I am following the Task Tracker tutorial and I am not able to persist the login session. I am able to register and login, however, everytime I close the app and open it again, it redirects me to the login screen.
https://docs.mongodb.com/realm/tutorial/react-native/
In addition, I use AuthProvider to read user, I get “null”.
Anyone have any ideas? Do I have to write custom logic to persist login information / session tokens?
Thanks
Related
I'm trying to figure out how to allow my app users to log out (and then log back in successfully).
I have an iOS app which uses Firebase Authentication with the following user flow/logic:
a new user opens the app
they are logged in automatically as an anonymous user (uid-A)
sometime later, they want to access something sensitive so...
they log in with Facebook and link the credentials with uid-A
they want to log out so call FIRAuth.auth()!.signOut()
when the user revisits the app they're issued a new anonymous user (uid-B)
they try to log in using Facebook again but...
they get an "ERROR_CREDENTIAL_ALREADY_IN_USE" error because their Facebook credentials are linked to uid-A
Has anyone got an app logic which works for this use case? Should I be doing something different at step 5 above (i.e. not actually logging the user out but simply destroying the credentials or something)? Any pointers/ideas would be great.
I am using PhoneGap 3.0.0 and trying to create a 'simple' login and connection with facebook in order to use Facebook's post dialog to post on behalf of my application to users' Facebook pages.
Here is my understanding of how the connection logic should work:
1. he application calls out facebook login in a new window (within the application itself), but it is linked to our app data
2. so, when FB gets a successful login, they redirect to OUR server, but now with a live Facebook accessToken
3. with it, in my server, I get the session data of the person
4. then automatically, that mini-browser within the application closes
5. and comes back to the application
6. now I make an alert of the facebook token
7. and then I require our server for the user's token from my application
8. once I retrieve our Token, I can initiate the automatic load of information into the application... that's it
9. when the mini-browser closes and we get back to the application I retrieve our session token, automatically
** The problem here is that this action is not happening, the session register is not happening in our server for some reason. It does work in the test module that I developed, but not in the complete application even with the same module... that's the problem here. I get perfectly the access token from facebook, but I don't get it from our server... like their session in our server never gets registered.
I have an application which asks for a registration through facebook but before a user can proceed to the registration, the system should first determine if there is an active session. If a user is logged in to facebook, it should then automatically logout for a fresh start.
But here is where I'm stuck. The SDKs only let the user log out from facebook if he is connected to your app. It uses the app's access token. But what if he is still not registered to your app? Their log out means to log out from your app, and not really from facebook.
My requirement :
1. How can i log out from facebook.
2. How can i clear the browser cookies?
Not on a specific app but the whole facebook session.
[from comments] But to use the getLogoutUrl() function, the user has to be connected to your app. What I need is to logout from the whole facebook and not just from the app
If the user is connected to your app, then the URL provided by the getLogoutUrl method does that – log the user out of your app (web-app) and out of facebook.com.
If the user is not connected to your app however, you don’t have an active user access token – and then logging out of Facebook is not possible. The obvious reason being that if it was, every website that I visit could log me out of Facebook in a “drive-by” manner – without me actively wanting that, so people would get annoyed quite quickly.
If a user is logged in to facebook, it should then automatically logout for a fresh start.
If this is a security consideration, then you are in fact looking for re-authentication, which can be done using the auth_type parameter, quote from docs:
In apps where security is very important, you may want to double-check someone's identity - perhaps before they make a purchase within the app, or use it to access some sensitive personal data.
To prevent situations where a user could leave a device logged in or man-in-the-middle hijacking of the user session, re-authentication forces a person to re-enter their Facebook password before they can continue to use your app.
Be aware to use the server-side Auth flow though – because in the client-side flow, using the JS SDK, there is a bug that allows the user to bypass re-entering his password by simply closing the popup, which is still open: https://developers.facebook.com/bugs/248632218597467 (Has been assigned Priority: High, but received still nothing more than a “we will follow up” response yet.)
Use the logout.php url.
https://developers.facebook.com/docs/reference/php/facebook-getLogoutUrl/
Basically,
http://facebook.com/logout.php?next=YOUR_NEXT_URL_FOR_LOGOUT&access_token=USER_TOKEN
1) logging out from facebook by using
facebook=>getLogoutUrl();
2) clearing the session by using :
$facebook->destroySession();
example:
Log Out
logout.php page codes as follow:
<?php
require 'facebook.php';
$facebook->destroySession();
header( "location:index.php" );
?>
A lot of apps keep user logged in until user manually logs out like facebook, dropbox, etc.
I am wondering how they achieve it? There might be several approaches:
1)Do they store the username and password in a local storage, and automatically log the user in when they open the app again after a long time?
2)Or do they get a long-lived token from the server, and once the user login at very first time, the app gets a token from the server, later on they just use the token? The token will be valid until user manually logout from the app.
For #1, it will only work for native login, if an app supports "log in with facebook or twitter" it won't work.
So I just want to get an idea about how people achieve this feature? Is there any articles talk about it?
Most services like Facebook and Twitter use OAuth to manage the user session.
I use this external framework... https://github.com/nxtbgthng/OAuth2Client
It took me a while of reading and setting up to get right but it works now.
When the user logs in they get an auth token that contains an expiry date. When the expiry date comes the system automatically refreshes the token.
When I send a request to the server I send it via the OAuth framework and it adds the authorisation automatically.
I have a desktop application that uses facebook authentication in offline mode. There is no session key as the app returns me an access token.
It stores the access token and allows the user to post to facebook at other desktop app locations around an event.
The problem I'm having is that after a user goes through the oauth, I can't clear the session data for the next user.
I've tried deleting all the cookies, but that causes a facebook script error when the next user tries to authenticate...
I'm simply looking for a way to remove the session cache from the machine and not cause javascript errors...
This is the closest I've found to anyone figuring this out. It doesn't work for me, though:
http://forum.developers.facebook.net/viewtopic.php?id=84232
My problem is that I can't log the user out if they haven't authorized my app and returned an access token yet.