For a non-banking enterprise web app, is it recommended to allow the user to log into the app on pressing back button and then forward button on a browser, when the user has logged in and is on the landing page but has not logged out.
Related
I have a web application (React js with Kotlin backend) that has normal email + pw (plus PIN) login, and it also supports 3rd party authentication (Google and Facebook). It works on mobile and web, however, when I open my webpage through Facebook app - which opens it's own browser - and try to log in with 3rd party authentication, I can click on that "Continue as me" button, but then the page refreshes and I'm not logged in. I saw the same thing happen on other sites too, e.g. Figma, Pinterest, etc. I thought it's impossible to log in this way anymore, however, I just noticed that you can actually log in to Stackoverflow this way (so facebook app -> facebook browser -> stack overflow -> 3rd party auth and it works).
Has anyone figured it out how it was possible for Stackoverflow to do this?
Ok, I found the solution. The problem was that when a user clicked on 'Login with FB' button on my site, I sent a request to fb to get back a content of a login window and I created a pop up window where I rendered it, I put on a listener on that pop up window and once it was done, then I got the access token and sent it to backend and logged the user in. On a normal browser it works perfect (both pc and mobile) but as I mentioned above it didn't work in an in app browser like facebook app.
The issue was that facebook app opens a website in it's own browser that doesn't handle any pop ups, so after a successful authentication I saw that nothing happened and it was because we were not redirected to the original window where we should have, and it had the token in the url. So the solution was instead of making this pop up window for FB login, just redirect the user to the fb login page (and stay on the same window), and once the login is successful, just handle the token as is.
I was playing with inspect element the other day and what I did was I opened facebook in two tabs and logged out from the other tab. As soon as I returned back to the logged in tab, it showed me Login modal. How did it check instantly as no service request was made to allow them to check if the user has logged out.
Same happens with manual cookie clearance from Application tab in the developers console and also if you deactivate your account from app, the website open on your laptop shows to login. How does that happen so instantly? Is that a Websocket?
I have a like,share,win app on my website.
watch example on:
https://www.facebook.com/ExpertLemmer/app_358973127531240
The problem is when you click like, and your not logged in, FB opens the login screen, after login in it re-directs to my usual FB fanpage and not to the next app page. When already logged in it works like it should.
Is there a way to force people to log in when the first page is opened?
I am trying to use new enhanced auth dialog instead of old one in a new application,
I want to first of all display a page with a message to the user, then he can click on a button and then he have the enhanced auth dialog.
My worries are when i set up my new application, the auth dialog v2 is displayed and then if the user accept permissions, then he is redirected to my home.php.
Is it possible to use enhanced auth dialog but first of all displaying a page which inform about the application?
Thanks! :-)
Yes it is possible to first display a page to the user before putting up the auth dialog. I have a current production app that does just that.
In your app, have a connect button of your own making that you display to the user when they are not connected to Facebook.
When a user clicks it, redirect to the page you want to show them with the special wording.
On that special page, have the real facebook login button (or a button/link that fires off FB.login())
Well, I have found the answer.
If you don't want that Facebook display the enhanced auth dialog before your application, but do it manually, when you want,
in your app settings, in "auth dialog" tab, don't write anyting in "Authenticated Referrals" !
And that's all :-)
I'm developing an application that will allow users to dynamically load content on their Facebook pages.
The problem is that when they set up their application and press "Install" button, I save their settings in a database and redirect them to: http://www.facebook.com/add.php?api_key=<MY_APP_KEY>&pages=1&page=....."
After redirect, there are two options: "ADD Application" or Leave this app.
Is there any way that I can track whether the user has pressed the "ADD" button? For example if I can redirect the user after he press "Add this app" button, I'll be able to confirm that the user has really installed my application. After all, the user can hit "Leave", "navigate away of this page" or even "Close" his browser....