I am developing a desktop application that will interface with FB. FB insists that you provide a Site URL. Since this is a desktop application this doesn't really make sense. I set the site url to 'localhost'.
I just get the following error when I put 'localhost' in the url string
API Error Code: 191 API Error Description: The specified URL is not
owned by the application Error Message: redirect_uri isn't an absolute
URI. Check RFC 3986.
This looks like a pretty common error but I don't see any examples of how desktop applications should handle this site url requirement.
Can someone help me out?
Thanks
Pays to read the documentation to the end :)
Our OAuth 2.0 implementation does not include explicit desktop app
support. However, if your desktop app can embed a web browser (most
desktop frameworks such as .NET, AIR and Cocoa support embedding
browsers), you can use the client-side flow with one modification: a
specific redirect_uri. Rather than requiring desktop apps to host a
web server and populate the Site URL in the Developer App, we provide
a specific URL you can use with desktop apps:
https://www.facebook.com/connect/login_success.html.
Related
I am trying to build an OSX application using swift and storyboard. I am implementing Google OAuth for the app. Following the google guide https://developers.google.com/identity/protocols/oauth2/native-app#sample-authorization-urls, I am opening a browser with the a loopback authorisation url (i.e. after signing in, it loopbacks to localhost where the url contains authorisation code and other meta data.
To give a better overview of how the authentication workflow works:
User selects authorise button in app
Browser opens up with an url like:
https://accounts.google.com/o/oauth2/v2/auth?
scope=email%20profile&
response_type=code&
state=security_token%3D138r5719ru3e1%26url%3Dhttps%3A%2F%2Foauth2.example.com%2Ftoken&
redirect_uri=http%3A//127.0.0.1%3A9004&
client_id=client_id
The google account chooser and permissions consent screen renders and prompts user to give permission..
Once user gives permission, the page redirects to localhost with the authorisation code or the error (when not permitted). The redirect url looks like:
http://127.0.0.1:9004/?code=auth_code&
scope=email%20profile%20openid%20https://www.googleapis.com/auth/userinfo.profile%20https://www.googleapis.com/auth/userinfo.email&
authuser=0&
prompt=consent
So now I want the parameter code in my app. Google document says I have to create an HTTP listener in order to get the parameters. So I want to setup an HTTP listener at that port (9004) and get the params. What HTTP library can I use to solve this problem?
I haven't tried to involve myself with any oauth library for osx and I want to implement myself but if there is a library which solves this problem with limited boilerplate suggest them.
Thanks.
I would recommend the AppAuth framework for macOS and iOS. It takes care of all of this for you, and includes an option to set up an HTTP server on the loopback interface.
I'm building a mobile app using Intel-xdk along with hello.js (a client side javascript sdk) for facebook login because it's the only thing that makes fb login work for me on Intel.
The hello.js instructions were hard for me to figure out even though they seem simple.
This is the init code as provided by the hello.js documentation. https://adodson.com/hello.js/
hello.init({
facebook: ************,
windows: WINDOWS_CLIENT_ID,
google: GOOGLE_CLIENT_ID
}, {redirect_uri: 'index.html'});
I need to note that I'm testing this on the intel-xdk emulator, on my iphone, and on the chrome browser. I am getting two different errors depending on where I test. I get either "app ID invalid", or "redirect uri not supported". Is there a different way I should be writing the redirect uri.
***UPDATE****
I got rid of the "windows" and "google" properties because I'm not using either of them for login. I also swapped "google" into the redirect uri. It didn't work when I used www.google.com, but DID work when I used https://www.google.com. So I think using "https" matters. This is what this init code block looks like now:
hello.init({
facebook: '178363645852696'
}, {redirect_uri: "https://www.google.com"});
Here are the different errors I'm getting now. On the intel-xdk emulator it goes right to google no problem. On the device it tells me I'm not logged in ( which isn't true). On chrome the message in the pop up window says this :
Given URL is not whitelisted in Client OAuth Settings: This redirect
failed because the redirect URI is not whitelisted in the app’s Client
OAuth Settings. Make sure Client and Web OAuth Login are on and add
all your app domains as Valid OAuth Redirect URIs.
I will continue to work on this and update my solutions, but additional solutions are wanted.
The sdk you are using is for websites not for cordova apps.
If you have code locally and building app using intel-xdk, then using a facebook cordova plugin is best solution, here is tutorial on how to get facebook API working in intel-xdk:
https://software.intel.com/en-us/xdk/article/facebook-connect-plugin-android-ios
I am trying to use the google drive SDK with a metro app. The metro app connects to google drive using REST services. The first problem I am facing is in authentication. Metro app has a redirect URI which follows microsoft specific scheme like "ms-app://s-1-15-2-1527804777-383724396-285855344-2678584489-1963608684-3789894444-799666712/".
How can I register this URI with my Google app profile? Google has made it compulsory to register the redirect URI, I don't know why. No other provider (like dropbox/skydrive) does this.
Could anyone please help?
Thanks in advance.
The redirect URI is part of the OAuth 2.0 spec, which is an open standard and critical to the security of the system. If other providers are performing OAuth 2.0 without this, they are insecure. Worse, if other providers are forcing apps to get usernames and passwords from users, that is bad too.
For installed apps, you can use the Installed Application Flow, with a local web server (localhost URI), or with the "out of band" URI, urn:ietf:wg:oauth:2.0:oob. Having said that, I never tried with a metro device, perhaps others can suggest how to perform OAuth 2.0 on metro.
As per the OAuth 2.0 spec:
When registering a client, the client developer SHALL:
o specify the client type as described in Section 2.1,
o provide its client redirection URIs as described in Section 3.1.2, and
o include any other information required by the authorization server
(e.g. application name, website, description, logo image, the
acceptance of legal terms).
I am trying to use the Facebook javascript sdk for my chrome extension. Since it is a chrome extension how do i integrate it with facebook? is it an app on facebook.com or a website?
Currently i have it as a website.
my site url on the settings is:
http://localhost/Users/home/Documents/facebook/
i have also enabled web sharing on my mac.
do i need to set the site domain as well? what am i doing wrong here?
Enter http://localhost/Users/home/Documents/facebook/ as your "Site Domain" on the developer app:
https://developers.facebook.com/apps/{api_key}/summary
Replace {api_key} with yours; or find a link at https://developers.facebook.com
Interestingly enough, Facebook lets you type anything into the domain so it can be an offline URL (such as localhost or a local port) and Facebook will redirect to it after authentication.
You can test Facebook applications locally if you add an entry to your hosts file which points to any subdomain of the root domain you gave Facebook. For example, if your domain is example.com, you can add entry to your hosts file pointing fbtest.example.com to localhost (127.0.0.1).
You can then test away locally without having to edit your Facebook app configuration (assuming your local server is set to serve the same content to all subdomains).
Alternatively, if it's important to have the exact domain, you can just add an entry for the root domain. It just means you won't be able to access the live site while testing.
In order to develop and publish a Facebook application, you must provide a web accessible URL that Facebook can query. If you have webspace you can upload to or make your IP available to the web for Facebook to call, it should solve your problems.
Facebook will allow you to put just about any valid url into the box, however when you go to use it for logins or general use, you will begin to notice errors, since Facebook's spider cannot fetch the url.
Check the 'Desktop Apps' section of https://developers.facebook.com/docs/authentication/
This explains how to do authentication where there's no server involved, it's aimed at desktop apps but a browser toolbar should work in a similar way
For a middleware system with internet (which works inside a set-top box) I want to develop a primitive Facebook interface where users can type their user-names and password, showing their latest notification, messages and other casual stuff on the TV screen by using the recent Facebook Graph API.
This middleware program uses Java ME to run programs (such as this simple facebook app) and it can connect to internet however it doesn't have a real web browser. Without browser it can connect to any url to retrieve the JSON response however I am not sure how to achieve authentication without a real browser.
Under this circumstances, is it possible Facebook authentication? If you think so, what approach would you suggest ?
Thanks
Facebook provides trusted partners with a private Authorization API to get an OAuth 2 token from a username / password.
A more complicated approach would be doing something similar to how Netflix enrolls a device:
device calls server to obtain a Code
device shows code on screen and directs user to go to URL on server and enter Code
server redirects user to Facebook and obtains OAuth token, user told to go back to device
device calls server with Code and obtains OAuth token
device can now make calls directly on behalf of user
According to this documentation on "Desktop Application Authentication" I don't believe your desired result is possible:
Facebook's OAuth implementation does not include explicit desktop application support. However, if your desktop application can embed a Web browser, you can add Facebook support to your application easily using the same OAuth User-Agent Flow used by JavaScript clients.
However, it is clearly possible for certain vendors to do this, since Microsoft's Xbox 360 Facebook application does exactly what you are proposing. I'd be interested to see if anyone has dug up any API for doing this that Facebook doesn't want in their most obvious documentation.
This isn't an answer but I'm trying to do the same thing. Check out this guy's blog which uses another server to proxy the requests:
cory wiles blog
If you figure it out please post a detailed answer here so I can do it to.. :)
I think it is possible though it is pretty complicated and subject to sudden changes of Facebook interface. It might break the agreement between you and Facebook.
What you do is to emulate the Facebook.
One path you have to set up a Facebook application. Once you got the authorisation from user, you can to something with Graph API.
You need to the Facebook log-in process and authorisation process. There are some capturing tools on http/https request and response. Analyse them, both header and body.
Once you know the authorisation mechanism, you can replace it with you own. Everything afterward is on Graph API.
Another path is to emulate Facebook login and message and notification process. Capturing and analysis is needed.
In the past I have used a tool called screen-scraper (full disclosure: I used to work there) to automate logging in to facebook. Basically, it imitates a browser session; it allows you to set session variables (i.e. username, password) which would then be submitted to facebook, just as if the user had submitted them in a browser.
You may not be able to use screen-scraper in your set-top box environment (although it is java-based, so it's possible it would work). Even if it doesn't, you could implement a similar strategy in java, making the HTTP calls a browser would make to load the login page and submit the user's credentials. To keep the user's info safe make sure whatever HTTP client library you use supports HTTPS.
Proxy tools and extensions like Charles, Fiddler2, Firebug, Chrome's dev tools, etc. are helpful in seeing exactly what the browser is sending to the server in requests.