Setting the callback URL for Meteor Twitter auth. I have searched widely and all options I've tried end with a 'Internal server error' error message on the login page.
I currently have:
"ROOT_URL": "https://mydomain.org.uk",
...though I have also tried options such as: "localhost:8080", "localhost", "https://mydomain.org.uk", "https://crew.streetscenes.org.uk/_oauth/twitter?close", "https://crew.streetscenes.org.uk/_oauth/twitter" and others.
In the Twitter config setting I have tried everything, "http://127.0.0.1", "http://127.0.0.1:8080/_oauth/twitter" and various other
Meteor 0.6.6.1 - Login with Twitter - auth callback issue
server.mydomain.com:3000/_oauth/twitter?close
I also tried with "Enable Callback Locking (It is recommended to enable callback locking to ensure apps cannot overwrite the callback url)` checked.
Related
My application built upon spring-social-twitter that enables users to sign in with Twitter has stopped working recently.
I've got an error message as below:
Callback URL not approved for this client application. Approved callback URLs can be adjusted in your application settings
Note: I'm using Spring Social Twitter version 1.1.2.RELEASE. And if you use Spring Social Twitter version 1.1.0.RELEASE, you might get a slightly different error message as below:
POST request for "https://api.twitter.com/oauth/request_token" resulted in 403 (Forbidden); invoking error handler
Twitter recently (in May 2018) enforced that sign-in-with-Twitter users must whitelist callback URLs for security reasons (see the announcement).
This means callback URLs have to be explicitly and identically set up for all supported third-party applications. You can setup the callback URLs in your Twitter's application setup page: https://apps.twitter.com
For example, if your callback URL is http://localhost:8080/myApp/signin/twitter, you must add it to the list of Callback URLs in your Twitter's application setup page exactly as it is: http://localhost:8080/myApp/signin/twitter
See also the documentation on Twitter callback URLs.
I struggled with this since Twitter made the changes to increase security. My android app would use a callback URL and the same URL in the Intent Filter. But since the change, the URL I was using had to be registered in the Twitter developer portal. I was using ouath://myapp, but Twitter does not accept that as a valid URL (website).
After a bit of digging, I found that for apps you can specify any scheme but only as a scheme. For example I used myapp:// as the callback URL.
In my app, my callback URL was myapp://whatever, and in the Intent filter, I used :
<data android:scheme="myapp" android:host="whatever">
Twitter accepted the callback URL and it correctly redirected back to my app after the user authenticated with their Twitter credentials.
I has originally used just a normal website, and that worked too, but after validation by Twitter, it asked if I wanted to redirect to My App, or to a Chrome browser. Using the above approach it will simply return to your app.
After I did all this, I realized that I could have just added Oauth:// as a call back URL and my app would have worked without change.
I fixed it by adding those callback URLs to Twitter's whitelist.
twitterkit-{Twitter API Key}:// for iOS.
twittersdk:// for Android.
We integrated a Rails app with linkedin authentication, using devise and the linkedin gem.
It works fine and able to register/sign in with linkedin, however an odd thing happens when you press 'back' on the browser after signing in/up:
It goes back to linkedin with the same request URL and the error shown is:
The partner did did not properly implement the authentication protocol. in RED
This looks quite bad and we'd like to have a better way of handling this, but no idea where to start; any idea what could trigger this and is there any way we can prevent it?
You will need to build your service for every new request.You might have same access code for diff-2 request.
Try to generate it for every http auth request.
service = new ServiceBuilder()
.provider(LinkedInApi.class)
.apiKey(API_KEY)
.apiSecret(API_SECRET).debug()
.build();
I'm trying to implement Twitter reverse auth. I'm using Sean Cook's reverse auth implementation:
https://github.com/seancook/TWReverseAuthExample
And I've created a Twitter app on dev.twitter.com. The example code above works fine for the Twitter account I used when creating the app, but any other account fails with the error below:
<error code="89">Error processing your OAuth request: invalid signature or token</error>
Is there something I need to enable on my app somewhere? Googling around yields lots of suggestions to email Twitter and ask them to enable reverse-auth on my app, but more recent info says that it's now enabled by default for new apps.
This problem has puzzled me for a few days, and I think I've finally narrowed it down. I'm using the Facebook JS SDK to do client side authentication:
FB.login(function(response) {
if (response.authResponse) {
var url = "/auth/facebook/callback?redirect=";
url += '&' + $.param({ signed_request: response.authResponse.signedRequest });
window.location = url;
}
}, { scope:'email,publish_stream,publish_actions' })
Note that I'm manually passing in the signedRequest. For some reason when I don't, I get an error that complains that there must be a 'code' parameter or a signed request (OmniAuth Strategies Facebook NoAuthorizationCodeError (must pass either a `code` parameter or a signed request (via `signed_request` parameter):). This is with omniauth-facebook gem version 1.4.0. If I use the latest of 1.4.1, I get the invalid_credentials issue that everyone else seems to be getting.
When I try to log in, something strange happens. I turned on my Chrome debugger, switched to the Network tab. I see two network requests, both GET to
https://www.MYHOST.com/auth/facebook/callback?redirect=&signed_request=BIGSTRINGHERE
However, interestingly the first request has a status of 301 and the second has a status of 302, and the next network request is to the /auth/failure callback. To make things more puzzling, this doesn't reproduce locally, only in production. Locally, it works and only does a single request, which has a http status of 302.
Also it's worth noting that after hitting the failure callback, it returns to my website homepage, which then triggers the autologin feature because it detects the user is a FB user and has an account on the site. This piece of code hits the same callback url and succeeds.
So my question is why is there a second request to the callback and how do I get rid of it to presumably get the login to work correctly? Bonus question is why do I have to manually pass along the signedRequest when tutorials don't seem to have to do this (e.g. RailsCast #360)?
A few notes to clarify and provide details:
I am using omniauth-facebook 1.4.0, omniauth 1.1.4, and omniauth-oauth 1.0.3
I am not using Devise. I also don't seem to be initializing the facebook omniauth more than once.
This issue only happens locally and not in production using the same Facebook app ID and secret. The login url is set to a production domain and I use some local configurations to get production domains to point locally.
The appID and secret are correct (the autologin works, and it works locally).
The Facebook app is not in sandbox mode.
Turns out the issue was that the callback that was redirected to was https. Since that page wasn't available in https, it redirected to http, resulting either in a loss of data or bad data. I failed to notice that the second request was http and not https. Enabling ssl for that callback action fixed the issue.
I am new to developing a Salesforce app and I am using OAuth 1 for authentication.
I am able to generate the Request Token, and I re-direct the user to the salesforce site.
Once I enter my credentials, I get a
Remote Access Authorization Error
There was a problem in setting up your remote access
with
oauth_error_code=1800
In my Login History page, it shows Status as Success for Application type OAuth.
I don't get any entry in my Debug Logs page.
I have enabled Development Mode.
Any ideas whats wrong?
So https://login.salesforce.com/services/oauth2/success is a stub URL for callbacks - and that is the screen you are seeing there, and the access_token variable is your session ID for the user. So the OAuth flow is working correctly.
In the code, you might check to see if oauthResponse.access_token is getting set correctly. If so, it looks like:
sfw.login( setupHomeView );
That is what should tell it to move from that page to the next UI page.
You might also check out the Force.com Mobile SDK (link). It also includes PhoneGap and has a great OAuth wrapper built in.