We have a multi-site environment where each site has its own redirect URL. We want to use a single Client ID and Secret for our application but register multiple redirect URIs to it. Is it possible to add multiple URLs in below registration form:
I don't think there is possible solution to add on multiple URLs on the SharePoint online app registration form.
But from what i understand there is another way to achieve use a single Client ID and Secret for application and perform multiple redirects.
You can control the redirect url using the appredirect.aspx by specifying the redirect_uri parameter if you need to redirect from the default one check here for reference.
Basiclly it call the subsite page containing the below JS to install the app.
var url = String.format(
"{0}/_layouts/15/appredirect.aspx?client_id={1}&redirect_uri=https://***.azurewebsites.net/<<controller>>/<<view method containing the code to install the app>>?{{StandardTokens}}",
<<subsite url>>, "<<client id>>");
window.location.href = url;
The above javascript calls the appredirect.aspx page which then calls the app site as below,
https://****.azurewebsites.net/home?SPHostUrl=<<subsiteurl>>&SPLanguage=en-US&SPClientTag=1&SPProductNumber=**&SPAppWebUrl=<<weburl>>
Note: The above can be extended to check for the successful installation of the app and display an error message accordingly.
SPWeb.LoadAndInstallWeb equivalent REST / Javascript CSOM is also available here.
Here are some relevant links:
Use the redirect URL in an add-in that asks for permissions on the fly
Redirect URIs and a sample redirect page
Related
In my Flutter (Android/iOS) app I am using Firebase Dynamic Links for Patreon.com OAuth2 apis.
My dynamic link is https://myappname.page.link/patreon
The deep link is https://myappname.net/patreon
Patreon is using the https://myappname.page.link/patreon as a redirect_url , and is supposed to append some parameters to it, so it looks like
https://myappname.net/patreon?code=xxx
However, all I receive inside my app is the naked url https://myappname.net/patreon
There are no parameters attached to it.
So how can I tell Firebase to preserve the query parameters Patreon is attaching to the redirect_url?
As an alternate question, is there a better way to listen for incoming response inside of a Flutter app, without the use of Dynamic Links?
You loose all parameters by using that.
If you're relying on Patreon to send back that parameter I'd suggest to generate a small proxy where you can redirect your calls to the dynamic link by generating it on the fly.
So:
Patreon shares www.myhost.com/supah-link?p1=aaa&p2=bbb
Your micro-service which runs on www.myhost.com/supah-link receives the call
You generate a dynamic link like the following:
https://example.page.link/?link=https://www.example.com/someresource&apn=com.example.android&amv=3&ibi=com.example.ios&isi=1234567&ius=exampleapp&p1=aaa&p2=bbb
NOTE: Pay attention to the &p1=aaa&p2=bbb parameters added
Return a 302 and redirect to your newly generated link
Based on how you configure it from the console this link can redirect to the store or your app, in your app you can listen for the link as follows:
FirebaseDynamicLinks.instance.onLink(
onSuccess: (dynamicLink) async => handleDeepLink(dynamicLink?.link),
);
In handleDeepLink you can parse your custom query parameters.
NOTE: The URL parameter you pass via the dynamic link HAS TO BE ENCODED! Which means your link will look more like this:
https://example.page.link/?link=https%3A%2F%2Fwww.example.com%2Fsomeresource%26apn%3Dcom.example.android%26amv%3D3%26ibi%3Dcom.example.ios%26isi%3D1234567%26ius%3Dexampleapp%26p1%3Daaa%26p2%3Dbbb
I am using external providers to login to my web app. (for example Google). In my custom userservice I get to AuthenticateExternalAsync and from there I want (if need to) redirect to Angular page.
public override Task AuthenticateExternalAsync(ExternalAuthenticationContext context)
{
...
...
context.AuthenticateResult = new AuthenticateResult("~/externalregistration", user.Subject, name, identityProvider: user.Provider);
return Task.FromResult(0);
}
i have html page
at https://localhost:44300/Content/app/externalregistration.html
How do I map externalregistration to this page?
At the moment I get an error
https://localhost:44300/identity/externalregistration#
HTTP Error 404.0 - Not Found
thank you
Mark
The page for the partial login has to be with IdentityServer - see that it's looking for it at /identity/ and not /Content/app/.
If from your user service you issue a partial login, then that web page is entirely up to you to serve up from the server. If that partial login page needs to know the identity of the user, then it needs to be hosted in the same path as IdentityServer so the partial login cookie can be read on the server. If you then want that page to be a SPA, then you'd have to have some server side code issue something into the browser for your SPA to know the identity of the user. If you want that page to be a SPA and make Ajax calls back to the server, you need to include some XSRF protection.
All in all, custom partial pages are easiest implemented as standard server-rendered MVC pages.
I'm trying to use a new dropbox datastore API with my chrome extension. If used as specified in tutoria, auth will fail with error 400:
Invalid redirect_uri: "chrome-extension://anzbpdekhbhcbekwmfazaophjcaabshl/chrome_oauth_receiver.html". It must exactly match one of the redirect URIs you've pre-configured for your app (including the path)
If i add this URL to my app profile at dropbox website, all works fine. But "anzbpdekhbhcbekwmfazaophjcaabshl" is a computer-unique value, it will be different for each extension installation for each user. Is it possible to somehow fix this or dropbox datastore API is intended to be used on static websites where redirect url is known?
Update 1
Extension ID is random for manual/non-public extension installation.
Update 2
I have found a way to make extension ID persistent: just pack it, generate a public key fro private .pem key and set this key's base-64 encoded value as 'key' in manifest.
Moving my comment to an answer (and see updates to the question for details):
I thought that the extension ID (the part right after chrome-extension://) was not user- or computer-specific and remained the same everywhere the Chrome extension is installed.
I'm successfully using the Datastore API from a Firefox extension. The trick is to attach the dropbox scripts to an actual webpage, not a local page. I have a blank page hosted on my server, and the extension opens that page and attached the necessary scripts. From there it redirects the user to the Dropbox authentication page.
Once the user has authenticated I open the same page in a "headless" tab using the page-worker API. (I don't know if Chrome extensions have the equivalent functionality)
The redirect URL has to be https so you'll need to get an SSL certificate for it to work.
I have requirement that once user has logged in and is authenticated URL should be changed to SSL and when he logs out url is back to HTTP.
I am aware about Properties in webpart where we can set YES/NO/INHERITS/NEVER.
I am able to set HTTPS permanently but not dynamically.
Any suggestion/help is appreciated.
I'm not aware of any functionality within Kentico to do this, but you should be able to create a webpart and place it on the masterpage. This web part would just check the current user, and if there is a user that is logged in redirect to https version and vice versa.
You could also add some logic to make sure it doesn't do this in the the edit tab in cmsdesk.
You can check the user with
CMSContext.CurrentUser
Some help with redirecting to the secure page can be found at
asp.net c# redirecting from http to https
As rocky said there is not functionality out of the box that will do this for you.
You need to create a web part like it was suggested by Lukek that checks that the user is logged in and redirects them to the https address.
The code below will redirect.
if (!Request.IsLocal && !Request.IsSecureConnection)
{
string redirectUrl = Request.Url.ToString().Replace("http:", "https:");
Response.Redirect(redirectUrl);
}
As suggested bu lukek you need to check the CMSContext.CurrentUser however I would also use the HttpContext.User property.
That will enforce the request to be https.
How passing of url parameters works in facebook, twitter , youtube or other similar sites .
eg:
facebook http://www.facebook.com/stackoverflowpage
twitter: http://twitter.com/StackOverflow
you tube: http://www.youtube.com/user/BBCWorldwide
where bold ones are parameters( i believe those are parameters)
What i have seen in most websites is like this,
http://www.website.com/index.php?id=stackoverflow
then how those above websties is passing parameters in different method,how they are doing this?. Or whether when a new user is joined in those website a new file is created in their server.
eg:
http://www.facebook.com/stackoverflowpage
http://www.facebook.com/stackoverflowpage.php(or .aspx whatever methods)
This is usually done by URL rewriting on ther server side. For example using .htaccess. A typical situation is: when a request of the form http://server.com/x/y comes in, it is rewritten as http://server.com/index.php?param1=x¶m2=y and then passed on to the request processor (say, PHP).
Ref: http://en.wikipedia.org/wiki/Rewrite_engine