We are developing a mobile app.
In this app we want our END USER to able to login with there email id + the password they have from our zendesk.
I can not find any way to let a END USER login with email + password. And after that, make tickets and see his open tickets.
We are using the CORE API at this point.
Have you had a look at the docs for the iOS and Android SDKs?
You can set up an AnonymousIdentity with email and name after your users auth into your app. This will give you an identity which can be used to create tickets.
There are limitations with AnonymousIdentity, described in the docs. The other option is JwtIdentity, this requires a bit of backend development to get up and running.
Related
I am trying to make login using OAuth2 using Apple Sign in. and I need to save the user email to the server.
after reading Sign in with Apple and authenticate with Firebase documentation , it said that
Unlike other providers supported by Firebase Auth, Apple does not
provide a photo URL.
Also, when the user chooses not to share their email with the app,
Apple provisions a unique email address for that user (of the form
xyz#privaterelay.appleid.com), which it shares with your app. If you
configured the private email relay service, Apple forwards emails sent
to the anonymized address to the user's real email address.
apple will generate unique fake email like xyz#privaterelay.appleid.com if the user refuses to share their original email.
if the user logout and then login again, will the fake email will be the same? or apple will generate a new fake email like new123#privaterelay.appleid.com ?
We create users with their email address. We send email to each user with a link to change password api with changePasswordId. When user clicks the link, he will be redirected to change password screen where he can set the password and access the application. This works.
But, now we want to allow users to register with their social Idps upon receiving invitation/verification email. Can't see any fusionauth documentation on this part.
Questions are as follows
How to let user select their social Idp while verifying their email?
Can a user have multiple logins with different Idps for one application in FusionAuth?
Is there any linking api which links all external user accounts with their fusionauth user account?
The flow we are expecting is :
Invite User -> User clicks link -> User will be presented with set
password and social logins-> User chooses google -> Google
authenticates user and returns token back to fusion auth -> fusion
auth links user's google account with already created (invited) user
account. -> Next time user logs in with google account -> Fusion auth
identifies the user and allows him to access the application.
Updated :
Let me try to explain our situation and need, with less focus on the password setup task:
We need to set up new users that are associated with google based education accounts on custom school domains. Teachers and students that might have addresses like first.last#middle.school.com We need to take the class roster from Google Classroom, initialize accounts for each student in our backend via our API which also creates FusionAuth user and app registrations for each.
Schools don't often want kids setting passwords on vendor sites. When we send the account confirmation / verification email to the new cohort of students they would ideally be directed to the approved and configured method for that domain (perhaps Google, Microsoft, other SAML or password). If we can't get selective about the confirmation method shown after the student provides her invited email address then we could present multiple confirmation options on the same screen and let the teacher direct the students to the correct choice.
But in summary we need to avoid requiring password setup and support confirmation with the invited social account when required by the school.
If I understand your use case correctly, what you want is to add the "Login with Google buttons" to the Setup Password workflow. This is different than the Email Verification workflow, so if you are looking for a way to log users in with their social profiles during Email Verification, that's something completely different. In fact, I don't think that is a use case because after the user verifies their email, they need to log in again and they can do that using their social profile.
Unfortunately, FusionAuth doesn't fully support the ability to allow someone to use the Setup Password workflow using a social login. It might be possible though using the Email Templates and Theme editor in FusionAuth. I haven't tested this, but you could try it and see if it works.
What you would do is to pass in a URL parameter to show the social login buttons during the Setup Password workflow. This would be something you could do in the email template for Setup Password like this:
Click this link to setup your password:
<a href="https://example.com/password/change/${changePasswordId}?showSocial=true">
Setup Password
</a>
Then, using the Theme editor in FusionAuth, you would add some code in to show the buttons like this (the ?? part is to handle when the parameter is missing):
[#if showSocial?? && showSocial]
show social buttons here
[/#if]
You could give that a try and see if it works for your use case. If it doesn't work, you can always open a feature request for this on our GitHub issue tracker and we can see if it receives enough upvotes to get on the roadmap. You can also engage FusionAuth professional services to build this feature for you as well.
For your other questions, you can have as many logins with external IdPs as you want for a single user. The user is unique by their email address.
I'm not sure what you mean by "linking api", but if a user logs in with an external IdP, their tokens from those external providers are stored on the user object. You can look up those values and then call third-party APIs with their access_tokens.
UPDATE 8/27/2019
Ah yes. The social login buttons do require all of the OAuth parameters, so this solution won't work because those parameters aren't part of the Setup Password workflow.
I guess I'm confused on how this actually works and whether or not this is a workflow FusionAuth should be handling. Social logins aren't generally used for account verification. They are normally used for account creation. For example, you could just send the student to FusionAuth before their account is created, they login with their Google classroom account, and then they have a FusionAuth account. Is there any reason the student can just login in after their account is created? Is that not essentially the same thing?
Could you do something where students that have accounts in Google Classroom are created in FusionAuth with a randomly generated 32 character password (for security) since they will be logging in with Google regardless. You can then just send them an email with a standard login link.
For students that login in with a username and password to FusionAuth directly, send them a Setup Password email. This will let them pick their own password.
In terms of account Linking, FusionAuth links accounts automatically based on email address (the unique login identifier actually). Therefore, you don't need to call any extra API to associate the social login with a user.
I might still not be clearly understanding the use case, so feel free to contact us directly using the form on our website. We might need to setup a web conference to discuss your needs in detail.
I'm developing Salesforce iOS application.
From application frequently the user has to modify data which is available on Salesforce.com.
When user tap on edit I'm launching salesforce login screen and prompt to enter username and password all the time.
So I have decided to implement SSO using Salesforce Oauth. I have done everything I'm able to receive a access_token once user authenticate with Salesforce.com.
My question is lets say "If the user want to edit a lead with id as 0097hjy7" , URL to edit this lead will be "https://sales.mysalesforce.com/0097hjy7" when this URL launch on browser it prompt to enter username and password again.
How can I navigate the user to "https://sales.mysalesforce.com/0097hjy7" this URL without asking username and password all the time by using the access_token available with me.
Thanks in advance.
I resolved this issue by adding Salesforce iOS SDK to my project and using some classes like SFOauthCoordinator and SFOauthCredentials. At the end we need to prepare a frontDoorUrlWithReturnUrl which is available on "SFAuthenticationManager" class.
We're building a salesforce app, and I need to auth against a user's SF user (so they don't have to log in to SF, then also log into our system).
So I from our app, I want to bounce off of SF and:
1) confirm that the user is logged in to salesforce.
2) get (or confirm, if I provide it) some kind of tenant id, so I can confirm that they are logged in to the tenant they are self-reporting to me.
Does SF have docs on this flow somewhere?
Thanks!
When you put your iframe in Salesforce you can include the current SessionId and ServerURL in the query string parameters.
You can then use the PartnerAPI with these credentials to call back to Salesforce and verify the users details.
There are some very basic details on doing this in Implementing Salesforce Integrations on Force.com
In my mobile app, I want to authenticate gmail/yahoo user via his email id & password to access my mobile app (I have done this with the Facebook). After lots of research, found repeated questions like question1, question2 and got this reference as Google api doc.
I have gone through the reference site and its code but not understood which is the domain and where to send which request.
Is there any way to authenticate gmail/yahoo user via his email id & password? Please help.