I have a site published on Azure, the social auth work correctly on every device an pc, except for one user whom keeps receiving the error invalid request, every time he tries to login using Microsoft.
I was thinking that the reason were that he is blocking cookies, but I tried this and did not get the same error.
He tries to access my site from IE and Chrome, and still gets the same error on every social network. But for everyone else this works just fine.
Someone knows what could be the reason of this error?
Here it is some captures about the URL received and the error page on Windows Live and Google:
Google URL error: https://accounts.google.com/o/oauth2/auth?scope=openid+profile+email&response_type=code&redirect_uri=https://wtm.azurewebsites.net/signin-google&state=xuugnYO6064L0MSO643UyrcDcDvZm_sqndpnUUR_Bn3e3lQkmtFTCq1ZrfMluCbMZhoIEX9G8Vrp-RxNwFHUyxvx_4mpoJVJZnR-n0LFDJyPazQ0ujUsQ6Jl2EIStNS0_EsnZOIZtIJySlgFrIr_TzjNBoih1APWLnGaLBb6wPaLuXQktAeTHeeUBTTnN9HWXi2WtPCYx08wX0N87XJa1kkk-mMcp-ro5UD5oO1EIE4&client_id=950525637185-3f4qu6vhoemqps16mk88mrcf49tn7hvo.apps.googleusercontent.com&hl=es-419&from_login=1&as=-6673ad9c11de7b4d
Microsoft Live URL error: https://login.live.com/err.srf?lc=5130#error=invalid_request&error_description=The%20provided%20value%20for%20the%20input%20parameter%20'redirect_uri'%20is%20not%20valid.%20The%20expected%20value%20is%20'https://login.live.com/oauth20_desktop.srf'%20or%20a%20URL%20which%20matches%20the%20redirect%20URI%20registered%20for%20this%20client%20application.&state=kZj77bUrMjKBFKTwBTVl_p7zkjcqWqBAe95pW-eQFanQaLWx9vHUpR5duFFcstJF4MKEUvBe_pymDNNc896dGPFDwNSP1-lQrsr0GYgtu2QtRJ6bdfQO4H0lCatbvW5yOs5DwD6_ItRL2irc6qitL03FkDEkiFUZYLAzhsUP6FjaEosTKGsnBXV0HljrRECl7RN2cuiuJWWJQJcxAUznC2Rj6zx76zkF-FNMHgFbvwM
I fixed the problem, he was using https instead of http, that were how the redirect URL were registered, I added this other URL redirection and now it works fine.
Thank you for your help!
Related
I am working on allowing users to log in to my website using Yahoo. I have intermittent problems with Yahoo Oauth2. I will generate the url to request the authorization code and it will get to the Yahoo login sometimes. Other times I will get the window with "Uh oh Looks like something went wrong. Please try again later. Developers: Please specify a valid request and submit again." and the url will have error=invalid_request&error_description=invalid+redirect+uri
My request url is configured on the yahoo console. Also I am using https on a server connected to the internet (not a local machine)
My request authorization was created using the one in https://developer.yahoo.com/sign-in-with-yahoo
I have
https://api.login.yahoo.com/oauth2/request_auth?
client_id={MY CLIENT D}
&scope=openid
&nonce=4c29ac770b9b1d795b
&prompt=consent
&response_type=code
&redirect_uri=https%3A%2F%2F{MY WEB SITE}%2Fcallback_yahoo.php
I am out of ideas at this point.
Thank you
Apparently (maybe) something was wrong on Yahoos side. I created another application with the SAME configuration and the problem seem to have gone away.
We've got an ASP.NET MVC web application running on Azure on which we want to expose search results from a SharePoint Online tenant. Users in the web app are authenticated on Azure AD, and we want to have them search as themselves (preserving their identity and not use a system account) so that they only see items in the search results that are relevant to them. I thought this would be quite a common requirement.
Using the SharePointPnPCoreOnline CSOM extentions, we were able to retrieve search results with:
var authManager = new OfficeDevPnP.Core.AuthenticationManager();
ClientContext clientContext = authManager.GetWebLoginClientContext("https://xxxxxx.sharepoint.com");
KeywordQuery keywordQuery = new KeywordQuery(clientContext);
keywordQuery.QueryText = "queryText";
SearchExecutor searchExecutor = new SearchExecutor(clientContext);
ClientResult<ResultTableCollection> results = searchExecutor.ExecuteQuery(keywordQuery);
clientContext.ExecuteQuery();
(The GetWebLoginClientContext method pops a new window which asks for user credentials if they are not already authenticated. Ideally we would like to have it done silently, but this was the only method wa managed to get working.)
During dev everything was working OK - we were getting the expected search results. However, once we published the web app to Azure we got the following error when trying to search:
502 - Web server received an invalid response while acting as a gateway or proxy server.
There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.
One of the suggestions we found for solving http 502 errors was to clear the browser cache, but after we done so it no longer worked on the dev machine either. Instead of displaying a popup requesting user credentials, the popup now just displays the SharePoint Online tenant home page without any login prompt.
Does anyone have an explanation for this?
Or if not, a better way to have users search SharePoint Online without the popup displayed by the GetWebLoginClientContext method?
Solved this in the end not with the GetWebLoginClientContext method (which pops a window for the user to enter credentials) but with the GetAzureADWebApplicationAuthenticatedContext method which authenticates silently using an oauth access token. The problem was obtaining the right token to pass to the method, which we succeeded in doing by using MicrosoftGraphHelper.GetAccessTokenForCurrentUser(url) found here
I have been trying to implement the OAuth v2 for Microsoft Accounts for my website. Its currently in development stage and so am testing on localhost. The Website is an ASP.NET Core MVC 5 Application.
I have followed the tutorial here to implement OAuth for Twitter, Google and Facebook accounts. I found this to be quite simple with only a few small issues that I was able to solve with simple google searches.
However I have spent several days trying to understand what is happening when trying to use Microsoft Account authentication on my site.
I have watched the video here on registering an application in the Microsoft App Registration Portal. At around minute 6 in the video a short demo shows how to set up the App. You can see my App details in the following screen shot:
In the video at about 7.5 mins in, there is a small section explaining how to test the App by building a URL string.
On submitting the query string to the browser the page is redirected as expected to my App page as you can see here:
In this instance I was all ready signed into my Microsoft Outlook account. If I wasn't signed in I would be prompted to login to a Microsoft account. Logging in, in this case choosing my already signed in Outlook account causes the page to be redirected back to my site as seen in the following screen shot but because the site didn't send the request its not expecting a token sent back for login so nothing really happens. This is expected behaviour, at this point as I was only testing that the Apps end point was working as expected.
[
The next stage is to test the functionality from my website. This is where I always have issues. To activate the OAuth functionality for Microsoft Account login requires simply un-commenting a couple of lines of code within the Startup.Auth.cs file in my websites App_Start folder and passing in the Apps ClientKey and ClientSecret values as can bee seen in the following code snippet:
app.UseMicrosoftAccountAuthentication(
clientId: System.Configuration.ConfigurationManager.AppSettings["MicrosoftOAuthClientID"],
clientSecret: System.Configuration.ConfigurationManager.AppSettings["MicrosoftOAuthClientSecret"]);
This code basically adds a little button to the login page that allows you to choose Microsoft login as can be seen here:
[
When I click the Microsoft button I get the following error page:
And the query string returned contains the following:
https://login.live.com/err.srf?lc=2057#error=unauthorized_client&error_description=The+client+does+not+exist.+If+you+are+the+application+developer%2c+configure+a+new+application+through+the+application+management+site+at+https://apps.dev.microsoft.com/.&state=JMxMRuKaOiYWCQw_Uqkhv3gLQn3ULlkG2miM4ymcHhTK5niXVQl5n4L0a6VoWeEKmFM7T1ciU2oQAh26_Y0i2DMjdt6BOAtpjNeMaSpBq4wbCjva9lOuctOUIWwoFdTEGvxJ4M904lUsoudd9e9cYi6eiH3JF81HB5ouQSus2ddE1sVUQLw-YB1GjUL79y2muFaBFIOIOk75oCV2IxX4cFO2rJU04K9Se6gxu698WpzR8taUB2c6tK9u0dBisckhavf0IvKB9dWQq-IVwQgvaA
Anybody know why or what is happening????
Now I have read in several of my many searches while trying to understand whats happening when I try to test the App from my site rather than a URL directly in the browser that I should have
/signin-microsoft
appended to my Redirect URL in the App Portals configuration. I have Tested with my Redirect URL set like that and this does not work. I get a HTTP ERROR 500 sent back because the page signin-microsoft does not exist. So this is not my problem.
Please help if anyone has had the same issues and solved it.
EDIT: I should have mentioned that I was initially trying this using Local IISExpress but after reading some posts saying it can be done only on IIS so I published my site locally to IIS.
I am trying to implement oauth2 for yahoo (target is yahoo's contact api). See here: https://developer.yahoo.com/oauth2/guide/#implicit-grant-flow-for-client-side-apps
However, I get the following error:
Oops. Yahoo is unable to process your request.
We recommend that you contact the owner of the application or web site to resolve this issue. [95037]
How to get this resolved? It comes with I use response_type=token (which is needed for Implicit Grant Flow), but works fine for response_type=code
[EDIT]
The request to yahoo (urldecoded):
https://api.login.yahoo.com/oauth2/request_auth?client_id=[CLIENT_ID]&response_type=token&redirect_uri=[PATH]&display=popup&scope=&state={"client_id":"[CLIENT_ID]","network":"yahoo","display":"popup","callback":"_hellojs_23g8z6wk","state":"","redirect_uri":"[PATH]","scope":"friends,basic"}
[UPDATE]
After following the recommendations from HansZ., I was able to resolve it.
Now the issue has come back without changing any code. Basically, it only works when I am logged in with the Yahoo ID that I used to setup the App at Yahoo.
Otherwise, sometimes it goes in loops and chrome says
This webpage has a redirect loop`
rest of the time it gives the error again.
Your state is the problem. I can reproduce the problem by including your URL-encoded state in the authorization request for my Yahoo client. The problem is the length of the state or the total URL. You may revert to using a cookie for maintaining that state and send only the (much shorter) cookie name as the state parameter.
I have a Facebook app page and a rails application. My rails application loads a dynamic page based on a key that is given. This works fine and dandy outside of my facebook app:
https://app.eventsent.net/event_lists/3d40ba2a4a10947c17c2337fba3421dd406cceb5?frame=true
However inside of Facebook the page is pulling up as a 404 error:
https://www.facebook.com/reynoldsdesignstudio/app_419134091467471
I have gotten around this issue by creating a static file within my system to be able to have facebook view it however this is not ideal as deploying the rails app with updates makes modifying these static pages a pain.
Any help on this would be great.
We got this figured out by changing the routes file to allow for a post request instead of just a get request
Your problem is not related to dynamic/static content. Also Facebook is showing a 501 error, not a 404. In short, your SSL cert is not valid for the staging.app subdomain you are pointing your Facebook page at.
Visiting your Facebook page (https://www.facebook.com/reynoldsdesignstudio/app_419134091467471) yields this error:
This webpage is not available
The webpage at https://staging.app.eventsent.net/event_lists/3d40ba2a4a10947c17c2337fba3421dd406cceb5.html might be temporarily down or it may have moved permanently to a new web address.
Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error.
Note that the subdomain is staging.app. If you happen to be using Firefox, you get a nice error message the spells everything out:
This Connection is Untrusted
You have asked Firefox to connect securely to staging.app.eventsent.net, but we can't confirm that your connection is secure.
staging.app.eventsent.net uses an invalid security certificate.
The certificate is only valid for the following names:
app.eventsent.net , www.app.eventsent.net
(Error code: ssl_error_bad_cert_domain)
The easiest solution would be to get a WildCard SSL certificate that is valid for *.eventsent.net.
FYI, if you visit https://staging.app.eventsent.net/event_lists/3d40ba2a4a10947c17c2337fba3421dd406cceb5?frame=true, you will get a rather dire-looking warning from your browser. If you ignore the warning and tell the browser to accept the certificate, your Facebook page will then load fine in the same browser.