I have configured a Custom Domain to be used for my Cognito Hosted UI, so that when users navigate to my web app and are redirected to login, they see a clean URL with branding instead of the scary looking Cognito Domains.
My Custom Domain resembles: auth.example.com
The issue is that when users are redirected to this hosted ui login URL, it contains many Cognito relevant parameters that are not relevant to the user:
https://auth.example.com/login?response_type=code&client_id=<your_app_client_id>&redirect_uri=<your_callback_url>
I would like for the URL to only show as follows without any parameters: https://auth.example.com
Is this possible or does the Cognito Hosted UI require that these parameters be provided in the URL? Or is there some way to hide the URL parameters from end users?
I've tried simply navigating to https://auth.example.com, but this just renders a blank white page instead of the expected Cognito Hosted UI with sign-in and sign-up forms.
Generally users will only be redirected to the Hosted UI URL or routed there by clicking a button, in which case I'd still like it to be cleaned up without parameters once they're routed, but it would also be nice to be able to share a clean link specifically for signing up, e.g. https://auth.example.com or https://sign-up.example.com.
Thanks in advance for any help!
Related
I'm trying to connect to Freshdesk using OAuth 2.0, for single sign-on from my app. My app is serving as it's own OAuth identity provider. I've set up my Authorization url on Freshdesk -- let's call it https://www.myWebApp.com/auth:
So now for testing purposes I go to the URL that Freshdesk support provided for a user to initiate the single sign-on process:
https://myWebApp.freshdesk.com/login/normal
...and I see a nice sso-style login screen:
I enter a correct email and password for one of my site users and click "Login".
Now in the Chrome network tab, I would expect to see Freshdesk trying to ping my Authorization URL. But I don't. I see this:
When loaded, my auth page (https://myWebApp.com/auth) pings my server, which issues a console.log() message, and my server logs show no such console log message -- so Freshdesk doesn't seem to be pinging my auth page at all.
What is keeping Freshdesk from pinging my auth page as it should?
There is probably a fair bit here that you have in place already but I am just adding it in for completeness.
Logged into the backend and on the security page for contacts
https://stackoverflow.myfreshworks.com/security/contacts
[stackoverflow == your site :) ]
you will have to create a Custom Policy if you don't have one in place already (this is different to the one for Agents)
And for that configure your SSO with Oauth 2.0
Then , if you have at least one SSO configured your login (at https://stackoverflow.freshdesk.com/support/login ) should look like this:
Where (1) now appears. That will be the link to ping your server via the urls you set up for the SSO:
If you only have one SSO set up for your contacts that link (1) should complete the sign-in process directly and then you should end up logged into Freshdesk as the specific contact.
If you had two SSO options set up; for example:
..when you clicked the link (1) on the https://stackoverflow.freshdesk.com/support/login page, you should then be redirected to a page with those two options:
The url for that page is something like (parameters will be different for you):
https://stackoverflow.myfreshworks.com/login
?redirect_uri=https://stackoverflow.freshdesk.com/freshid/customer_authorize_callback
&client_id=14416083630394368&slug=6117145232763
I am imagining you could use that as a direct link to the portal on your main site.
If you only have one SSO option set up you should be able to navigate directly to the link as above and then see :
which is probably what you are aiming for.
I changed the name of that button (Sign in with contacts SSO) just to be sure I was using the right one and to differentiate from the login for agents. You can change the text under the Advanced Options when configuring the SSO:
Hope this helps you along the way - if you have any other questions on this post them as comments.
We are developing an TYPO3 extension that is in charge of managing the social network profiles. We used the extension "ps_social" as a guide for understand the social media network APIs could work with TYPO3 through Adapter Pattern.
I have the proof of concept of the implementation to authenticate a profile and publish in it but through only in PHP, now we want to take it to the TYPO3 extension.
My question is about the callback when authenticating a profile. Our extension sends us to the social network and when we return to our web page, with the token in the url, this does not change and shows the same screen of the plugin before redirect to the authentication in the social network. The callback url in manage app in Twitter has the id of our plugin's page. I check url for change the plugin action but doesn't work.
We see that this step is fundamental to be able to later make publications to the authenticated profiles in the application.
The problem could be that your authentication service is not triggered when returning to the TYPO3 site. Whether or not your service will trigger depends on several configuration options. By default, your service will only trigger when a POST login action is taking place - but there are options to define that, for example, the authentication service must always attempt to fetch (and thus authenticate) the user even if there is no POST login data (instead, GET parameters may be used to determine if authentication should be attempted).
There is also a caveat if you intend to log in BE users using this method. I've noticed that if you attempt to log in a BE user in the FE, then no action or configuration will be respected unless an existing BE user cookie exists (which it will if you've ever been logged into the BE). If you use the authentication service to log in to the BE normally there isn't this problem - it only applies if you try to do it in FE.
TL;DR: I'm guessing you need to configure the "always auth user" setting for the targeted BE/FE context, using parameters described in the "advanced" section of this link: https://docs.typo3.org/typo3cms/Typo3ServicesReference/Authentication/Index.html
The problem was resolved creating a new plugin. In the configuration of application in Twitter I can not set parameters as controller and actions, for example; only the page id. I had to create a plugin in my TYPO3 extension that execute in one page the action for get information of callback, process and return the page with the list of social profiles. This We did it in each one social networks (Facebook, Google+ and Instagram) for their callback URL to be correct.
I'm developing a desktop application which is supposed to allow users to login via Twitter.
There seems to be 2 ways to do so, that differ in a way oauth_verifier is returned to the application.
The first one is for web applications and oauth_verifier is returned as a url query parameter when redirecting user back to redirect_url.
The second one is using a PIN displayed to the user, which user enters to the app.
Now Facebook, for example, has a page facebook.com/connect/login_success.html , where FB can redirect a user with ouath_verifier as a query param (e.g. facebook.com/connect/login_success.html?code=<token>. Then I can read that param back from the browser's location field (I'm using an embedded browser).
So, is such a workflow possible with Twitter? Does it have a static page, where it can redirect user with oauth_verifier ?
I haven't been able to find such a page in Twitter's API docs, so I ended up using the main page twitter.com for the redirect. Everything works fine.
My Ruby on Rails app has a subdomain URL for each user's public page. Eg. username.xyz.com
I want to publish this URL on the user's Facebook Page from Rails.
So far, I have created a Facebook App and set it's Page Tab and URL.
I'm using the fbgraph gem to set this app on the facebook page. (This page will be created by the user and will have admin access of this page.)
I used this code:
user = FbGraph::User.me("USER_TOKEN")
account = user.accounts.select {|account| account if account.name == "PageName"}.first
page = FbGraph::Page.new(account.identifier).fetch(:access_token =>"Access_token",:fields => :access_token)
tab = page.tab!(:app_id => "APP_ID_I_CREATED")
Using this code, every user's page points to the URL defined in the APP's Page Tab URL.
I want every user's page to point to their own subdomain URL (eg: user1.xyz.com)
What do I need to do to achieve this?
The subdomain is not handled by the web server, it's handled by DNS. So first you need to get DNS to route everyuser.xyz.com to the IP address where your web server is.
The way DNS works, you will likely have to have a DNS entry for every user. You might be able to find an API to add DNS subdomains when you create a user.
Don't ask me about how to do this, because I don't know, and am uninterested in researching it.
You also have to get the web application to accept the request, and #lightyrs has a good description on how to do that.
You can do the following:
Edit: Make all of these user.mywebsite.com subdomains resolve to the same URL. At that URL:
Create a catch-all route that will handle all traffic originating from *.facebook.com.
Point that route to a controller action that decodes params[:signed_request].
The decoded signed request will yield the facebook id of the page that is responsible for the request.
Fetch the user in your system that is an admin of the page in question.
Fetch the user's subdomain.
Redirect to the subdomain.
Currently, this is the most common way of solving this problem, however, I'd like to see a solution from facebook in the future that allows us to have some kind of dynamic tab URL based on the page, user, and referral context.
All,
Here is the scenario;
Our website uses APPID-1 for auth and extended permissions (MainSite)
Our Page Tab App uses APPID-1 for auth & extended permission
(TabApp-1), and this adds the auth_token to our DB on MainSite
However we want to add another tab that uses APPID-1 for auth_token acquisition, is this possible?
Proposed scenario;
MainSite - APPID-1 acquire auth_token
TabApp-1 - APPID-1 acquire auth_token
TabApp-2 - APPID-1 acquire auth_token
I should note that non of our TabApps actually need the auth_token, its our MainSite backend app that uses the auth_token to perform actions for the user. However we want to make it easier for our users to use the site, and many come via our Fan Page.
So can we have TabApp-2 pop the Auth Dialog for APPID-1 with is not TabApp-2's APPID?
Specs:
Ruby on Rails 3.1 and using Graph API & Javascript Fb API
I guess you would have to initiate the JS SDK in TabApp-2 with APPID-1. Server-side you would receive a signed_request with TabApp-2 credentials but you can just it that if you work only with the JS API.
I guess you could validate the assumption with a prototype in less than 30 minutes. Have you done that yet? If so, what were the results?
You don't need different apps for this (but i think you're aware of that) the same app can be installed onto multiple pages, and you can show different content on each page by checking the page parameter in the signed_request which is POSTed to your server when the page tab is loaded by a user.
As far as authorisation goes, you may have issues when getting the user to log in directly from a page tab (issues = it may not be allowed to redirect the user back to the tab after login because the full URL to the tab (http://www.facebook.com/pages/somepage/12345?sk=app_{app id here}) isn't 'owned' by your app)
If that happens you can send them to your main site after login with an additional parameter that you use to detect that the user started login on a page tab, and redirect them back to it
Seems you will have to make a few apps, then just use php-sdk to authenticate, since the auth will be server side it will not matter what iframe or page tab it appears in, it will be able to auth to a single app.