I'm using the Facebook SDK on a .net 4 MVC 2.0 website. I've managed to get everything set up ok as per the sample app and I can go to my facebook app page and see my page. However when going to the About page I've been asked to allow my application to access my details, which I did, then the page just redirects to my Index page. If I click on the About tab and debug the application the About Action never gets called, it's always the Index Method.
Here's the About Method on the controller:
[FacebookAuthorize()]
public ActionResult About()
{
//Some code in here
}
So, I tried to removing the FacebookAuthorise attribute and I got this error:
(OAuthException) An active access token must be used to query information about the current user.
Have I set something up wrong somewhere whereby the cookie isn't being read or the authorisations can't take place? I've got the enable cookie set to true in the web.config for the facebookSettings.
You shouldn't be using the FacebookAuthorize attribute inside an iframe app. You should use CanvasAuthorize. Authorization is different depending on if you are in a iframe or a regular web app. Change that and it should work correctly.
Related
I am working on an Ionic 6 app that uses Auth0 for authentication. We are using the embedded login strategy and auth0-js as the client library to talk with auth0.
I've reached to the point where everything works nice if I serve the app on an emulator via ionic serve. I can login and logout effortlessly, and authjs' logout method, which I'm calling as follows:
public logout() {
store.dispatch('endSession');
this.endSession();
this.webAuth.logout({
returnTo: process.env.VUE_APP_LOGOUT_CALLBACK,
clientID: clientId,
});
}
Does redirect me to http://localhost:3000/login as intended (that's the value of VUE_APP_LOGOUT_CALLBACK).
However, when I compile the app and launch it on a mobile phone (I'm using android studio) I have the following problem:
My current problem
After calling WebAuth.logout, the app stops and a browser tab pointing to localhost:3000/login tries to open as if it was a website I'm navigating to. But the behavior I want is for the app to return to the login page, of course.
Other users seem to have found the same issue:
https://community.auth0.com/t/logout-on-ionic-3/20222/9
https://community.auth0.com/t/impossible-to-redirect-user-after-logout-ionic-angular/82205
But no one really solved the issues in those threads. I had no luck finding more resources related to this.
What I've tried
I've tried changing the redirect route to capacitor://localhost/login, hoping it's a way to tell the ionic shell to navigate inside the context of the app, but it didn't work.
I've tried to avoid passing redirectTo as an option to WebAuth.logout(). This makes the method to redirect to the first URL set up on the Auth0 dashboard allowed logout URL, as far as I know.
I've played with a lot of different URL's as returnTo, like / or /login, but it didn't work as I expected and the browser always tries to open such URL as a new website, instead of navigating in the context of the running app.
What would be the ideal outcome
I'd like the app to return to /login, which is the first view the user encounters when they launch the app on the phone.
If that's not possible, maybe it would be possible to just get Auth0 to not redirect at all, so I can perform the redirect by myself and send the user back to the login page.
Maybe there's a way to tell my app not to ever redirect to the redirectUri, even if there's no way for auth0 to avoid trying to redirect the app to another page? Auth0-js docs don't suggest any way to avoid the redirect, but maybe there's a way via ionic config or javascript to make sure the app won't ever redirect to a certain URL.
Thanks for your time!
I have a facebook page tab iframe and would like to access the browser url in order to get the current facebook page url.
I know it's not possible to use a javascript that interacts with the parent frame because of browser security issues.
An approach that didn't work for all browsers was to read the HTTP_REFERER header from the request.
Is there a better way?
I hope this is impossible at all. Otherwise it will be a security issue, likely to be closed.
You should not write code depending on compromising other users.
It is not possible to get URL of a parent Frame due to cross-domain policy. And there is no way to get the information about page your application running on in client-side.
But on the server-side you can reconstruct the Page URL using details passed in signed_request. For Page Tab Applications it contains page:
A JSON object containing the page id string, the liked boolean (set to true if the user has liked the page, false if not) and the admin boolean (set to true if the user is an admin of the page, false if they're not).
Using that page id you can build the Page URL:
http://www.facebook.com/pages/-/PAGE_ID
If you want the link to your Page Tab with your application use:
http://www.facebook.com/pages/-/PAGE_ID?v=app_APPLICATION_ID
Beware, HTTP_REFERRER is provided by client and cannot be trusted, and it's may be cut by plugin/proxy/etc...
Notes:
Pages may have different URL in real life, but using this technique user will be landing the correct Page since Facebook will issue redirect to correct URL of a Page.
Sample URLs use HTTP scheme, feel free to use HTTPS if you need it.
In PHP for example you can detect the current scheme like this:
$scheme = ((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']!=="off") ||
(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
$_SERVER['HTTP_X_FORWARDED_PROTO']=="https")
) ? 'https' : 'http';
HTTP_REFERRER might not work as expected in my experience. If the tab app is designed for a specific page (which I suppose it kind of should), have you tried recreating it?
https://www.facebook.com/MYPAGENAME/app_MYAPPID
Where MYPAGENAME is your page name and MYAPPID is the app id, of course.
If the tab is applied to multiple pages though, I'm quite sure you'll get the relevant data to apply the above from https://graph.facebook.com/PAGEID, where PAGEID is the ID of the page which you get from the signed request.
I am looking for help to validate when a Facebook APP has been installed. I am currently using PHP SDK to have the clients sign in and in the same manor I would like for them to return to the site once the APP is completed and installed correctly.
Is there a method to use this link and have it return with the client id?
https://www.facebook.com/add.php?api_key=XXX
You should not use https://www.facebook.com/add.php?api_key=XXX for any cases other addition of application to page as a tab (and even this is undocumented).
If you're using PHP-SDK you should use Facebook::getLoginUrl to log user in, which support redirect_uri parameter so you can add client id as argument to this URL
Update:.
As it turns question is about adding application tab to page you should be using Add Page Tab Dialog to provide user with a way of "installing" application to page without leaving your app.
You can refer to answers on How to add tab application to a page with the "new auth dialog" for more info.
Update 2:
How to reach applications running as Page Tab described in "Integration with Facebook APIs" section of Page Tab Tutorial:
your application will also receive a string parameter called app_data as part of signed_request if an app_data parameter was set in the original query string in the URL your tab is loaded on. For the Shop Now link above, that could look like this: http://www.facebook.com/YourPage?v=app_1234567890&app_data=any_string_here. You can use that to customize the content you render if you control the generation of the link.
You not required to add app_data, just use v=app_APPID to link to your page tabs (Facebook itself using sk instead of v, both works).
I am using the following example from the facebook website to have a user logon and get his details: https://developers.facebook.com/blog/post/481
I am encountering two problems:
1) The auth.sessionChange event gets fired every half a second, and the page reloads accordingly every half a second (because of this code: FB.Event.subscribe('auth.sessionChange', function(response) {
window.location.reload();
});)
2) When the user clicks login, the login windows doesn't close upon successful login - but nothing happens instead.. After logging in in the popup window, the login page turns into a white blank page..
In your Application Settings, make sure you set your Site URL and Site Domain.
Did you also make sure to update the App Id from your Applications settings in the code?
Last, are you using Safari that could possibly have session caching or cookies disabled? Having done a bunch of Facebook Applications, I can tell you that if you have cookies disabled, you're in some trouble.
I just went through the example, copy-pasted, created a test app, and it works perfectly (tested in Chrome.) Open up Charles, and make sure it's connecting to facebook.com/extern/login_status.php with the proper app id.
We're hosting a PHP facebook canvas application (http://apps.facebook.com/myapp). One of the pages (http://apps.facebook.com/myapp/foobar) requires authentication from facebook so we can access some information about the user. This is achieved by using the PHP-SDK's $facebook->getLoginUrl() method to generate the url for authentication and works as expected.
We have since added the app to as a Tab (iFrame) to our Page (http://www.facebook.com/MyPage?sk=app_nnnnn). Now when we try to authenticate the user they are redirected to the app's url (http://apps.facebook.com/myapp/foobar) rather than having the /foobar page load in the Tab's iFrame as expected.
Is it possible to set the auth so that it doesn't bounce to the app's url but stays within the Tab using the PHP-SDK? If so, what is the workflow I should follow to achieve this?
I would simply add code to http://apps.facebook.com/myapp/foobar to check for authentication, and if it is, echo:
<script type="text/javascript">
top.location.href = 'http://www.facebook.com/MyPage?sk=whatever';
</script>
That should break out of the iframe and redirect you to where you want to go.
The way I have achieved this is to do the following:
On the /myapp/foobar page I check to see whether the user has been authenticated. If they haven't I set a session value and use the PHP-SDK's $facebook->getLoginUrl() to generate the auth url and send a response back containing just the javascript to redirect window.top.
Once they've authenticated they're redirected back to the main page. When this page loads it checks for the session value and, if set, removes it and issues a redirect header to /myapp/foobar.
It's a little convoluted but seems to be quite a stable solution.