Keycloak: getting back from user profile page - jboss

In my application I have a link that redirects to the user's account page on the Keycloak server.
In this page the user can update his personal information.
The problem is that after entering his account page the user has no way to get back to the application.
There's a way to let the user get back without editing the page theme?

I found the answer by looking at the freemaker template.
In my case I had to:
Set the application URL in the Base URL option in the Keycloak client settings.
Append the parameter ?referrer=<Client ID> on the URL that links to the user profile page.
ie http://127.0.0.1:8080/auth/realms/<realm>/account?referrer=<Client ID>
With these two settings the link to go back to the application will be visible.

Related

Facebook: Add an external profile into facebook

I want to build a facebook application and don't know how to plan it. A facebook user should find that application and click a button there, something like: "Add this Application to your facebook page". After that (or when the user first opens the app tab) the user will be asked to log into an external website. When the credentials are okay and the user is the owner of that facebook page/tab then this external web application will display an external profile page of that facebook user (the owner of the facebook profile the app has been put in). After that the user doesn't have to log in anymore and every user that visits that tab will see the external profile of that facebook page.
...To make it more clear an example:
User Foo has got an account at example.com and a public visitable profile there example.com/profiles/Foo. User A has also got a facebook page. Now example.com tells its users that they developed a facebook app to integrate their example.com-profiles into their facebook profiles. So the user A opens that apps page, clicks a button, logs into example.com and now has a new tab at her facebook page that contains example.com/profiles/Foo. If user B visits the facebook page of user A, he will find the example.com-profile of user A (not B) in the application tab.
What I would need is the following information:
How can I make an application available for the facebook users?
Update: found this tutorial: http://www.hyperarts.com/blog/facebook-removing-app-profile-pages-on-feb-1-2012/
Is it possible to make something like an installation process of an app? Otherwise if user A clicks the button to integrate the app into her page and user B opens the tab before user A could open it and log into the example.com, then user B could log in and his example.com profile would appear in the facebook page of user A. Or how can I solve this problem.
Next problem is that--I think--the URL of the application will be the same for all users, that integrate this app into their profile. So I would need to be able to detect the facebook page of a app request.
Update: I will be able to read the page ID from the signed request. Problem seams to be that the page administrator must know his/her page ID, but I think it will be possible to retrieve it through the graph API (if it is not part of the URL).

Custom Authorize attribute for Facebook

I'm trying to create a custom Authorize attribute for my MVC 3 application. I know that there is a default FacebookAutorize attribute that checks if the user is logged in. The reason why I want to create a Custom attribute is that the user is able to create an account with Facebook or without (default membership) Facebook.
Now when the user is logged into facebook I want to get the connected membership account and call the FormsAuthentication.SetAuthCookie method to login.
When I run my application in VS2010 (F5) the user is not logged in so you get the login page. When I click the login button and redirect to the homecontroller index action I see in the custom attribute that the FacebookWebContext.Current.IsAuthenticated() methoded is true.
After I close the browser and hit F5 again in VS the website is navigated to the homecontroller index again. In that moment the custom authorize is called again and I see that the FacebookWebContext.Current.IsAuthenticated() returnes false.
Why is it false? I was already authenticated right?
Thanks
download the latest source code and checkout "CS-AspNetMvc3-WithoutJsSdk.sln" sample which demonstrates the use of FormsAuthentication and Facebook OAuth.

can't find post-authorize URL on facebook APP page

I am making a Facebook App which will be only used for Facebook Pages.
I need to provide a post-authorize URL to make some action on Database when a user adds the app to their page.
But i cannot find any place to enter the URL.
Someone can help me ?
EDIT: User will only Add App to their page from Application Profile Page on FB
There is no such thing as "post-authorize URL" for applications working as Page tab. You will never know identity of user who added your application on page via application profile page.
Adding application to page doesn't mean that owner of page authorized the app.
Signed request contain information about page and user interacting with page tab application so you may know if user is admin of the page, liked the page and some additional details, it will include personal details only if user authorized application which should be done as separate step.
The way I'd do it:
List all the PAGE ID on which your user is admin:
FQL: select page_id from page_admin where uid=me()
When a page load your application, using the data contained in the signed_request POST parameter, look if the current page is a new page (just assign a boolean in the database to know if the page is already using the application or is new), and if the page is in fact using the app for the forst time, look if you have the admin in your database (remember? you have linked the PAGE ID and the ADMIN ID together in #1)
From there, you can do whatever you want: display a "application not yet authorized" instead of the normal app in order to wait for the user to pay you, etc...

Different domain for Facebook login

In my facebook app I need to authenticate users on a different domain (not facebook.com), for example xxx.facebook.com, is it possible?
Yes, it is possible, only IF facebook endorse it.
For example when we log in the Developers.facebook.com.
Each domain is a child of facebook which mean that you need to have approval by Facebook to create a sub-domain.(well you won't create it but they will)
a little bit of search in the dev section resulted in this,
User authentication and app authorization are handled at the same time by redirecting the user to our OAuth Dialog. When invoking this dialog, you must pass in your app id that is generated when you create your application in our Developer App (the client_id parameter) and the URL that the user's browser will be redirected back to once app authorization is completed (the redirect_uri parameter). The redirect_uri must be within the same domain as the Site URL you specify in Web site tab of the Developer App:
https://www.facebook.com/dialog/oauth?
client_id=YOUR_APP_ID&redirect_uri=YOUR_URL
If the user is already logged in, we validate the login cookie that we have stored on the user's browser, authenticating the user. If the user is not logged in, they are prompted to enter their credentials:
Hope this help

Facebook API tab settings security

I am working on a Facebook App that adds a tab to fan pages. Admins of those pages should be able to edit some settings for the tab.
So I created a settings script for that. If an admin wants to edit something, he or she is sent to http://mydomain/settings.php?fb_page_id=theirpageid
How can I verify that the person loading that page is actually authorized to change those settings? For example, if I knew the page ID for some other page that uses my tab (and the id of a page is right in the URL of the page) I could get in to their settings.
The only thing in the request array is the page id.
Thanks in advance,
Tim
UPDATE:
The only solution I've come up with is asking the user to sign in with facebook and then checking the rights, but this is something I'd like to avoid, as it's another step for the user.
The best practice for this would be to authorise user to your admin page with the manage_pages permission.
With this permission you can see what Apps / Fan Pages which that particular user is admin of by making a request to:
https://graph.facebook.com/me/accounts?access_token=VALID_ACCESS_TOKEN
So you can easily judge if the user has valid admin access rights to a page with your application tab installed.