I'm working on a product(web+app) where I need to provide 3 ways to login:(No signup for the user)
1. FB
2. Gmail
3. SMS Login(FB accountkit).
We are using AWS lambda and API gateway for delivering our content to the frontend. I'm a little confused on how to go about integrating the above login methods in AWS. I read on AWS cognito but I don't think it will integrate with FB accountkit(SMS Login). Could anybody please throw some light here ?
Did you try check if the Access token from account kit has the same structure than fb login access token?, if so you can use the same method than facebook login on cognito and add login with that token...
Related
Facebook recently released a step-by-step documentation for using a GrapAPI to manage Instagram messages. To obtain the access token to use it, it's necessary to create an application in the developer center, enable login via Facebook and include the permissions "instagram_basic", "instagram_manage_messages" and "pages_manage_metadata" but to activate these options it's necessary to submit various information for approval as statement of how the integration works and descriptions of the usage flow. I don't have access to this information because I can't develop an integration without it being approved.
It's not possible to use the provided test user as the pages raised by him cannot be linked to Instagram accounts.
Tutorial followed: https://developers.facebook.com/docs/messenger-platform/instagram/get-started
Someone with some experience with the Facebook API could give me a light on how to obtain the token with access required and proceed the tests?
I have done the tutorial as well, I faced the same problem. To enable instagram_basic, instagram_manage_messages and pages_manage_metadata without app review you need to create a test-app. For test apps all permissions are granted without review.
Instructions on how to create a test-app
Another usefull tipp: If you are wondering why you need to implement facebook login to access the instagram messaging api, the logic is the following: You need to implement login to then use your own implementation to logg in your own account and obtain the page access key that will let you do api calls to the instagram messaging api. This process is obviously overkill and instagram is working on a way of getting that access token through the developer dashboard.
For now to obtain that access token you need:
implement facebook login as a simple html website and console log the response. Be sure to add the required permissions to the data-scope attribute of the facebook login button:
<div
class="fb-login-button"
data-scope="public_profile,email,instagram_basic,instagram_manage_messages,pages_manage_metadata,pages_messaging"
></div>
deploy to a website that has https enabled (logging in from
localhost will only work if you use a tunelling service like ngrok).
Open your website that has facebook login implemented and logg in with your facebook account that is also linked to the target instagram account and also is admin of your test-app.
get the access token from the response to call the other API endpoints.
We would like to enable the following scenario :
user can login to a web application leveraging Azure AD B2C as the identity provider.
user can also interact with a bot on FB messenger (built on MS Bot Framework). He is asked to log in so that we can get him an access token for subsequent web api calls.
user has access to a persistent menu on his FB messenger where he can navigate to some pages of the actual web site and be logged in straight away.
I have the following question :
Could Azure AD B2C be used in conjunction with Facebook Account Linking ? Could not find any samples... What I am doing now : in the FB login button, I pass a link to one of my bot server controller method as a level of indirection. Then in this method, I get the redirect Uri and account linking token that FB is adding to the url and then do a redirect to my B2C policy url passing these 2 arguments in the state and my own redirect Uri (not the one from FB). This way, once authentication is done, b2c redirects to my bot where I rebuilt the callback to fb url. Any security concern with this approach?
Thx !
After looking at this post Facebook Messenger: get access token of linked account it seems that FB account linking is not really useful in regards to access token. I was expecting similar behavior as Amazon Alexa account linking but in fact it has nothing to do with exchanging an authorization code with an access token and having this token manage by FB... So I am just going to leverage the BotAuth code https://github.com/MicrosoftDX/botauth to store the access token in the bot state... I dont really care about collecting the PSID...
Regarding the last step of the scenario, we are investigating cookies reuse from the first authentication flow.
I'm trying to develop a React application that will allow users to login with their Azure AD accounts and their Facebook accounts.
The first thing is that I didn't understand about the 2 tabs "User
Pools and Federation Identities". Do I need both to get it done or
just the User Pools is enough?
My goal is just the authentications. I don't want to allow users to access any AWS service. I just want the authentication token.
I already got the user logged in via facebook using the Federation Identities and the Facebook SDK, but I don't know how to keep the user data saved after getting the token from facebook auth. Also is it correct to use the facebook SDK or should I use Cognito to take care of all authentication methods for me?
Do I need both to get it done or just the User Pools is enough?
No. Userpool is more than enough if you just need authentication and do not need to use AWS services.
I already got the user logged in via facebook using the Federation Identities and the Facebook SDK, but I don't know how to keep the user data saved after getting the token from facebook auth.
What user data do you need to save. If you want User's profile data to be saved in Cognito, you need to use Cognito Userpool & not Federated Identities. Add Facebook directly to Userpool. Upon using Facebook login, a user is auto-created in the userpool based on all user data available in the token. See this doc on how to add Facebook to a userpool directly.
Also is it correct to use the facebook SDK or should I use Cognito to take care of all authentication methods for me?
Depends on your use-case. If you just want to add authentication to an app, the best way would be to Add Facebook to a Userpool directly, create an app client in the userpool for your application; enable Facebook for that app client & use Cognito Userpool's built-in UI to login using Facebook. This feature (built-in UI) is called App Integration. After successful Facebook login, a valid token will be sent to your app. Do note that the token sent to your app would be from Cognito.
Client--> Userpool built-in UI --> Redirect to Facebook --> Login using username +password --> Facebook sends its token to Cognito ( https://your-user-pool-domain/oauth2/idpresponse)-->Userpool vends its own token & redirects to the URL mentioned in the redirect_uri.
I am using keycloak as security layer and working towards enabling social login.
Social login was working and I was able to integrate Facebook with just configurations using the doicuments.
However I have a requirement where in I need to provide an API end points for the same.
Our mobile devices will be communicating to facebook via the app and will have the token from the facebook (Implicit Flow).
I will then be exchanging the token with keycloak for the keycloak access token.
I have two questions:
Is this approach correct? If not why?
How can I achieve this?
I was thinking of writing a custom authenticator (Am not sure if thats the right approoach as I have to register user are well if FB Access token user is not available with us (We can afford to login user and with jsut emailID as we can onbaord new users later)
I am blocked because authenticator is not working with any build from 2.4.0 onwards
Let me know if my approach is correct and if so how to proceed about it.
I have an Ember.js app using Ember Simple Auth. The API returns an auth token on successful sign in with email and password. I'm trying to add Facebook Login using their Javascript SDK. Upon successful sign in with Facebook, I would like to post the Facebook access token back to our API, so that the API can store the access token and respond with our own auth token. However, I'm not sure how to connect this to Ember Simple Auth so that the auth token can be stored outside of the normal email/password sign in. What do I need to do in order to make this work?
The dummy app in the repository implements the exact functionality you're describing (except it uses torii instead of the Facebook JS SDK). If you're using Rails on the server you might find the RailsApiAuth engine helpful that already implements the server part for the Facebook auth code flow.