I'm using the Firebase Authentication services to authenticate users using Github as the provider. The OAuth response returns the access-token for the user along with some other information (e.g. email, name...). For persistence-purposes I need to save the authenticated users username or id, but I can't seem to find that information in the OAuth callback.
Am I missing something or is the user data just not provided using OAuth?
It is not clear which SDK you are using but Firebase auth returns additionalUserInfo form OAuth providers. For example, with the JS SDK, you can get the additionalUserInfo as follows:
firebase.auth().signInWithPopup(new firebase.auth.GithubAuthProvider())
.then(function(result) {
console.log(result.additionalUserInfo.username);
console.log(reuslt.additionalUserInfo.profile);
})
.catch(function(error) {
// Some error occurred.
});
Related
I am trying to authenticate user in firebase with KakaoTalk credentials. For that, I've got accesstoken from KakaoTalk. And then trying to authenticate user with that token. Here is my code :
String token = await kakaoService.getAccessToken();
await firebaseAuth.signInWithCustomToken(
token: token,
);
Got acceess token like this : nmAzFpOF9XrijP-ZoFpQbVluGZ4lLDbZxOCXIAo9c-sAAAFxrID6xA
But getting this error :
The custom token format is incorrect. Please check the documentation. [ Invalid assertion format. 3 dot separated segments required. ]
Whats wrong here? Am I missing something?
Check out the Firebase documentation regarding the use of custom token: https://firebase.google.com/docs/auth/admin/create-custom-tokens#create_custom_tokens_using_a_third-party_jwt_library
Firebase needs to successfully decode the auth token your client submits then use its claims to validate access to your Firebase resources. As such, Firebase requires that custom tokens be formatted according to the rules spelled out in their docs. (They describe a very typical JSON Web Token.)
The access token you're getting from KakaoTalk does not follow Firebase's token rules so Firebase doesn't know what to do with it. I suggest you revisit the KakaoTalk docs to see if it can generate a standard RS256 JWT token with which Firebase can work.
It seems that the token returns by kakaoService.getAccessToken() is not a valid custom token for Firebase Authentication. In fact, given the error message, it doesn't even seem to be a JWT.
Custom tokens for Firebase Authentication must have a specific format, that is documented in creating custom tokens. You'll typically want to follow this process to get a valid token for Firebase Authentication:
Sign the user in to the identity provider (KakaoTalk in your case).
Decode the token from the provider, to get the verified information about the user.
Create a custom token for the user with the Firebase Authentication Admin SDK.
Use that token to sign in to Firebase on the client.
Steps 2 and 3 must happen in a trusted environment, such as your development machine, a server you control, or Cloud Functions.
I have an app where the user logs into Facebook (and thus has an Auth Token) and then sends that token to my server for authentication within the app.
If it's the users first time in the app, I need to sign them up as well (gather email and name)
Using the users FB auth token (and any server-side tokens) how do I retrieve the user's email address and name? (What endpoints do I need to hit with what tokens/body?)
--
Additional Info:
The login is scoped with ['public_profile', 'email']
The application is running in Node.js on AWS Lambda, and I'd prefer to make a simple fetch if possible instead of installing a whole gql client.
I have tried looking at their graphQL documentation, but I can't
seem to make heads or tails out of it.
I do have access to the user's ID (example: 10157426730xxxxxx)
This would be the API call to get the name and email of a user, with a User Token:
https://graph.facebook.com/me?fields=name,email&access_token=xxxx
Alternatively, you can add the version:
https://graph.facebook.com/v4.0/me?fields=name,email&access_token=xxxx
All the existing fields for users are here to find: https://developers.facebook.com/docs/graph-api/reference/user/
You do not need the User ID, the User Token identifies the User anyway and you can just use "me" instead of the ID. The Graph API is a REST API though, not GraphQL.
I need to be able to do the operations that keycloak do when using identity provider: login/logout/create account/link account, via api, not via html.
I am unable to find in your documentation how can i do these actions, all the documentation is based on html and a series of redirect, by using keycloak and its theme.
This is not compatible with a single page application, or ios/android native application.
Examples:
Get token and refresh token by using Identity Provider brokering (google/facebook), for existing/already linked accounts, when i already have the google/facebook token.
Required steps:
I get the google or facebook token, outside of keycloak.
I need to post this token into identity provider broker.
I need to receive from this response, the authorization and refresh tokens, just like i do a login with user/pass by using route ".../protocol/openid-connect/token"
Create a new account with the user received from Identity Provider, when i already have the google/facebook token.
Required steps:
I get the google or facebook token, outside of keycloak.
I need to post this token into identity provider broker.
I receive that there is no such user, and if i want to create the user.
I post that i want to create the new account.
I need to receive from this response, the authorization and refresh tokens, just like i do a login with user/pass by using route ".../protocol/openid-connect/token"
Link an existing account, with the google/facebook account received by Identity Provider.
Required steps:
I get the google or facebook token, outside of keycloak.
I need to post this token into identity provider broker.
I receive the information that the same account exist, and if i want to link the account.
I post that i want to link the account.
I need to receive from this response, the authorization and refresh tokens, just like i do a login with user/pass by using route ".../protocol/openid-connect/token"
I tried to do hacks and ajax calls, instead of html request, but in the end it does not resolve my problem, because i don't know what happened: it logged in? it created an account? it requires to link account?
On the backend of my Azure Mobile App, I am using Azure's built in authentication services to obtain an access token when a user logs on to my app via a Microsoft account. I am successfully obtaining that token.
However, I then attempt to call out to the Microsoft Graph to obtain the authenticated user's name, email, and ID. Azure's log stream shows me this error:
MicrosoftGraphServiceException:
Code: InvalidAuthenticationToken
Message: CompactToken parsing failed with error code: 8004920A
Here is the applicable code:
[MobileAppController]
public class MicrosoftAccountController : ApiController
{
MicrosoftAccountCredentials credentials;
// GET api/<controller>
public async Task<DataObjects.User> Get()
{
if (credentials == null)
{
credentials =
await this.User.GetAppServiceIdentityAsync<MicrosoftAccountCredentials>(this.Request);
var accessToken = credentials.AccessToken;
}
GraphServiceClient graphClient =
new Microsoft.Graph.GraphServiceClient(new DelegateAuthenticationProvider((requestMessage) =>
{
requestMessage.Headers.Authorization =
new System.Net.Http.Headers.AuthenticationHeaderValue("Bearer", accessToken);
return Task.FromResult(0);
}));
Microsoft.Graph.User graphuser = await graphClient.Me.Request().GetAsync();
}
Thanks for you help!
According to your description, I assumed that you could directly access your mobile app https://{your-app-name}.azurewebsites.net/.auth/login/microsoftaccount via the browser and login with your MSA. After logged, you could try to access https://{your-app-name}.azurewebsites.net/.auth/me to retrieve the logged user info as follows:
Then, you could retrieve the access_token and try to simulate the request via postman to narrow this issue:
However, I then attempt to call out to the Microsoft Graph to obtain the authenticated user's name, email, and ID.
I assumed that you could call await App.MobileService.InvokeApiAsync("/.auth/me", HttpMethod.Get, null); in your mobile client after user logged to retrieve the user info. I found that you created a custom WebAPI and extracted the token based on the current request and used the graph client to retrieve the user info, I did not check your code, but you could remote debugging your mobile app to troubleshoot with your code.
Moreover, you could follow App Service Token Store for more details about App Service Authentication / Authorization.
UPDATE:
However, I then attempt to call out to the Microsoft Graph to obtain the authenticated user's name, email, and ID. Azure's log stream shows me this error
I checked your code and found that Microsoft Graph targets at graph.microsoft.com, while the MSA login for App Service Authentication/Authorization used the Live SDK. And the Live SDK is deprecated, I did not found any client SDK for consuming the Rest APIs, I assumed that you could just create the WebRequest and access the Live SDK REST API by yourself.
I have developed token based spring security using JWT referring this project in git https://github.com/szerhusenBC/jwt-spring-security-demo. Now I need to get facebook login in my application. For social login, I found another web page https://ole.michelsen.dk/blog/social-signin-spa-jwt-server.html which explains how the social login must be carried out.
In the normal login, my JWT project creates a token based on username, password, expiry date and time of creation. Everytime the token comes, all values from above fields are retrieved and compared to authenticate the token and then served. I've two questions:
In the social login, there will be no password created. A token will be received from the facebook(my frontend does this). I have to verify if the token is valid or not. How am I supposed to do it in JWT?
After verifying as per the article I'm supposed to create my own token for future reference. Now, there is no password in facebook login. How do I create the token?
Let me know if there are any good site available for social login using JWT in spring boot applictaion.
I found myself in similar situation, and decided to follow a slightly different approach, delegating the responsibility of authenticating with FB to the server itself.
It provides an entry point: “/auth/facebook” that redirects to FBs and proceeds to the authentication.
After that it acquires the AccessToken for the logged user and creates a JWT Token that returns to the client.
Here is a blog post explaining how to use Spring Social Facebook and Spring Security for a similar case: Stateless Spring Security Part 3: JWT + Social Authentication
Consider removing the password field from your jwt. Facebook can supply you the email and name so use that for the payload. Here is my example.
userSchema.methods.generateJwt = function() {
var expiry = new Date();
expiry.setDate(expiry.getDate() + 7);
return jwt.sign(
{
_id: this._id,
email: this.email,
name: this.name,
exp: parseInt(expiry.getTime() / 1000)
},
jwt_secret
);
};