I have set up a custom login system with my Meteor applications where a created user has a username, email, password, profile (with many other non-important fields there)...
For my login I have the following function:
Meteor.loginWithPassword(username, password, function(err) {/* error feedback */});
At the moment this works perfectly for logging in with the username but I'd like to be able to log in with email address.
Is there a way to login with username OR email address?
Note that I've added validation on creating a username where the username cannot be an email so I am able to perform an "if isEmail" condition before applying this login function. Therefore the username and email won't be the same so that factor is not an issue.
You can just do something like this
Meteor.loginWithPassword(email, password, function(err) {/* error feedback */});
Related
We have issues with our web app and Facebook.
I'm doing the Login with scope email
FB.login(function(response) {
// my code
}, {scope: 'email', auth_type: 'rerequest', return_scopes: true});
I got the popup asking permission for the email, and other fields
I accept it, but then after getting the access_token, I call
https://graph.facebook.com/v15.0/me?fields=id,first_name,last_name,name,email,picture.type(large)&access_token={MY_TOKEN}
The email field is not in the response
What I don't understand is that user is a test user created on Facebook app page. One in Two users I create have this issue. For some other users, I have the email with the same exact procedure
Do you know what could happen?
We are experiencing the same issue.
WizKid is right. Try using https://developers.facebook.com/tools/explorer/ and you'll see that when you get no email, this tool shows "The email field was not returned. This may be because the email was missing, invalid or hasn't been confirmed." message.
I try to change the email address of an MFA registered user in Flutter + Firebase with the below-mentioned code. I try this code with both an already registered (verified) MFA user and a non-registered (verified) user. Both of them return the error mentioned in the above title. I expect Firebase to send an email to stated on "newEmail" address like on the Firebase console as "Email address change" template. But there is no email sent to "newEmail". How to solve this problem?
onPressed: () async {
try {
var currentUser = FirebaseAuth.instance.currentUser;
if (currentUser!.emailVerified) {
await currentUser.updateEmail(newEmail.text);
}
} on Exception catch (e) {
ScaffoldMessenger.of(context).showSnackBar(
SnackBar(content: Text(e.toString())));
}
},
When you try to change the email address that exists inside the FirebaseUser object using the following line of code:
await currentUser.updateEmail(newEmail.text)
It doesn't mean that Firebase will automatically send an "Email address change". No, it doesn't work like that. In order to be able to perform such an operation, the new email should already be verified.
To solve this problem, when your user types the new email address, then you have to verify that email address before trying to update the FirebaseUser object. So when your user hits update, you need to send a verification email. As soon as the user clicks on the link in the email and the email is verified, then you can perform the update using the above line of code. So it's a two steps operation.
I would like to implement this authentication flow in Keycloak:
A user creates an account by typing only his email
The user is logged in and can access my service
2'. At the same time, an email is sent to him, allowing him to "finalize" his account
The user leaves his session -> to reuse my service, he must click in the received email
By clicking in the received email, the user defines his first password
The user is then logged in automatically (without going through a login page).
The objective of this flow is to be the simplest, to hook users who are not used to webapps.
The implementation I would do:
Create an account without password request: I customize the Keycloak Registration flow by disabling the Password Validation and Profile Validation rules
Programmatically, in my webapp, at the first connection of a user, via the REST Admin API, I trigger the email action UPDATE_PASSWORD
I get something that works, but:
A. The link received by email redirects to an intermediary page confirming the execution of actions ("Perform the following action (s)") - (similar to Keycloak Implement Reset password flow same as forgot password flow)
B. The user is then redirected to a login page, and not directly connected to the application.
When, as a normal user, I trigger a reset password request (through 'forget password' feature), the process is the one I want: by clicking on the email link, I go directly to the page allowing me to enter and confirm a new password, then I'm authenticated.
My question: Do you see a way to implement this 'simplified' flow?
My keycloak version : 11.0.2
Thank you !
I could remove the "info.ftl" page display, customizing the "ExecuteActionsActionTokenHandler", as explained here :
action-token-spi
You have to create a file :
src/main/resources/META-INF/services/org.keycloak.authentication.actiontoken.ActionTokenHandlerFactory
containing the name of the class you want to use instead :
com.example.ExecuteActionTokenHandlerFactory
Then you create that class com.example.ExecuteActionTokenHandlerFactory with the following code :
public class ExecuteActionTokenHandlerFactory extends ExecuteActionsActionTokenHandler {
#Override
public Response handleToken(ExecuteActionsActionToken token, ActionTokenContext<ExecuteActionsActionToken> tokenContext) {
AuthenticationSessionModel authSession = tokenContext.getAuthenticationSession();
String redirectUri = RedirectUtils.verifyRedirectUri(tokenContext.getUriInfo(), token.getRedirectUri(),
tokenContext.getRealm(), authSession.getClient());
if (redirectUri != null) {
authSession.setAuthNote(AuthenticationManager.SET_REDIRECT_URI_AFTER_REQUIRED_ACTIONS, "true");
authSession.setRedirectUri(redirectUri);
authSession.setClientNote(OIDCLoginProtocol.REDIRECT_URI_PARAM, redirectUri);
}
token.getRequiredActions().stream().forEach(authSession::addRequiredAction);
UserModel user = tokenContext.getAuthenticationSession().getAuthenticatedUser();
// verify user email as we know it is valid as this entry point would never have gotten here.
user.setEmailVerified(true);
String nextAction = AuthenticationManager.nextRequiredAction(tokenContext.getSession(), authSession, tokenContext.getClientConnection(), tokenContext.getRequest(), tokenContext.getUriInfo(), tokenContext.getEvent());
return AuthenticationManager.redirectToRequiredActions(tokenContext.getSession(), tokenContext.getRealm(), authSession, tokenContext.getUriInfo(), nextAction);
}
}
Actually it is the same implementation as the upper class, except we removed the following part :
if (tokenContext.isAuthenticationSessionFresh()) {
...
}
which means that if the user did not have a session, which happens when the user is reseting his password, he is redirected to that "info.ftl" page.
As a workaround for problem A, I customize info.ftl template page. I add an ugly inline script to click on the link, redirecting automatically to the update password page.
<#import "template.ftl" as layout>
(...)
<#elseif actionUri?has_content>
<p><a id="yolo" href="${actionUri}">${kcSanitize(msg("proceedWithAction"))?no_esc}</a></p>
<script>document.getElementById('yolo').click()</script>
(...)
It'll do the job until I found a cleaner solution.
At the moment, B problem remains.
I built a custom authentication system using FirebaseAuthentication tokens.
My signup / login flow should work like this:
User presses login button
My server generates the authentication token and sends it to the client
Check if the user already exists (in the 'Auth' table or in my database?)
If true: sign in using FIRAuth.auth()?.signIn(withCustomToken:...
If false: Show a form to to enter custom information (name, etc..)
sign using FIRAuth.auth()?.signIn(withCustomToken:...
save the custom information to my database
My question is: How can I find out if the user has already signed up?
Would a publicly accessible database with only uid's be the way to go?
This is fairly opinion based, but yes, I would use a standalone DB that stores each user's username who has signed up. Then all that is required is a quick web request through a PHP file querying for any rows returned with that username.
The firebase sign in method will feedback in asynchronous callback.
FIRAuth.auth()?.signInWithEmail(email, password: password, completion: { (user , error) in
if let error = error {
print(error.localizedDescription)
return
}
self.signedIn(user)
})
If you haven't sign up yet. The error will print out
There is no user record corresponding to this identifier. The user may have been deleted.
I start using the new Auth Dialog and I set it to ask for the users email permission, the problem is that I get the user proxy email address (with facebook servers). How can I solve this? I need the user original email.
I'm using JS sdk and FQL to retrive user email, but recieveing proxy email:
FB.api(
{
method: 'fql.query',
query: 'SELECT name, email FROM user WHERE uid=me()'
},
function (response) {
alert('e ' + response[0].email);
}
);
You can't force the user to give you his/her original e-mail address. And I can't see the problem here, whatever e-mail you want to send to the user...Facebook will forward it for you!