Please forgive me if this is a silly question. We're running into a problem attempting to authenticate. The issue seems like a straight forward one so I'm sure it's something silly we're over looking.
Step 1: User hits our tab app front page. This page is public and doesn't not require us knowing who the current user is.
Step 2: There is a button on this page that let's people join our application. This takes the user to another action on our controller and here is where app authentication is checked. If the user has not authorized the application, we are providing the re-direct URL to our app being hosted on our server (I believe this is the crux of our problem).
Step 3: The user authenticates the app, however, when being re-directed we're taken outside of Facebook to the target page.
Do we have to re-direct back to our page tab and if so how can we exchange the code for an access token?
Thanks in advance,
Eric
Set a "Namespace" for the app. That creates a new link to you app which ends with the namespace. Use this new url as return_url when calling for authentification.
Related
I created a static Web site using Azure Static Web Apps (under the Free plan for now -- not sure if that's relevant to the issue at hand.) I can access the Web site through an ***.azurestaticapps.net URL.
I then tried to test Azure Active Directory authentication per Microsoft's instruction from this page:
https://learn.microsoft.com/en-us/azure/static-web-apps/authentication-authorization
My problem is that logging out does not seems to work as I would expect on a normal Web site. I could log out, but when I tried to login again (hoping to use a different Azure AD account,) the Microsoft login screen flashes by and I got logged right back in with the user that I just logged out from. Switching to a different tab doesn't help.
Steps to repro:
Navigate to /.auth/login/aad and login using a Microsoft Account. Say NO to 'Stay signed in?' prompt.
Navigate to /.auth/me to see the basic information on the logged in account to prove that I'm in the logged in state.
Navigate to /.auth/logout to logout. Immediately, navigate to /.auth/me again to confirm that my static Web App regards me as 'logged out.' I'd see this:
{"clientPrincipal": null}
Navigate to /.auth/login/aad again. Microsoft login page flashes by, and I am logged right back in with the previously logged out user.
Things that sort of worked
Any of the two actions below alone seems to make the browser forget my logged-in state:
Close the whole browser and relaunch it. I'd get asked to pick the previous user (and then enter the password) or choose a new user. This sort of works but reminds me of some Web sites 15-20 years ago that said 'For security reasons, please don't forget to close your entire browser after logging out from this one tab.'
Open a new tab in the same browser, and navigate to hotmail.com. That tab will enjoy my logged-in state from the Static Web Apps tab. I'd see my mails right away. Then I log out from the hotmail.com tab, switch back to ***.azurestaticapps.net tab and see that I am still logged into my Static Web App. Good! Then if I log out from my Static Web App and try to log back in, it has forgotten my logged-in state this time. In other words, logging out from the hotmail.com tab is somehow more powerful.
I also tested /.auth/login/google too and the same problem arises! So the issue seems to be on the Azure Static Web Apps side, not how idPs handle their logout process.
Am I missing anything obvious?
I have a MVC5 application with external login. When I use Facebook login, after I put in my login information into facebook login page, facebook fails to direct me back to my application.
I got a white page with the following URL in Chrome's URL bar:
https://www.facebook.com/dialog/oauth?response_type=code&client_id=632877723495196&redirect_uri=http%3A%2F%2Flocalhost%2FMPOS%2Fsignin-facebook&scope=email&state=l2oJwWdkbRsgZHyr6-5lL9ZTZc-eMbRBkH73L-h1ZN_MWvWriNeEdCxuNspi4QptZAna60SQIJX4NB5AItzP6NxpDCz10m48JInWUfvQGWkgFgZhZNFIaTz6ju-kEQ-RyiObgiMOKvBougeeaSHD7CAzTrvc1Gj6XdGgGbUgyrM9d1KZUEGbqh_MdyBPg4wTFbQEiui-2GzvcIvhOVtTRC12NnhgnVyLCrrKEDFaWdU
If I use IE, I got "The website cannot display the page" error page with the following URL on the borwser's URL bar:
https://www.facebook.com/login.php?login_attempt=1&next=https%3A%2F%2Fwww.facebook.com%2Fv2.1%2Fdialog%2Foauth%3Fredirect_uri%3Dhttp%253A%252F%252Flocalhost%252FMPOS%252Fsignin-facebook%26state%3DWbWcYquZJnjvo8Db42l6goqpMUrioHL6HBVIUMu74QvqMuAjNzWizophJhNpf3NHCbw1-Dw1tsdgmv2h1f0ct1zcLJ_jlSXQ3ImCHVN_PXRkRedVB3gjTQb59-tbxPKxJQTuNhPvOKLq6aBjakP_fJDw5zXKZ55LrRzHVzEQ39Qff7WXsNJpke2BTHILHLI0I5jcWiXEgE-HeH7La19ttaL9LhrcyXP4DBiWaXuUNZc%26scope%3Demail%26response_type%3Dcode%26client_id%3D632877723495196%26ret%3Dlogin
Anyone has an answer to this problem? Thanks!
Thanks Nathan, clear cache on browser didn't help. I tried to clear cache/cookies on both IE and Chrome several times before I post the question.
The weird thing is that if I create an app under my personal facebook account and use the FacebookAppID/FacebookAppSecret for my app, the external login works fine. That's how I did all my testing.
But when I try to deploy the website I want to create the app under company's facebook account. I set up the app under the company's facebook account exactly the same way as I did when using my personal facebook account, then I got this redirect problem. If I switch back the FacebookAppID/FacebookAppSecret to the one I created under my personal account, everything works fine. That's even more puzzling.
I finally figured out the problem. I forgot to turn on "make this app and all its live features available to the general public" setting for the app I created in Facebook. So the login was only available to the developer who created the app. After I turn that setting on (it is under the Status and Review Tab), everything works fine.
When a user is not logged in and they navigate to a page tab made with our app, they get an obtrusive dialog asking them to log in:
This has nothing to do with http vs https, the app is not in sandbox mode, there is nothing in the tab asking for a login or user information, etc. I've gone through the app settings at least a half dozen times now, and nothing is wrong there. Aside of urls, the settings are identical to another app I have that does not suffer from this problem. I'm stumped!
Edit: here is an affected tab: https://www.facebook.com/StaticHtmlThunderpenny/app_203351739677351
This message is not about login to your app, but Facebook in general.
So my guess would be that the page your app is installed as page tab app on is restricted in some way – by age, location, or for having alcohol-related content. And then of course Facebook asks for login, because otherwise they can not determine whether or not the (as of now still “anonymous”) user qualifies to see the page.
So go check the page settings.
This is actually not app related question.
This is thumb rule!! To access any app on Facebook, you need to log in to Facebook. You can see Facebook page without log in. But for facebook apps, you should be authentic user.
with this issue in my own experience that I came across some years back with a facebook app that I was running, if this doesn't relate to any of your other social networking apps then am aligning two set of possibilities and solution.
The user might have not properly logged out as "written" in the app for the users logout stage.
Solution would be that the user logout as expected before closing the app.
The user might have set up an automatic login prompt which was removed by the app when it was been updated automatically. (If you do get me???)
Solution would be to monitise your app on updates and login informations or better still just login and logout ask intended by the app and for security reasons.
Lastly I would say that automatic bookmark database should be added to the server part so current pages as the user uses the app would be saved after logout or login stage. Thank you, hope this helps and if not let me know what am missing.
I want to integrate facebook api to help in the registration process in my website. It was working fine before - the standard fb login button appears, the pop-up window to login to fb was working, some of the user data are obtained. However after several trials with me modifying the code as the feature isnt fully integrated yet in my site, whenever I press the login button what replaces the fb login page is "This webpage is not available." I already retracted the modifications I made to the point that it was back to the version wherein it was working before. I also created another app and replaced the app id and secret key, still it displays the same message. I do not know what is wrong. Please help.
Update:
I uploaded the project files to another hosting site and it works! Could it be that the previous domain is now blocked?
Please read the other posts, dude... we're all waiting for the FB to fix the issue...
I have a Facebook app running in a Page Tab (the tab of a Facebook Page for an organization). The Page Tab URL (and Secure Page Tab URL) points to a URL on my own server which holds a PHP page that contains an iframe of a Google Calendar.
The app works perfectly fine when I open the Page using the admin account (both http and https). But when I open the Page using the user account of someone who has 'Liked' the Page, the app does not appear at all (both http and https). Any suggestions? Thank you.
Check if the app is in sandbox mode, in the Advanced section of the Settings here:
https://developers.facebook.com/apps
I believe that is the problem.
You may overlooked the "sandbox" setting that should be "disabled", this could be one explanation as per the answer above. If this have not answered to your question, than you may find another explanation here:
http://developers.facebook.com/docs/appcenter/guidelines/
Basically, if your application doesn't do anything it will probably not be approved and it will not be visible to nobody, except you - the developer. There are other issues, like copyrighted infringement and so on... please read.
(Also, just in case you are interested, it should be installed by more than 30 times, I guess different persons, in order to be "searchable").