I've set up my first Discourse instance, wrote a custom endpoint on my ASP.NET 5 web app, and enabled DiscourseConnect.
Everything works fine - when the user clicks the Log In button he gets logged in (if he is logged in into my website)
The forum will be available only to my website users, so I'd like to automatically log them in when they visit the forum (they are redirected to my login/register form via DiscourseConnect)
here is the website structure:
main website: example.com
identity server: identity.example.com (used for SSO)
forum: forum.example.com
I couldn't find anything on the Discourse Meta, so I'm asking her:
How to do automatic login when the user visits forum.example.com.
I'm aware I can create a link on my website that redirects to sso (https://example.com/session/sso), but this will work if the user starts from my website (by clicking a link in the menu). If he bookmarks the forum and opens it via that bookmark (or directly by typing the address) that automatic login won't happen.
If you only have one login method allowed, just enable the login required site setting and visitors will automatically be bounced to your ASP application.
Related
I am building a website in PHP that has a log in section. For this I have a table in a MySQL database that stores 64bit hashed passwords and the users details. When a user enters their email and password the site hashes the password and compares it with the stored hash. To set up an account the user must register.
I want to integrate Facebook log in so users don't have to go through registration and can just log in to the password protected section of my site using their Facebook account. Which incidentally is exactly how I logged into stackoverflow just now. I have been researching this but can't find any up to date tutorials on how to do this.
Can some one please enlighten me as to how I can integrate Facebook log in to authenticate users to the protected part of my website?
Does my database need to provide a table for Facebook registered users? Do I enter facebook users details into my database at all?
I'd recommend looking into JanRain if you don't want to write something from scratch. http://janrain.com/products/engage/social-login/
They provide free (for less than 2500 users) single signon that integrates with all major services like Twitter, FB, Google, Yahoo, etc. very straightforward to implement as well.
You can start through the developer page of Facebook itself. See the Facebook Login
Check this link.
Login to website using Facebook account
We can handle this from server side as well as client side. in the above mentioned link you will find the solution to do this using javascript.
Some steps
Browse this link https://developers.facebook.com
Click on apps tab. >> It will promt you for login.
Once you are logged in >>
you can create an new app in your account.
Click on settings
tab(from left pannel) >> then click on "advanced" tab on the right
window.
Under "Valid OAuth redirect URIs" >> enter proper url
(for testing you can enter your -localhost url also, something
like localhost.com:98 etc) if you are using iis you can configure the
port number there. -if required you will have to put this url in
your host file as well.
From the dashboard tab you can get the app id and secrect key for the newly created app.(we will need this in
later stage).
I have a script that sets some session values when the visitor hits the site (just visitor stats).
The user is then allowed to signup via twitter/facebook or via a "regular register" process.
Now when the user comes back from the twitter/facebook part of the login process the session values are cleared (but not unset).
The issue is that it only happens on one server (a clients server). On my own server and locally on my machine it's fine.
Is there a server/php.ini setting that may be causing some issues?
note: the facebook/twitter signin process re-directs to those sites as opposed to the "popup" window style of signing up - in case that makes a difference.
Haven't tried Twitter Login myself. But, Facebook, yes! From your footnote it is clear that you are using the PHP SDK for facebook which is not a very good(read-> g*ood looking*) choice. On October 3rd, Fb has released an updated version of Javascript SDK that you can use for the login. That workflow is beautiful. User clicks on your "Login with Facebook" button and a small pop-up opens up with the fb url and user authorizes and the pop-up goes away and the user is back on your site. With your current model, user clicks on the button and goes to another domain and then is again redirected. Check out the login with facebook from Miniclip.com and you would know what I am talking about.
As for your problem, without a look at your code, I feel the problem lies in the fact that PHP Session variables do not work cross-domain.
Picture this: user is on your site -> generates $_SESSION['id'] -> Now, redirected to Fb -> PHP $_SESSION is not going to work once they have left your domain -> -> you pull out your hair!!
I know that facebook allow me to specify multiple domains for my app.
But in the "Website with Facebook Login" i can only specify one url.
Is it possible for me, to authenticate users on domain.se, domain.dk and domain.net with the same App ? Or should i still create one app, for each domain ?
It is technically possible to use Facebook Connect on multiple domains, there are some limits (5 domains max).
So the key to doing this is adding all domains in the App Domain field under your app settings.
The PROBLEM, however, is that Facebook only lets you add domains that are derived from your Canvas URL or Site or Page tag URLs, so if you try to enter anything else you get an error that looks like this:
The SOLUTION is to create App on Facebook, Website, and Facebook Tab using the ADD PLATFORM button and then put in URLs that point to your other domains. Here is an example of what I mean:
If you use a unique domain for each field you can max out with 5 different domains. I have tested this technique with up to 3 domains, but i think it should work for all 5.
Note: Facebook admin features change from time to time, so all of this is subject to change
As long as you listed all the desired App Domains in application settings you should be able to authenticate users on any of them.
"Website with Facebook Login" is really only intended to be used as link to your site/application.
Update 2 (July 2016):
App domains must match the domain of the Secure Canvas URL, Mobile Site URL, Unity Binary URL, Site URL or Secure Page Tab URL.
Update (December 2013):
At the time of writing original answer it was possible to list any domains in application settings but from that time the UI of Application Settings (as well as way of handling Application Domains) changed at least couple of times, at some point you could only list domains that derive from one of application's canvas pages.
As of December 2013 it is possible (again) to list domains that do not derive from application canvas URL.
Assuming your domains are being served by the same web server and you have access to that web server, you can use the manual login procedure: https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow to login from as many domains as you wish.
Assume your domains are site1.com,site2.com.... Instead of using the Facebook javascript API, you will simply place a plain old Log In with Facebook button on each site which will redirect the browser to the facebook login page as described in the above article. In the state variable you can specify a code which indicates which of your sites is requesting a login. In the redirect you will use a single service domain which you assign to your web server (e.g. fb.mywebserver.com) and which you specify as the verified redirect url in the facebook login settings page. All the sites will redirect to this same url, avoiding the problem of supporting multiple domains.
Once the user has logged in, the browser will redirect to fb.mywebserver.com and pass it the state, which tells you which site is requesting login and a code which you can use on the back end to retrieve the user's info using the Facebook graph apis. You store this info with a uid in your data store then using the info in state, you redirect to to the appropriate site including a parameter that indicates a Facebook login (e.g. site1.com?fbc={some uid}). The browser will obediently then call site1.com?fbc... Your web server will receive this request and detect the fbc parameter which tells it to associate the corresponding Facebook logged in user with this site. It can then retrieve the logged in users info using the uid and, for example, return a session cookie for this user along with the page. If you generate the page on the server you can, of course, also include a welcome "user" or alternatively, your client code can do an ajax call to retrieve that information.
From the user's standpoint they press the Login with Facebook button, are redirected to a Facebook login page where they login and then are redirected back to your site in a logged in state. Not quite as nice as having the login popup but likely acceptable.
A similar process can be used for google logins as well
Best thing I've found to do in the development/production scenario is add a "Test App", then add a platform for your development web site - as you have to provide where the "page tab url" lives if you use that as a platform.
Facebook requires your "page url" to be live / accessible if you need to apply for status or permission review.
This got me around the "login in development" / "login in production" scenario.
I have confluence, jira and my own developed jsf application connected to crowd. This enabled SSO over the three applications.
When not logged in and requesting a url deep inside confluence, I get redirected to the confluence login page. I do the login and I get redirected to the previously demanded page. This is good.
But when I call a url from my own developed application (and I'm not logged in) I get redirected to the confluence login page (thsi is correct) but afterwards I get redirected to the confluence home page in stead of the page (my app) I initially requested.
How can I get the same behaviour in my own app?
Added some explanation about the integration:
code to see if a valid crowd token exists
authenticated = HttpAuthenticatorFactory.getHttpAuthenticator().isAuthenticated(
(HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest(),
(HttpServletResponse)FacesContext.getCurrentInstance().getExternalContext().getResponse());
Ok, I solved it. It was my app that redirecte to welcome page of confluence. So I added a os_destination= myself.
I'm using the Facebook Graph Toolkit and developing ASP.NET website.
I want to create and design a website that has registration that will use a Facebook account as an alternative to my website login/registration.
I am thinking of just storing the Facebook User ID who has approved the use of the FB app in order to identify the user for next time when he/she logs in to my website using his Facebook account.
Scenario here is:
Any browser, user already logged in to his Facebook account (say browser Tab no.1).
Same browser, Tab no.2, user visits my website (he has already registered to my website using his Facebook account, as I store his Facebook ID).
Upon his visit to my website home page, the top corner will display his account name (this indicates that he has logged in to my website even though he has only logged in to Facebook, but never visited my website and clicked on the Login button).
So my question is, how to achieve the scenario of step no.3?
It's quite easy but you need to do some research first. Research will better help you to understand each and every point.
Go to the Facebook Developers API Reference and do some reading.