I want to create a simple VSCode extension that does a REST API POST of the contents of the editor window to a URL.
The issue is the URL is in a corporate environment behind a browser based single sign on sequence that requires multi-factor authentication with a hardware token and does multiple redirects when a user logs on normally through the browser. I'm not looking to circumvent this in any way, but simply authenticate the VSCode extension somehow so it can do the POST (and re-authenticating every session is fine, just not for every post).
The SSO authentication process seems to be fine with multiple windows in the browser, so e.g. you can login in one window and then do say AJAX POSTS from Javascript in another window to the REST API. So I kind of want VSCode to be considered just another window in that scenario.
I am thinking something like opening a browser window within VSCode itself to allow the user to manually authenticate, then somehow the session is maintained and VSCode can POST to the REST API URL when it wants?
Or perhaps triggering a window in an external browser for the authentication but then how would VSCode be authenticated to do the POSTS as the external browser would be a separate application.
Client OS is Windows 8 (corporate policy!) if that makes any difference. I don't have any access to modify anything on the server.
Any thoughts/suggestions welcome, thanks.
we are using keycloak 3.4.2 to try to integrate SSO behavior (via SAML). I configured two clients in the same realm; if user logins to clientA and he opens a new tab in the same browser and logins to clientB he is successfully automatically logged in.
But we are trying to integrate the following behavior:
- from ipad user opens safari and goes to site A
- he logins to site A successfully
- from site A he clicks an "universal link" to open an app previously installed which is simply a webview to site B.
Current result is the user lands in the login page of the app.
Expected result is the user gets automatically logged in.
We are using iOS 11 for frontend. Both site A and site B have a backend side written in Java6.
Our idea was to reuse all cookies from site A to app with webview of site B by using an iOS widget "SFAuthenticationSession"; but once logged in the only cookie available is JSESSIONID which is not enough I think.
In my tests when I am using only a browser with different tabs, for each different tab I have a different JSESSIONID so I expect to have a different JSESSIONID when I am landing to site B.
Our approach has been taken from current source code:
https://github.com/dvdhpkns/SFAuthenticationSession-example
So what can we do to accomplish our task ?
What are we missing ? Do we need any other tokens/cookie ? How to retrieve them ? And when ?
I hope I clearly explained issue, sorry but authentication issues are not my strong point.
Any help is greatly appreciated.
I am trying to build an iOS app using swift. I'm stuck at a crucial part in my development though. I'm trying to make an app that allows users to login as an administrator or a spectator.
Logging in as the administrator allows the user to enter data into parse database that pushes to the spectator to see during runtime.
The problem is that I need to ask the user to pick which login to use, and then the app will be set up to suite the needs of each type of login. Basically creating 2 apps in 1.
Is this possible or should I create a web base administer connecting to the spectator using the app?
I would no do that (also for security reasons). If an administrator should also have the possibilities to check out how does it look like, you should be doing this AFTER you already logged in as administrator.
So:
Single Login for both privileges.
Login is administrator - Option to change his "privileges mode" - > switch to spectator
Login as spectator -> Still everything als spectator.
This is how lot of professional software solutions handle that.
I'm working on a windows based application in C++ that requires facebook login. I'm using using Ole Embedding/ActiveX control with the CLSID_WebBrowser component (IWebBrowser2) to do the authentication.
This works pretty well in so far as I create a window, embed the activeX web browser control, and then I direct it to the facebook login with an 'authorization url', such as...
https://graph.facebook.com/oauth/authorize?client_id=xxxx&redirect_uri=https://www.facebook.com/connect/login_success.html&scope=basic_info
xxx is set to our app id.
This works, and you can login. The problem is if I quit and restart the app, even if I've selected 'keep me logged in' in the web page, I will generally have to retype in my password.
I say generally, because if I don't use the facebook auth url above, and say go to www.facebook.com, within my active x control and log in - it will remember that I'm logged in, and I don't have to type in password if I shutdown and restart the app.
As another side detail all of this is separate from the behavior of just running IE. If I run IE and login - it has no effect on the login inside of the app. And it's not something that is unique to my implementation of ActiveX control embedding. If I run the JUCE library demo - which has a web browser active X component, it has the same behavior as with mine. That is...
1) I can login via https://graph.facebook.com/oauth/authorize - but if I restart the demo, it won't remember my previous login
2) If I login via www.facebook.com then it does remember I've logged in
+ Actually a login like this in JUCE will allow me to login without a password from my app
3) Login from IE has no effect
It's tedious to have to login every time, and seems like incorrect behavior to have to do it if you select 'remain logged in'. It does not appear that it's a problem with the ActiveX control saving session state - as session state is maintained when I use the www.facebook.com login. It may be worth saying - I can't use www.facebook.com login, because it doesn't return the information that the app requires to work, that's what the authorize style url is all about.
The implication seems to be that facebook is doing something different in these scenarios - it's not storing the login information if you use the authorization url.
So my question is how to fix the problem - such that 'remain logged in' will remain logged for an application authentication through the authorization url?
I guess as a work around, you could store the authorization token in the app, and try and see it that token is valid at startup perhaps. I'm not sure that's the 'right' way to do it.
Also note - my original implementation used Ole Automation (effectively my app controlled a separate IE process), and it had none of these problems. BUT unfortunately with IE 11, Ole Automation seems to have been broken.
Thank you for your time and wisdom.
I didn't find away to honor 'keep me logged in' within facebook. Instead, if a user logs in I store the authorization token encrypted in a file. If they restart the application, it will attempt to login using the stored auth token. If it fails, a standard login sequence is pursed. This is equivalent to acting as if 'keep me logged in' is always set, which isn't right, but is better from a usability point of view than the opposite.
It may potentially be possible to lookup the 'keep me logged in' element from the DOM of the webpage, and see what it is set to. This seems kinda fragile.
I remain open to suggestions on, how to 'do this properly'.
Is it possible to authenticate to facebook without using one of their web page dialogs? I'd like to build a windows service that runs in the background and does a few FB tasks periodically for me.
Depending upon what you're trying to do you should only really need a valid token which you can generate at the developer portal under your application settings. Make sure you enable offline_access to generate a long lasting token.