controller:
[FacebookAuthorize()]
public ActionResult About()
{
//Some code in here
}
So, I tried to removing the FacebookAuthorise attribute and I got this error:
(OAuthException) An active access token must be used to query information about the current user.
Have I set something up wrong somewhere whereby the cookie isn't being read or the authorisations can't take place? I've got the enable cookie set to true in the web.config for the facebookSettings.
You shouldn't be using the FacebookAuthorize attribute inside an iframe app. You should use CanvasAuthorize. Authorization is different depending on if you are in a iframe or a regular web app. Change that and it should work correctly.
In my joomla application I am facing a problem . user can log in my application through facebook ,but I want whenever user log out from my application, it must be log out from facebook account too.
Please give me your suggestion or any idea how can i do this?
Thanks
I assume you're using Facebook Connect?
If so, just do the following in JavaScript:
FB.Connect.logout(); // old JS API
FB.logout(); // new JS API
http://developers.facebook.com/docs/reference/javascript/FB.logout
http://developers.facebook.com/docs/reference/oldjavascript/FB.Connect.logout
Are you redirecting to another page along with or immediately after the FB.logout call?
I have found that FF and Chrome will execute the FB.logout call quickly enough for this to work properly but that IE and mobile browsers (because of network speed in addition to differences in the JavaScript engine) will not complete the call successfully before the browser loads whatever page you're redirecting to.
So, the safest thing is to put any redirect into a callback function and pass that to FB.logout like this:
function mysignout(url)
{
FB.logout(function()
{
top.location.href = 'url'
});
}
I was originally putting FB.logout directly in the onclick event of an anchor link and while that worked in FF and Chrome it did not work in IE or in my Android browser. Doing the above made it work in all environments.
Surprisingly, it take 2+ seconds for FB.logout to completely successfully in most environments. There is obviously some kind of ajax call involved to revoke authentication on the server, not just destroying the local cookie.