I have an app working using the oidc-client-js. The silent refresh works great. Problem is that the refresh is using an iframe and our IT department have decided iframes are bad and have disabled them on their new network they are rolling out!
Is there a way to refresh the token without an iframe or doing a whole redirect back to the id server to get a new token.
Thanks
You can request new tokens by redirecting the main browser window, or do it in a popup window. The oidc-client library supports all three.
Related
I have a web application (React js with Kotlin backend) that has normal email + pw (plus PIN) login, and it also supports 3rd party authentication (Google and Facebook). It works on mobile and web, however, when I open my webpage through Facebook app - which opens it's own browser - and try to log in with 3rd party authentication, I can click on that "Continue as me" button, but then the page refreshes and I'm not logged in. I saw the same thing happen on other sites too, e.g. Figma, Pinterest, etc. I thought it's impossible to log in this way anymore, however, I just noticed that you can actually log in to Stackoverflow this way (so facebook app -> facebook browser -> stack overflow -> 3rd party auth and it works).
Has anyone figured it out how it was possible for Stackoverflow to do this?
Ok, I found the solution. The problem was that when a user clicked on 'Login with FB' button on my site, I sent a request to fb to get back a content of a login window and I created a pop up window where I rendered it, I put on a listener on that pop up window and once it was done, then I got the access token and sent it to backend and logged the user in. On a normal browser it works perfect (both pc and mobile) but as I mentioned above it didn't work in an in app browser like facebook app.
The issue was that facebook app opens a website in it's own browser that doesn't handle any pop ups, so after a successful authentication I saw that nothing happened and it was because we were not redirected to the original window where we should have, and it had the token in the url. So the solution was instead of making this pop up window for FB login, just redirect the user to the fb login page (and stay on the same window), and once the login is successful, just handle the token as is.
I'm working on an application that can be embedded in other pages using an iFrame that requires facebook permissions. The problem is we're running into issues when trying to use the facebook SDK to login from inside an iFrame on iOS (the login window never appears). We're running code on the parent page that places the iFrame, so my question is, can I place our SDK on the parent page without conflicting with any existing Facebook SDKs on that page?
can I place our SDK on the parent page without conflicting with any existing Facebook SDKs on that page?
No, you can’t. The JS SDK can only be embedded and initialized once.
The problem is we're running into issues when trying to use the facebook SDK to login from inside an iFrame on iOS (the login window never appears)
The whole JS SDK popup login flow is not the most suitable for mobile in many cases.
You might have better luck implementing the manual login flow, https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow
If you open that in a new window, you’d have to find a way to close it again, and have the iframe notified that successful login has happend. (Perhaps postMessage before closing the login window.)
Another possible option would be to redirect in the top window (instead of opening a new window/popup), and then after login back to the 3rd-party site, that loads your iframe again. (But not all people using your plugin on their page might like that.)
I have an application on Facebook which has two pages, index.php and admin.php.
On Chrome on my Mac, when I open the application it shows index.php without errors, but when I try to visit admin.php it fails to recognize the login, i.e. when I call /me I get such an error "An active access token must be used to query information about the current user."
It works:
using FireFox with the same account on the same computer
on other computers with other accounts, both Macs and Windows using Chrome
I've emptied the cache and cleared the Facebook cookies to no avail, I even tried in "incognito mode". I'm completely clueless: what could ever cause such a localized problem?
Check that Chrome isn't blocking third party cookies - if so it may be blocking the cookie the Facebook SDK uses to store session info
Try the incognito mode in chrome. It will disable most of your chrome plugins. If it fixes your issue, you can disable one after another here chrome://extensions/ in order to find out which one's the bad one.
The signed_request which I assume you are using to extract the information is only passed to the first page that the user visits within your application.
I would recommend creating your "admin" section dynamically (using Ajax calls perhaps) to add the extra UI for administrators.
I have an issue with my Facebook app when the user uses Internet Explorer.
My app is loaded in iFrame as Canvas Page.
Cookies and Session are lost after post back. It doesn't happen of Firefox at all,
and it doesn't happen on IE if I open my app outside of Facebook, meaning, using the direct URL.
My app is Asp.net C# app but it shouldn't really matter.
I think the issue is larger than a Facebook issue... any website loaded in iFrame using cookies/session is prevented by IE from keeping cookies/session, but is there a way by Facebook to overcome this? I must use sessions in my app, not just to save the reauthentication again and again but for other things too.
Please assist me.
Thanks!
most likely you need to implement P3P headers in your app, see the following for more details:
http://forum.developers.facebook.net/viewtopic.php?id=452
I have an issue with the old sdk. Whenever I try to authorize a new user I get redirected to the home page of my app in the iframe. However, after I close the iframe and refresh the page, I can easily authorize a user.
But whenever I delete the application from my facebook account and try to authorize it, I'm back to the previous problem.
I've noticed the same bug in the different web applications. Hootsuite could be a good example.
Did facebook change the old api or did they change the authorization proces lately ?
I have a bug report open with Facebook for this. Go add your comment and vote it up.
http://bugs.developers.facebook.net/show_bug.cgi?id=12260