I'm using Symfony 2.1 for a project & I'm using FOSFacebook bundle integrated with FOSUser bundle. when the user logs into my application no information is retrieved! i mean this line goes in exception :
namespace Acmes\UserBundle\Security\User\Provider;
class FacebookProvider implements UserProviderInterface {
//...
public function loadUserByUsername($username) {
//...
try {
$fbdata = $this->facebook->api('/me');
} catch (FacebookApiException $e) {
$fbdata = null;
}
//...
}
}
when the user logs in, the button change to 'logout' but i get the error :
"The user is not authenticated on facebook"
which means that $fbdata is null & no info has returned back from facebook application.
any solution? thanks!:)
I faced the same problem as yours.
Something must go wrong during your installation process of fosuserbundle and fosfacebook bundle.
Double check your settings with the following tutorial.
https://github.com/FriendsOfSymfony/FOSUserBundle/blob/master/Resources/doc/index.md
Related
I want to have a normal logout from my p:commandButton:
I have in my backend bean this function:
public void logout() {
SecurityUtils.getSubject().logout();
SavedRequest savedRequest = WebUtils.getAndClearSavedRequest(Faces.getRequest());
if (savedRequest == null) {
Faces.redirect("/common/login.jsf");
} else {
Faces.redirect(savedRequest.getRequestUrl());
}
}
But I got this:
Caused by: org.apache.shiro.session.UnknownSessionException: There is no session with id [b4a41562-0d9e-4fc9-9d9d-ef7724d8efad]
Any idea how I can solve that?
I´m using also Omnifaces library.
Any idea what is wrong?
I´m using:
Shiro 1.7.0 and Omnifaces 3.10.1
Shiro's Subject.logout() essentially clears the session (session.invalidate()). If the session has already been cleared, you wouldn't be able to clear it again.
If you are using Shiro's Logout Filter you do NOT need to make an additional call to logout().
I'm following the documentation exactly.
https://github.com/laravel/socialite and https://laravel.com/docs/5.1/authentication#social-authentication
I've created my app on Facebook and got everything working. When I click my log in with Facebook button, it authorizes the app and takes me back to my site.
However, it doesn't show me as logged in. If I dd() instead of the redirect below, I get all of the data from my Facebook account. But the pages that are only visible to logged in users, aren't visible.
Here is my controller:
public function redirectToProvider()
{
return Socialite::driver('facebook')->redirect();
}
public function handleProviderCallback()
{
$user = Socialite::driver('facebook')->user();
return redirect('my-profile')
->with('message', 'You have signed in with Facebook.');
}
Here are my routes:
Route::get('login/facebook', 'Auth\AuthController#redirectToProvider');
Route::get('login/facebook/callback', 'Auth\AuthController#handleProviderCallback');
Socialite is installed properly in composer.json. The classes are in config/app.php and the IDs for my FB app are in config/services.php.
Any ideas as to why it's not working?
In the handleProviderCallback method you need to create and authenticate the user returned by the driver.
Create the user if doesn't exist:
$userModel = User::firstOrNew(['email' => $user->getEmail()]);
if (!$userModel->id) {
$userModel->fill([.....]);
$userModel->save();
}
Then authenticate the user:
Auth::login($userModel);
Your method will look like this:
public function handleProviderCallback() {
$user = Socialite::driver('facebook')->user();
$userModel = User::firstOrNew(['email' => $user->getEmail()]);
if (!$userModel->id) {
$userModel->fill([.....]);//Fill the user model with your data
$userModel->save();
}
Auth::login($userModel);
return redirect('my-profile')
->with('message', 'You have signed in with Facebook.');
}
Sorry If there is a post like this question, I checked but I couldn’t find any..
I’m using tank_auth_social for Facebook login.
https://github.com/sicsol/Tank-Auth-Social
Also someone mentioned this problem on issues but no reply..
https://github.com/sicsol/Tank-Auth-Social/issues/2
After user giving access from Facebook at first login it throws exception like this.
Fatal error: Uncaught OAuthException: An active access token must be used to query information about the current user. thrown in /home/hayvanse/public_html/application/libraries/facebook/base_facebook.php on line 1058
Yeah so we couldn’t have write token it means that yeah? But when I click to login and it works.
The first one only gives exception due to one problem and its not about Facebook token I think.
I’m really newbie on Facebook connect stuff, I updated Facebook and base_facebook library but didn’t work.
I hope had this problem and could help me. This is based function on this line so I wonder if I just skip exception,I'm really confused and looked for it all night :(
protected function throwAPIException($result) {
$e = new FacebookApiException($result);
switch ($e->getType()) {
// OAuth 2.0 Draft 00 style
case 'OAuthException':
// OAuth 2.0 Draft 10 style
case 'invalid_token':
// REST server errors are just Exceptions
case 'Exception':
$message = $e->getMessage();
if ((strpos($message, 'Error validating access token') !== false) ||
(strpos($message, 'Invalid OAuth access token') !== false)) {
$this->setAccessToken(null);
$this->user = 0;
$this->clearAllPersistentData();
}
}
throw $e;
}
Please update base_book with this function , check the link please. Main problem was getuser was returnin 0. You have to update code like blow on base_Facebook file.(latest sdk)
protected function getCode() {
$server_info = array_merge($_GET, $_POST, $_COOKIE);
if (isset($server_info['code'])) {
if ($this->state !== null &&
isset($server_info['state']) &&
$this->state === $server_info['state']) {
// CSRF state has done its job, so clear it
$this->state = null;
$this->clearPersistentData('state');
return $server_info['code'];
} else {
self::errorLog('CSRF state token does not match one provided.');
return false;
}
}
return false;
}
When using CodeIgniter + Facebook PHP SDK: getUser() always returns 0
I am trying to build a server-to-server auth flow using the Facebook PHP SDK and no Javascript, as outlined here. So far, I have successfully created a LoginUrl that lets the User sign in with Facebook, then redirect back to my App and check the state parameter for CSFR protection.
My Problem is, that I can't seem to get the API-call working that should swap my Auth Code for an access token. I pillaged every similar problem anyone else that Google was able to find had encountered for possible solutions.
Yet the end result was always the same: no access token, no error message that I could evaluate.
Researching the topic yielded the following advice, which I tested:
The URL specified in the App Settings must be a parent folder of $appUrl.
use curl to make the request instead of the SDK function api()
I've been at this for 2 days straight now and really could use some help.
<?php
require '../inc/php-sdk/src/facebook.php';
// Setting some config vars
$appId = 'MY_APP_ID';
$secret = 'MY_APP_SECRET';
$appUrl = 'https://MY_DOMAIN/appFolder';
$fbconfig = array('appId'=>$appId, 'secret'=>$secret);
$facebook = new Facebook($fbconfig);
// Log User in with Facebook and come back with Auth Code if not yet done
if(!(isset($_SESSION['login']))){
$_SESSION['login']=1;
header('Location: '.$facebook->getLoginUrl());
}
// process Callback from Facebook User Login
if($_SESSION['login']===1) {
/* CSFR Protection: getLoginUrl() generates a state string and stores it
in "$_SESSION['fb_'.$fbconfig['appId'].'_state']". This checks if it matches the state
obtained via $_GET['state']*/
if (isset($_SESSION['fb_'.$fbconfig['appId'].'_state'])&&isset($_GET['state'])){
// Good Case
if ($_SESSION['fb_'.$fbconfig['appId'].'_state']===$_GET['state']) {
$_SESSION['login']=2;
}
else {
unset($_SESSION['login']);
echo 'You may be a victim of CSFR Attacks. Try logging in again.';
}
}
}
// State check O.K., swap Code for Token now
if($_SESSION['login']===2) {
$path = '/oauth/access_token';
$api_params = array (
'client_id'=>$appId,
'redirect_uri'=>$appUrl,
'client_secret'=>$secret,
'code'=>$_GET['code']
);
$access_token = $facebook->api($path, 'GET', $api_params);
var_dump($access_token);
}
The easiest way I found to do this is to extend the Facebook class and expose the protected getAccessTokenFromCode() method:
<?php
class MyFacebook extends Facebook {
/** If you simply want to get the token, use this method */
public function getAccessTokenFromCode($code, $redirectUri = null)
{
return parent::getAccessTokenFromCode($code, $redirectUri);
}
/** If you would like to get and set (and extend), use this method instead */
public function setAccessTokenFromCode($code)
{
$token = parent::getAccessTokenFromCode($code);
if (empty($token)) {
return false;
}
$this->setAccessToken($token);
if (!$this->setExtendedAccessToken()) {
return false;
}
return $this->getAccessToken();
}
}
I also included a variation on the convenience method I use to set the access token, since I don't actually need a public "get" method in my own code.
I'm using CakePHP 2.3.1 and this plugin: https://github.com/webtechnick/CakePHP-Facebook-Plugin to implement a facebook authentication. I followed this screen cast http://tv.cakephp.org/video/webtechnick/2011/01/12/nick_baker_--_facebook_integration_with_cakephp but it doesn't work, I can't receive the Facebook user information. I mean $this->Connect->user() always return null.
First make sure your user as granted access to your app. Then make a call to retrieve personal details through the api(/me) => $this->Connect->user()
Personally, I use this
public function beforeFilter(){
if($this->Connect->FB->getUser() != 0){
$this->set('facebookUser', $this->Connect->user());
}
Initiating ConnectComponent will populate (or not) the Auth Session. If no id is to be found, redirect user to a login dialog.
Call this method from beforefilter..and save the post data received in some variable like fb_data here.
protected function _valdiateFbRequest() {
if (!isset($this->request->data['signed_request'])) {
// not a valid request from fb
// throw exception or handle however you want
return;
}
$this->signedRequest = $this->request->data['signed_request'];
$this->fb_data=$this->Connect->registrationData(); //save fb data
unset($this->request->data['signed_request']);
if (empty($this->request->data)) {
$this->Security->csrfCheck = false;
}
// validate the request
}