i have a client with 6 different Facebook accounts.
i would like to create a button to each profile with auto login
when the user press on one of the button it will redirect and log him in to the specific account with out typing user name and password.
is it possible?
Look into something called OAuth2.
Create your own for your website/endpoint.
Try to make sure that all those 6 Facebook accounts are able to authorise and perform a handshake with your custom OAuth2 implementation as part of the authentication process.
Check Facebook's OAuth documentation and guidelines that you need to abide by. And then see if it possible with your prefered programming language.
Obviously, there are certain limitations to the usage of the OAuth2 implementation.
Related
Everything I have read (e.g. https://api.slack.com/docs/oauth) makes it seem as though I can only build an app that integrates with a Slack team I manage. E.g. I have to create my Slack Client ID .. etc ... and then I can oAuth users for my team.
What I want to do is allow my app's users to login to my app using their Slack login (for their Slack team I do not control or have access to.) I don't want to force my users to generate a Client ID to use my app. I want them to login the same way Google Login or Facebook Login works.
The closest thing I have found is a "login with slack" HTML button, but I'd like to do it in iOS using Swift.
Is that possible?
Sadly, that's not possible. For google or facebook, the way authentication works is that they provide you a mobile API which handles the communication between your app and their web service. So you task is simply adopt that API, make simple function call and retrieve information for user from the API. For example, the facebook button is provided by the API.
However from a look at slack site, they only have RESTful API documented. So in this case, you have to handle the passing and storing of parameters by yourself, and send HTTP request manually. You can have a look at Alamofire framework, which is the best choice for making HTTP request. Basically, you have to send needed parameter with the specific url though HTTP request to perform a log in action, and you have to parse the respond data and then see if the login is successful or not, etc
Thanks to some help from friends it looks like the answer is yes.
You must first make sure you "Distribute App"
Then set up the permissions you require and "install app" (which is a bit not "smart" since you can accidentally add conflicting permissions and get an error when trying to install).
Once that is done you will get an Auth Token and can make requests for any user to login using oAuth.
You can also trigger a sign in request like so:
https://slack.com/oauth/authorize?client_id=[client id]&scope=identity.basic
Edit: For future Googlers, Slack now also provides a specific documentation page for this type of OAuth grant/login: Sign in with Slack
Now, I wish to redirect to a private Google group on click of a button on my website along with search parameters. I have generated the required URL using perl. Then I made a simple redirection using . It works when the user is already logged in(using cookies). But it doesn't work if the user has not logged in. I wish to redirect to Google's login page to make sure the user has logged in and thus can access the private group. How do I do this? I read some documentation mentioning OAuth. Is this the only way?
Typically Google handles the login themselfs. A user not logged in will be redirected to their login page first.
You can't use OAuth to log someone into a foreign (aka Google own) service. You could use OAuth to check if a user is logged in at all, but it's not necessary.
The Dancer::Plugin::Auth::Google documentation has a pretty good description on how to setup a Google OAuth login. The Auth::GoogleAuth module might do the job (with less documentation) without using Dancer, but I never tried it myself.
I'm new to all this. This is what i'm after and i'm sure it's possible.
I've got a script where people can register/login in to as members. What i'd like to do is tie it in so that it just uses Facebook users details for the registrations. I've managed to set it up to sign up and and complete a registration using a user's name and email.
What i'd like to do now is automatically log the user in if they're logged in on facebook, is this possible or will they need to click a login button that then takes them to their page? If they need to click a button to login, how do I go about getting the button to take their facebook details and log them in? Also what happens in regards to passwords on my site? Is that stored in the app somehow?
Ideally i'd like to use the popup version of verification rather than the iframe that i've got set up at the moment.
Cheers in advanced for any help for a n00b!
This is in fact possible. Although I for my part was never a fan of such things here's some human-readable (simplified) theory:
Facebook uses a system called OAuth ( http://de.wikipedia.org/wiki/OAuth ). That means, when you want to have the user login onto your site using Facebook you'll of course need to provide a button/facebook-login-frame (see documentation) that says "Log me in with Facebook" or so. You then access Facebooks API (more here: https://developers.facebook.com/ ) and basically tell Facebook who you are ("Hi I'm website XY"). While that happens your user is redirected to Facebooks "permission-landing-page". On that page he needs to confirm whether he is fine with your website accessing certain information (like his name). If he confirms your website receives an access-token granting you access to a subset of his user information which you can then use to personalize his expeirence on your website.
Check out facebooks documentation because they explain exactly your usecase in detail.
(here: https://developers.facebook.com/docs/authentication/ )
PS: You'll of course never have any access to his Facebook login/password. That's kind of the idea behind "delegating" the authentication via OAuth to Facebook. Facebook only provides you with an access token (bound to that particular user who logged in and granted your app/website permissions)
I am creating a SaaS that will allow users to interact with it via their web applications. I would like to create a CAS type login mimicking Facebook connect so when you click the 'Login' button on the users website it will popup a window for you to login with my SaaS credentials.
I do not want the SaaS users site to be able to access the users login credentials so this is why I thought of CAS. However, it doesn't look like Facebook Connect redirects to the CAS server. It looks like they just popup a window to the facebook login then create a cookie once the user successfully logs into facebook. How then does the Facebook Connected site access that cookie?
I am wanting to basically be able to keep the end user on the current website without being redirected to my login application. I would like to mimic what facebook does with just popping up a little window and have them login then refresh the page after they login but I am not sure how to go about this.
Any ideas?
Facebook uses a third party cookie: they set a cookie on your domain that you can access to get the necessary credentials.
EDIT: the easiest example would be to look at PHP's setcookie function. Notice that there is a domain parameter. If you change the domain to match the domain of the actual website that initiated the authentication action then you'll be able to set a third-party cookie.
Note that on IE there are certain headers the domain that initiated the authentication action needs to set to allow your third-party cookie to be set. See http://www.spamcollect.com/archives/33 for a short writeup of how that works.
If you are working in a different language you'll need to use whatever cookie management functions they offer.
Another option may be to do this with CAS programmatically using the REST client.
https://wiki.jasig.org/display/CASUM/RESTful+API
In this way you could take the users details and login to CAS without being redirected.
Facebook uses Cross Domain communication which is what I will be using.
I want to allow users connect to my website using their facebook account.
First, the user authorizes my application and then I get an access token. Problem is, that I'm supposed on the first time to register the user, and the next time to auto login him based on his facebook email.
How do I create a SECURE way to auto login the user?
I'm using pure javascript, but I can't find any way to create a secure mechanism.
Thanks.
Facebook should handle all that for you - when they come back to your website, they can click the 'login' button(javascript SDK) and facebook should pass you back an access token.
I may, however, have misunderstood the question.