This all used to work just fine. It looks like Twitter made yet another change that broke my app.
Twitter used to pass the return URL when calling the ExternalLogin method in my MVC 5 app. It still passes the provider, but there is no return url. Does anyone know how to get the return URL from the Callback URL?
I'm using the Microsoft.Owin.Security.Twitter 4.0 package.
Any help is much appreciated! Thanks!
I had to add the following URL as a valid Callback URL in Twitter's App Settings.
mydomain.com/signin-twitter
Also, it had been a while since I messed with this, so I forgot how all this worked. It seems like the return URL is always null. ExternalLogin gets called first and then redirects to ExternalLoginCallback.
Related
Some websites like Facebook and Ask FM use #_=_ at the end of an URL to an external website. Why?
If two large websites are doing so, surely it must mean something?
The problem is after authenticating with Facebook. The base path becomes a hash which eventually breaks the navigation.
I think this is because of facebook passing the url with some hash key. Because with or without passing redirection url facebook passing this to avoid vulnerability of attacks.
From https://developers.facebook.com/blog/post/552/, change in Session Redirect Behavior:
This week, we started adding a fragment #= to the redirect_uri when this field is left blank. Please ensure that your app can handle this behavior.
A solution is simply removing the hash as stated here then everything seems back to normal:
Facebook Callback appends '#_=_' to Return URL
I'm implementing and OpenId Provider based on the DotNetOpenAuth OpenIdProviderMVC sample. From the RP, I'm creating an OpenIdRelyingParty, and calling CreateRequest with
http://localhost:PORT/User/xrds
This correctly redirects to the OP, and everything seems to work, but the ClaimedIdentifier that comes back is always
http://localhost:PORT/User/xrds
even when I'm expecting
http://localhost:PORT/user/username
where username is the user I logged in with. Is this an issue with the sample, am I using an incorrect URL as the UserSuppliedIdentifier, or is it something else?
Try to define a different URL as UserSuppliedIdentifier. For instance, use something like http://localhost:PORT/Discovery that executes an action returning the XRDS file. And for identity discovery, define a route to redirect http://localhost:PORT/user/username to a action Identity serving the XRDS file for identity verification.
That worked for me.
Good luck.
I have a CakePHP application (using cake 2.3) which uses the Session component to show the user a splash page the first time he/she comes to the site, and never again. Here's the code in the controller:
public function index() {
if (!$this->Session->check('splashShown')) {
$this->Session->write('splashShown', true);
$this->redirect(array('controller'=>'pages', 'action' => 'about'));
}
//other stuff in controller...
}
This works perfectly on desktop versions of IE, Firefox and Chrome. It also works fine on Chrome iOS, but not in Safari iOS. In Safari, the Session->check() function always returns false.
Anyone know whats going on with sessions on Safari iOS?
Check this answer it handles the same problem, iOS is a bit different in this.
Also look here and here. #Sam Delaney is right of the problem.
I suspect it's to do with the session cookie being stored on the internet browser since I believe this the default mechanism PHP uses to persist the session across requests. Upon request, if PHP fails to identify the session ID, it creates a new one and in the response to the client, sets a cookie with the ID of the session.
Edit
To verify this is the case, I quickly googled for you and I came across this: http://rf.com/how-to/how-to-enable-cookies-on-the-iphone/ Obviously this does not fix the problem but will help you identify the cause of the problem.
I am taking a look at the default OAuth implementation that comes with asp.net mvc 4. It definitely is impressive, as all i had to do was add this line in AuthConfig.cs:
OAuthWebSecurity.RegisterLinkedInClient("_key_", "_secret_");
enabling above, did offer up the LinkedIn link to login. I was prompted for password once, but after entering it i got:
"Login Failure. Unsuccessful login with service."
, and have been getting this ever since w/out ever being prompted for password again.
It is not clear to me if this is due to initial bad credentials i entered, or something with the way i set up the key.
Also, i don't see the actual controller code anywhere within my app, so even if my login worked, it is not clear how i could obtain information from linked in.. i.e. history.
it is nice how easy this integration was, but I am leaning towards a more manual implementation of this?
however i can't help but wonder that above implementation probably also works.
UPDATE
i've traced the problem to be this call:
public ActionResult ExternalLogin(string provider, string returnUrl) {
return new ExternalLoginResult(provider, Url.Action("ExternalLoginCallback", new { ReturnUrl = returnUrl }));
}
callback comes back with "401 Unauthorized".. even though the credentials are correct. from what i can gather in other posts, this may be due to incorrectly formed headers by OAuth library?
I had the same problem and it would appear that this is a bug.
See "Paul Roa" comments on this post:
http://blogs.msdn.com/b/webdev/archive/2012/08/15/oauth-openid-support-for-webforms-mvc-and-webpages.aspx?PageIndex=2
and then his solution (which works for me), here:
http://blog.mrroa.com/post/30454808112/asp-net-custom-linkedin-oauth-provider
I had the same problem.
I updated all OAuth packages using NuGet, and now everything works fine.
It appears that OAuth was shipped in vs2012 with a bug. Here is the tutorial that explains why the error. http://www.devcurry.com/2013/01/connect-to-linkedin-using-oauth-in.html
I had to also update Nuget in order to get the DotNetOpenAuth.Core package to update. Once updated, it worked as expected. Hope someone finds this useful.
Sounds like bad credentials, it worked fine for me. Sadly the template does not allow changing passwords or deleting accounts, but you could remove the LinkedIn connection and then create a new account from your LinkedIn login to try again.
As for the implementation they use and extending it I haven't gotten around to looking into that yet. Plan to do so though since I'm also thinking about using it if it looks good.
So here is the code:
private ActionResult MyMethod()
{
//do stuff
return Redirect("/");
}
I have a bunch of different methods like this in my app. All behave well and redirect to the home page. But there is this one that redirects to http://mysite.com/#_=_ in FF and Chrome while it redirects to http://mysite.com/ in IE. And I don't want the named anchor added. Can you tell me what's going on and what I can do to fix this.
This should not happen. If it happens there is probably some plugin installed on your browser that does this. Try disabling all plugins and/or javascript.
Are you using Facebook OAuth? I have the same thing happening but it is a result of using Facebook OAuth.
See: Facebook Authentication and strange redirect behaviour