I am building a GitHub app that requires user-to-server access tokens. I am following the Web application flow so a user can sign in and my app gets the access token.
My question is about the login parameter in the href when requesting the user's identity:
When your GitHub App specifies a login parameter, it prompts users with a specific account they can use for signing in and authorizing your app.
What does specific account mean? Does it mean the currently logged in
GitHub's user account?
What is the point of this parameter?
What is the difference between supplying the parameter and not
supplying the parameter?
Thanks!
The login is a suggested github user. When I supplied a valid login, the authorization screen showed the suggestion on top when I was logged in with a different user account.
So a use case would be if you saved the user name already somewhere and want to remind the user to use that account.
Related
I want to allow users to sign up using either a user-pool identity (email + password) or a Facebook-federated identity.
But I also want them to be able to switch later on: either add Facebook federation if they didn't sign up using Facebook initially, or remove the Facebook link from their account if they initially signed up using Facebook.
Is this possible?
Thanks in advance!
Yes, it is. I'm assuming that Facebook is added directly to the Userpool as an IdP.
Splitting your query into 2 parts:
1. User signs up using username & password. Later, he wants to link his Facebook account
This is pretty easy. Give an option in your UI and use the AdminLinkProviderForUser API to link Facebook/Google account to the user. Now, when the user signs in using this Facebook/Google account next time, Cognito will treat it as the native user & generate token for the same. Of course, the Facebook info will be mentioned in the identities claim. If the user wants to remove this Facebook/Google link later, it is possible using the AdminDisableProviderForUser API call.
2. User signs up using Facebook
This is a bit tricky since Facebook login will automatically create a user in your Userpool with status EXTERNAL_PROVIDER (unlike native users who have CONFIRMED status). As the name suggests, this user can only be logged in using the relevant external provider - Facebook in this case. If the user wants to login using a username password, a new account will have to be created using SignUp API or AdminCreateUser API. Also, this account can not be linked to the previous Facebook account using AdminLinkProviderForUser because a pre-requisite is that no Facebook user with the same details (email etc.) should exist in the Userpool. But at this moment, we have an auto-created Facebook user with EXTERNAL_PROVIDER status.
So, in short, you would have to - create a new user using SignUp or AdminCreateUser API, delete the auto-created Facebook user & Finally link the Facebook account as mentioned in case 1.
I have created a Yammer app wherein the user is able to make posts and obtain messages using an open graph feed. The user is asked to authorize the Yammer app the first time he/she logs in, in order to obtain an access token. My question is, is it possible that the user does not have to login every time he/she uses the app, in order to obtain this token?
Currently, the container where the feed is supposed to show, shows a "Login to Yammer" button. Only after the login, is the feed visible.
Is there a way to automatically login the user in the background without using impersonation? (If an encrypted version of the username and password is stored in the system.)
Thank you!
You can't log in the user without either the user interacting to authorize the app, or the authorization being performed through impersonation. You can use the setAuthToken() method from the JavaScript SDK for Yammer to inject an existing token, even if you are doing the full impersonation laid out in the linked article.
In my facebook app I need to authenticate users on a different domain (not facebook.com), for example xxx.facebook.com, is it possible?
Yes, it is possible, only IF facebook endorse it.
For example when we log in the Developers.facebook.com.
Each domain is a child of facebook which mean that you need to have approval by Facebook to create a sub-domain.(well you won't create it but they will)
a little bit of search in the dev section resulted in this,
User authentication and app authorization are handled at the same time by redirecting the user to our OAuth Dialog. When invoking this dialog, you must pass in your app id that is generated when you create your application in our Developer App (the client_id parameter) and the URL that the user's browser will be redirected back to once app authorization is completed (the redirect_uri parameter). The redirect_uri must be within the same domain as the Site URL you specify in Web site tab of the Developer App:
https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL
If the user is already logged in, we validate the login cookie that we have stored on the user's browser, authenticating the user. If the user is not logged in, they are prompted to enter their credentials:
Hope this help
I'm writing an app that will allow a user to log in to multiple facebook accounts. Basically I'm just going to store the authorization token for each account and use them as needed, so the authorization is just to get that token, not to actually log the user into facebook. As such, I want the user to have to enter their credentials every time, even if they're currently logged in to facebook. I authenticate the accounts like this:
https://graph.facebook.com/oauth/authorize?
client_id=...&
redirect_uri=http://www.example.com/oauth_redirect
How can I tell facebook to authenticate every time? I'd also like to remove the "remember me" option, so that they aren't logging into the browser with the account that they enter here.
There is a parameter that you can pass to force authentication: auth_type=reauthenticate. For example: http://graph.facebook.com/oauth/authorize?client_id=184484190795&redirect_uri=https%3A%2F%2Fwww.fbrell.com%2Fecho&auth_type=reauthenticate.
Edit: There is documentation for this here: https://developers.facebook.com/docs/reauthentication/.
You can logout the user using FB.logout:
https://developers.facebook.com/docs/reference/javascript/FB.logout/
Caveat: it is against Facebook policy for users to have more than one profile.
I am creating an application in which I am trying to add facebook account in app. What I wish to do is when user enter his/her username and password my application should call some facebook api or any other thing by which it will confirm that the user credentials are correct for facebook.
Then the API will return some message by which I can add account or give an alert that credentials are not right.
it is not possible to login using the username/password directly to the api.
use facebook connect instead.