I am using external providers to login to my web app. (for example Google). In my custom userservice I get to AuthenticateExternalAsync and from there I want (if need to) redirect to Angular page.
public override Task AuthenticateExternalAsync(ExternalAuthenticationContext context)
{
...
...
context.AuthenticateResult = new AuthenticateResult("~/externalregistration", user.Subject, name, identityProvider: user.Provider);
return Task.FromResult(0);
}
i have html page
at https://localhost:44300/Content/app/externalregistration.html
How do I map externalregistration to this page?
At the moment I get an error
https://localhost:44300/identity/externalregistration#
HTTP Error 404.0 - Not Found
thank you
Mark
The page for the partial login has to be with IdentityServer - see that it's looking for it at /identity/ and not /Content/app/.
If from your user service you issue a partial login, then that web page is entirely up to you to serve up from the server. If that partial login page needs to know the identity of the user, then it needs to be hosted in the same path as IdentityServer so the partial login cookie can be read on the server. If you then want that page to be a SPA, then you'd have to have some server side code issue something into the browser for your SPA to know the identity of the user. If you want that page to be a SPA and make Ajax calls back to the server, you need to include some XSRF protection.
All in all, custom partial pages are easiest implemented as standard server-rendered MVC pages.
Related
We have a multi-site environment where each site has its own redirect URL. We want to use a single Client ID and Secret for our application but register multiple redirect URIs to it. Is it possible to add multiple URLs in below registration form:
I don't think there is possible solution to add on multiple URLs on the SharePoint online app registration form.
But from what i understand there is another way to achieve use a single Client ID and Secret for application and perform multiple redirects.
You can control the redirect url using the appredirect.aspx by specifying the redirect_uri parameter if you need to redirect from the default one check here for reference.
Basiclly it call the subsite page containing the below JS to install the app.
var url = String.format(
"{0}/_layouts/15/appredirect.aspx?client_id={1}&redirect_uri=https://***.azurewebsites.net/<<controller>>/<<view method containing the code to install the app>>?{{StandardTokens}}",
<<subsite url>>, "<<client id>>");
window.location.href = url;
The above javascript calls the appredirect.aspx page which then calls the app site as below,
https://****.azurewebsites.net/home?SPHostUrl=<<subsiteurl>>&SPLanguage=en-US&SPClientTag=1&SPProductNumber=**&SPAppWebUrl=<<weburl>>
Note: The above can be extended to check for the successful installation of the app and display an error message accordingly.
SPWeb.LoadAndInstallWeb equivalent REST / Javascript CSOM is also available here.
Here are some relevant links:
Use the redirect URL in an add-in that asks for permissions on the fly
Redirect URIs and a sample redirect page
Good afternoon everyone.
I have a dilemma.
Recently I have been assigned to create an API Documentation with Swagger 2, version 2.6.1 using SpringFox and the #EnableSwagger2 annotation. After doing so, I was given the task to "secure" it, preferably with Oauth2. At the beginning I have researched how to do it, and after many trials and errors I gave up and came up with the idea of securing the whole package and apis. My method of doing it was the following. I created a basic Oauth2 server and client folowing some tutorials on the web and I've added the swagger and the rest methods in the client. The client works in the following manner. After i enter on the site http://localhost:8082/ui/index.html, it prompts me to login. I press on login, it redirects me to the login form on the auth server at http://localhost:8081/auth/login where I enter my credentials, and after that it redirects me to my swagger. If i enter any of the links from the client in the browser url, it forwards me to the index.html if i haven't logged in previously.
My problem is that right now, Swagger works, is secured and all, but if try to call my methods from postman It displays my login page in html. I am a beginner in rest apis, can you give me some indications?
I have used the following code to do the redirects.
#Override
public void addViewControllers(ViewControllerRegistry registry) {
super.addViewControllers(registry);
registry.addViewController("/")
.setViewName("forward:/index");
registry.addViewController("/index");
registry.addRedirectViewController("/ui/v2/api-docs", "/v2/api-docs").setKeepQueryParams(true);
registry.addRedirectViewController("/ui/swagger-resources/configuration/ui","/swagger-resources/configuration/ui");
registry.addRedirectViewController("/ui/swagger-resources/configuration/security","/swagger-resources/configuration/security");
registry.addRedirectViewController("/ui/swagger-resources", "/swagger-resources");
registry.addViewController("/api");
}
#Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/resources/**")
.addResourceLocations("/resources/").addResourceLocations("/ui");
registry.addResourceHandler("/ui/**").addResourceLocations("classpath:/META-INF/resources/");
}
For example, if I acces http://localhost:8082/ui/api2/getConf, one of the methods for the api, if I am not logged in, I redirects me to the login.
If i have to test the api with postman, how can I integrate the login into it?
The login is based on a user and password.
Thank you.
I am a fairly novice Symfony (v3) developer and try to implement a Facebook login on my web application with HWIOAuthBundle. I have already read upon OAuth2 and understand the basic workflow using Authorization Code. Furthermore I have studied Facebook's relevant on tutorial. Also I followed the complete HWIOAuthBundle tutorial. However, due to the very sparse documentation imho on HWIOAuth-side, I am still not able to grasp "all the magic" that is happening under the hood inside the bundle.
(1) I do not fully understand the example Twig Template:
(a) If I understand correctly, if response.status === 'connected' then Facebook has already returned an access token. In the template, a call is made to url("hwi_oauth_service_redirect", {service: "facebook"}). Do I assume rightly that the controller behind the service then loads the rest of the user information from Facebook and then calls the configured oauth_user_provider to start authentication process in symfony?
(b) If response.status is not equal to connected, then user is still not logged in yet (either not into Facebook or not into app). In the Twig template, again a redirect is being made to url("hwi_oauth_service_redirect", {service: "facebook"}). Why is again the same controller called and what does it do then?
(2) I do not understand all configuration parameters as shown in the HWIOAuthBundle tutorial:
(a) routing.yml:
What is the entry for
hwi_oauth_login:
resource: "#HWIOAuthBundle/Resources/config/routing/login.xml"
prefix: /login
good for?
(b) security.yml:
oauth:
resource_owners:
facebook: "/login/check-facebook"
login_path: /login
failure_path: /login
What is behind /login/check-facebook?
What is the purpose of login_path, what is behind /login?
1)a) No. The controller (link) ends up redirecting the user to an authorization url It redirects the user to the authorization url
1)b) You can be logged into facebook but you might have rejected the app in the past. FB.login asks the user again for permission (that's why the scope:email is added there)
2)a) it loads the login routes under a prefix if you check that file you'll see that it adds a route under the "/" path putting the prefix helps you avoid conflicts with your other routes.
2)b) it's not a real route it gets intercepted by the firewall to check user auth. If you've implemented a normal login html form it's the same as /login_check, it's where your login html form action is but there's no controller behind it. Symfony security is extremely flexible so it can get a little bit complicated to wrap your head around it, I recommend that you see this slides from Sarah Khalil where she explains it. login_path is where your normal login form would live, in this case it's where your facebook login button, and the rest of your twig template, would be.
I'm using the Grails Spring Security Core plugin and now adding in Facebook authentication via the Facebook Authentication for Spring Security Core plugin. I'm able to authenticate with Facebook, however it's always redirecting back to an incorrect URL. I want to redirect to localhost:8080/rar/user/home, however after login I'm redirected to localhost:8080/rar/#_=_. When logging in through a standard login form I am redirected properly to localhost:8080/rar/user/home.
My FB app settings has http://localhost:8080/rar/ for the Site URL. I'm using these plugins:
compile ':spring-security-core:2.0-RC2'
compile ":spring-security-ui:1.0-RC1"
compile ":spring-security-facebook:0.15.2-CORE2"
And have these config settings:
grails.plugin.springsecurity.successHandler.defaultTargetUrl = '/user/home'
grails.plugin.springsecurity.facebook.filter.type='redirect'
grails.plugin.springsecurity.facebook.domain.classname='mvp.FacebookUser'
grails.plugin.springsecurity.facebook.domain.appUserConnectionPropertyName='user'
grails.plugin.springsecurity.facebook.appId='<APPID>'
grails.plugin.springsecurity.facebook.secret='<SECRET>'
grails.plugin.springsecurity.facebook.filter.redirect.failureHandler='redirectFailureHandlerExample'
grails.plugin.springsecurity.facebook.autoCreate.roles=['ROLE_USER', 'ROLE_FACEBOOK']
I don't think it matters for this problem, but I have a FacebookAuthService that implements create() to search for existing users with the same email address as the Facebook user, and merges the accounts if it finds one. Currently my redirectFailureHandlerExample does nothing but log a message, which is never hit.
Any help greatly appreciated!
You should set the following setting too at config.groovy
grails.plugin.springsecurity.facebook.filter.redirect.successHandler='redirectSuccessHandlerExample'
And at the resources.groovy:
beans = {
redirectSuccessHandlerExample(org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler) {
defaultTargetUrl = '/rar/user/home'
}
}
In our app (service provider), there is a security filter to prevent viewing certain pages. For example a user can view a.xhtml but not b.xhtml. The user can login to view a.xhtml. And if he type in the URL to b.xhtml, the security filter will redirect himi to an error page.
Using josso, before login, user may type the url to b.xhtml and would be redirected to josso login page. After successful login, user will be redirected to the "back_to" page, which will be b.xhtml. In this case the security filter is not triggered, the use can see b.xhtml!
Refresh on b.xhtml then will trigger the filter and send user to error page, but too late.
We use josso 1.8.5 and tomcat 7.0.26.
Please any guru can help?
Thanks