In my Angular2 app I am using Google, Facebook, Twitter and Github authentication. Twitter works fine. The problem is with Facebook and Google.
Facebook:
When I enter my username and password for Facebook login, it says App Not Set Up: This app is still in development mode, and you don't have access to it. Switch to a registered test user or ask an app admin for permissions. whereas while using twitter, the page which should show up on logging in appears.
Google:
When I am not logged in to any of the mail ids the Google authentication works fine. But if I am already logged in to any of my mail ids, then the authentication system takes that mail id itself and logs in to the app. Is there any way to make it such that the system asks which mail id I want to use, even when I am logged in through one id?
Any help would be greatly appreciated. Thanks.
You can force prompt with Google by setting custom parameters. This will give the user the option to switch accounts:
var provider = new firebase.auth.GoogleAuthProvider();
provider.setCustomParameters({prompt: 'select_account'});
firebase.auth().signInWithPopup(provider);
Related
I have a mobile app that allows logging in with facebook, when a user logs in I pull their email from the graph api but I just got a couple of logins with email addresses with #tfbnw.net domains which I guess is for test users while developing on facebook. I didnt generate these so is this someone doing something shady to login to my app or just expected behavior for some users given their settings?
Mobile app coded in react-native, using expo
Those seem to be the internal facebook QA team going through your APPs and manually checking if you're following all facebook's guidelines.
Facebook auditing your app basically.... or at least they did to mine because right after those #tfbnw.net email registrations came in, I checked my facebook app settings and sure enough, I got an alert and an email shortly after. But never received those #tfbnw.net emails before today on any other facebook logins.
I have checked my account and it looks like a generic test user Open Graph Test User gets created automatically, according to which product you enable in your app. It gets created for example, if you enable facebook login or messenger platform.
not something shady IMHO
I and a friend are developing an app and would like to use Facebook as a way of users having their own accounts without us having to ask them to store passwords or make users for security and ease of use.
Passport.js has a facebook plugin but it talks about a redirect URL so my question is: is it actually possible to just send information like email address and password to facebook for authorisation and return the users profile without actually redirecting the user to a facebook login page.
I don't see how i could redirect the user to a facebook login while inside my app and also what on earth would i put as the callback URL? Am i just trying to use passport-facebook in the wrong way?
is it actually possible to just send information like email address and password to facebook for authorisation
No. Users are strongly discouraged from giving this information to any 3rd party app, and you are not allowed to ask users for them.
Login with username/email and password happens on Facebook, not in your app. You will get feedback from the login endpoint then that they logged in successfully.
I have a website that allows a person to create an account with username/password. Once its created they can login and add their own content. Im now thinking about allowing them to login via their facebook profile, so when they go to my login there will be a button that says login with facebook. Then a window will popup to give permission to my facebook app so I can get their info. Once I do that do I need them to create a password still? Or once they initially give permission for their account I dont need a password, so when they come back to the site they just need to reconnect to their facebook profile? Hope this makes sense.
I would suggest the latter is true, and they don't need a password.
No, you dont need to save any password for facebook login. Facebook login box works great if you have implementes Facebook api correctly.
My buddy did the same thing. He has his setup to create a random password if they login via facebook as a precaution if they want to later login not via facebook but via their email or username then they have to recover the password.
I am developing an application where user can register themselves by filling up the registration form or login with their facebook account to use the application. But my problem is- how can I hit the login page of facebook and retrieve the userid, token, session key, username etc when user successfully logins to his facebook account and then redirect him back to my application.
I am really confused searching here and there. I have to just authenticate my user with his facebook account and comeback to my application with userid and all the keys.
please help.
Kind Regards,
Rupesh
Apparently Facebook supports OpenID, so use that. A quick google brings up articles such as http://developers.facebook.com/blog/post/246/
I am creating an app in which you can login via Facebook, Twitter, or our own internal mechanism. The issue is the following scenario:
I open the app and login using Facebook
I logout
I open the app and login using Twitter
The above scenario will result in me as a user having two accounts in the system. How do I prevent this from happening so that I have one account and it doesn't matter whether I login using Facebook/Twitter?
Every time a user login using Facebook I am as well creating an internal account, with the Facebook username and Facebook id as password. The same thing when I login using Twitter I am creating an internal account with the Twitter user name and id as password.
An idea came in my mind to solve this:
When a user logs in using Twitter check the name and email if a user with that information already exists in the database. However, the name and email they use in both Facebook and Twitter might not be the same, so this might not work all the time.
You can't make this work with your current flow (when the user logs in then logs out again). Instead you should allow a user to login with either their Facebook or Twitter credentials and then, whilst they're still logged in, get them to associate their account with their other service with that user.
So, the flow would be something like:
New user arrives at site User logs in with Facebooks oauth2
mechanism
Your server receives their FB ID and generates a new user
in your systems. Stores their FB ID against that user.
You prompt
the user to add their twitter auth credentials. User logs in with
Twitter oauth2 mechanism
Your server receives their twitter ID,
checks to see if a user is currently logged in with your
application. Because there is, you save the twitter ID agains the
current user.
Later, the user can log out and then log in with either service.