We develop local apps that redirect to a secure web host which then sends the relevant FB app info to our FB app which in turn redirects back to our web server which redirects back to our local app. The local app stores the relevant FB user info so that user interaction is then posted to FB as per their approval. Everything works perfectly except for our latest project.
Our latest project running in Dubai is having latency issues between FB, the web server and our localhost on its return from the FB app authorisation. When the PHP script execution time was set to 30 seconds the redirect would timeout. We have increased this execution duration and the app works again but the wait is not ideal as ppl are queued in malls waiting to try out the activation.
I see it is possible to setup SSL on the localhost server as per: How do I allow HTTPS for Apache on localhost?
So my question is: Would FB allow this SSL connection or would the certificate have to come from an authority on a certified web server?
I was thinking of using the localhost WAMP server as the web server aswell and setting up its own OpenSSL to try reduce the latency issues.
I never built the original application so does the FB PHP SDK even need to be hosted on a secure site?
Related
I use Oauth2 to access a database in a cloud.
The code is developed in .net core 2.0.
The redirect urls are:
"AuthRedirectUri": "http://localhost:44378/auth/callback", "PostRedirectUri": "http://localhost:44378/myapp/Index",
I get connected to the database when the app runs on the visual studio (iis express). However, when the app is published on the local server (Windows Server 2012.R2) I receive an "invalid request" message from the third party web app. The published app is on http://localserver:80/. The solutions I have found in the web are redirecting to the localhost which doesn't work in my case.
Which hostname/port should be used to receive the callback code on the server? Shall I change anything in the iis or the server?
The solutions I have found in the web are redirecting to the localhost which doesn't work in my case.
Which hostname/port should be used to receive the callback code on the server? Shall I change anything in the iis or the server?
As far as I know, the redirect url should be your application's domain or IP address which could be access by someone outside your server.
Normally, we will use your server's public IP address and add your IIS application's port as the url(If you have the domain, you you should bind this url with domain address).
I suggest you could find this url and access from internet to make sure you could access the web application.
Then you could use this IP address and port plus sepcial fomat as the redirect url.
For the past couple of years we've been developing a client/server application and it's been working well with us hosting the server and applications. I've recently started work on getting our mobile app to connect and have run into a snag.
The mobile app can login and obtain a token but when it presents that token for an API call Owin is failing to create a valid Principal.
The same API call from our desktop app (running on the same physical machine as the server) has an HttpRequestMessage "MS_OwinContext" property with the Authentication.User field populated. The same call from the mobile does not.
Yet both of them seem to be sending the same API request (different bearer token of course). Alternative can anyone tell me where I might at least start looking or how I could get information from OWIN as to what it's doing? It's also worth pointing out that the mobile app (Xamarin) shares most of its code with the desktop application.
Right now I'm staring at a black box and all I know is that 'it doesn't work'.
Okay the problem was that the server was setting Authority in the bearer options to be localhost. Audience is derived from this so when connecting using the host name validation fails.
The answer appears to therefore not use localhost as part of the authority.
I have an IPAD hybrid app for our application. It tries to hit our https server during login process. I would like to use JMeter to record this simple flow.
I am running JMeter proxy server in my local machine. I updated IPAD proxy details so that any activity will go via JMeter proxy - so that i can record.
I am able to record in JMeter the activities i do in Safari browser of the IPAD. But if i access my app in IPAD JMeter sends it as http request & records javax.net.ssl.sslhandshakeexception error . In the browser i can accept the SSL certificate. Not sure how it can be done in IPad.
I even tried to export the certificate from my browser , sent it to my email , accessed it in IPAD and installed. Still it does not work. Looks like it is a temporary certificate issued by JMeter.
If it is not https, then JMeter will be able to record the app activities.
Anyone has faced similar situation? how did you rsolve this?
Use jmeter 2.11 with Java 7 , it creates a crt file in jmeter/bin folder.
It is the CA that creates the certificates.
Send this file by mail and open it in Ipad and install it.
In test script recorder, put in the dedicated field HTTPS domains , the domains you are trying to hit, see:
http://jmeter.apache.org/usermanual/component_reference.html#HTTP(S)_Test_Script_Recorder
Restart Ipad and jmeter test script recorder and try again.
We've got a combination phonegap/web app, and am trying to get facebook logins working.
Everything works fine with phonegap, but with the web, Facebook returns the familiar (to many) Given URL is not allowed by the Application configuration...
I've tried using localhost in the Facebook settings, as well as setting up a host on my local machine which used the same URL as our heroku development box (except it has https, which I don't, of course).
I didn't include the port number in the website with facebook login, when using the host as heroku, but tried both with and without on localhost.
Things I've tried
locally - http:localhost:3000 // the app
on facebook
website with facebook login -> http://localhost, http://localhost:3000
app domains -> localhost
locally - http://our-dev-site.herokuapp.com:3000 //the app
on facebook
website with facebook login => http://our-dev-site.herokuapp.com, http://our-dev-site.herokuapp.com:3000
app domains -> our-dev-site.herokuapp.com
I'm really not sure what else to try here.
Is there somewhere in the facebook responses that they tell you what URL they are expecting?
-------------- update --------------------
I forgot that our javascript files are actually being served on another port number. The domain for the app is localhost:3000, but the javascript is served from localhost:8080. Not sure if this could be part of the problem.
I am working on my first app for Facebook and facing (probably) with the SSL problem. If I am testing the app, so it's working well. But then I wanted to test the app by my friend - so I assigned him the role "Tester", he accepted it and I sent him the link to the app.
If he opened the app, he got the error The website is not available - Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error
I started google it and it looks that the cause is the missing SSL certificate on my hosting, where the app is stored.
BUT - how is possible, that the app is working me well without the SSL and to my friend doesn't? If the SSL is required for Facebook apps, why I didn't get the same error?
(I set Secure Canvas URL: to https://example.com/fb-app-directory/, however I don't have at this domain and hosting any SSL certificate).
I never used before SSL. I bought the domain name on Namecheap and hosting on Hostgator. So now, I should buy a SSL certificate from the offer (http://www.namecheap.com/ssl-certificates.aspx) of Namecheap, right?
Would be suitable for the Facebook app the cheapest one?
Look, this SSL problem can only be solved by purchasing a valid SSL certificate or looking for a server which can host your app and is SSL certified such as:
phpfog.com - Provides you with some limited space and database service.
heroku.com - Does not provide any storage space for saving dynamically generated data. To have that service, you have to buy the Amazon buckets service which, again, is a costly affair.
If you don't want to invest any money, I would recommend that you go with phpfog - it is easy and its documentation is pretty good.
You should buy an SSL cert in order for everyone to be able to access your app. Your friend probably has his settings set so that he browses Facebook securely, in this case he is hitting https://example.com/fb-app-directory/, not your actual URL.
The cheapest one isn't the best one, but it should work as long as it's valid. I would suggest using Heroku though, as that way you get everything you need - for free :)
Use a proxy in heroku.com and bring your page in secure domain as https://yourapplication.herokuapp.com/
"Starting October 1, 2011 Facebook will require a valid SSL Certificate for all pages and applications hosted outside of Facebook."
http://www.wpcode.net/fb-ssl.html/
Maybe you are visiting your application with http://apps.facebook.com/... and your friend is visiting with https://apps.facebook.com/....
Another possibility is that your friend has checked "Browse Facebook on a secure connection (https) whenever possible" under "Account Security".
Try ngrok. It exposes a local web server with just one command:
ngrok 80
After this you can access your localhost like this: xxxxxxxx.ngrok.com