I inherited an app, and I am trying to understand the exact configuration differences between what Facebook wants and what is currently implemented.
In working to create a great Platform experience for everyone, we ask developers to ensure the apps they build comply with our Platform Policies. Your app APPNAME (AppId: APPID) doesn't comply with the following:
Platform Policy 8.2: Native iOS and Android apps that implement Facebook Login must use our official SDKs for Login.
Please make sure your iOS app is using the most recent version of our SDK for Login. You can find more information on our iOS SDK for Login and other Login-related products here: https://developers.facebook.com/docs/facebook-login/ios.
EDIT: In addition, Facebook also told me this:
Thank you for reaching out and for all actions taken so far. I am still able to view the FB login using unofficial SDK [refer to screencast].
My guess is that this is due to the configuration of OAuth2 in the authentication service.
It is setup like this:
private init() {
let keycloakHost = ServerConfigurator.sharedInstance.keycloakUrl
config = KeycloakConfig(
clientId: "app-name-mobile",
host: keycloakHost,
realm: "master",
isOpenIDConnect: true)
config.webView = .safariViewController
config.webViewHandler = self.webViewHandler
oauthModule = KeycloakOAuth2Module(config: config, session: KeycloakClient.session)
}
Whereas the aerogear oauth docs seem to suggest a different configuration is required for Facebook:
https://github.com/aerogear/aerogear-ios-oauth2
let facebookConfig = FacebookConfig(
clientId: "YYY",
clientSecret: "XXX",
scopes:["photo_upload, publish_actions"]
)
let oauth2Module = AccountManager.addFacebookAccount(config: facebookConfig)
let http = Http()
http.authzModule = oauth2Module
http.request(method: .get, path: "/get", completionHandler: {(response, error) in
// handle response
})
It also seems like the original developer is piping the input through to a Safari Webview, vs using the methods expected by the library. I'm not entirely why that is either. I think this may, in fact, be the cause of the issue Facebook has with the app.
Can anyone shed some light on this error? I'm trying to most efficiently deal with it as there is a very quick time limit (a week), and I'm not even sure if I am going down the right path here.
Any advice is highly appreciated.
EDIT: I am now using this version:
https://github.com/maciej-gad-benefex/aerogear-ios-oauth2
EDIT: This also needs to integrate with Keycloak identity provider
This library is not going to be maintained anymore. The last significant change was 2 years ago (Commits on Jan 13, 2017)
I really recommend you to replace this for AppAuth-iOS
It looks like Facebook is saying that you have to use the Facebook-supplied SDK for login, so in order to comply, you have to move to https://developers.facebook.com/docs/facebook-login/ios.
Related
I am currently using the react JS quick start available at the following link.
https://github.com/auth0-samples/auth0-react-samples/tree/master/Sample-01
About a year ago, I was able to repurpose it. That old app is still working fine, able to authenticate, authorize and also make calls to a custom API.
On the old app, I am getting all the scopes.
“scope”: “openid profile email read:profiledetails read:seeallquotes read:sitestats read:testperm1 read:testperm2”
Now, I have made a fresh copy of the react app using the quick start option, from the same auth dashboard as the old app. Updating the config file to match the old app config files. I get the following scopes
“scope”: “openid profile email”
Why am I not getting all the scopes as per the user login? Same user, on the old app, gets all the scopes. I believe, the new react app is not asking for all the scopes when it asks for token. But, I have updated all the scopes I need in the auth config.
Both apps - old and new - have the exact same auth file, and are linked to the same auth0 server, same custom api, same everything. I am also using the same user account for testing on both the apps.
{
“domain”: “removedonpurpose.us.auth0.com”,
“clientId”: “removedonpurpose”,
“audience”: “removedonpurpose”,
“scope”: “read:current_user update:current_user_metadata read:capquotes read:penquotes read:profiledetails read:seeallquotes read:sitestats read:testperm1 read:testperm2”
}
Why is this happening?
What else should be included in the react app to make it ask for all the scopes?
This question is related to the original question I posted on the Auth0 forums. Linking it here. https://community.auth0.com/t/scope-not-included-in-token-call/65173
Right after I posted this I discovered that the latest version of the react quick start makes some changes.
especially the following.
// Please see https://auth0.github.io/auth0-react/interfaces/auth0provideroptions.html
// for a full list of the available properties on the provider
// const config = getConfig();
// const providerConfig = {
// domain: config.domain,
// clientId: config.clientId,
// ...(config.audience ? { audience: config.audience } : null),
// redirectUri: window.location.origin,
// onRedirectCallback,
// };
I missed this part. in the old app, the configuration was done differently. It looked something like this.
<Auth0Provider
domain={config.domain}
clientId={config.clientId}
audience={config.audience}
redirectUri={window.location.origin}
onRedirectCallback={onRedirectCallback}
scope={config.scope}
>
<App />
</Auth0Provider>,
with the settings read directly from JSON.
Anyway, I went back to the old way for now. The quick start tutorial still shows the old options which threw me off as I was using the tutorial as reference and did not discover that they made changes.
Not blaming the tutorial. I should have investigated in the beginning.
I'm using the MSAL Preview for iOS and this swift sample.
Based on the documentation here, I should be using consumers not common to force it to Personal accounts only.
In the ViewDidLoad function
self.applicationContext = try MSALPublicClientApplication.init(clientId: kClientID, authority: kAuthority)
Changing kAuthority to
https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize
Should lock it to consumer accounts only.
But this seems to throw an error of "This doesn't look like a work or school email. You can't sign in here iwth a personal account. User your work or school account instead." It does work for that kAuthority if i put in org account.
If i change to
https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize
It allows allows org in but not consumer account.
Both work if I set back to code sample default of
https://login.microsoftonline.com/common/oauth2/v2.0/authorize
I have noticed that if I hit this in a browser
https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=##clientid##&response_type=code&redirect_uri=http%3A%2F%2Flocalhost&response_mode=query&scope=openid%20offline_access%20https%3A%2F%2Fgraph.microsoft.com%2Fmail.read&state=12345
this works fine in a browser. So I don't think its an application configuration issue. unless its to do with native vs web calling this?
I noticed in the latest sample , kAuthority has been shortened.
let kAuthority = "https://login.microsoftonline.com/common/"
Tried this and doesn't make a difference.
Worked with the engineering team in GitHub and they fixed a back end problem. This is now resolved.
I'm trying to implement Steam Authentication via OpenID for iOS using this framework. I already translated the demo to Swift 3 and made it work with Google. Now I'm trying to get it to work with Steam and I don't know where to find some of its configuration. To make the app work with Google I use this information:
let kClientID = "xxxxx.apps.googleusercontent.com"
let KRedirectURI = URL(string: "com.googleusercontent.apps.xxxxxx:/oauthredirect")
let kIssuer = URL(string: "https://accounts.google.com")
I've being looking in their dev wiki but so far I could just find how to get the API key. Would you have this information? It is my first contact with OpenID and I'm a bit lost.
Thanks for any help
I'm starting to investigate how to work with Facebook programmatically.
I've set URL scheme in my app, so that I could open it from browser using "myappopenup://".
Then I created an app in Facebook. Copied an AppId and tried to make like this:
let url = NSURL(string: "https://www.facebook.com/dialog/oauth?client_id={MY_APP_ID_WAS_HERE}&redirect_uri=myappopenup://fbcallback")
UIApplication.sharedApplication().openURL(url!)
After running this code, simulator opened safari (I've tried with SFSafariViewController first). but everything I saw was:
So, I'd like to know: Is it possible to redirect from the Facebook oauth to my app?
Yes it is possible. Here's the necessary redirect_uri:
https://graph.facebook.com/oauth/authorize
?response_type=token
&client_id='+'1247676148624015
&redirect_uri=fb1247676148624015://authorize
Make sure your facebook app is set up:
And make sure your custom URL scheme is set up:
Disappointing comment above -- likely misled many people. This stuff is not well-documented at all, though.
I contacted Facebook support and they confirmed that it's not supported:
Thanks for getting in touch. We'll make the messaging more clear on this, but we do not support custom URI schemes as valid redirect URIs. To perform login in a native app without opening the browser, please use the official SDKs (is https://github.com/xamarin/FacebookComponents what you're looking for?).
They responded in less that 12 hours, which at least was impressive.
I managed to make Alex Paterson solution work here. I had to add the redirect_uri URL on Facebook Login settings too. On section Valid OAuth redirect URIs I've added the callback URL like this:
https://graph.facebook.com/oauth/authorize?
response_type=token&
client_id=12345678910&
redirect_uri=fb12345678910://authorize
As some of the other answers & comments indicate, I don't think that what you're trying to do is supported by Facebook - my impression is that they really want you to use the FBSDK to accomplish authenticating and receiving a token from facebook.
It feels like I've tried every possible configuration under the sun with the someapp://authorize strategy, but it really seems likes they only want you to do this for web apps.
I'm building with react native (so this may not directly apply. I'm sure the obj-C is somewhat similar in practice), so I'm using the react-native-fbsdk library which exposes LoginButton and AccessToken components, and you can use them as such:
<LoginButton
readPermissions={["email", "public_profile"]}
onLoginFinished={
(error, result) => {
if (error) {
alert("Login failed with error: " + result.error);
} else if (result.isCancelled) {
alert("Login was cancelled");
} else {
AccessToken.getCurrentAccessToken().then((data) => {
const token = data.accessToken;
// send the token to your backend
}
)
alert("Login was successful with permissions: " + result.grantedPermissions)
}
}
}
onLogoutFinished={() => alert("User logged out")}
/>
I have been trying for ages now to get OAuth 2.0 integration in my iPhone application.
I have searched and searched for libraries, tutorials, etc... But they have all lead me to a dead end. The main problem I have is that they either have deprecated code, or they just don't work or they have some documentation but its really hard to follow (for me anyway...).
The best OAuth2 library I could find for Xcode is this one: https://github.com/nxtbgthng/OAuth2Client
But the main problem with that one is it doesn't seem to do anything... I have followed all the documentation and instructions that came with it, but after building and running, it doesn't seem to authenticate....
So I guess my main question is: does anyone know of any good and up to date OAuth 2.0 tutorials for Xcode or any libraries for such a thing?
Because I am really struggling at the moment.... :(
Thanks for your time, Dan.
UPDATE 2: Here is my code (App Id and secret removed for security):
- (void)viewDidLoad
{
[super viewDidLoad];
// Do any additional setup after loading the view, typically from a nib.
oauthClient = [[LROAuth2Client alloc]
initWithClientID:#"MY_CLIENT_ID"
secret:#"MY_APP_SECRET"
redirectURL:[NSURL URLWithString:#"app://instagram-callback/?code="]];
oauthClient.delegate = self;
oauthClient.userURL = [NSURL URLWithString:#"https://api.instagram.com/oauth/authorize/?client_id=ab6dc96859bf43b3a488199ec72d9964&redirect_uri=app://instagram-callback/?code=&response_type=code"];
oauthClient.tokenURL = [NSURL URLWithString:#"https://api.instagram.com/oauth/access_token/"];
[oauthClient authorizeUsingWebView:myWebView];
}
- (void)oauthClientDidReceiveAccessToken:(LROAuth2Client *)client;
{
LROAuth2AccessToken *token = client.accessToken;
[NSKeyedArchiver archiveRootObject:token toFile:#"Path/To/MyAccessToken"];
}
- (void)checkAccessTokenForExpiry:(LROAuth2AccessToken *)accessToken;
{
if ([accessToken hasExpired]) {
[oauthClient refreshAccessToken:accessToken];
}
}
- (void)oauthClientDidRefreshAccessToken:(LROAuth2Client *)client;
{
LROAuth2AccessToken *token = client.accessToken;
[NSKeyedArchiver archiveRootObject:token toFile:#"Path/To/MyAccessToken"];
}
In almost all projects I have used AFNetworking because it's very powerful
-why re-invent the wheel every time :)
Furthermore, it also has an OAuth2Manager which is quite easy to implement and works rock-solid.
In Instagram documentation says that there are two ways to authenticate. One Explicit (for server-side auth) and one Implicit, for auth in a client (without server).
You are using the Explicit one inside the app, try changing the userURL to https://instagram.com/oauth/authorize/?client_id=CLIENT-ID&redirect_uri=REDIRECT-URI&response_type=token and the tokenURL to http://your-redirect-uri#access_token=ACCESS-TOKEN.
You most likely cannot use a client secret in an iPhone App (because the client secret cannot be protected), you will need to authenticate through the services mobile app or mobile web site and then handle the redirect url, according to this link I found on the Uber api developer site:
http://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified
There is some code on this page to do just that, which I am testing now:
https://medium.com/swift-programming/learn-nsurlsession-using-swift-ebd80205f87c
There is also some good information on the bottom part of this page: http://www.idmworks.com/blog/entry/getting-started-with-oauth2client-on-ios
I recently made simple pod https://github.com/kohtenko/KOSocialOAuth.
You can easily connect Instagram, VK or LinkedIn. Feel free to send Pull Request with any other OAuth endpoint.
Check out this for using the Instagram API: https://github.com/shyambhat/InstagramKit. In the comments I see that you're having trouble with the redirect - look into Xcode's Redirect URI's for help with that: What's a redirect URI? how does it apply to iOS app for OAuth2.0?