We're building a custom login form for Microsoft Online Services, where users sign in with their Office 365 credentials. These credentials then get passed to https://login.microsoftonline.com and upon success, the user gets redirected to https://portal.microsoftonline.com.
We need to find out if there's a way to load a website (https://login.microsoftonline.com in this case) in the background, fill in the credentials automatically and submit the form. After submitting the form, the URL should be checked before redirecting the user to that URL.
What are the possibilities to accomplish this? Can this be done with JavaScript behind our custom login form or do we need to use some server-side technology?
Related
Now, I wish to redirect to a private Google group on click of a button on my website along with search parameters. I have generated the required URL using perl. Then I made a simple redirection using . It works when the user is already logged in(using cookies). But it doesn't work if the user has not logged in. I wish to redirect to Google's login page to make sure the user has logged in and thus can access the private group. How do I do this? I read some documentation mentioning OAuth. Is this the only way?
Typically Google handles the login themselfs. A user not logged in will be redirected to their login page first.
You can't use OAuth to log someone into a foreign (aka Google own) service. You could use OAuth to check if a user is logged in at all, but it's not necessary.
The Dancer::Plugin::Auth::Google documentation has a pretty good description on how to setup a Google OAuth login. The Auth::GoogleAuth module might do the job (with less documentation) without using Dancer, but I never tried it myself.
I have a website and I want users to register and login via Facebook connect. What I can't find out is how to FORCE a registration before logging in. I need all users in my database but it's possible to click the Facebook Login button without registering... I just don't get it, how do I FORCE a registration? Is there any good example on this?
Thanks for your help.
When you say you need all users in your database, what exactly do you mean?
With the facebook login button, you can still supply a redirect url after they authenticate for the first time and you can then capture their user_id, or potentially forward them to another page that has your own registration form. You could then have a flag in your database that indicates if they are a confirmed user (much like when you send email confirmations) that only gets set to true once they have submitted your extra form.
Check this flag on page load and forward them to your form if they haven't entered those details. Then control access to your site based on that flag.
Or are you saying you're trying to use the registration plugin https://developers.facebook.com/docs/plugins/registration/ but that isn't working correctly?
I'm building a Page Tab application that will allow Facebook users to make purchases through our client's FB page directly. In order to do that, once the user arrives at checkout, it must be authenticated and the user must be logged in in order to obtain their e-mail address.
However, when I try to authenticate the user via the URL:
https://www.facebook.com/dialog/oauth?client_id=APP_ID&redirect_uri=REDIRECT&scope=manage_pages%2Cemail
Instead of staying within the iframe, it redirects the entire Facebook page, making it impossible to easily authenticate the customer and continue on to checkout.
I'm referencing a similar app that does exactly what I need, but they seem to be using FBML which, to my knowledge, is being deprecated in 2012. If using this URL is an incorrect way to authenticate a customer in a Page Tab app, what would be the proper way to do this without the use of FBML?
Why are you using authentication dialog via that URL? How about using javascript SDK function, FB.login() instead?
http://developers.facebook.com/docs/reference/javascript/FB.login/
I am creating a SaaS that will allow users to interact with it via their web applications. I would like to create a CAS type login mimicking Facebook connect so when you click the 'Login' button on the users website it will popup a window for you to login with my SaaS credentials.
I do not want the SaaS users site to be able to access the users login credentials so this is why I thought of CAS. However, it doesn't look like Facebook Connect redirects to the CAS server. It looks like they just popup a window to the facebook login then create a cookie once the user successfully logs into facebook. How then does the Facebook Connected site access that cookie?
I am wanting to basically be able to keep the end user on the current website without being redirected to my login application. I would like to mimic what facebook does with just popping up a little window and have them login then refresh the page after they login but I am not sure how to go about this.
Any ideas?
Facebook uses a third party cookie: they set a cookie on your domain that you can access to get the necessary credentials.
EDIT: the easiest example would be to look at PHP's setcookie function. Notice that there is a domain parameter. If you change the domain to match the domain of the actual website that initiated the authentication action then you'll be able to set a third-party cookie.
Note that on IE there are certain headers the domain that initiated the authentication action needs to set to allow your third-party cookie to be set. See http://www.spamcollect.com/archives/33 for a short writeup of how that works.
If you are working in a different language you'll need to use whatever cookie management functions they offer.
Another option may be to do this with CAS programmatically using the REST client.
https://wiki.jasig.org/display/CASUM/RESTful+API
In this way you could take the users details and login to CAS without being redirected.
Facebook uses Cross Domain communication which is what I will be using.
I have a mysql membership database run by a Perl script. Account creation or login requires an email address and password. The Perl script then sets cookies (password cookie has encrypted value) which allow users to create, own and modify records. A members table contains user information. I've gone through the FacebookConnect information as well as the forum. Maybe I cannot see the forest for the trees, or maybe this is not possible. In order to use FacebookConnect for logins/account creation, I need to be able to send the user email and password to the the Perl script so that the proper cookies are set. If it were an http it would look like this:
http://domain.com/cgi-bin/perlscript.pl?_cgifunction=login&email=ddd#somedomain.com&password=somepassword.
Any hints or advice would be greatly appreciated.
What you are trying to do isn't really possible in the way that you're describing it.
Facebook Connect basically provides you with a single piece of information: whether your visitor is logged in to their Facebook account or not. If they are, you can get their Facebook ID, if not, you can show them a button (or whatever) and ask them to log into Facebook.
Generally a good approach when using Facebook Connect as an authentication method for your site is to have an internal id for the user's member account, and store a user's Facebook ID alongside that. When a user comes to your site, and they are already logged in to Facebook, you just use their Facebook ID to retrieve the local account. Otherwise you show them your login form to log in locally, and/or a Facebook login button.
The problem you're running into here is that you cannot get someone's email address from Facebook, as it is purposely hidden to protect privacy. If your membership scripts provide only the email/password log-in method, then what you need to do is modify these scripts to create the authentication cookie when given a properly authenticated Facebook ID.
Essentially you'll have two login functions... one for a Facebook login, and one for a regular login. Either function should properly created the local authentication cookie.