Once after revoking the session after logout in Daily motion app.
When user logins again page is redirecting to permissions page instead of login page.How to get rid of this awkward situation?
The behavior is normal, because you are already logged in Dailymotion.
If you logout from Dailymotion website, and you go to the app the oauth authorization window will ask for credentials.
This behavior is the same with Facebook 3-legged Oauth.
Related
I've implemented sign in with Twitter such that users can log in and I store user's credentials. However, on their tutorial page it says:
Signed in and approved: If the user is signed in on twitter.com and has already approved the calling application, they will be immediately authenticated and returned to the callback URL with a valid OAuth request token. The redirect to twitter.com is not obvious to the user.
In the diagram, my app never redirects transparently, it always asks users to grant access:
Is there something I have to do to make my app redirect transparently? My website is over https if that has anything to do with it.
Change the endpoint to http://twitter.com/oauth/authenticate instead of http://twitter.com/oauth/authorize
I am working on graph api to get user's liked pages videos. I have read https://developers.facebook.com/docs/ and requested for user_action.videos from Facebook. Now things becomes more confusing for me when i read about 1- OAuth Authentication, 2- temporary/long-lived access token and 3- test user as well.
1- As i believe as per my reading that OAuth Authentication for user is not required as it is done by FB SDK automatically. Is it right and if its wrong then how to authenticate user while using FB login dialogue as there is no URLRequest call in latest FB SDK login button?
2- After login through dialogue, I am getting an access token which is an expiry token and to keep user logged into my App; I have to convert that expiry token to long-lived token for 60 days every time when token is going to expire?
3- Is there any need for creating Test User in Facebook developer portal. Is there any role of it in development?
Any help would be greatly appreciated.
I have a website where people can post blogs. I want the blogs to be automaticly posted to a Linkedin account connected to the website. So the person posting the blog is not the owner of the linkedin account.
I use the Sharing API from LinkedIN to do this, but this requires the administrator of the linkedin account to refresh the Oauth token every 60 days. I know this is a security thing to prevent illegal use of accounts. But in this case its always my own linkedIN account. Is there a way around this? mabe by using the app key and secret instead of the acces token?
The LinkedIn API docs (https://developer.linkedin.com/documents/handling-errors-invalid-tokens) say:
In the case the access token is already expired, your application will
go through the same authorization flow as previously described.
However, the login dialog will be shown to the user as they will need
to grant access to your application again.
so there's no way around that. But what you could do is go through this flow before the access token has expired. The docs say:
Simply have your application go through the authorization flow in
order to fetch a new access token with an additional 60 day life span.
When the following conditions exist:
User is still logged into Linkedin.com The current access token isn't
expired (within the 60 life span) We will automatically redirect the
user back to your redirect_uri without requiring them to reauthorize
your application. If they don't exist, we'll prompt them to login and
then redirect them.
I am writing an application to fetch some information from Yahoo using OAuth. Now i want to force user to enter password even user has valid session on yahoo oauth page. How can i achieve this ?
As far as I know, Yahoo doesn't have any option inside their OAuth flow to force the user to sign in or verify their password before they grant authentication a second time. However, I've experimented with this hack to force the user to sign out of their Yahoo account before starting the OAuth flow.
The trick is to render a hidden iframe with the Yahoo logout page:
<iframe src="https://login.yahoo.com/config/login?.src=fpctx&logout=1&.direct=1" style="display:none"></iframe>
I'm using the Facebook iOS SDK. In my code I have authorized my app with the default permissions, so my session is valid until the expiration date is reached. However, after the expiration date is reached, I attempt to reauthorize in order to "refresh my OAuth token", as asked before.
However, when I attempt to reauthorize, it displays a dialog saying I have already authorized my app, even though I expect it to just update my OAuth token without a dialog. According to facebook, this is possible:
When you redirect the user to the auth dialog, the user is not
prompted for permissions if the user has already authorized your
application. Facebook will return you a valid access token without any
user facing dialog.
However, I do get a dialog and I'd like to know how I can refresh the access token without getting the dialog.
A recent commit in the Facebook iOS SDK project included an "extend access token" method for extending an expired token.
More information about this and the deprecation of "offline_access" is in Facebook Developer's blog post.
A possible work around is to request offline_access as a permission. Then the access token only expires when:
The user logs out of facebook
Changes their password
Revokes permissions for your app via the facebook website
If anyone has a better answer id like to know too. Requesting offline access for my app could look a bit suspicious (even though the only reason I need it is for non-expiring access token, I wont actually be accessing a users account when their not using my app).