i have integrated hybridauth with laravel and able to login to my app with twitter using hybridauth. when i first time login to my app with twitter, i have authorized my app. so, generally after next time i don't need to authorize my app for login cause i have accept the authorization first time.
but it is not happening. my app is force to authorize by twitter every time i try to login twitter.
i am trying this on localhost. should i need to check it in a live server?
i am using this code, all Credential are setted:
Route::get('social/{action?}', array("as" => "hybridauth", function($action = "")
{
// check URL segment
if ($action == "auth") {
// process authentication
try {
Hybrid_Endpoint::process();
}
catch (Exception $e) {
// redirect back to http://URL/social/
return Redirect::route('hybridauth');
}
return;
}
try {
// create a HybridAuth object
$socialAuth = new Hybrid_Auth(app_path() . '/config/hybridauth.php');
// authenticate with Google
$provider = $socialAuth->authenticate("Twitter");
// fetch user profile
$userProfile = $provider->getUserProfile();
}
catch(Exception $e) {
// exception codes can be found on HybBridAuth's web site
return $e->getMessage();
}
// access user profile data
echo "Connected with: <b>{$provider->id}</b><br />";
echo "As: <b>{$userProfile->displayName}</b><br />";
echo "<pre>" . print_r( $userProfile, true ) . "</pre><br />";
// logout
$provider->logout();
}));
I have found the solution. it was not in the code to fix something. It was the settings of the twitter app. To avoid this kind of problem, you should select Read and Write option rather than Read, Write and Access direct messages option from the Permission section of your app's settings.
If you select Read, Write and Access direct messages, then twitter will always prompt you to authorize your app whenever you try to login in your app via your twitter app. See the Image bellow for more clear information.
Hope it will help you. Thanks
Related
I built a simple app that allows our customers to gather specific information from their Salesforce system. For authentication I used "WebServer Flow", which allows a user to log in to our site with his Salesforce account.
I should of course allow the user to log out of his account. But for some reason, even though I send a Revoke request to Salesforce and get an OK response, when the user redirected again to the Salesforce login page, it automatically logs in to the previous account without re-entering details.
this is the logout action in my backend,
public async Task<ContentResult> LogOutFromSalseforce(string code)
{
AuthenticationClient auth;
bool hasAuth = AuthSessionWrapper.AuthDic.TryGetValue(code, out auth);
if (!hasAuth) return Content(JsonConvert.SerializeObject(new { error = "session expired" }), "application/json");
var url = auth.InstanceUrl + _revokeEndpointUrl;
var cl = new HttpClient();
var res = await cl.PostAsync(url, new FormUrlEncodedContent(new[] { new KeyValuePair<string, string>("token", auth.RefreshToken) }));
AuthSessionWrapper.AuthDic.Remove(code);
return Content(JsonConvert.SerializeObject(new { success = res.StatusCode == HttpStatusCode.OK }), "application/json");
}
And after call from client to this action he redirected to our login page.
I found that even if i call to this revoke endpoint from client it's not work.
only if the user enter in another tab to Salesforce and click logout there, he need to re enter his details to login again to our site.
What I'm doing wrong?
If someone get into the same problem, I solved it with add "&prompt=login" to the login redirect url.
I have set up a Swift App with the Auth0 Web Login and everything works fine. Then i have tried to implement the "Lock" login with the result that social media login works perfectly well, but i cannot login via the username-password method.
On my Auth0 database, the signed-up user shows up (indicating that sign up of new username-passoword user actually work) and testing the login itself on the Auth0 Homepage works fine as well. Just when trying to login with the Lock widget, i get an error: "We're sorry, something went wrong when attempting to log in.". I also tried verifying the registered E-Mail, but that did not solve the issue either.
Any ideas, what might go wrong here?
After also pointing that issue out to Auth0/Lock support, a solution was found. Maybe this helps people, having the same problem: When using the Lock client inside some VC:
Lock
.classic()
.withOptions {
$0.scope = "openid profile"
$0.oidcConformant = true
$0.logHttpRequest = true
}
.withStyle {
$0.title = "App Name"
}
.onAuth { credentials in
print("successful login")
}
.onError { error in
print("Failed with error \(error)")
}
.present(from: self)
instead of the web login:
Auth0
.webAuth()
.audience("https://alienbash.eu.auth0.com/userinfo")
.start {
switch $0 {
case .failure(let error):
// Handle the error
print("Error: \(error)")
case .success(let credentials):
// Do something with credentials e.g.: save them.
// Auth0 will automatically dismiss the hosted login page
print("Credentials: \(credentials)")
}
}
one has to make sure to change "Grant_Type" the Auth0 client settings to also allow the "Password" Grant. In order to do that, in your Auth0 client go to:
Settings --> Advances Settings --> Grant Types
and make sure to check "Password as this checkmark is unchecked by default when creating a new Auth0 client and will be inevitable when using the "Lock" client.
Whenever a user has previously authenticated with Google, it automatically defaults to logging them in with THAT account on subsequent attempts. I want to eliminate this and force the popup/redirect so that a user with multiple google accounts can choose which one to use. How?
Background:
The automatic logging in feature is proving problematic for me as I have a whitelisted set of e-mails for users allowed to use my app. If a Google user chooses the wrong account when first logging in, they can't go back and choose the one associated to their whitelisted e-mail.
Just as #nvnagr said, you can do this with the following code:
var provider = new firebase.auth.GoogleAuthProvider();
provider.setCustomParameters({
'prompt': 'select_account'
});
But I think you need to update the firebase version to 3.6.0 something.
Google supports a parameter in authentication url to deal with this issue.
If you add prompt=select_account in your request to Google authentication, it'll force the user to do an account selection. See the details and other values of prompt.
https://developers.google.com/identity/protocols/OpenIDConnect#authenticationuriparameters
I'm not sure if there is an easy way to add this parameter through firebase api.
When you're calling the oAuth function, you can pass a third options parameter to make the authentication last for the session only. This should solve your problem. Docs
var ref = new Firebase("https://<YOUR-FIREBASE-APP>.firebaseio.com");
ref.authWithOAuthPopup("google", function(error, authData) {
if (error) {
console.log("Login Failed!", error);
} else {
console.log("Authenticated successfully with payload:", authData);
}
}, {
remember: 'sessionOnly'
});
I've managed to successfully log in FB using FB.Login function. Now I want to log out:
FB.Logout();
Debug.Log("FB IS LOGGED IN " + FB.IsLoggedIn);
I am expecting the above code to print the value of FB.IsLoggedIn as false and to ask me for a login and password on the next FB.Login.
In fact the value of FB.IsLoggedIn is true and I am not being logged out: next call to FB.Login does not ask for password and I am not being logged out when I open facebook site in my browser.
I've also tried to use the undocumented request to https://www.facebook.com/logout.php?next=[YourAppURL]&access_token=[ValidAccessToken] but it didn't make any effect for me.
How can I log the user out of facebook in my standalone unity application?
In fact what I need is to log in with different login and password.
Maybe I can invalidate the access token somehow which will cause the FB to ask me for login and password again?
Any help is much appreciated.
SDK version: 5.0.1
Build version: 140401.725cc2ecbc9002a
Unity Version 4.3.3f1 (c8ca9b6b9936)
I believe the FB.Logout operation is asynchronous, and the value of FB.IsLoggedIn would be true immediately after calling FB.Logout(). If you look at the documentation, it says:
You almost certainly should not use this function, which is provided
primarily for completeness. Having a logout control inside a game that
executes a Facebook-wide logout will violate users' expectations.
Instead, allow users to control their logged-in status on Facebook
itself.
Actually FB.Logout() has no delegate to let you know that account is successfully logout, so you have to create your own listner.
Secondly it will not sign you out from the actual device Facebook app or browser.
If you want to sign in with different account, so you can do by signing out explicitly from the app or browser.
Here is the code for how to detect that if you are logged out. It may useful to show Login and Logout button for Facebook that when to Login or Logout.
Here is the code from that you can determine the user has logged out within the Game.
public void OnFacebookLogout()
{
if (FB.IsLoggedIn)
{
FB.Logout ();
StartCoroutine ("CheckForSuccussfulLogout");
}
}
IEnumerator CheckForSuccussfulLogout()
{
if (FB.IsLoggedIn)
{
yield return new WaitForSeconds (0.1f);
StartCoroutine ("CheckForSuccussfulLogout");
} else
{
// Here you have successfully logged out.
// Do whatever you want as I do, I just enabled Login Button and Disabled
// logout button through this method.
EnableFacebookLoginButton ();
}
}
I'm not sure if it is correct but why not just do some while loop?
IEnumerator FBLogout (){
FB.Logout ();
while (FB.IsLoggedIn){
print ("Logging Out");
yield return null;
}
print ("Logout Successful");
}
I am providing google url as call back url in my application. But after posting the text to my page my application opens that Google page in foreground which is of-course its a bug in application.
I just need that after posting the text control returns to my application.
I am using the code from this link :
Twitter-is-Integrated-in-BlackBerry
If I don't provide the Call back URL, twitter demands for PIN NUMBER before login.
please suggest me for this problem.
Please use TwitterAPIMe as it is.It is Simple to Use No need for PIN based Authentication and Library will Automatically Redirect you after login from Twitter to your application. You have to change in some native code of API that...
Go To: com.twitterapime.xauth.ui.OAuthDialogWrapper Class
Go to method called trackUrl(String url)
Now Replace the Code:
if (url.startsWith(callbackUrl)&& oauthListener != null) { .... ... ..
}
With:
if (url.indexOf(callbackUrl)!=-1 && oauthListener != null) { .... ...
.. }
That's it. Simply get AccessToken inside onAurthorize method and access Twitter API. Most of the functionalities and methods are covered inside this api.