Salesforce IOS error requested scope is not available - iphone

I have started a new project from salesforce template o XCODE, then I created a fresh remote acces application on Salesforce web.
Then I replaced the RemoteAccessConsumerKey and the OAuthRedirectURI on the AppDelegate.
When I run the application it says, invalid_scope -> requested scope is not available.
my scope params are:
[NSSet setWithObjects:#"visualforce",#"api",nil] ;

What is the callback URL from your Remote Access object?
One guess is that your callback URL begins with something like "https" rather than a custom scheme like "testsfdc" (which is what the template app provides). Try using a custom scheme instead ie "myapp:///mobilesdk/detect/oauth/done"

Just had this on a legacy hybrid app I had to update for iOS10. I noticed that the Salesforce SDK persists its initial oAuth endpoint data. So switching from sandbox to production will return the above error.
Solved by deleting the app completely and compiling with production config.
Hope this helps.

Related

keycloak: using react user can login but when I try logout I get a message "Invalid parameter: redirect_uri"

I'm trying to use keycloak with a react app, this is my current client configuration...I did this inside the master realm
this is my keycloak config
export const keycloakConfig = {
"realm": "master",
"auth-server-url": "http://localhost:8180/",
"ssl-required": "external",
"resource": "demo",
"public-client": true,
"confidential-port": 0,
"clientId" : "demo",
"url" : "http://localhost:8180/"
};
I based my code on this repo
now...I can login without problems in my app, and the displayed url is this
http://localhost:8180/realms/master/protocol/openid-connect/auth?client_id=demo&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F&state=ba9daf04-ffdb-4ad3-b912-8be846f0684b&response_mode=fragment&response_type=code&scope=openid&nonce=558d71b7-2c66-44f8-9297-84694dc571a8
but when I try to logout I get a message
Invalid parameter: redirect_uri
the logout url is this
http://localhost:8180/realms/master/protocol/openid-connect/logout?redirect_uri=http%3A%2F%2Flocalhost%3A3000%2F
I'm not sure if my client config is correct because this has several missing parameters in almost all tutorials that I've found
Do you know what could be the problem here?
thank you guys
From the Release Notes:
OpenID Connect Logout
Previous versions of Keycloak had supported automatic logout of the
user and redirecting to the application by opening logout endpoint URL
such as
http(s)://example-host/auth/realms/my-realm-name/protocol/openid-connect/logout?redirect_uri=encodedRedirectUri.
While that implementation was easy to use, it had potentially negative
impact on performance and security. The new version has better support
for logout based on the OpenID Connect RP-Initiated Logout
specification. The parameter redirect_uri is no longer supported;
also, in the new version, the user needs to confirm the logout. It is
possible to omit the confirmation and do automatic redirect to the
application when you include parameter post_logout_redirect_uri
together with the parameter id_token_hint with the ID Token used for
login.
The existing deployments are affected in the following ways:
If your application directly uses links to logout endpoint with the redirect_uri parameter, you may be required to change this as
described above. Consider either removing the redirect_uri parameter
entirely or replacing it with the id_token_hint and
post_logout_redirect_uri parameters.
If you use java adapters and your application does logout by call httpServletRequest.logout(), you are not affected because this call
uses the backchannel variant of the logout endpoint and that one was
not changed.
If you use the latest javascript adapter, you are also not affected. However if your application uses an older version of the
JavaScript adapter, you are affected as this adapter uses the variant
of the logout endpoint with the deprecated redirect_uri parameter. In
this case, you may need to upgrade to the latest version of the
JavaScript adapter.
For the Node.js adapter, the same guideline applies as for the JavaScript adapter. You are encouraged to update to the latest version
as the older version of the adapter uses the deprecated redirect_uri
parameter. With the latest Node.js adapter, you are not affected as
long as you use the logout based on the /logout URL as described in
the documentation or in the Node.js adapter example. However, in the
case when your application directly uses the method
keycloak.logoutUrl, you can consider adding idTokenHint as the second
argument to this method. The possibility to add idTokenHint as second
argument was newly added in this version. The idTokenHint needs to be
a valid ID Token that was obtained during the login. Adding
idTokenHint is optional, but if you omit it, your users will need to
confirm the logout screen as described earlier. Also they will not be
redirected back to the application after logout.
There is a backwards compatibility option, which allows your
application to still use the old format of the redirect_uri parameter.
You can enable this parameter when you start the server by entering
the following command:
bin/kc.[sh|bat]
--spi-login-protocol-openid-connect-legacy-logout-redirect-uri=true start
With this configuration, you can still use the format with the
redirect_uri parameter. Note the confirmation screen will be needed if
the id_token_hint is omitted. Warning The backwards compatibility
switch will be removed in some future version - probably Keycloak 21.
You are encouraged to update your clients as soon as possible as
described above rather than rely on this switch.
I've got the same problem already for hours. The only way I found a workaround is manually sending the user to:
/realms//protocol/openid-connect/logout
I started using Keycloak 18.0.0 since a few days and I cannot find any other solution for this problem. I guess it's only happening to when using the newest version. Maybe we should read the documentation better.
For last Keycloack versions you have to redirect explicitly to
https://you server url/auth/realms/matrix/protocol/openid-connect/logout
This issue comes when the keycloak is upgraded to version 18. So we also need to upgrade Keycloak JS & keycloak-angular package.
https://www.npmjs.com/package/keycloak-js
https://www.npmjs.com/package/keycloak-angular
Rest everything will be similar

My azure website sometimes fail Facebook log in but can't know the reason

I'm using Azure Websites service for my web project.
I have an ASP.NET MVC 5 project, and now using ConfigureAuth method.
FacebookAuthenticationOptions opt = new FacebookAuthenticationOptions
{
AppId = CodeHelper.FbAppId,
AppSecret = CodeHelper.FbAppSecret
};
opt.Scope.Add("email,publish_stream");
app.UseFacebookAuthentication(opt);
I'm using the same codes for other projects on common IIS server, they always works well.
But on Azure website, when users try to log in with Facebook, it sometimes works and sometimes fail.
Is there anyone has same experience and got solution?
[2014. 10. 24 - added]
The request has cookies.
ARRAffinity=2f93765894d1796d0e56ae32b4e3eed12fa5f132f1866dcd0de7e74c9ac623d2;
__RequestVerificationToken=ou0dasfT-sfeIOE6iorrpaq3BhYTU4msV5mHqkE49PeRA5H3pMkjFg4bqXXpKtMRkhDRB69Rp----AbJSgfWdDoQ2aGbqImRF9Hg3dWHxrw1;
.AspNet.Correlation.Facebook=pFlBijSiTSofAUMCBLIal9GomTD7fqLdh7yWiHRbEaE
But /Account/ExternalLoginCallback fails.
Ref.
Microsoft.AspNet.Mvc.5.2.2
Can you, please, check the the Site Url in facebook app setting in developer.facebook.com. And also can you please make sure the redirect_uri on OAuth request is the correct one.
It would be great if you can share fiddler session (pls do not forget to remove the secrets)

Hello.js Demo Twitter Error

hellojs twitter error
When i run the twitter demo from demo folder and clicked on twitter button it give me following error
url is undefind in hello.js file on this line if(url.indexOf(x)>-1){
how to fix this error
thanks
When running the demo page in question
http://adodson.com/hello.js/demos/twitter.html
You'll see...
hello.init({
'twitter' : TWITTER_CLIENT_ID
},
{
redirect_uri:'../redirect.html',
oauth_proxy: OAUTH_PROXY_URL
});
The setup includes an OAUTH_PROXY_URL variable. This tells HelloJS the location of the server-side shim in order for this to work with OAuth1 authorisation providers like Twitter (unlike OAuth2 providers which can share authentication tokens purely client-side)
If running this from a local domain like //localhost this will have been an undefined value.
You'll need to do two things to get the demo working.
Define the oauth_proxy option in the demo code. See http://auth-server.herokuapps.com for setting one up. OR remove it entirely and by default it will use the above service - you'll need to register third party apps there (recommended).
Change your development environment in your host file to something other than //localhost, that way you can register OAuth2 providers which are domain sensitive and often wont let you use localhost when registering your apps callback URI. If you change your development environment to be local.knarly.com with hello.js project as a subfolder - then you can skip step 1 as the oauth_proxy will be defined correctly.

FB.getLoginStatus not calling its callback

The title really says it all. Under some (undetermined) conditions FB.getLoginStatus() just stops working and won't invoke the callback I gave it. The only interesting clues I've found are
FB.Auth._loadState is stuck on "loading" -- whatever is supposed to make it click over to "loaded" isn't happening
slight delays like putting in alert() calls tend to make it start working
Any hints at all about even how to investigate this welcome.
This usually happens for me when I am running the page under a different domain from what has been registered in Facebook. Typically this is when I am developing locally.
If you are running locally, you'll have to set up a local web server and then modify your hosts file to point the the registered domain to 127.0.0.1 in order to test on your local machine. Don forget to remove that line from the hosts file when you want to test it on the server.
According to:
https://developers.facebook.com/bugs/240058389381072
You cannot put your application under sandbox mode, or else it won't work. Go into your app settings, advanced, and switch it. This stumped me for a couple hours until I happened upon the bug report.
I had similar problem with FB API. It turned out, that my Facebook App was misconfigured. Please make sure that this is not the case for you. My problem was that my "Site URL" param in FB application was pointing to https, but I was using http protocol for development. Any call against FB api after FB.init was not calling my callback functions. So the first thing to do should be to double check App config.
Now, if some reason you depend on FB api but you wish to have a fallback option in case it;s inoperative - workaround with timer should be ok for you. Just set up a timer and disable it if FB Api gives you proper response. If not - fallback to some custom function which will perform some additional logic.
function callFbApi() {
var timeoutHandler = setTimeout(function() { requestFailed(); }, 1000);
function requestFailed() {
// When this happens, it means that FB API was unresponsive
doSomeFallbackWork();
alert('hey, FB API does not work!');
}
FB.getLoginStatus(function(response) {
clearTimeout(timeoutHandler); // This will clear the timeout in case of proper FB call
doSomeUsualWorkAfterFbReplies();
return false;
}, true);
}
If your application is in sandbox mode, Facebook acts as if your application is invisible to anyone who is not listed as an application developer. If you're not logged in, then it would stand to reason that your app is now invisible.
The callback will only fire if you're initializing with a visible application. Otherwise the following response is returned:
<span>Application Error: There was a problem getting data for the application you requested. The application may not be valid, or there may be a temporary glitch. Please try again later. </span>
For more info please see my comment on this bug ticket:
https://developers.facebook.com/bugs/240058389381072
Maybe you are using the asynchronous call. The same thing happened when I called FB.init with window.fbAsyncInit. All I did was delay the FB.getLoginStatus with a setTimeout function
window.setTimeout(checkLogStatus, 1000);
function checkLogStatus(){
alert("check");
// fetch the status on load
FB.getLoginStatus(handleSessionResponse);
}
It seemed to work after that
On the new version of the Developer app, you have to make sure to have put the correct URL you are using to access the application in the Website field under the
Select how your app integrates with Facebook
section.
Make sure the protocol is HTTPS and not HTTP.
I had a similar problem. The site worked every time when I was opening the browser, but fails when I tried to reload.
The cause was the missing "www" on the site name on Facebook configurations. Note that putting "www" (like www.yoursite.com) works on both situations (yoursite.com or www.yoursite.com).
As others have posted, you must be accessing your site at the same URL that facebook expects. For example if facebook has a callback "example.com" but you're browser has "www.example.com", that can cause this problem.
In addition, if third-party cookies are not allowed by your browser, you may also see this problem. Or you may see the callback erroneously reporting the user is not connected.
Just posting a situation I had were calling FB.getLoginStatus got absolutely no response.
My application is designed to run in a tab, and I only entered the Page Tab URLs on the app admin page, and not the App On Facebook (i.e. Canvas) URLs. The tab loads perfectly, but any calls to the FB JS SDK provoke no response.
In Facebook App Settings, go to Client OAuth Settings, look at Valid OAuth redirect URIs
Make sure you have listed all URIs which are the domains from which Facebook SDK is being invoked. For example:
I develop at localhost:5000 and deploy to Heroku. Notice the format: http://domain.name/

Debug gwt inside facebook iframe

I'm trying to debug my gwt 2.0 apllication that runs inside facebook iframe.
When i use 'http://127.0.0.1:8888/index.html?gwt.codesvr=127.0.0.1:9997' as "Canvas Callback URL" my app doesn't loading, but when i compile it and use 'http://127.0.0.1:8888' it works perfectly.
There is a cross site scripting issue with using the GWT debugger within the facebook iframe.
I logged this as issue #4468
http://code.google.com/p/google-web-toolkit/issues/detail?id=4468
Within that ticket, I specified the workaround is to edit the hosted.html file thusly:
hosted.html
gwtOnLoad = function(errFn, modName, modBase){
....
var topWin = window.top;
var url = topWin.location.href;
...
Workaround if you have one:
var topWin = window;
var url = topWin.location.href;
I have a similar issue for deployment mode. Basically I want my GWT to be managed from a single entry point deployment and be able to run it as widget on 3'rd party websites, without them have to download my application into their host, only using the selector script as reference to my GWT app.
There is a problem doing that due to SOP limitation of current bootstrap process that uses an "iframe" to load the compiled script asynchronously.
I created a workaround procedure for that, let GWT app be installed using 'script' instead of 'iframe'. This makes my GWT available for 3'rd party websites, and let me maintain a single entry point of deployment.
The following article describe my workaround procedure:
Make GWT Widget Avialble For 3'rd party websites
127.0.0.1 is a reserved IP address that always resolves to localhost. So when you enter that as a Facebook canvas URL, Facebook tries to access it's own servers. A request never comes to your computer, which is where the application is actually hosted. Of course, when you access it at 127.0.0.1, it works fine, because your localhost is your own machine.
You need to figure out your external IP address, and enter that as the Canvas Callback URL. You can check your router settings, or go to something like http://www.whatismyip.com/. Once you have it, try accessing your application using it directly instead of 127.0.0.1. You might have to change your router or firewall to allow port 8888 through. Once you have it working, enter it as your Canvas Callback URL in your Facebook application settings.