My cookies had been protected by third party tool like “EditThisCookie” [ chrome browser] .when I try to log out using following code : [Use shiro for log out.]
Subject currentUser = SecurityUtils.getSubject();
currentUser.logout();
Executions.sendRedirect(“Login Page”);
It does not log out the application since on Second time when I enter the url it redirecting me to the home page. How can I Solve this problem.
Related
I've implemented the implicit flow for Actions on Google account linking, and am using Dialogflow (previously API.AI) to define intents.
The full flow works in the device simulator (from AOG). The first intent gets a "It looks like your account isn't linked yet..." response, and the debug pane includes a URL to initiate linking:
https://assistant.google.com/services/auth/handoffs/auth/start?account_name=[account]#gmail.com&provider=[project_id]_dev&scopes=email&return_url=https://www.google.com/
If I follow this URI in a cache-less window:
I'm redirected to my app's authentication page
I choose to sign in with my Google account (same as [account] above)
I'm redirected to google.com with a success message in the URI bar
The simulator now accepts actions via my app and responds correctly
However, if I follow the same flow using a physical Google Home & the gH app for Android.
Device tells me account not yet linked
Open Google home and follow 'Link to [my app]' link
Browser opens to authentication page
Sign in as user
Redirected to a white page with a single link "Return to app", which has an href: about:invalid#zClosurez
Linking was unsuccessful, so additional attempts to run intents on the Google Home get the same "Account not yet linked" response.
I've inspected the intermediate access_token and state variables at length, and they all match and look to be correctly formatted:
Authentication URL (app sign in page): https://flowdash.co/auth/google?response_type=token&client_id=[client_id]&redirect_uri=https://oauth-redirect.googleusercontent.com/r/[project_id]&scope=email&state=[state]
After authenticating, redirected to (this is the white screen with 'return to app' broken link): https://oauth-redirect.googleusercontent.com/r/genzai-app#access_token=[token]&token_type=bearer&state=[state]
So, it seems there's something non-parallel about the way the simulator and physical devices work in terms of implicit flow account linking.
I've been struggling with this, and with the AOG support team for a very long time to no avail. Anyone else see a similar issue?
Updated with response redirect code:
Login handled by react-google-login component with profile & email scopes. On success we call:
finish_auth(id_token) {
let provider = {
uri: '/api/auth/google_auth',
params: ['client_id', 'redirect_uri', 'state', 'response_type'],
name: "Google Assistant"
}
if (provider) {
let data = {};
provider.params.forEach((p) => {
data[p] = this.props.location.query[p];
});
if (id_token) data.id_token = id_token;
api.post(provider.uri, data, (res) => {
if (res.redirect) window.location = res.redirect;
else if (res.error) toastr.error(res.error);
});
} else {
toastr.error("Provider not found");
}
}
provider.uri hits this API endpoint:
def google_auth(self):
client_id = self.request.get('client_id')
redirect_uri = self.request.get('redirect_uri')
state = self.request.get('state')
id_token = self.request.get('id_token')
redir_url = user = None
if client_id == DF_CLIENT_ID:
# Part of Google Home / API.AI auth flow
if redirect_uri == "https://oauth-redirect.googleusercontent.com/r/%s" % secrets.GOOGLE_PROJECT_ID:
if not user:
ok, _email, name = self.validate_google_id_token(id_token)
if ok:
user = User.GetByEmail(_email, create_if_missing=True, name=name)
if user:
access_token = user.aes_access_token(client_id=DF_CLIENT_ID)
redir_url = 'https://oauth-redirect.googleusercontent.com/r/%s#' % secrets.GOOGLE_PROJECT_ID
redir_url += urllib.urlencode({
'access_token': access_token,
'token_type': 'bearer',
'state': state
})
self.success = True
else:
self.message = "Malformed"
else:
self.message = "Malformed"
self.set_response({'redirect': redir_url}, debug=True)
I am able to make it work after a long time. We have to enable the webhook first and we can see how to enable the webhook in the dialog flow fulfillment docs If we are going to use Google Assistant, then we have to enable the Google Assistant Integration in the integrations first. Then follow the steps mentioned below for the Account Linking in actions on google:-
Go to google cloud console -> APIsand Services -> Credentials -> OAuth 2.0 client IDs -> Web client -> Note the client ID, client secret from there -> Download JSON - from json note down the project id, auth_uri, token_uri -> Authorised Redirect URIs -> White list our app's URL -> in this URL fixed part is https://oauth-redirect.googleusercontent.com/r/ and append the project id in the URL -> Save the changes
Actions on Google -> Account linking setup 1. Grant type = Authorisation code 2. Client info 1. Fill up client id,client secrtet, auth_uri, token_uri 2. Enter the auth uri as https://www.googleapis.com/auth and token_uri as https://www.googleapis.com/token 3. Save and run 4. It will show an error while running on the google assistant, but dont worry 5. Come back to the account linking section in the assistant settings and enter auth_uri as https://accounts.google.com/o/oauth2/auth and token_uri as https://accounts.google.com/o/oauth2/token 6. Put the scopes as https://www.googleapis.com/auth/userinfo.profile and https://www.googleapis.com/auth/userinfo.email and weare good to go. 7. Save the changes.
In the hosting server(heroku)logs, we can see the access token value and through access token, we can get the details regarding the email address.
Append the access token to this link "https://www.googleapis.com/oauth2/v1/userinfo?access_token=" and we can get the required details in the resulting json page.
`accessToken = req.get("originalRequest").get("data").get("user").get("accessToken")
r = requests.get(link)
print("Email Id= " + r.json()["email"])
print("Name= " + r.json()["name"])`
Not sure which python middleware or modules you are using but
self.set_response({'redirect': redir_url}, debug=True)
seems to be setting parameters for a returning a response which isn't correct. Instead you should redirect your response to the redirect_url. For example importing the redirect module in Flask or Django like:
from flask import redirect or from django.shortcuts import redirect
then redirect like:
return redirect(redirect_url)
It appears Google has made a change that has partially solved this problem in that it is now possible to complete the implicit account linking flow outside of the simulator, in the way outlined in my question.
It seems the problem stemmed from an odd handling (on the AOG side) of the client-side redirect case used after sign in with the Google sign-in button.
From Jeff Craig in this thread:
The current workaround, where we provide the "Return to app" link
currently what we're able to provide. The issue is with the way that
redirecting to custom-scheme URIs is handled in Chrome, specifically,
with regard to the redirect happening in the context of a user action.
XHR will break that context, so what is happening is that you click
the Google Sign-In Button, which triggers an XHR to Google's servers,
and then you (most likely) do a client-side redirect back to the
redirect_url we supply, our handler executes, and isn't able to do a
JS redirect to the custom scheme URI of the app, because were outside
of the context of a direct user click.
This is more of a problem with the Implicit (response_type=token) flow
than with the authorization code (response_type=code) flow, and the
"Return to app" link is the best fallback case we currently have,
though we are always looking for better solutions here as well.
The current behavior shows the 'Return to app' link, but as of last week, this link's href is no longer about:invalid#zClosurez, but instead successfully completes the sign-in and linking process. It's an odd and confusing UX that I hope Google will improve in the future, but it was sufficient to get my app approved by the AOG team without any changes to my flow.
I am using Auth0 to authenticate users by redirecting them to facebook.
But the problem I am facing is that if a user types in incorrect account credentials the first time and succeeds on the second attempt the redirect does not happen, instead it takes me to "Oops!, something went wrong" page with the following message:
"invalid_request: You probably pressed the back button or there is some issue with cookies, since we couldn't find your session. Try logging in again from the application and if the problem persist contact the administrator."
EDIT: I am using the below Auth0Lock code on the client side.
var lock = new Auth0Lock('<%= auth0.clientId %>', '<%= auth0.domain %>', {
//redirect mode
auth: {
redirectUrl: '<%= auth0.callback %>',
responseType: 'code',
params: {
scope: 'openid' // Learn about scopes: https://auth0.com/docs/scopes
}
},
autoclose: true,
theme: {
logo: 'https://xxxxxx/logo_orange.jpg'
},
languageDictionary: {
title: "test"
}
});
lock.on("unrecoverable_error",function(err) {
console.log(err);
});
lock.on("authorization_error",function(err) {
console.log(err);
});
Once I select Login with facebook I am redirected to facebook url that looks something like link
There if I enter the email/password incorrectly the first time the page refreshes and on the second try if I succeed,instead of taking me back to my app the auth0 generic error page => doc shows up with the error I mentioned at the top.On the server side passport seems to correctly authenticate the user.
PS: Chrome is taking me to a login page which has a login form on top and center but firefox just has login at the center of the page.For chrome if I use the top login form and has a failed login attempt on second successful attempt I am taken to my facebook page i.e no redirect happens.
There's at least one issue and that one is a Facebook problem. Their login page is showing two login forms:
The TOP form has an action equal to:
https://www.facebook.com/login.php?login_attempt=1&lwv=100
while the CENTER one has:
/login.php?login_attempt=1&next=https://www.facebook.com/v2.4/dialog/oauth?redirect_uri=https%3A%2F%2Flogin.eu.auth0.com%2Flogin%2Fcallback&state=[state]&response_type=code&client_id=[client_id]&ret=login&logger_id=1bf0be0d-4b64-43a6-b112-79a30100fa5b&lwv=100
This means that submitting the top form does not maintain enough information to be able to return back to your application. Now, there's still the issue of the Auth0 generic page being shown, but that one I'm unable to reproduce. If you think it's worthwhile, then do upload an HAR for review, even one where you strip all cookies might help.
Update:
Looked at the HAR, the second issue seems to be caused by an authentication request to Facebook that does not pass through Auth0. There's a request to your application, but that one does not complete an then there's this second request that will trigger the Auth0 error page.
Expected flow:
https://test.auth0.com/authorize
https://www.facebook.com/dialog/oauth
https://www.facebook.com/login.php (user authenticates here)
https://www.facebook.com/v2.8/dialog/oauth
https://test.auth0.com/login/callback
https://localhost:8080/callback
What's causing the error generic page, before your localhost request completes another request is issued:
https://www.facebook.com/v2.8/dialog/oauth
https://test.auth0.com/login/callback (generic error page shown here)
The error is caused because https://test.auth0.com/login/callback is called without first going through https://test.auth0.com/authorize to setup the authentication transaction state.
Given the request to your application localhost is marked as incomplete I would start looking in your code to see if there's any reason for that request to not complete.
#RequestMapping(value = "/smartsheet.htm", method= RequestMethod.GET)
public void smartSheetAuth(HttpServletRequest req,HttpServletResponse resp,HttpSession session){
String userEmail = ************;
StringBuilder authUrl = new StringBuilder();
authUrl.append("https://app.smartsheet.com/b/orgsso/");
authUrl.append(gPlusUser.getDomain());
/*
authUrl.append("?loginEmail=");
authUrl.append(userEmail);*/
oauth = new OAuthFlowBuilder()
.setAuthorizationURL(authUrl.toString())
.setClientId(EnvironmentVariables.SMARTSHEET_CLIENT_ID)
.setClientSecret(EnvironmentVariables.SMARTSHEET_CLIENT_SECRET)
.setRedirectURL( APPLICATION_BASE_URL + RequestMapping value to be redirected to)
.build();
EnumSet<AccessScope> smartsheetAccessScopes = EnumSet.of(AccessScope.READ_SHEETS,AccessScope.SHARE_SHEETS);
String url = oauth.newAuthorizationURL(smartsheetAccessScopes, "MY_STATE");
System.out.println("url >>>"+url);
resp.sendRedirect(url);
}
What I am trying to do is Organizational Login . But, after I am authenticated instead of going to the redirect url specified in OAuthFlowBuilder ,it takes me to my home page of smartsheet. If I dont setAuthorizationURL() , I have to select the Oraganization Login from the options. It kinda works, but what I am trying to achieve is to get directly to SSO login page instead of clicking organization login option and then going further.
I have made an app using developer tools option of smartsheet and mentioned the same redirect url there also. Nothing seems to work.
Now redirect url is optional , but if dont specify that I am prompted with IllegalStateException.
Using smartsheet-sdk-java-2.0.0.jar
The flow that you're trying to achieve is not possible. i.e., https://app.smartsheet.com/b/orgsso/ is not a valid authorization URL for Smartsheet oAuth.
Instead (as described in the Smartsheet oAuth documentation), you must use this URL: https://app.smartsheet.com/b/authorize. From there, the user can select the appropriate option to specify how they'd like to login.
I work on an application and i want to add ProviderSignIn features. I place a button on my web page so people could connect ( signin) to my application using facebook. As documentation says (http://docs.spring.io/spring-social/docs/1.0.3.RELEASE/reference/html/signin.html), the oAuth dance :
1. POST is made to signin/facebook work(seen in firebug)
2. GET is made to signin/facebook?code="somecode" work(seen in firebug)
3. GET is made to signin but this just displays my view signin.
The documentation says :
If any error occurs while fetching the access token or while fetching the user's profile data, ProviderSignInController will redirect to the application's sign in URL. The request to the sign in URL will have an "error" query parameter set to "provider" to indicate an error occurred while communicating with the provider. The default sign in URL is "/signin" (relative to the application root), but can be customized by setting the signInUrl property.
At step 3, my url is signin#= and not signin with error query parameter.
I don't understand why i am not getting error in query parameter ?
Just create your own controller which extends ConnectController and implements it's methods. It worked for me.
I'm working on a Facebook login authentication in a Phonegap child browser. For that externally I have a page that can initiate authentication process and redirects back after authentication (let's say www.mysite.com/Facebook.html). Now I have authentic user from Facebook, but how can I get that authentic user data from child browser to main application and close child browser. for security reason, I set "showLocationBar: false" , so there is no close button.
So, now let me know
how can I get Facebook authenticated user data (user email and access token for further transactions with Facebook) to main application and close child browser.
how to close child browser from child browser as I don't have close button on Child-browser.
is there any way to save data from Facebook to a JavaScript object in my main application
This is my first application with Phonegap, but im experienced with Facebook and JavaScript. So , please let me know if I'm wrong any where.
Thanks in advance,
Looking forward.
I am also using chilldbrowser for Facebook connect. Here is the link for complete source code for Facebook connect using childbrowser: http://www.drewdahlman.com/meusLabs/?p=88. You can get user's name using access_token using the code below:
var params='access_token='+accessToken;
$.get("https://graph.facebook.com/me",params,
function(response){
fbUesrName=response.name;
},"json");
You can close the childbrowser using:
window.plugins.childBrowser.close();
#Venkat : Not sure if you already got the answer for closing child browser from within app. This code worked for me. Put a close button on your site and put the URL as "google.com".From PG app you can write the code below
window.plugins.childBrowser.onLocationChange = function(locationLink){
if (locationLink.indexOf('google.com') > 0) {
window.plugins.childBrowser.close();
}
}