I have searched for solutions to this issue but everything I've found seems to be applicable to a firebase web app, not to iOS implementations.
When verifying a user using firebase phone auth for iOS, I understand the recaptacha is very unlikely to appear. However in the event it does, it creates a webview for the recaptcha like so:
Is there any way for me to hide the myProjectId-12345.firebaseapp.com from the user? It's not very clean or secure I'm afraid. I haven't been able to find anything in the way of documentation on this topic, and most stack overflow answers that solved the issue seem to be applicable to the firebase web sdk only.
Am I missing it somewhere? I have followed the documentation for silent notifications as well, so normally the recaptcha does not appear. From the documentation, "only a very small percentage of users will experience the recaptcha", but I would still like to account for those users.
Set up your domain for Hosting
Step 1: Add domain
From your project's Hosting page, enter the wizard for connecting a
custom domain:
If you have only one Hosting site, click Connect domain. If you have
more than one Hosting site, click View for the desired site, then
click Connect domain. Enter the custom domain name that you'd like to
connect to your Hosting site.
(Optional) Check the box to redirect all requests on the custom
domain to a second specified domain (such that example.com and
www.example.com redirect to the same content).
Click Continue to initiate the validation process.
Step 2: Verify domain ownership
If requested in the Connect Domain setup wizard, verify your apex domain.
Step 3: Go live
In the Connect Domain window of the Firebase console, select Quick
Setup for a new site or Advanced Setup if you already have a site
running on another hosting provider and need a zero-downtime
migration.
Have a look at this for detailed information.
Related
I am trying to do the Sign-in with apple feature in my iOS app with support for iOS less than iOS 13, I got suggestions from the web to do it with Apple Sign in JS. In order to do that I need to create a Service for Authentication. I completed steps up to domain verification, as per mentioned in a blog. but can't verify the domain.
I am using a subdomain. I downloaded the file and uploaded in .well-known folder correctly as mentioned. Tried more times but no result. Do I miss anything? Can anybody help me with this?
check your domain has redirect logic or not, for example, if your site redirects https://example.com to https://www.example.com, then verification probably will fail. It was mentioned in Apple's document. You might need to remove the redirect logic temporary then click that verify button.
looks like apple can only verify the top domain, I don't think www.example.com will work, but example.com should work.
I am trying build up a Staging Environment for an ASP.NET MVC Web App, but am stumbling from problem to problem, the last one having been this one: HTTP 500.79 Error / System.UriFormatException when deploying ASP.NET App to Azure Web App
Currently I am getting a HTTP 403 - Forbidden, "You do not have permission to view this directory or page." error when trying to access the page.
Authentication-wise the App uses Azure Active Directory as Authentication Provider, which is working fine in local testing (using a Test-AAD) and in production. The local and productive apps are not using Azure Web Apps. I noticed on the Azure App Service page that there is a possibility to specify authentication right within Azure, but I don't really want / need to use that, as everything is specified within the app resp. configured in the web.config (ClientID, ClientSecret and Tenant). Anyway, when I tried filling in the Authentication on Azure directly it did not work either, so I removed it again.
What happens now is that the redirect to the Login page on login.microsoftonline.com works, and according to the AAD Admin the login attempt is being successful, or at least shows no pecularities. However, when being redirected back to my page, I get a generic 403, without any additional information that could help pin the problem down.
I did check all sorts of logs for further details, and the only pecularity I found is that for some very odd reason, all requests are made to a completely gibberish URL:
Requested URL / specified Reply URL: https:\\skillmanagementtest.azurewebsites.net
Actually requested URL according to logs: https:\\Skillmanagementtest:80
I have absolutely no clue where this URL originates from, however, "Skillmanagementtest" with that capitalization seems to be the name I specified for the Azure Web App:
Screenshot resource group items
The web.config is being transformed properly during the CI/CD pipeline and I double-checked the auth settings there (tenant, clientID, clientSecret), and I am really out of ideas what may be causing this problem.
One hint I found on other problems was to check the IIS logs, but when I attempted accessing the directory these logs were said to be placed in I was rejected access, even though I have owner permissions on the App Service...
UPDATE
After a long and weary process of trying stuff out and discussing we finally got the App up and running. Some observations we made which may be interesting for others with this or similar problems:
The role-based authorization did not work because we forgot to specify the App Roles in the App registration's manifest file, and then link the security groups to the application roles. Check here for more info: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps
We had one API which is only visible within our company's domain. As an Azure Web App runs outside that domain, trying to access that API resulted in an internal server error. We still have to find a solution for this.
We had a situation where requests to the reply URL after authorization would be redirected from HTTPS to HTTP. We have solved this, but as five people were trying out stuff consecutively we don't know currently what the fix actually was. We may create another Azure Web App which may then reveal this part of the solution.
Check to ensure that what you have in your web.config and app settings matches what you have in the reply URLs for your app registration in the portal. There may be some reference somewhere where the reply URL does not match.
Are you using the openid sample? https://github.com/Azure-Samples/active-directory-dotnet-webapp-openidconnect
Also ensure that you are logging in with a user who has the right permissions under the tenant and to the app itself. My colleague and I made a short video that includes the right configurations that may be helpful for this use case. https://www.youtube.com/watch?v=MohaxN6fsDs
After a long and weary process of trying stuff out and discussing we finally got the App up and running. Some observations we made which may be interesting for others with this or similar problems:
The role-based authorization did not work because we forgot to specify the App Roles in the App registration's manifest file, and then link the security groups to the application roles. Check here for more info: https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-add-app-roles-in-azure-ad-apps
We had one API which is only visible within our company's domain. As an Azure Web App runs outside that domain, trying to access that API resulted in an internal server error. We still have to find a solution for this.
We had a situation where requests to the reply URL after authorization would be redirected from HTTPS to HTTP. We have solved this, but as five people were trying out stuff consecutively we don't know currently what the fix actually was. We may create another Azure Web App which may then reveal this part of the solution.
I have "unverified app screen" when I request access to Google accounts.
To get rid of it I want to fill out OAuth Developer Verification Form. But, I got some problems with that due to some restrictions on my environment.
There is a field:
Homepage URL for your app *
The problem is that in my application my home page is not accessible publicly. Usually, it can only be accessed using VPN connection.
For push notifications, I use different URL that only handles them, but for the UI there is no access from the world without VPN. I was thinking of overcoming the issue and have a few ideas, but I'm not sure whether they will work.
Inform Google of restricted access to the home page via this field:
Is there any other information you can provide that will be useful?
However, this approach might not work due to the fact that it's not said that I can omit to specify the home page.
Find out what addresses google requests homepage from and to allow access to it from those addresses. But, firstly it's insecure and secondly, it's still a question how to get these addresses.
Make some static resource stub page and place it somewhere where I can provide access. For instance, I can put it near privacy policy file that is publicly accessible.
Is there a more suitable way of addressing this issue or some of these options might still work?
I am using azure AD authentication to authenticate a user in my MVC
application.And I published my application on azure and it is
working fine.
But, when I run my application locally then it Microsoft's login
page comes up and when I enter credentials and click on SignIn
button then it is giving "Sorry, but we’re having trouble signing
you in.We received a bad request."
But the same application is on azure and if I access it from there then it allow me to login.
To create this apllication I follwed link to add azure AD authentication
If you notice the error message, it clearly indicates that you have not configured https://localhost:44320 as one of the reply addresses.
Please go back to application configuration screen in your Azure AD and add https://localhost:44320 as additional reply address. That should take care of this problem.
Add the below to your Web.config. It must be the same port which you have added at the time of Application registration.
<add key="RedirectUri" value="https://localhost:44320/" />
I hit this, it has cost me a lot of time.
I would check firstly that you have the ability in Azure to access third party applications.
In Azure > Users & Groups > User Settings:
You see the first item (Users can allow apps to access their data) - without this checked I believe it wont work.
As you are running your application locally it is not published to Azure, this means that although it may be within the realms of your organisations network, Azure still views it as a third party application.
Be wary setting this to 'Yes'. I understand that there are ways to then create applications that allow you to behave as an Azure super user....
In case anyone else comes across this, here is what happened to me. I had been switching back and forth between environments within Visual Studio (Project >> Properties >> Debug >> Environment Variables). Well, the last time I switched it, I wrote "Develop" instead of "Development" to switch back. This caused .NET Core to grab the wrong appsettings which connected to the wrong AD which did not have my localhost setup on it. It took me an hour to catch what I had done wrong.
This may not be exactly what has happened to you, but do check to make sure you are picking up the Azure AD settings you are expecting if they are in your appsettings. It could be a good point to start at.
I am trying to use Auth0 to log in to several social media sites at once in a single page app. I have added a generic OAuth2 server to my account for Tumblr, using the instructions here: https://auth0.com/docs/connections/social/oauth2. I have verified that the server was correctly added, and the JSON-P response for my client application is populated with the correct info based on what I added.
My question is, how can I use the JS popup widget to login to this server? I essentially have a couple social logins that are built-in to Auth0 that are working by passing (e.g.) connections: ['twitter'] to the .show() function, and a couple social logins that are not built-in, that I can't seem to wire in correctly to work similarly to the built-in social logins.
In other words, when I use connections: ['twitter'], the popup correctly shows the "Login with Twitter" button. However, when I use connections: ['tumblr'] (where 'tumblr' is the name of the custom connection I made), the popup doesn't show any buttons or even the username/password fields to login to my custom connection. I'm clearly not understanding how this popup is supposed to work with custom connections, so any advice would be much appreciated.
It turns out that Tumblr uses oauth1, not oauth2. So, I was on the right track, but I was just using the wrong eaxmple page. Here is the example page for oauth1 connections: https://auth0.com/docs/oauth1.
You can also then add customizations to the login screen as described here: https://auth0.com/docs/libraries/lock/ui-customization. That will allow you to do what I was looking for in my original question.
Custom OAuth2 connections won't show up on Lock (the UI widget), you have to use your own UI. The library you are looking for is auth0.js (UI-less library) that will handle the auth process for you.
This is likely changing in the next release of Lock.